From d81835fc18d53503d7fb85bed8b6d0fcdbc43019 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 12 Jun 2019 13:49:49 +0200
Subject: update configuration

---
 .../data/deploy/conf/moa-id/moa-id.properties      | 145 ++-------------------
 .../conf/moa-spss/SampleMOASPSSConfiguration.xml   |   4 +
 .../EID_metadata/TEST_metadata_eid.egiz.gv.at.crt  |  27 ++++
 3 files changed, 44 insertions(+), 132 deletions(-)
 create mode 100644 id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt

diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 678c381cb..414293350 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -18,7 +18,7 @@ configuration.moasession.key=SessionEncryptionKey
 configuration.moaconfig.key=ConfigurationEncryptionKey
 configuration.ssl.validation.revocation.method.order=ocsp,crl
 #configuration.ssl.validation.hostname=false
-#configuration.validate.authblock.targetfriendlyname=true<
+#configuration.validate.authblock.targetfriendlyname=true
 
 
 #MOA-ID 3.x Monitoring Servlet
@@ -31,42 +31,19 @@ configuration.advancedlogging.active=false
 
 ######################## Externe Services ############################################
 
-######## Online mandates webservice (MIS) ######## 
-service.onlinemandates.acceptedServerCertificates=
-service.onlinemandates.clientKeyStore=keys/....
-service.onlinemandates.clientKeyStorePassword=
+######## central E-ID System connector module ##########
+modules.eidproxyauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
+modules.eidproxyauth.keystore.password=password
+modules.eidproxyauth.metadata.sign.password=password
+modules.eidproxyauth.metadata.sign.alias=pvp_metadata 
+modules.eidproxyauth.request.sign.password=password
+modules.eidproxyauth.request.sign.alias=pvp_assertion  
+modules.eidproxyauth.response.encryption.password=password
+modules.eidproxyauth.response.encryption.alias=pvp_assertion  
 
-######## central eIDAS-node connector module ##########
-modules.eidascentralauth.keystore.path=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
-modules.eidascentralauth.keystore.password=password
-modules.eidascentralauth.metadata.sign.alias=pvp_metadata
-modules.eidascentralauth.metadata.sign.password=password
-modules.eidascentralauth.request.sign.alias=pvp_assertion 
-modules.eidascentralauth.request.sign.password=password
-modules.eidascentralauth.response.encryption.alias=pvp_assertion 
-modules.eidascentralauth.response.encryption.password=password 
-modules.eidascentralauth.node.trustprofileID=centralnode_metadata
-
-
-######################## Protokolle am IDP ############################################
-
-##Protocol configuration##
-#PVP2
-protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
-protocols.pvp2.idp.ks.kspassword=password
-protocols.pvp2.idp.ks.metadata.alias=pvp_metadata
-protocols.pvp2.idp.ks.metadata.keypassword=password
-protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
-protocols.pvp2.idp.ks.assertion.sign.keypassword=password
-protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
-protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
-protocols.pvp2.metadata.entitycategories.active=false
-
-#OpenID connect (OAuth)
-protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
-protocols.oauth20.jwt.ks.password=password
-protocols.oauth20.jwt.ks.key.name=oauth
-protocols.oauth20.jwt.ks.key.password=password
+modules.eidproxyauth.EID.trustprofileID=eid_metadata
+#modules.eidproxyauth.EID.entityId=https://eid.egiz.gv.at/idp/shibboleth
+#modules.eidproxyauth.EID.metadataUrl=
 
 
 ######################## Datenbankkonfiguration ############################################
@@ -157,63 +134,6 @@ advancedlogging.dbcp.validationQuery=select 1
 ##  The configuration of this modules is only needed if this modules are in use.  #
 ###################################################################################
 
-######## SL2.0 authentication module ######## 
-modules.sl20.vda.urls.qualeID.endpoint.default=https://www.handy-signatur.at/securitylayer2
-modules.sl20.vda.urls.qualeID.endpoint.1=https://hs-abnahme.a-trust.at/securitylayer2
-modules.sl20.vda.urls.qualeID.endpoint.2=https://test1.a-trust.at/securitylayer2
-modules.sl20.security.keystore.path=keys/sl20.jks
-modules.sl20.security.keystore.password=password
-modules.sl20.security.sign.alias=signing
-modules.sl20.security.sign.password=password
-modules.sl20.security.encryption.alias=encryption
-modules.sl20.security.encryption.password=password
-modules.sl20.vda.authblock.id=default
-modules.sl20.vda.authblock.transformation.id=SL20Authblock_v1.0,SL20Authblock_v1.0_SIC
-modules.sl20.security.eID.validation.disable=false
-modules.sl20.security.eID.signed.result.required=true
-modules.sl20.security.eID.encryption.enabled=true
-modules.sl20.security.eID.encryption.required=true
-
-######## user-restriction ##########
-configuration.restrictions.sp.entityIds=
-configuration.restrictions.sp.users.url=
-configuration.restrictions.sp.users.sector=
-
-####### Direkte Fremd-bPK Berechnung ######## 
-configuration.foreignsectors.pubkey.xxxxTargetxxx= xxx BASE64-Cert xxx
-
-######## eIDAS protocol configuration ########
-######## This is ONLY required, if MOA-ID operates as an eIDAS node!!! ########
-moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
-moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
-moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
-moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata
-moa.id.protocols.eIDAS.node.country=Austria
-moa.id.protocols.eIDAS.node.countrycode=AT
-moa.id.protocols.eIDAS.node.LoA=http://eidas.europa.eu/LoA/high
-
-######## HBV Mandate-Service client module ########
-modules.elga_mandate.nameID.target=urn:publicid:gv.at:cdid+GH
-modules.elga_mandate.service.metadata.trustprofileID=
-modules.elga_mandate.service.mandateprofiles=
-modules.elga_mandate.keystore.path=keys/moa_idp[password].p12
-modules.elga_mandate.keystore.password=password
-modules.elga_mandate.metadata.sign.alias=pvp_metadata
-modules.elga_mandate.metadata.sign.password=password
-modules.elga_mandate.request.sign.alias=pvp_assertion
-modules.elga_mandate.request.sign.password=password
-modules.elga_mandate.response.encryption.alias=pvp_assertion
-modules.elga_mandate.response.encryption.password=password
-
-######## SSO Interfederation client module ########
-modules.federatedAuth.keystore.path=keys/moa_idp[password].p12
-modules.federatedAuth.keystore.password=password
-modules.federatedAuth.metadata.sign.alias=pvp_metadata
-modules.federatedAuth.metadata.sign.password=password
-modules.federatedAuth.request.sign.alias=pvp_assertion
-modules.federatedAuth.request.sign.password=password
-modules.federatedAuth.response.encryption.alias=pvp_assertion
-modules.federatedAuth.response.encryption.password=password
 
 ######## Redis Settings, if Redis is used as a backend for session data.
 #        has to be enabled with the following parameter
@@ -221,42 +141,3 @@ modules.federatedAuth.response.encryption.password=password
 redis.use-pool=true
 redis.host-name=localhost
 redis.port=6379
-
-################SZR Client configuration####################################
-##  The SZR client is only required if MOA-ID-Auth should be 
-##  use as STORK <-> PVP Gateway. 
-########
-service.egovutil.szr.test=true
-service.egovutil.szr.test.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services-T/services/SZR
-service.egovutil.szr.prod.url=https://pvawp.bmi.gv.at/bmi.gv.at/soap/SZ2Services/services/SZR
-service.egovutil.szr.token.version=1.8
-service.egovutil.szr.token.participantid=
-service.egovutil.szr.token.gvoudomain=
-service.egovutil.szr.token.userid=
-service.egovutil.szr.token.cn=
-service.egovutil.szr.token.gvouid=
-service.egovutil.szr.token.ou=
-service.egovutil.szr.token.gvsecclass=
-service.egovutil.szr.token.gvfunction=
-service.egovutil.szr.token.gvgid=
-service.egovutil.szr.roles=
-service.egovutil.szr.ssl.keystore.file=
-service.egovutil.szr.ssl.keystore.password=
-service.egovutil.szr.ssl.keystore.type=
-service.egovutil.szr.ssl.truststore.file=
-service.egovutil.szr.ssl.truststore.password=
-service.egovutil.szr.ssl.truststore.type=
-service.egovutil.szr.ssl.trustall=false
-service.egovutil.szr.ssl.laxhostnameverification=false
-
-
-################ Encrypted foreign bPK generation ####################################
-##  This demo-extension enables encrypted bPK generation on MOA-ID-Auth side. 
-##  If you like to use this feature, the public key for encryption has to be added
-##  as X509 certificate in Base64 encoded from. The selection will be done on sector
-##  identifier, like 'wbpk+FN+195755b' for a private company (similar to ENC_BPK_LIST in   
-##  PVP Attribute Profie 2.1.2)    
-##  Additonal encryption keys can be added by add a ney configuration line, like
-##    configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG   (VKZ='BMI', Public Target='T1')    
-########
-#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw...
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 9dede486d..acfff8aef 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -68,6 +68,10 @@
           <cfg:Id>centralnode_metadata</cfg:Id>
 					<cfg:TrustAnchorsLocation>trustProfiles/centralnode_metadata</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
+        <cfg:TrustProfile>
+          <cfg:Id>eid_metadata</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>
 			</cfg:PathValidation>
 			<cfg:RevocationChecking>
 				<cfg:EnableChecking>true</cfg:EnableChecking>
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt
new file mode 100644
index 000000000..ef2a4df0c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/EID_metadata/TEST_metadata_eid.egiz.gv.at.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD
+ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD
+VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD
+VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5
+IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ
+bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE
+BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE
+AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH
+mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR
+yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI
+Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL
+STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI
+6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD
+VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB
+TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI
+KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG
+AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ
+S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56
+QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ
+KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb
+gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W
+ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=
+-----END CERTIFICATE----- 
\ No newline at end of file
-- 
cgit v1.2.3