From e2f727d6b7e09af1df6b4abf5e1a84ab8a5c6c1c Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@sunet.se>
Date: Fri, 11 Oct 2024 11:25:08 +0200
Subject: [PATCH] added navet service

---
 eduid-navet-service/etc/kommun-a.p12          | Bin 0 -> 4611 bytes
 .../etc/navet-service.properties              |  29 +++++++
 eduid-navet-service/etc/start.sh              |  79 ++++++++++++++++++
 eduid-navet-service/etc/truststore.jks        | Bin 0 -> 4986 bytes
 eduid/compose.yml                             |  15 ++++
 5 files changed, 123 insertions(+)
 create mode 100644 eduid-navet-service/etc/kommun-a.p12
 create mode 100644 eduid-navet-service/etc/navet-service.properties
 create mode 100755 eduid-navet-service/etc/start.sh
 create mode 100644 eduid-navet-service/etc/truststore.jks

diff --git a/eduid-navet-service/etc/kommun-a.p12 b/eduid-navet-service/etc/kommun-a.p12
new file mode 100644
index 0000000000000000000000000000000000000000..2bc4d2e7dbb48f0db5bf2df7c4e0db41c8f3a08f
GIT binary patch
literal 4611
zcmZvgWl$7=xAs|Bc1h_)Lb}VPyCkGm5DAfPq#IFsfu*EV0clu35D}J?&ZQ-n20^+T
zgzKGo-~T)B+<RuuoSENq&hzp4aG+si57+=4Xc$=w2%jfXE%K5W00!iRk$nY*ks<%#
zVrUrd`~OeEbpnRr+W*7W|Jocx_<yd52msi5VYn>+AOn;OMDTy{KXY0jWgh^z`FlG9
z>k1sVDq0HAtaw%(fsG9w1BL;QNKzXP$+*K8q{Y3}c&8Y`HT+F0%jNOZj7XeAiI4Zx
zl^6{>f0R+{3(196J@h^)JaChVPkJABU9mxz4vQ!jo_J)5$}HE`qdPndM4lZu3GO8Y
zK&a{O4aw3{yJE<X=_@qduw{8?yEs2oPh1tB1PUfNKAiv^4zu1Ybd09HOSU1#zZngw
zU8JupE@sugqJW2m%3_Msl{2nFFoiK^4<Gwp+E>xOv~6<I#gf&g5;+>9Spu^sIQi|g
z%7}eicn4$ttPVQ+IXkwj<se>6d4tcoy1B&9X<yx2CslDsQc$7z_b=J???6q1DQYiK
z-t?TYlFqg(ZXkIrB}D521T(5Z%T|=_`J3Zq85^IBU1AfHJ0TkvzmV;?)@Q5UbJu=X
zBy`;WjrOF{UiM5n`pgi2?mVj_F)JQOHy1k9Nr9qpUD2UX+9W$$zJMdVmAU7KG?pxH
zLf<?HXR_y&08`swx8sdVk$4+yHg%lDfEQpKK3W^HY^5M*l*XwEQ%|C;?+foSuUcRE
zy&r8;pH6sg(4n7{)RiF!w2=L6bf}EZ^mg*-Zz*4L@3M$Cl#QoJ-Y>J5SJkdOJ92MZ
z?ug*qy(HPWinnh%Vrw`|ABoTo;(y9AsSKXCMxu1wuMkj7bIVetsFuat>~rsCFe*ZS
zxjSXOVHpo6NIX?U$X1vp!Ip8j{Q4yJ(L`HM@AAz+1r;TpXw21;sZAu=2DMPs>O;OA
zpeFG{#W#Iy)*oha(qWA$uPzw%qqHXGb$a5b?|+I_l8N25bLdIC5Sm@*HT6Gfs6HKJ
z3Bdnl6vz9;;ONH0ZJuXE4=RbG_3qxX1Do+z4n{(9CqL#+-^(UQw65LjS)Rzh^w+v1
zgn%`&*|+Pw#23DtezTX$75E%@SrM6+^_P~F#fKjs_Qbnjx*&a3JkHd7w_LVO9qq8=
zi8=(MTp>UTPl2Rj!0I<OQEK>LkQ}DXZ&bX}Tl-Kq>4&>etBL;`<U?Lk>U#{BfT*il
zK!&7vC4#FqKHzgSoF@M6L@WagyhRmf_#Ck%<dH~hGJC{}J&)PsQ%4EvToG9F85x`R
zyhmvLz1Bcz_YaP-^BbZAhnr%9Su}KQwb$HFZFhZ>4QS?C=HJyMK)&E^)=xY-9U;;g
zkrk$*eS9`s>yz2R)SHcHQ-(KxZlU(|V}4{fqWHw197Zn=J}p`5`D)=5(_8g}J+iJ@
zTFGK^uS-OwfHjj~d0Z8N)zQA>sJidK@4A)PdZ?j^6X7K6!q`q*E#Ue0GuQUsI3OpX
zlipGMw@r#U-h3XA5TX6P3bZrttu)(Z6_MnwqCKXl+IVlYaBsS3IYt%uW%6Ne_q9~a
zh{XMr0&U^zqMEm`+I;YwzRW6%LQ1s?BU~Tkl7%~S!KvHLh(_Nq6-cMUv&cAS>*(h0
znsV`Wzv*MnA-0z#)SHhZWUK6M(~G<2{PUx<I1w)Xj?np^v2>F0kj)T0JsUX<C(*Zm
z-xfTlCWAUk8n|asU91?x2t=FT$BWLtQma%8SZ>iPF7KKdnX-QkZ*QMi;j<uO=<D7V
z2IKL6;hSpX3zB)JQtw?N)_u2l2(lZEOy3cnZ^-PP#&J+XdcSz)XeTnEtKH`*?6TUV
zLW->`UbWof6OWs8JbxuK=ccTIakf}#xfO;t>ste4t7Xdtd7u>kNmP6)K@boK_*efs
z3?pLw&n_607e+)04I?7O24MXg`2SA<{Ljdh;;8DoO5Br2V=-p(4=_u|?Hd&TcjShI
z5su0FpR+b2JVhZ}LwCW&UTQSNCsH{NZmH-YUrA+x%I<pEv-X|x9e#4F?Ph^~FvS>$
z6{@lK<FNNvIH6NnO`2$93c10Tgy7)z2)yeponw14Tjeg5xF5q$*#=TpbqzLbvL6_J
zmdq2LtF^hLS0!PhS~{!MM-i(2>F(M<*T=k>sgo~*TIqeGo+byKAg8WS)@j%A%~ib>
z>m&`3Aiw0at?p;u4MaWz%%LjAEw5sSP2bf^UGy9AA&_dc`Pe!9?|yOe%J9R&Z68Ye
z(<EXh(>PPeMGnP`Ja9wIJ1zZ^oAQM*SHCH6+H2Q=$zAswrGs2_$DBkfXlAqvN|m07
z(-*q1q<3UycEIYNC~NI+h-LgHQ}9b-c+VPTG}n~2ncTbJ?DJ()t3v)LShZ5$(RJht
zNbGd)?R%dC;w^vWqI10;g9iR67Oau^l}=BOv2BqLhmCA?A!FvZbl2%zBiqq0BHH|*
zLJnogf)O}dyZh7}b7N|G0r2Ole;T&|>NJB-7YS05#>&=Qq;c)oAI=WERd7U}JhOAC
zEQkvB@|xhWVpr&aQuLlC_Yao5e0m5Q_c>&bmX<^X9DIvQi;W2DVc~}Q?sojK1>o#-
zDas;jwss659=wlZLO%P26qFKMQnATj|MpUl5%#z>h@BG}i&(iu6k+Jk?Yc@ZBoYxH
z(y5pkG#4t0T@5=c&g!-sTVn?jFNZKP1^DZTWPVp)*_?En*vguMr>Q>va-$m<8^b4~
zF4um+`0}CTpp*Kz03{okJ8ahRb?Linc?50)&9{r`SY76L__nK;>0(xGczkP3kfFQo
zbhM&8@;86zAH`g#JqdZh6(4hS@+!_4)2&`uA%~_|_`3W8S(JB0-YWz5&e>_;8&ySJ
znZKzCp>qWwjpo^zQ`%TmdN=WzdsWD)D$|>r4WXwrcc+J0Z_roZhM?;*L>%!cjDD_2
zQic?Xf1yGeXAjmRsoc#rz-@`KzE)*B3O2gqDzZ1|YnNZUly~IqJu%dy5>4O79TyJ=
z**go7EKbvC$DO`3=9UP?G)Q@W{pEG2cyc7yihh;#Rwu{NTy`fPk7=+e`zW$F++J9i
zBAfvk9g9ZJZ+^u!@T_}F%PCWsM}KFCaQ}N=SJyy9(*)_72<MaPRXi*))vgP3$m4f8
zZ?}nO;waR3oSW{kJ@2~8<qBG5NyfO|OIQp~(<Fk7QsQ)^9sio&cVF^q3B?hrpfg7W
z6xD_A)Ep3#RNc-YFuq=(sp~trb?$m~#|59aajp`6vY4M8QWWp%s_5?w7#6mKS6068
ztrYHzI4uk{=~DZmnumE*SDfl3)jrT3^c3%ZSh}0f3dQ-JBlGaL(xn0JE9K8i-5fF|
z$TW3coM(|(zDdxDH{`l8!;5b#f4cr>3NjMu+kbrQkEPKUB=<KUT*XSK%)WTb9&i{$
z(WsI^i+}}|3Ht43PjZM<X@u{{JjE(f7M5K%9EG#f3uz2hhSqzQN^KX3$Zk<rG9`5U
zncf=)K5tVf^&rdG%^EKSdqT{$yKKsezJz^4b+T8mF=+1Aok~&~Saxh)7HD5Y9hWd2
zkvTgpoX`PSvZa1*XqvHD_G~SF0xPR*rCs^BQmuj*8l|V`jGfltjNHDly^Jy&BZs+_
zOOaS4kh>Tb20~+<Gc=16<A=@I;&iZ16C3nl{G&cnfgX13md`6*U{b!Qb$>RcFx~^A
ze4$bl(9Si^o08}iI%m#9QpSm>m5$Z+w`+2PwDd7l9F??{l2ht`;>VQ?T^6AyK7GfI
z`>Q1L?ZhX`e&tWVYBx8hl({w&Co8tkDfhSX-%k$Or7iU_#7fGIV9FE*u_U4<zbG@p
zA#E1ij+rHcNS6&qeWl##^J#p#T3HRkX8}#rtfM9%*G%8(bkw+!f&J2uA&92QBF^<h
zK#cQVwigXp5-GX%C)n7T0iEG)adZBOD#x&<&xw3i_z8L~4*&g!z+3Lq!tXCT!~1%C
zia0CyzR2Avc*uKN?7EC=o>#){V$ffL&ig%`0@5v*nk=4PI~zOXAvOy`W~sNmlyyKA
zotP54GATBOSlN!Co~ao%B-(;(d>+`{@U0RS(r0d!Q^(X#4D-GkT*D$imW;|RX4;vP
zTpSusZwOWh<>_!sI1|@HJ%N1Gmv#VmNG6Nomw(EDDr=Y43_eFEaJ-NzWK=lTpy3<G
zf{QvPwLZ&4Za=W}hZ1Ndo0z}(3=r=#k7n~H0>@5r?lrU65?pAmeoAYvxR=c#tq<=e
z3HrgIeK8qsQGi!KFX}lIJ86SSp~Ns&lBXkWPws@f+1Vh*oU?Ia1N|yj>Qx$vakrQJ
zzj%TtN4_i02s^CTrKp7Fz3s^}zrM3bl9WZO>CH?o>0yg94f(zDCZpKpYF-5Suagow
z_8661>bI>8c=(XYZI#XB)~f^zzqKgg`J-Ope#<40+1{#taaf9V_>>~bf~RB6MZ^fG
zd0HiK815u4Eu7hB72WW8`7~uUMfgTcg{OufqIMY()argjz%97}<lu*yerFWEJPD|7
zqQ$!`b?v)<5|m&+8qE?5z<SZu*iIP>(FJ759h5LnLR(VBz}`pINucHRKd63-%*mkB
zAc`oXip_FJqF-dT-49HcTXfS<RKn7)*IK)#98go5J8{CbXSMYwO@VRX*(oV!z8Al=
zo2IxgNF-DTxZpX-jcpwTuF7gYgRR}xz}RMcOU9f2h-{z?LM3(muzJ5vn>6v&IK2-=
zFx|dl+c`94j@P+*{+Z}>ds(JbGbBMPbKnD5T*Rub7nywT+<ib|Jk68SM(4W1oLE47
zGx*|crK>^>-u&ItTzcxl#;r^$|NAf2f&TddZ==#OyLcE@VAh9)P27`4&G17`fnG8H
zEMvs-2kzH4$_$hE>3s^;@sBkG+k9S95otakv)#xcC?zq4j*t2M%XhwOZi&QaY@5Wm
zi`R)6!y=_mSO>plY>XwF5?uL6J^tC2$)ZuPLo&6;%V<}{`*F!HmS6fQm5Z~e&pNlU
z2Zu<wgjE$8Ccz24g7y$Vm#nOZX(;rPT&vhl9-CfJJJM*7YxYn(j46AGRkSFkjZc=Y
zsWZJFjrbCN`R4EJbs_Vf4MMM^AN2FJC)*jm2Kj<c`4f~wcE?&?`XIL%lL^k$)<U)r
zSLz*(2OrF*!W4Tma3xf&GHTi!&_~KDGMrmU`Yuuq*(CDa!$G;GA8P@a(z<G0mqn^q
zPw^F38kc=db9Ln)EyF?82Kb2S&Oh3VUnv|`qHS=sO+CU2lWG3@!|C(-#*>)U3cyI=
zAN!q73PH+&tElH?H$`kA8*(Boo>V*7OHqLgLYXFJ#k2gaW~C#d)E8%)O@Wc4LTfo@
z7%Z0@7oQML{gjDIkXCBu8?O<jTi^H228}EeYZemKE}Q|{k9L`5O&KiPG=uX$INX19
z15{hv#(qN0^z0tz)7d<IDI3qot`njbXnm0iUN)Uc4oSKDz2yljP$0s7=ejM@s)2VI
zl~sg4aJMRW5ZF@2mcNQDRdlF@YU<{7<rRd-Vk+R8zp#bF&Ybg)3~%2qq)ODGdHa)T
z3)pRJf%}<bO)f6`{6j{*>YOjINO4CfK6trHXO1^WhuV<Pps?v4oFo1G>BS!v2@cKl
zUJ9vYy~@?~O4mP5E^=>UeSDcc{lj?jyUpS88^MANAN5fk(1afgaofF_d;3n%ESlOH
z`6SIw;mT;{Q%VwRutUKHJyAz%@O1DXRjsUFjFo6tsS3#CD;w1wqNID07-!gXoPtR2
zh4W+tKC5mY`y#JDbLpP;I-Fp0XB)k;rx3EYbBg=*cieO2j-wy@<L~gN)@6}fj@h>w
z(A(m5h{Z3uFg4!nVA>(Q(~uGT+4W(MDlW-4k>osf8NR*{j=VA#hWpdP(yW8Ejq=(P
zZq8u=Km8i`Mc)JEA90)J0myp%<)e|c;@Qc&4KIh+Y3?h_({Y6HlSs;E3FKA?j*Lc_
zK7Jt~`C9?f{Y<D7lo1LB;qpGh!T$GcVc%>%N8)w``l*kEyk<3FB+PAJ1X9M{SlPKY
Wlc}`!F3-Vz4hX*jyPjbK0RIJI_sSvw

literal 0
HcmV?d00001

diff --git a/eduid-navet-service/etc/navet-service.properties b/eduid-navet-service/etc/navet-service.properties
new file mode 100644
index 0000000..2b7bb31
--- /dev/null
+++ b/eduid-navet-service/etc/navet-service.properties
@@ -0,0 +1,29 @@
+# Basic configuration
+host = 0.0.0.0
+port = 8080
+
+# Organisation configuration
+organisationNumber = 162021004748
+orderIdentity = 00000079-FO01-0001
+
+# Servlet configuration
+apiRootPath = /*
+apiPackagesPath = se.sunet.navet.service.api
+
+# Jetty SSL configuration
+https = false
+jettyKeyStorePath = /path/to/keystore.jks
+jettyKeyStorePassword = secret
+jettyKeyManagerPassword = secret
+
+# navetclient services and SSL configuration
+wsBaseEndpoint = https://www2.test.skatteverket.se/na/na_epersondata/V4
+navetKeyStorePath = /opt/eduid/eduid-navet-service/run/kommun-a.p12
+navetKeyStorePassword = 4611510421732432
+navetTrustStorePath = /opt/eduid/eduid-navet-service/run/truststore.jks
+navetTrustStorePassword = abc123
+
+# BasicAuth configuration
+basicAuth = false
+hashLoginServiceRealm = localhost
+hashLoginServiceProperties = /path/to/realm.properties
diff --git a/eduid-navet-service/etc/start.sh b/eduid-navet-service/etc/start.sh
new file mode 100755
index 0000000..063b412
--- /dev/null
+++ b/eduid-navet-service/etc/start.sh
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+set -e
+set -x
+
+# These could be set from Puppet if multiple instances are deployed
+eduid_name=${eduid_name-'eduid-navet-service'}
+base_dir=${base_dir-"/opt/eduid/${eduid_name}"}
+# These *can* be set from Puppet, but are less expected to...
+navet_keystore_name=${navet_keystore_name-'eduid.se'}
+navet_etcdir=${navet_etcdir-"${base_dir}/etc"}
+navet_state_dir=${navet_state_dir-"${base_dir}/run"}
+navet_cert_file=${navet_cert_file-"${navet_etcdir}/navet.crt"}
+navet_key_file=${navet_key_file-"${navet_etcdir}/navet.key"}
+navet_keystore_file=${navet_keystore_file-"${navet_state_dir}/navet_keystore.p12"}
+navet_ca_cert_file=${navet_ca_cert_file-"${navet_etcdir}/Steria-AB-EID-CA-v2.cer"}
+navet_intermediate_cert_file1=${navet_intermediate_cert_file1-"${navet_etcdir}/VeriSign.cer"}
+navet_intermediate_cert_file2=${navet_intermediate_cert_file2-"${navet_etcdir}/Symantec.cer"}
+navet_truststore_file=${navet_truststore_file-"${navet_state_dir}/navet_truststore.jks"}
+
+navet_properties=${navet_properties-"${navet_etcdir}/navet-service.properties"}
+navet_jar_file=${navet_jar_file-'/opt/eduid/eduid-navet-service-0.1-SNAPSHOT.jar'}
+
+# Variables mm_truststore_file and mm_keystore_file are required when generating truststore and keystore
+
+useradd eduid
+chown -R eduid: "${navet_state_dir}"
+
+ls -l "${navet_etcdir}"
+
+if [ ! -s "${navet_truststore_file}" ]; then
+    echo "$0: Creating Java truststore file ${navet_truststore_file}"
+
+    if [ "x${navet_truststore_pw}" = "x" ]; then
+        echo "$0: ERROR: navet_truststore_pw not set."
+        exit 1
+    fi
+
+    ls -l "${navet_ca_cert_file}"
+    (umask 077; keytool -import -trustcacerts -alias root \
+    -file "${navet_ca_cert_file}" -keystore "${navet_truststore_file}" \
+    -deststorepass "${navet_truststore_pw}" -noprompt)
+
+    ls -l "${navet_intermediate_cert_file1}"
+    (umask 077; keytool -import -trustcacerts -alias inter1 \
+    -file "${navet_intermediate_cert_file1}" -keystore "${navet_truststore_file}" \
+    -deststorepass "${navet_truststore_pw}" -noprompt)
+
+    ls -l "${navet_intermediate_cert_file2}"
+    (umask 077; keytool -import -trustcacerts -alias inter2 \
+    -file "${navet_intermediate_cert_file2}" -keystore "${navet_truststore_file}" \
+    -deststorepass "${navet_truststore_pw}" -noprompt)
+fi
+
+if [ ! -s "${navet_keystore_file}" ]; then
+    echo "$0: Creating Java keystore file (p12) ${navet_keystore_file}"
+
+    if [ "x${navet_keystore_pw}" = "x" ]; then
+        echo "$0: ERROR: mm_keystore_pw not set."
+        exit 1
+    fi
+
+    ls -l "${navet_key_file}" "${navet_cert_file}"
+    (umask 077; openssl pkcs12 -export -inkey "${navet_key_file}" \
+    -in "${navet_cert_file}" -out "${navet_keystore_file}" \
+    -name "${navet_keystore_name}" -passout pass:"${navet_keystore_pw}")
+fi
+
+
+# || true to not fail on read-only cfg_dir
+chown root:eduid "${navet_truststore_file}" "${navet_keystore_file}" || true
+chmod 640 "${navet_truststore_file}" "${navet_keystore_file}" || true
+chgrp eduid "${navet_properties}" || true
+chmod 640 "${navet_properties}" || true
+
+echo "$0: Starting JAR ${navet_jar_file} (properties file: ${navet_properties})"
+exec start-stop-daemon --start --quiet -c eduid:eduid \
+     --pidfile "${state_dir}/${eduid_name}.pid" --make-pidfile \
+     --exec /usr/local/openjdk-11/bin/java -- -jar ${navet_jar_file} -c ${navet_properties}
diff --git a/eduid-navet-service/etc/truststore.jks b/eduid-navet-service/etc/truststore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..b0a3d7ebed4b3679d5844faffbf72e8ffa8b99ef
GIT binary patch
literal 4986
zcmV-=6NT(Bf)jQE0Ru3C6E6k{Duzgg_YDCD0ic2tAOwOF958|t7%+kp6b1<@hDe6@
z4FLxRpn?+xFoF{S0s#Opf)e@$2`Yw2hW8Bt2LUiC1_~;MNQU<f0So~KFdGCEJJ%7~
zL?SBpW8>7jK~L)h^TE?<0s{cUP=JCGz>*G|*@Nd)U;H{4QimIGXHA#?eSXd9ivc%`
zKu1Q+^fQ)5f3o328Tcxi<Brh+pv4FZ62$Nq_T8sQsDm8o%;CPGZdYvkweAvke1tyR
zyJr#KG`T~(^vTpR1tA$?y-7YDv<%<h9#rEuSvIShk(|#!wfJWvI%@-`qBQZOZq5S1
zqh`}22us;zzr<903}+Z#3#A<i<$5@R`lnGh4t#X1_M6-}M7{`U!+3g9Y!=a+8{i|5
z)dPvPTmSVCi3!{xnh8Sg?<M48TDH?KcP0l%^bVZ$8SxnDE{6WWbK;mMt~4CxF}fFC
zDhQm;4CaeX;T!)Fb4Y$KEKf0%h#$NQDeIitujFpatSyI?hy50`kVkGdVHEU_X$IPC
z3Cxr{YpPf(o6(=x0=@Qu2nq0DEApL#^iW`AG4YmJ>d2j%rZq9pFo^yv3*b6p>ndj}
z;xe;j!E5WVg~?JO%0U7PC?-l{>|;y0ifXc3HWiVei1_kFI}TRBU9FGH3@ku|(y$)_
z@%kLjZFSrb{4~6~y;;;Nxj;e>M}u9AtpJaq#Wxa1$e*vCg@zTtOdTz_G_F1m$xODR
zjv{^KGIZ#)($B_|lCVAr9gZ)EA@s}RjUVGYcU+la`R9X@KS}o34o3zfOtm*@ZV)O4
z4Lw-C;ob{N1eFTp1e@e?LEd0(QzSb!J#|SaLl97Db6QTlDaUT<{DZY3BSQ>I<1;S_
z%*uo1SG8Rd#NqsB@Ach*;3(U5t(2+<=>=reL-)^rMsRF+`QZG#Bha{wLVr+fYHrw!
zmZdl5&{bShdhh666;QIObcPie>C-uq0JugL56to9!nk6}(p;2?NqN#7u5sx!Wnept
z`pIfD&2~{qrd5k9O!WQ+qE5q8k}v?=QhWBE&|?px(8sQsQp^UzmTDvG6Xt=5DByC1
zlmt>u_-2JHsu4N#L~VOLDj)u%d!GN#Eu<Q_YQ`gn_yS&GaQ%ZsvEiw`X5t?v`VF#)
zE<+5t;~lTCl>8?8d0AriaFi%<RR%7N1MT$spu>FOGveQq3w$AzS`Jkb4(BYnmw~1c
zjKof`)2bs)aeV6hZr1L`4D*B6new=I)?b5`-V2Zh&xhF|>I&;`;vMk^Ar0x*)v@PJ
z(T@>fz%}T_wDQS$8typa?vi11HGxVq(=zPy5oxj~K&uKnyRE+A>}xp}$Et5chrfB=
zJe8n>-Pa|mrByI>C&Ml6)yqg1c7A-G(j0VJZMO-5m?s&~8^{vVQ;q)o9@eJJLhUl_
z12dPXh<{<dlU*-BU%9aD%jY4>+h#UBQdxU3Y7CtBsr_CX<@6vzRZG>$%7jI>&ufqG
z^mVn6i*TL~*D`z>^E}7#1^U;XC?T|Yot@=k0X10!arWh+Hl-CmKkg>zmiVcQ+I-)3
z1l}<o2GTWs{nXt5<zA7M7TsVim_V&7oGM-m<MMLe4226b$cW*9WMV)>+LHJ)m7ql<
zE7f}seA=%(V((p!v3Ua7#xOCp?=<Z!ezF`AnzIkD1T&V&`DW`XUua8>DC4(WlOL$z
z#0i<iUa2BnrY4Q7E9taN*iL%!34ujiL9EennZ>UI-1os+H1H3b69}wrTm(z#_jZn0
zGoVxQs?E9!L6nN^uiTii#!heOt_aYncs)I~j-J2+!Yxm@RZvZWYW&%a>Fe)yywW(p
zTCyDGNeNl4Q><t<05ba7+(@%-x}#tkQCO5<B1RI2**Ni9DWr58oBaIeH%h``0Q%>;
zftFW{LD$BYTfGrp$?S24G%=C?Bl=F0zpVJD3F#?V#ODO(C-Usa1aGyoCI*<^=9ssc
zK?xYoraoqU##+1&tV?Xno>J^BX5pjEvbf@(ud<~I8vD4!z86zy4fplsdbF1bOS-*u
zM}26PRH-6Q8jkGyFff~y>}-1(A7@(}<Rud>ssLT6m{4zJkS?&n=tBtNkv(FXxB>2#
z<q}84WLrzu@h*t3xrBu-SVyv0a{h$cnQpzGKBwG_ay^UQAaPlBdEl*2%Efy6{|+ZC
zxv~s&;<Z{k*1Mbra<Y@gTkM5*Xr=O74lmF`j3iw72oIcei`(Dxviw{ag_ZOl4<|=1
zdRS&+nu<kXBU9PM)T^T3%%6t00HFpq+*e(`a6LP0Md&Uc&vq)T(=>hK8-t!$s>|OS
zHl|+tHaKTL(LssLwG*kXP)J8t{fHv1YSe)I?DX%z91IPi?=}rh&SXJ!w;=xbzldiy
zm%mWe(k&@ev+NKY&6@RCPZf0&4h6As6jHuA>-H5{OXyPXA-4hAVd*MPi3u3ns_^u(
zu$yL7Gaxa3=$qhZ*=2kUfymq1!Qi;uxJJ@-6H=pUmELSBSu~DDK-!ALWM^)gLw;r1
zf!Z!?B8Uk}dlua>Em;jGlEnZF?fa_xW-LYvi#*H?Hp+wc*>fnq9FXd9KmScP|NYp+
zOv(Z+x{N)VqR?2vEuMer(E`(IFjG#Irz`%P927C4Wkm(*#G!?Y>-lIDoC7p<MAfkv
z#+a*FEmD2bp~5GwFcF2gzUtha#yG5?o8y<Sf9<#`a3qu_r6nZT)(k2u?{J+^1&*!{
z#>Jp=BHN3H&Iz4h69<!C3y8yskn>hOkshG5CEmDH|3Gau^-4MXas+KhYmwqN%1g%T
zXiPZwyni>SPS2UVFOOyZsE^{wKlDqm61Fe+S{}+6v&AA}KZIsS2w{;5j)NV+q68$`
zK3-5qw?e|RhgUumsszJH+><9T{A|xyLvD%{qt}8r<Sp1`xUI?R87*my74S(lbSB;0
zebOF{vEqUYhFJICCXw853BJL5pM}wD+Z?$|FVGwTr@PO6kICJ+aWfI9NUl=`+64}n
zdyLd_HuTq-qbpAkc8d7v2XgA58oPs2PQ@k_Q*_O@3wo2Syg6MFvDVrKBdbnAqYwYg
z&)bzSKS`5)GgzL0kRnjO&N|>2?J8Dk7MzI?q13Eqh{YV6hyoiVe&X#_nWL;_dNBA&
zyn_QaC|o2(2I4&G(KUePEuZa>;hP<Wf3eo!$CLrUsUK~S?2g^#%+M+z1HNc5=455t
zjT1zNpY}vki=$h2-wn0&53@R?YwH^Eq0i&?6fR??x65>u=$N63b#4Ma?o<pOon){s
zN&VE3L@edq_HS_UK!17&ol5m2=$yzBVR6Foslz4~or_ikv+~Bheb0IN%FY2>2m2-y
znL3P~V*kNUx)xmhhZTwQr_B$yJ#X(_(*dUQq(FtqY%@Ozm-w+ehTo#&k|!%N&#JPT
zX@}zeWUlm6r_^ywQD`42TRt{F1_W$-KNncSLX`7Yq~AkS0_M*!=GX+<OG%thSl@pE
z;T@sAv8;wK<uRY+j}gANcg|IHCwbu^;Og-yzXVz1BXyetdfF_<fycGg`A4An0r^MI
zJbNA>k=Q|5Vy8?mNmH;mr9Wkt@=Y}vnKg8fSejtX!lT3pkXX|-QVPU(E>!2X6U_`A
zoze#Yuy0qN^^8bztJMOqangkLdES3RTca&Eu^J*64++4)V<KFOa6ZF#yyelQrmJ3?
z`24=3SinwIrO)3SWj@hI{+2!dN5?uKAOxy2eLZ-tQ`@`l3@qwS9xaLlV(^e99Y}M@
zZXI`kc*osj^XW^~UDtu>g>Ri`@T1RG`|O#wd0Pi3pmk<zr9SC~Q$=q<MpOp+3#@uk
zi|EnmPS9s-k5Z~IA#Y!5x(?Lp9@AA|CYA!!Y2a+N2}7TZFTL6R8*4#5N2<?s1|Dvu
z=BjAK#1~e}z4XmY$HRCX6LO|ZYc<ihI{q(Ud>7330w^P%i>Ji<A$<*8?2mLM<{wei
zTt5NCGM8#BKZyQkz@LuxpkfM&f#lcuy)~O4LCT%yp|}YX(d@sLxtZCg>raBdXSRl9
zM&E0}gVe!obBEEFi~at-4DA%LtogL!k=itZfQA+)l<t8^O7mGShkM%}Sks8mIt(kV
zL*EP6C_asv{jtqw+lI1rS1j#aBUtQZUvyhPk+03!8UL6Iqx>t}cU8PmtHs;8M32%O
z?{Fij4u{#|>Z<_r%MmEqQxnlMcj&(dR~KhdU)i@7^G}E?$xA=A32*;7F+wm(9(FYi
zMytIQ`-99zZCx_?be`!i^EFYDTxxe<r5Y@jrwkT%<>GSU*frA@(PrwfZ5HU{XZu}Q
zkt;8H#M4OfQQBc_&UI(4-bw3P?=QHUfMAi;9R*=rCOsK$Z?*<|dW^G^%`svHMwm_M
ztA?wkMmSM(9)GxM;l(QygNrCtn%qu^gFY$m7hPcL-x@QbAk&3#UIQuUDjmw6!;?s~
zx3IO$*w}8KwNqls7U7i@MJAUeeX2&C^%w#L>1BQK2eyIfVYc;%bjM;SkIWJgq^WVD
zgqZjAu;%xs->C((#@nAW&uqS!Vf&f3;fkHyfj`#nEUJG`5SBfa^_^ayXc1iS2I;$^
z+-Ah6mm=B;W@fWX#Z<goNWU40%W;Z8Pd^z#hUC-j5IObC_Ylm=@6gPMV*hSYkyy#L
z*Al+(hJwft)F*-?)S(Dh+&%axd+Zv#9d{n}WMDeP#b&Z)xYlV>vBi;E9@ZK?WJXC;
z&IoJBVP%A84E|b@Gce;nI+m}*`{O1%)u9HA=?HW6tPDByt6&d-FAS5ud5flCOFI5_
znVkum4tpZ{jMTi8dDg8uY_DN}T5P_fK1T^owV0Jf`*;SEg3>vT=%Lyd=xrX&TmC=o
zVH?Asf3MIFco3r@rmn)R9TVE$!ALfw|8y+Eu44oQN#*_4r>_nc@ws~cF+nx}Vb`7)
zkqoaLlWQ4qn2VHHct)T&YEb3;OKS|KB@l|@3Zv9P(NDp+jd=Ad{|rHw>rW{O>t94Z
zaRVirVWX&r!Jwq63y=hv_3<LkJKoe?hvxN{!#fw1V4fp0l$`03m;r|!^sPVip_Q8n
z9uwIONJ=O?bsQbrkl+p6{#XLK<CBM(FX|$;s?lw6FEoo5*NV=9)STQkJy^gWe*#o)
z*2&lpjmUI^3Y&QH9i9XWHagf<1WGtv2~#U<SrY`4IF1<vvuHas+)JHanK4RJnHg6v
z+<>=QRQF8P=^>;2!21o_<3-NUxP`%n{Hd&Xn)X*kc2bfR9|mIC1wBw?;m9@Ks)KzE
zT<l}K(H$s$@qTMke2mscE`wX2QD|8M$$^3YQOs7H#qFyJ#fdZOZo$v;W`Z|n6^_;3
z=UhW8VOk_=7oP|BtE*z(tunT&{Hf@Z`((p~lxF4dwpX)Ur#7-ALr_O&W|_Z$Q7%|a
zY3cyR1rRUBv!1;{)QARC7+2A>J;}%MO<GZYP9)56ReP&uoob1br>$=as2z?#48^gi
zj4J|kY(@Q<hm9kTNisSMly-yg&1|-`XV+sr7OI>;j}}g!&kN|q1*}LU0>t1gX}nbG
z<4*F%*MJPoJlisTEme=1Fc~&R(ur&63szShm%4B^4&c?g;51X(yK)jriDGj2WHd#4
z(FSIDvXJw72o2-jR;YVrH0lR}Gh?ilzt0JhG#1H7C$`VU6p-E0N=rJMD{ldJu|2cb
z{Gf6ogp)uIwA8jTEH*tcM*pCWYmNVY?WS|#P{4~or7T?q*~^RxA(7-LiLF~{A-P~e
z&F=RO&Ibt6V9*EmPAuOP&pZhF8QOE~6Bv&6_Paab;R&V?Sx++eh`B1m&h;g}+Eg2i
z!*cU{M+q#`oE=8nF$@!Yqph?1g&3$(4Lexq<sl&$&ZIL^O*psrp<moUpGpB`yoZcd
zKnA#ul*fsuRaqLeqSojGr`doIi%wV0?1_blSfg4F&xhTDQ!vK?&6;!n{JWHC)b`D|
zMPPx7*6`>Kej6%fZ%psCJrYF5IJrZN$$PEY5y0nI$%<hbI9~E;?0tkMt+};*snI}M
z%i-IMWhMW=Z~lCnYGdhUbCY9dC4K6u-p9V^a8CjE->-@k)BJ4#%f>tj7<X3YEkdka
z2iJiOx-s$$j`<fxsZb5b3e#i!zuEA5MhDpAWAhVsI4PLZ&Pn&VfFgYGbF@$C@~3c~
zw1Z1%0H(~r;ApnHxFwI}g&ity34u-(Z>^!u=gH%-`fD@+9zo_u$CBQU`2Gq(F}TCS
z3{6V1Ga#crl<Y?7^qNZyYl3mp$0WT9q5(fJ1F7~rbPXzNs;-El$Rt8YQZfiSl#t?#
zzhIJs*7tafs57FyGS4{)K=d_ZfhN{zAOvIMn;=EPpUfsZ7>HEo01!_^xrQlAPIId!
zArQS-ITYaxeFw5}h}YB}XUoMRF^1v;NC>4fP>cV7buAI6(Kz(ajjG{<)Sz}EePnG@
zDf8yWKR_`}M&}(9HWq+@W!+mh@lrAb&CfQnetA5f>~5Z)UQ`{r^DsUzAutIB1uG5%
z0vZJX1Qh3V^D#%_+*|pH^QNz0h1e^mUWfz~B&`_Sz)_&L05n=n-Mjyitx)%u0s{et
EpjJzlAOHXW

literal 0
HcmV?d00001

diff --git a/eduid/compose.yml b/eduid/compose.yml
index 4c442e0..02e27ef 100644
--- a/eduid/compose.yml
+++ b/eduid/compose.yml
@@ -604,6 +604,21 @@ services:
       - redis
       - rsyslog
 
+  navet_service:
+    image: docker.sunet.se/eduid/eduid-navet-service:staging
+    pull_policy: if_not_present
+    networks:
+      dev:
+    volumes:
+      - ../eduid-navet-service/etc:/opt/eduid/eduid-navet-service/etc:ro
+      - ../eduid-navet-service/etc/start.sh:/start.sh:ro
+      - ../eduid-navet-service/run:/opt/eduid/eduid-navet-service/run
+      - eduidlogdata:/var/log/eduid
+    environment:
+      navet_keystore_file: /opt/eduid/eduid-navet-service/run/kommun-a.p12
+      navet_truststore_file: /opt/eduid/eduid-navet-service/run/truststore.jks
+      #command: "bash -c 'useradd eduid; cp /opt/eduid/eduid-navet-service/etc/kommun-a.p12 /opt/eduid/eduid-navet-service/etc/kommun-a.p12; cp /opt/eduid/eduid-navet-service/run/truststore.jks /opt/eduid/eduid-navet-service/run/truststore.jks; /start.sh'"
+
   neo4jdb:
     image: neo4j:4.4-enterprise
     expose: