Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
ecsec Public
reqesidta-prototype
eid-server
Commits
83f679ff
Commit
83f679ff
authored
Nov 19, 2019
by
Tobias Assmann
Browse files
Merge branch 'feature/end-user-doc' into develop
parents
0f6f5b37
bdeffe86
Changes
62
Hide whitespace changes
Inline
Side-by-side
.gitignore
View file @
83f679ff
*.jar
target/
packer/
*Jenkinsfile*
...
...
@@ -12,7 +11,10 @@ packer/
# built stuff
*/_build
docker/ssa/dist/*
*.jar
*.war*
*.tgz
#netbeans
*/**/nbactions.xml
...
...
@@ -22,4 +24,4 @@ docker/ssa/dist/*
.classpath
.settings
*/**/.settings
/bin/
*/**/workspace
create_client_delivery.sh
0 → 100755
View file @
83f679ff
#!/bin/bash
#
# script to build and pack the project as archive for delivery to client
#
# tobias.assmann@ecsec.de
PCK_DIR
=
for
-client-delivery
TRG_DIR
=
eid-server
TRG_ARC
=
eid-server.tgz
echo
"checking java version ..."
command
-v
java 2>&1
>>
/dev/null
||
{
echo
"no java found"
;
exit
1
;
}
java
-version
2>&1 |
awk
-F
'"'
'/version/ {print $2}'
|
grep
-q
1.8
||
{
echo
"java version is not 1.8"
;
exit
1
;
}
echo
"build the whole project ..."
mvn clean
install
||
{
echo
"maven build failed. please check!"
;
exit
1
;
}
echo
"copy builded stuff to
$PCK_DIR
/
$TRG_DIR
..."
cp
configuration-wizard/target/configuration-wizard-1.2.0-SNAPSHOT.jar
$PCK_DIR
/
$TRG_DIR
/poseidas-configuration-wizard.jar
cp
docker/sam/sam-1.2.0-SNAPSHOT-thorntail.jar
$PCK_DIR
/
$TRG_DIR
/sam/sam-1.2.0-SNAPSHOT-thorntail.jar
cp
docker/ssa/dist/ssa-server.war
$PCK_DIR
/
$TRG_DIR
/ssa/dist/ssa-server.war
echo
"archiving
$PCK_DIR
/
$TRG_DIR
to
$PCK_DIR
/
$TRG_ARC
..."
cd
$PCK_DIR
test
-f
$TRG_ARC
&&
rm
$TRG_ARC
tar
-cvzf
$TRG_ARC
$TRG_DIR
cd
..
echo
"done"
exit
0
docker/deploy-to_stage.sh
deleted
100755 → 0
View file @
0f6f5b37
#!/bin/bash
# deployment script for reqesidta
# michael rauh, tobias assmann
echo
"fix setup first!"
exit
1
# setup env
ENV
=
stage
USER
=
tobias
HOST
=
localhost
DIR
=
/home/tobias/Projects/reqesidta/deploy
# Synchronize this directory with the target on $HOST.
# Exclude the dev files and rename the corresponding files on the server.
rsync
-av
--delete
--progress
\
--exclude
'docker-compose.yml'
\
--exclude
'poseidas/config/POSeIDAS.xml'
\
--exclude
'poseidas/db/poseidas.mv.db'
\
--exclude
'sam/config/ssa-server.conf'
\
--exclude
'deploy-to_*'
\
--exclude
'*.dodeploy'
\
--exclude
'*.dodeploy'
\
./
$USER
@
$HOST
:
$DIR
ssh
$USER
@
$HOST
"mv
$DIR
/docker-compose_
$ENV
.yml
$DIR
/docker-compose.yml"
ssh
$USER
@
$HOST
"mv
$DIR
/poseidas/config/POSeIDAS_stage.xml
$DIR
/poseidas/config/POSeIDAS.xml"
ssh
$USER
@
$HOST
"mv
$DIR
/poseidas/db/poseidas_stage.mv.db
$DIR
/poseidas/db/poseidas.mv.db"
ssh
$USER
@
$HOST
"mv
$DIR
/ssa/config/ssa-server_
$ENV
.yml
$DIR
/ssa/config/ssa-server.conf"
# Restart / re-build the services
ssh
$USER
@
$HOST
"cd
$DIR
/ && docker-compose up -d --build"
docker/deploy-to_vserver-001.sh
View file @
83f679ff
...
...
@@ -14,6 +14,7 @@ rsync -av --delete --progress \
ssh reqesidta@vserver-001.ecsec.de
"mv /home/reqesidta/docker/docker-compose_vserver-001.yml /home/reqesidta/docker/docker-compose.yml"
ssh reqesidta@vserver-001.ecsec.de
"mv /home/reqesidta/docker/poseidas/config/POSeIDAS_vserver-001.xml /home/reqesidta/docker/poseidas/config/POSeIDAS.xml"
ssh reqesidta@vserver-001.ecsec.de
"mv /home/reqesidta/docker/poseidas/db/poseidas_vserver-001.mv.db /home/reqesidta/docker/poseidas/db/poseidas.mv.db"
ssh reqesidta@vserver-001.ecsec.de
"mv /home/reqesidta/docker/ssa/config/ssa-server_vserver-001.conf /home/reqesidta/docker/ssa/config/ssa-server.conf"
# Restart / re-build the services
ssh reqesidta@vserver-001.ecsec.de
"cd /home/reqesidta/docker && docker-compose up -d --build"
docker/docker-compose_vserver-001.yml
View file @
83f679ff
...
...
@@ -107,15 +107,14 @@ services:
aliases
:
-
sam.docker.reqesidta.de
webui
:
webui
:
image
:
"
reqesidta/webui"
container_name
:
"
reqesidta_web-ui"
labels
:
-
"
traefik.enable=true"
-
"
traefik.http.services.webui.loadbalancer.server.port=80"
-
"
traefik.http.routers.webui.rule=PathPrefix(`/`)"
-
"
traefik.http.routers.webui.entrypoints=web-secure"
-
"
traefik.http.routers.webui.tls=true"
-
"
traefik.http.routers.webui.entrypoints=web"
build
:
context
:
./web-ui
ports
:
...
...
docker/facade/traefik-dyn.yml
View file @
83f679ff
...
...
@@ -2,8 +2,3 @@ tls:
certificates
:
-
certFile
:
/certs/docker.reqesidta.de.cert
keyFile
:
/certs/docker.reqesidta.de.key
# stores:
# default:
# defaultCertificate:
# certFile: /certs/docker.reqesidta.de.cert
# keyFile: /certs/docker.reqesidta.de.key
docker/poseidas/db/poseidas_stage.mv.db
deleted
100644 → 0
View file @
0f6f5b37
File deleted
docker/poseidas/db/poseidas_vserver-001.mv.db
View file @
83f679ff
No preview for this file type
docker/sam/sam.docker.reqesidta.de.p12
View file @
83f679ff
No preview for this file type
docker/ssa/config/ssa-server.conf
View file @
83f679ff
ssa
-
config
{
sessionMaxAge
:
60
,
sessionCheckAgeInterval
:
30
,
sessionMaxAge
:
60
0
,
sessionCheckAgeInterval
:
3
4
0
,
baseUrl
:
"https://docker.reqesidta.de/ssa-server"
eidUrl
:
"http://poseidas.docker.reqesidta.de:8443/POSeIDAS/service/eid/TR-03130-WSDL.wsdl"
samUrl
:
"http://sam.docker.reqesidta.de:8080"
...
...
docker/ssa/dist/ssa-server.war.deployed
deleted
100644 → 0
View file @
0f6f5b37
ssa-server.war
\ No newline at end of file
docker/web-ui/www-data/reqesidta.js
View file @
83f679ff
...
...
@@ -51,7 +51,7 @@ dpz.on("processing", function(fileAdded) {
// console.log("got response from client-signer ... ");
// got it
if
(
req
.
status
==
200
)
{
console
.
log
(
"
success giving it back ...
"
);
//
console.log("success giving it back ... ");
var
fileSigned
=
new
Blob
([
req
.
response
],
{
type
:
CONTENT_TYPE
});
var
signedFileName
=
FILE_NAME_PREFIX
+
origFileName
;
// IE10+
...
...
for-client-delivery/eid-server/deploy.sh
0 → 100755
View file @
83f679ff
#!/bin/bash
#
# deployment script for reqesidta eid-server project
# tobias.assmann@ecsec.de
#
# This file acts as a template for creating a deploy script
# for a specific target environment. Please setup the env vars
# accourding to your needs:
#
# the user on the target host used to copy the files there and run the project
USER
=
TARGET_USER
# the target host of the deployment
HOST
=
TARGET_HOST
# the directory on the target host where to put the project
DIR
=
TARGET_DIR
#
#######################################################################################
echo
"check for correct replacement ..."
!
grep
TARGET_ ./docker-compose.yml
||
{
echo
>
&2
"Found text to be replaced in docker-compose.yml. Aborting."
;
exit
1
;
}
!
grep
TARGET_ ./ssa/config/ssa-server.conf
||
{
echo
>
&2
"Found text to be replaced in ssa-server.conf. Aborting."
;
exit
1
;
}
!
test
$HOST
=
"TARGET_HOST"
||
{
echo
>
&2
"Found text TARGET_HOST to be replaced in deploy.sh. Aborting."
;
exit
1
;
}
!
test
$USER
=
"TARGET_USER"
||
{
echo
>
&2
"Found text TARGET_USER to be replaced in deploy.sh. Aborting."
;
exit
1
;
}
!
test
$DIR
=
"TARGET_DIR"
||
{
echo
>
&2
"Found text TARGET_DIR be replaced in deploy.sh. Aborting."
;
exit
1
;
}
echo
"check target environment ..."
ssh
$USER
@
$HOST
"cd
$DIR
>/dev/null 2>&1"
||
{
echo
>
&2
"Could not reach
$DIR
as user
$USER
on
$HOST
Aborting."
;
exit
1
;
}
echo
"check for needed commands ..."
command
-v
rsync
>
/dev/null 2>&1
||
{
echo
>
&2
"rsync is needed on localhost but it's not installed. Aborting."
;
exit
1
;
}
command
-v
ssh
>
/dev/null 2>&1
||
{
echo
>
&2
"ssh is needed on localhost but it's not installed. Aborting."
;
exit
1
;
}
ssh
$USER
@
$HOST
"command -v docker >/dev/null 2>&1"
||
{
echo
>
&2
"docker is needed on
$HOST
but it's not installed. Aborting."
;
exit
1
;
}
ssh
$USER
@
$HOST
"command -v docker-compose >/dev/null 2>&1"
||
{
echo
>
&2
"docker is needed on
$HOST
but it's not installed. Aborting."
;
exit
1
;
}
echo
"copy files to server ..."
rsync
-av
--delete
--progress
\
--exclude
'deploy.sh'
\
--exclude
'poseidas-configuration-wizard.jar'
\
--exclude
'readme.md'
\
./
$USER
@
$HOST
:
$DIR
echo
"Build and start services on server ..."
ssh
$USER
@
$HOST
"cd
$DIR
/ && docker-compose up -d --build"
echo
$?
echo
"Deployment done, please wait until all services are fully running without heavy load and then proceed with EJBCA key setup."
exit
0
dock
er/docker-compose
_stage
.yml
→
for-client-delivery/eid-serv
er/docker-compose.yml
View file @
83f679ff
...
...
@@ -2,23 +2,21 @@ version: "3.4"
services
:
facade
:
image
:
"
reqesidta/facade
"
image
:
"
traefik:v2.0
"
container_name
:
"
reqesidta_facade"
labels
:
-
"
traefik.enable=true"
build
:
context
:
./facade
command
:
--providers.docker=true
--providers.docker.exposedbydefault=false
--entryPoints.web.address=:80
--log.level=debug
--log.level=error
# change value to the port your reverse proxy is forwarding to
ports
:
-
"
80
:80"
-
"
TARGET_PORT
:80"
networks
:
-
reqesidta_net
volumes
:
# So that Traefik can listen to the Docker events
-
/var/run/docker.sock:/var/run/docker.sock
poseidas
:
...
...
@@ -33,8 +31,6 @@ services:
context
:
./poseidas
args
:
JAR_FILE
:
POSeIDAS-exec.jar
# ports:
# - "127.0.0.1:8443:8443"
networks
:
reqesidta_net
:
aliases
:
...
...
@@ -49,8 +45,6 @@ services:
build
:
context
:
./ejbca
hostname
:
localhost:8444
# ports:
# - "127.0.0.1:8444:8443"
depends_on
:
-
postgres
environment
:
...
...
@@ -85,10 +79,6 @@ services:
-
poseidas
-
ejbca
command
:
/opt/jboss/wildfly/bin/standalone.sh -b 0.0.0.0 -bmanagement 0.0.0.0
# ports:
# - "127.0.0.1:28080:8080"
# volumes:
# - ./ssa/dist:/opt/jboss/wildfly/standalone/deployments/:rw
networks
:
reqesidta_net
:
aliases
:
...
...
@@ -99,13 +89,26 @@ services:
container_name
:
"
reqesidta_sam"
build
:
context
:
./sam
# ports:
# - "127.0.0.1:38080:8080"
networks
:
reqesidta_net
:
aliases
:
-
sam.docker.reqesidta.de
webui
:
image
:
"
reqesidta/webui"
container_name
:
"
reqesidta_webui"
labels
:
-
"
traefik.enable=true"
-
"
traefik.http.services.webui.loadbalancer.server.port=80"
-
"
traefik.http.routers.webui.rule=PathPrefix(`/`)"
-
"
traefik.http.routers.webui.entrypoints=web"
build
:
context
:
./webui
networks
:
reqesidta_net
:
aliases
:
-
webui.docker.reqesidta.de
networks
:
reqesidta_net
:
driver
:
bridge
for-client-delivery/eid-server/ejbca/Dockerfile
0 → 100644
View file @
83f679ff
FROM
primekey/ejbca-ce:6.15.2.1
# Add a shell script to configure EJBCA.
COPY
ejbca-config.sh /usr/local/bin/
USER
root
# Replace the Organisation string with a custom one to better differentiate it
# from productions certs.
RUN
sed
-i
"s/EJBCA Container Quickstart/EJBCA Docker dev certificate/g"
\
/opt/primekey/bin/internal/after-deployed-app-create-certificate.sh
RUN
chown
10001:10001 /usr/local/bin/ejbca-config.sh
RUN
chmod
755 /usr/local/bin/ejbca-config.sh
USER
10001
for-client-delivery/eid-server/ejbca/ejbca-config.sh
0 → 100644
View file @
83f679ff
#!/bin/sh
cd
/opt/primekey/bin/
||
exit
# Use the existing CA (see comment below)
CA
=
ManagementCA
ALIAS
=
ecsecCMP
CN
=
sam.docker.reqesidta.de
PW
=
testtest
# Create a CMP config
./ejbca.sh config cmp addalias
$ALIAS
./ejbca.sh config cmp updatealias
$ALIAS
--key
operationmode
--value
ra
./ejbca.sh config cmp updatealias
$ALIAS
--key
authenticationmodule
--value
EndEntityCertificate
./ejbca.sh config cmp updatealias
$ALIAS
--key
authenticationparameters
--value
$CA
./ejbca.sh config cmp updatealias
$ALIAS
--key
allowraverifypopo
--value
true
./ejbca.sh config cmp updatealias
$ALIAS
--key
ra.caname
--value
$CA
./ejbca.sh config cmp updatealias
$ALIAS
--key
defaultca
--value
$CA
# Make script idempotent by always deleting the user first
./ejbca.sh ra delendentity
-force
--username
$CN
# Add end entity for the server key pair
./ejbca.sh ra addendentity
--username
$CN
--password
$PW
\
--dn
"CN=
$CN
"
--caname
$CA
--type
1
--token
P12
# Add entity to admin role
./ejbca.sh roles addrolemember
--role
"Super Administrator Role"
--caname
$CA
\
--with
"CertificateAuthenticationToken:WITH_COMMONNAME"
--value
$CN
# Enable batch mode
./ejbca.sh ra setclearpwd
$CN
$PW
# Create p12 file (saved in p12 subfolder)
./ejbca.sh batch
# Various (currently) unused commands:
# Create a new CA. As you can't set auto-activation to true here, you will have
# to do this manually or create custom cryptotokens (see below).
# ./ejbca.sh ca init \
# --caname $CA \
# --dn "C=DE,O=ecsec GmbH,CN=ecsec Docker Root CA" \
# --tokenType soft \
# --tokenPass ecsecCATokenPass \
# --keytype ECDSA \
# --keyspec secp256r1 \
# -s SHA256withECDSA \
# -v 3650 \
# --policy null
# ./ejbca.sh cryptotoken create --autoactivate true --pin 1234 --token $TOKEN --type SoftCryptoToken
# ./ejbca.sh cryptotoken generatekey --alias signKey --keyspec secp256r1 --token $TOKEN
# ./ejbca.sh cryptotoken generatekey --alias encryptKey --keyspec 2048 --token $TOKEN
# ./ejbca.sh ca changecatoken --caname $CA --cryptotoken $TOKEN --execute
# ./ejbca.sh ca activateca $CA --code ecsecCATokenPass
# ./ejbca.sh ca changecatokensignalg --caname $CA --sigalg SHA256withECDSA
for-client-delivery/eid-server/poseidas/Dockerfile
0 → 100644
View file @
83f679ff
FROM
governikus/zulu-openjdk:8u212
RUN
mkdir
-p
/opt/poseidas
ENV
JAVA_OPTS=""
EXPOSE
8443
WORKDIR
/opt/poseidas
ARG
JAR_FILE
ADD
${JAR_FILE} POSeIDAS-exec.jar
ENTRYPOINT
exec java $JAVA_OPTS -jar /opt/poseidas/POSeIDAS-exec.jar $0 $@
dock
er/poseidas/config/POSeIDAS
_stage
.xml
→
for-client-delivery/eid-serv
er/poseidas/config/POSeIDAS.xml
View file @
83f679ff
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<CoreConfiguration
xmlns=
"http:/www.bos_bremen.de/2009/06/eID-Server-CoreConfig"
>
<ServerUrl>
https://reqesidta.
openecard.org
/POSeIDAS/eidas-middleware
</ServerUrl>
<ServerUrl>
https://
docker.
reqesidta.
de
/POSeIDAS/eidas-middleware
</ServerUrl>
<sessionManagerUsesDatabase>
true
</sessionManagerUsesDatabase>
<sessionMaxPendingRequests>
500
</sessionMaxPendingRequests>
<TimerConfiguration>
...
...
@@ -10,14 +10,13 @@
</TimerConfiguration>
<ServiceProvider
entityID=
"providerA"
enabled=
"true"
>
<EPAConnectorConfiguration
updateCVC=
"false"
>
<!-- refID of the devDB from 001-->
<CVCRefID>
ecsec
</CVCRefID>
<PkiConnectorConfiguration>
<!-- At least the certificates for blacklist, master and defectList have to be EC -->
<blackListTrustAnchor>
MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==
</blackListTrustAnchor>
<masterListTrustAnchor>
MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==
</masterListTrustAnchor>
<defectListTrustAnchor>
MIH0MIGroAMCAQICBF04buEwCgYIKoZIzj0EAwIwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTE5MDcyNDE0NDQ0OVoXDTIwMDcyMzE0NDQ0OVowFDESMBAGA1UEAwwJbG9jYWxob3N0MEYwEAYHKoZIzj0CAQYFK4EEAB8DMgAEq6L6f/1HKWgN9LV90O0VFqkyrN0/E2oC4va+eqx4L/bvMTh1j5CoE5i7HMMD8UeXMAoGCCqGSM49BAMCAzgAMDUCGQCoV/FAXfsEX06XoPv/v1bFzdOpQH1b96YCGFJF31Illrn+frm+7LGg3FoPayQJAdiRfA==
</defectListTrustAnchor>
<policyImplementationId>
govDvca
</policyImplementationId>
<policyImplementationId>
govDvca
</policyImplementationId>
<!-- user 'budru' for Bundesdruckerei -->
<sslKeys
id=
"default"
>
<serverCertificate>
MIIEiDCCA3CgAwIBAgIDJlN5MA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNVBAYTAkRFMRUwEwYDVQQKEwxELVRydXN0IEdtYkgxLjAsBgNVBAMTJUQtVFJVU1QgTGltaXRlZCBCYXNpYyBFQUMgQ0EgMS0xIDIwMTgwHhcNMTkwNDA0MTAyNDI3WhcNMjMwNDA0MTAyNDI3WjBTMQswCQYDVQQGEwJERTEUMBIGA1UEChMLRUFDIFN5c3RlbWUxHTAbBgNVBAMTFGJlcmNhLXAxLmQtdHJ1c3QubmV0MQ8wDQYDVQQIEwZCZXJsaW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXQ4WEJtKZZUIRmplenLmNVlLg2cJMVZ0xT/FsUrUWk/JXH2C4LAxlsnx/tv9rxKYXZUi2oVhz43jEPiMsXZxVUo4n8mpH6I1vqvxiwR8rgxtsPiTOf+iUeVLYIXp24WLGXV80hWy+WSOL7rFO+TgQHoFv2MU7tzvmdnLeeTUJxfpU1Ac1JYkvq0jcU8LXVoRKfC+v8VMQ8zfmGu1ZnYOGyUyWcSjNRkXjchGMNc4ADDBTFIRBUCthjb9RuVc4HV3Cm6XholZGzxAIG8O3ybmWMdxyav/wcadnLumcgD7r5qE5KH0yIo3RaO6HAN5f/W9Vzr9JjCHGAh1PWogL/SddAgMBAAGjggFiMIIBXjATBgNVHSUEDDAKBggrBgEFBQcDATAdBgNVHQ4EFgQU6ejGLsU+zo1cc+1gRpXM/H/i8HUwFgYDVR0gBA8wDTALBgkqghQAUAeDdAowHwYDVR0jBBgwFoAUswxYrf8CYVl4gE/vvK5G8oYbv2kwDgYDVR0PAQH/BAQDAgWgMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYFsZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBMaW1pdGVkJTIwQmFzaWMlMjBFQUMlMjBDQSUyMDEtMSUyMDIwMTgsTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3SGRGh0dHA6Ly9jcmwuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3RfbGltaXRlZF9iYXNpY19lYWNfY2FfMS0xXzIwMTguY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQCkszC7hGOQIekspM6l5KPDzKMEWmjQjTJ4BnlejcVNQxUZR8KPZa0bB1yeEcVPTcmi6LQQOlHMYvVfo6tZ2SoXQ9Sbo5uh9TaDTcohcmwCBasy5Wrgaq1AqxgKG4Pgd92pHBCm1uMekBVqA8j+HOSk7ig0+fTx2vtttI6rTK2fk5Z9QOqOirh6pBh2sSah1txfjWUVVTM/LZrTmPuyfBRrGOqCb5H/wrEffxgcxoCNcd3kIm11n67GoBDagBrhOl8sL2Dj2hNET+WlrQCZitJmB91fBrucZdIndWfzf0ShWhWZnNKqKUuRuX6vHq4G8/xyK9v3VP5S4JQpO/haodxI
</serverCertificate>
<clientCertificate>
MIICqDCCAZCgAwIBAgIEWrTFLjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtkdmNhX2NsaWVudDAeFw0xODAzMjMwOTEzMThaFw0yODAzMjMwOTEzMThaMBYxFDASBgNVBAMMC2R2Y2FfY2xpZW50MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5fB2RlgtG7cS225RTz6FixoSGKKdESdZTaGM2/fgYAYlXRa3SR8rhxLq5sbZmCjmXU5aPe9yOO9Qavx8YC5kTi1gIc4b+zVU2/Vr/XZGwjloUU3bqVCgIWhaqc3EvkznaSsv3YbBSeS9QlXDJkGVT+qp9RA4g2X47auAD2k6XRprgXXoubimGfIpswssIbPgEWPw2UbBnuhCFRHD0Yg1Y2oLTwK9Z1IaNp+7dvgt8Pskfs9alPB24x+0fiBc5BXUzKSCLGweITGkQKhTOXCmZDO67aEbCdlcpmCQJuZpS++AliFMgr12axBM225uf4wvmtCyxI9jP1HdzTus8+1twIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQByup3Q2+oHAefbkEW2R3mOc3E7wl3VqRBniN6hJ0kdzVYsbIsnf15O+moh6Yr5iBdKj7JGyKwVR9HOihdyGv8g3LuId9weiaHl/It0z5g5VFKdVJ0ziYpGFmbx5x2ikJDL+oAYvjqIJhIEtsYkDGtnWtUIp+Kq4hffg/z/1GTMVpXCWw//vnE7m0ps8QiwSNTA+iFHvrQMLIU/Vz1B0xzKvrcbb8JYPKYJsQlMYYBEsB1QUZM134ThctnsCOj9Zxbycwi1z5XnlqaQLGXut1juciXtm5TD5vP5FlBiaMEOlC/ngxDVAYbs3ln6K+JrQtd2Lp2rJN6HK3hBM3VmZwGS
</clientCertificate>
...
...
@@ -36,7 +35,7 @@
<url>
https://dev.governikus-eid.de:9444/gov_dvca/certDesc-service
</url>
</dvcaCertDescriptionService>
</PkiConnectorConfiguration>
<PaosReceiverURL>
https://reqesidta.
openecard.org
/POSeIDAS/eidas-middleware/paosreceiver
</PaosReceiverURL>
<PaosReceiverURL>
https://
docker.
reqesidta.
de
/POSeIDAS/eidas-middleware/paosreceiver
</PaosReceiverURL>
<hoursRefreshCVCBeforeExpires>
48
</hoursRefreshCVCBeforeExpires>
</EPAConnectorConfiguration>
</ServiceProvider>
...
...
for-client-delivery/eid-server/poseidas/config/application.properties
0 → 100644
View file @
83f679ff
# Server settings
server.port
=
8443
server.ssl.enabled
=
false
poseidas.admin.username
=
admin
# Password: testtest
poseidas.admin.hashed.password
=
$2a$10$CZGhlm6QkqHlDEX89cYtyuGKSx2iftevULiP.gvWETYH7riFIzHSG
# Datasource
spring.datasource.url
=
jdbc:h2:file:/opt/poseidas/database/poseidas;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
#user/password of the database
spring.datasource.username
=
admin
spring.datasource.password
=
testtest
spring.datasource.driver-class-name
=
org.h2.Driver
spring.jpa.database-platform
=
org.hibernate.dialect.H2Dialect
# Hibernate ddl auto (create, create-drop, update): with "update" the database
# schema will be automatically updated accordingly to java entities found in
# the project
spring.jpa.hibernate.ddl-auto
=
update
spring.jpa.hibernate.naming.implicit-strategy
=
org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl
spring.jpa.hibernate.naming.physical-strategy
=
org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
# Show or not log for each sql query
spring.jpa.show-sql
=
true
logging.level.org.springframework
=
DEBUG
logging.level.de.governikus.eumw
=
DEBUG
for-client-delivery/eid-server/poseidas/db/poseidas.mv.db
0 → 100644
View file @
83f679ff
File added
Prev
1
2
3
4
Next
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment