ID-4500: Legge HSM serial-number i HSM og oppdatert prod konfig

docker/dev.Dockerfile

@@ -35,7 +35,7 @@ COPY docker/proxy/logback.xml eidasnode-pub/EIDAS-Node-Proxy/src/main/resources/
 COPY docker/luna/hsm.cfg eidasnode-pub/EIDAS-Node-Proxy/src/main/webapp/WEB-INF/
 
 #signature whiteliste use our list to package eu.eidas.auth.engine.configuration.dom
-COPY docker/proxy/KeyStoreSignatureConfigurator.java eidasnode-pub/EIDAS-Node-Proxy/src/main/java/eu/eidas/auth/engine/configuration/dom/KeyStoreSignatureConfigurator.java
+#COPY docker/proxy/KeyStoreSignatureConfigurator.java eidasnode-pub/EIDAS-Node-Proxy/src/main/java/eu/eidas/auth/engine/configuration/dom/KeyStoreSignatureConfigurator.java
 
 # Build eidas proxy service
 RUN cd eidasnode-pub && mvn clean install --file EIDAS-Parent/pom.xml -P NodeOnly -P-specificCommunicationJcacheIgnite -DskipTests

docker/proxy/profiles/prod/SignModule_Service_HSM_P12.xml

@@ -22,15 +22,15 @@
 <properties>
 	<comment>HSM with a software trust store.</comment>
 
-	<!-- Signature with RSA -->
-	<entry key="signature.algorithm">http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1</entry>
-	<entry key="metadata.signature.algorithm">http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1</entry>
+	<entry key="signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512</entry>
+	<entry key="metadata.signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512</entry>
 
-	<entry key="issuer">TODO</entry>
-	<entry key="serialNumber">TODO</entry>
+	<entry key="issuer">CN=eIdas-node,OU=ID-porten,O=Digitaliseringsdirektoratet,C=NO</entry>
+	<entry key="serialNumber">HSM_CERTIFICATE_SERIAL_NUMBER_HEX</entry>
+
+	<entry key="metadata.issuer">CN=eIdas-node,OU=ID-porten,O=Digitaliseringsdirektoratet,C=NO</entry>
+	<entry key="metadata.serialNumber">HSM_CERTIFICATE_SERIAL_NUMBER_HEX</entry>
 
-	<entry key="metadata.issuer">TODO</entry>
-	<entry key="metadata.serialNumber">TODO</entry>
 
 	<!-- Truststore with other countries certificates-->
 	<entry key="1.keyStorePath">./keystore/otherCountriesEidasKeyStore.p12</entry>
@@ -40,8 +40,10 @@
 
 	<!-- Configuration for response assertion signature with RSA and Metadata-signing -->
 	<entry key="2.keyStoreType">PKCS11</entry>
+	<entry key="2.keyStoreProvider">SunPKCS11-Luna</entry>
 	<entry key="2.keyStorePassword">KEYSTORE_PASSWORD</entry> <!--HSM PIN-->
 	<entry key="2.keyAlias">HSM_ALIAS</entry>
 
 
+
 </properties>

docker/proxy/profiles/test/SignModule_Service_HSM_P12.xml

@@ -43,10 +43,10 @@
 -->
 
 	<entry key="issuer">CN=eIdas-test,OU=ID-porten,O=Digitaliseringsdirektoratet,L=Leikanger</entry>
-	<entry key="serialNumber">08</entry>
+	<entry key="serialNumber">HSM_CERTIFICATE_SERIAL_NUMBER_HEX</entry>
 
 	<entry key="metadata.issuer">CN=eIdas-test,OU=ID-porten,O=Digitaliseringsdirektoratet,L=Leikanger</entry>
-	<entry key="metadata.serialNumber">08</entry>
+	<entry key="metadata.serialNumber">HSM_CERTIFICATE_SERIAL_NUMBER_HEX</entry>
 
 
 	<!-- Truststore with other countries certificates-->

docker/updateKeyStoreConfig.sh

@@ -14,13 +14,15 @@ if [ -f "$SIGNMODULE_SERVICE_FILE" ]; then
     sed 's/\SunPKCS11.*/SunPKCS11/g' /opt/java/openjdk/conf/security/java_bc.security > /opt/java/openjdk/conf/security/java_bc.security
 fi
 
-# HSM
+# -------- HSM -----------
 # KEYSTORE_PASSWORD==HSM Password/pin
 # HSM_ALIAS==alias/label in HSM
+# HSM_CERTIFICATE_SERIAL_NUMBER_HEX==Serial number of certificate in HSM in hex format
 SIGNMODULE_SERVICE_FILE_HSM=/etc/config/eidas-proxy/SignModule_Service_HSM_P12.xml
 if [ -f "$SIGNMODULE_SERVICE_FILE_HSM" ]; then
     echo "Update keystore-config in $SIGNMODULE_SERVICE_FILE_HSM" && printenv | grep HSM_ALIAS
     sed -i "s/TRUSTSTORE_PASSWORD/$TRUSTSTORE_PASSWORD/g" $SIGNMODULE_SERVICE_FILE_HSM
     sed -i "s/KEYSTORE_PASSWORD/$KEYSTORE_PASSWORD/g" $SIGNMODULE_SERVICE_FILE_HSM
     sed -i "s/HSM_ALIAS/$HSM_ALIAS/g" $SIGNMODULE_SERVICE_FILE_HSM
+    sed -i "s/HSM_CERTIFICATE_SERIAL_NUMBER_HEX/$HSM_CERTIFICATE_SERIAL_NUMBER_HEX/g" $SIGNMODULE_SERVICE_FILE_HSM
 fi