# Optional
#server:
#port: 8080
# Optional
logging:
level:
root: WARN
# Spring Framework related messages
org.springframework: WARN
# Packages from EGIZ
at.gv: INFO
# MOA SPSS
at.gv.egovernment.moa.spss: WARN
at.gv.egovernment.moaspss: WARN
# EAAF COMPONENTS
at.gv.egiz.eid: WARN
# MOA ZS
at.gv.egiz.moazs: INFO
at.gv.egiz.moazs.backend.SignatureVerifier: INFO
at.gv.egiz.moazs.backend.LogResponseSink: INFO
# IAIK Crypto Libs
iaik: WARN
# Log incoming / outgoing messages on services and clients.
# (Incoming and outgoing messages are logged to INFO).
#org.apache.cxf.services : INFO
# Fine tune logging of messages per service / client:
# Format: ..
# Examples:
#org.apache.cxf.services.app2mzsPortType.REQ_IN : INFO
#org.apache.cxf.services.app2mzsPortType.RESP_OUT : INFO
#org.apache.cxf.services.App2ZusePort.REQ_OUT : INFO
#org.apache.cxf.services.App2ZusePort.RESP_IN: INFO
# More information: https://codenotfound.com/apache-cxf-logging-soap-request-response-fault-messages-example.html
# Mandatory
# Default type for java's ssl key/trust store. When in doubt, set to
# jks.
javax.net.ssl:
keyStoreType: jks
trustStoreType: jks
# Mandatory
# Defines configuration profiles. Each profile contains all parameters
# that are interpreted by MOA ZS to determine how a delivery request
# should be processed. Configure parameters here and/or in
# DeliveryRequest/Config. You can select a profile per delivery
# request by referring to the profile id in
# DeliveryRequest/Config/ProfileId. If a parameter is missing, MOA ZS
# falls back to "default" You can override parameters in profiles.
# Parameter have the following (descending) priority:
# DeliveryRequest/Config > [profile referred by DeliveryRequest/Config/ProfileID] > default profile
delivery-request-configuration-profiles:
# ProfileID. Mandatory
# The "default" profile. Will be chosen if
# DeliveryRequest/Config/ProfileId is missing.
default:
# Optional
# Specifies in seconds, how long the mzs service maximally waits
# for a delivery request to complete. If the timeout is reached,
# the service will reply with "PartialSuccess" and handle
# responses asynchronously. A missing service-timeout means that the
# service waits indefinitely. See also: msg-response-sinks, which
# allows you to configure, how MOA ZS handles asynchronous
# responses.
service-timeout: 60
# Mandatory
# If true, MOA ZS asks the tnvz service if the receiver is
# addressable. Requires setting up the tnvz-client.
perform-query-person-request: false
# Mandatory (if perform-query-person-request is true)
# Parameters for the connection to tnvz. Specify url,
# connection-timeout, receive-timeout and ssl here. See msg-client
# for an exhaustive description of all parameters.
tnvz-client:
# Mandatory
url: http://localhost:8082/tnvz/
connection-timeout: 0
receive-timeout: 0
# Optional
#ssl: ...
#custom-http-headers:
# X-PVP-NAME-1: VALUE-X
# X-PVP-NAME-2: VALUE-Y
# ...
# Mandatory
# Parameters for the connection to msg.
msg-client:
# Mandatory
url: http://localhost:8081/services/DeliveryRequest
# Mandatory
# Time in ms after which a connection will be closed. 0 means
# indefinitely.
connection-timeout: 0
# Mandatory
# Time in ms that the client waits after having sent the
# request. 0 means indefinitely.
receive-timeout: 0
# Mandatory
# Specifies how MOA ZS should process asynchronous responses from msg.
msg-response-sinks:
# Mandatory
# Save response on the file system under the folder "path".
save-response-to-file:
# Mandatory
active: false
# Mandatory if activated
path: /msg-responses/
# Mandatory
# Log response to the at.gv.egiz.moazs.backend.LogResponseSink Logger, level INFO
log-response: true
# Mandatory
# Forward the response to mzs service.
forward-response-to-service:
# Mandatory
active: false
# Mandatory if activated
app-client:
url: http://localhost:2526/
connection-timeout: 30000
receive-timeout: 30000
# ssl...
# Optional
# Add your own profiles (at wish) here. Follow the same structure as the "default" profile.
# Override parameters at wish.
# Example
# "ssl-profile" is an example for a profile that overrides msg client parameters
# to protect the msg connection with ssl client authentication.
ssl-profile:
msg-client:
url: https://localhost/zusemsg/services/DeliveryRequest
ssl:
## Boolean; if true, app will trust all server certificates;
## if false, server certificate needs to be in the truststore.
trust-all: false
## Boolean; if true, app ignores mismatches between server's host name and
## Certificate's common name / alternative subject name.
lax-hostname-verification: false
## Parameters for ssl client auth
keystore:
## Path to file
filename: config/ssl/client.cert.key.p12
## Password to unlock key store.
password: 123456
## JKS or PKCS12
filetype: PKCS12
# Optional
# If set to false, MOA ZS ignores an incomplete default DeliveryRequest-configuration
# profile and continues startup. See 'delivery-request-configuration-profiles'.
# Default value: true
verify-completeness-of-default-delivery-request-configuration: true
# Mandatory
# Moa SP-SS Configuration
moa.spss:
# Mandatory
# If active, Moa ZS verifies signed incoming messages with MOA SP-SS.
is-active: false
# Mandatory
# If active, MOA SP-SS validates manifests in XML signatures.
is-manifest-check-active: false
# Mandatory
server:
# Mandatory
# Path that points to MoaSPSSConfiguration file; can be:
# - absolute path (unix: starts with /), or
# - relative path (relative to application's class path
# OR the applications working directory, but not relative to
# application.yaml!)
configuration: config/moa-spss/MOASPSSConfiguration.xml
# Mandatory
# Select, which trust-profile MOA SP-SS uses to verify a signature.
default-trustprofile: test-trustprofile
# Needed For Overriding Beans In Testing
spring.main.allow-bean-definition-overriding: true
# Mandatory
repository:
# Mandatory
# Duration in minutes before repository records are evicted.
expiresAfterWrite: 30
# Redis Setup (Cluster Mode)
# Note: Cluster Mode is not operational in the current release.
spring:
redis:
host: 172.17.0.2
port: 6379
# Optional
# activate cluster mode
# profiles.active: cluster