# Optional
logging:
  level:
    root: WARN
    org.springframework: WARN
    at.gv: INFO #DEBUG
    iaik: INFO #DEBUG
    at.gv.egiz.moazs.backend:
      SignatureVerifier: DEBUG
      LogResponseSink: INFO

    at.gv.egiz.moazs.backend.SaveResponseToFileSink: TRACE
    at.gv.egiz.moazs.SaveResponseToFileSinkTest: TRACE

# Mandatory
# Default type for java's ssl key/trust store. When in doubt, set to
# jks.
javax.net.ssl:
  keyStoreType: jks
  trustStoreType: jks

# Mandatory
# Defines configuration profiles. Each profile contains all parameters
# that are interpreted by moa-zs to determine how a delivery request
# should be processed. Configure parameters here and/or in
# DeliveryRequest/Config. You can select a profile per delivery
# request by referring to the profile id in
# DeliveryRequest/Config/ProfileId. If a parameter is missing, moa-zs
# falls back to "default" You can override parameters in profiles.
# Parameter have the following (descending) priority:
#   DeliveryRequest/Config > [chosen-profile] > default
delivery-request-configuration-profiles:

  # Mandatory
  # The "default" profile. Will be chosen if
  # DeliveryRequest/Config/ProfileId is missing.
  default:

    # Optional
    # Specifies in seconds, how long the mzs service maximally waits
    # for a delivery request to complete. If the timeout is reached,
    # the service will reply with "PartialSuccess" and handle
    # responses asynchronously. A missing service-timeout means that the
    # service waits indefinitely. See also: msg-response-sinks, which
    # allows you to configure, how moa-zs handles asynchronous
    # responses.
    service-timeout: 60

    # Mandatory
    # If true, moa-zs asks the tnvz service if the receiver is
    # addressable. Requires setting up the tvnz-client.
    perform-query-person-request: false

    # TODO: Move tnvz-client into perform-query-person-request to make relationship clearer (also
    # TODO: add active)
    # Mandatory (if perform-query-person-request is true)
    # Parameters for the connection to tvnz. Specify url,
    # connection-timeout, receive-timeout and ssl here. See msg-client
    # for an exhaustive description of all parameters.
    tvnz-client:

      # Mandatory
      url: http://localhost:8082/tnvz/

      # Optional
      # ssl: ...
      # connection-timeout: ...
      # receive-timeout: ...

    # Mandatory
    # Parameters for the connection to msg.
    msg-client:

      # Mandatory
      url: http://localhost:8081/services/DeliveryRequest

      # Mandatory
      # Time in ms after which a connection will be closed. 0 means
      # indefinitely.
      connection-timeout: 0

      # Mandatory
      # Time in ms that the client waits after having sent the
      # request. 0 means indefinitely.
      receive-timeout: 0

    # Mandatory
    # Specifies how moa-zs should process asynchronous responses from msg.
    msg-response-sinks:

      # Mandatory
      # Save response on the file system under the folder "path".
      save-response-to-file:
        # Mandatory
        active: false
        # Mandatory if activated
        path: /msg-responses/

      # Mandatory
      # Log response to the at.gv.egiz.moazs.backend.LogResponseSink Logger.
      log-response: true

      # Mandatory
      # Forward the response to mzs service.
      forward-response-to-service:
        # Mandatory
        active: false
        # Mandatory if activated
        mzs-client:
          url: http://service.which.implements.mzs2app.wsdl/services/
          # connection-timeout
          # receive-timeout
          # ssl...

  # Optional
  # Add your own profiles (at wish) here. Follow the same structure as the "default" profile.
  # Override parameters at wish.

  # Example
  # "ssl-profile" is an example for a profile that overrides msg client parameters
  # to protect the msg connection with ssl client authentication.
  ssl-profile:
    msg-client:
      url: https://localhost/zusemsg/services/DeliveryRequest
      ssl:
        ## Boolean; if true, app will trust all server certificates;
        ## if false, server certificate needs to be in the truststore.
        trust-all: false
        ## Boolean; if true, app ignores mismatches between server's host name and
        ## Certificate's common name / alternative subject name.
        lax-hostname-verification: false
        ## Parameters for ssl client auth
        keystore:
          ## Path to file
          filename: ssl/client.cert.key.p12
          ## Password to unlock key store.
          password: 123456
          ## JKS or PKCS12
          type: PKCS12

# Optional
# If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration
# profile and continues startup. See 'delivery-request-configuration-profiles'.
# Default value: true
verify-completeness-of-default-delivery-request-configuration: true

# Mandatory
# Moa Spss Configuration
moa.spss:

  # Mandatory
  is-active: true

  # Mandatory
  # If active, moa spss validates manifests in xml signatures.
  is-manifest-check-active: false

  # Mandatory
  server:

    # Mandatory
    # Path that points to MoaSPSSConfiguration file; can be:
    # - absolute path (unix: starts with /), or
    # - relative path (otherwise, relative to application's class path)
    configuration: moa-spss/MOASPSSConfiguration.xml

    # Mandatory
    # Select, which trust-profile moa spss uses to verify a signature.
    default-trustprofile: test-trustprofile

spring:
  # Redis Setup (Cluster Mode)
  redis:
    host: 172.17.0.2
    port: 6379
  main.allow-bean-definition-overriding: true

# Mandatory
repository:

  # Mandatory
  # Duration in minutes before repository records are evicted.
  expiresAfterWrite: 30

# Optional
# activate cluster mode
#  profiles.active: cluster