diff --git a/development/hurl/scenarios/setup.hurl b/development/hurl/scenarios/setup.hurl index 63059739c4..a883f63a62 100644 --- a/development/hurl/scenarios/setup.hurl +++ b/development/hurl/scenarios/setup.hurl @@ -538,12 +538,14 @@ HTTP 200 [Captures] tsa_name: jsonpath "$[0].name" tsa_url: jsonpath "$[0].url" +cost_type: jsonpath "$[0].cost_type" POST https://{{ss0_host}}:4000/api/v1/system/timestamping-services X-XSRF-TOKEN: {{ss0_xsrf_token}} { "name": "{{tsa_name}}", - "url": "{{tsa_url}}" + "url": "{{tsa_url}}", + "cost_type": "{{cost_type}}" } HTTP 201 @@ -787,7 +789,8 @@ POST https://{{ss1_host}}:4000/api/v1/system/timestamping-services X-XSRF-TOKEN: {{ss1_xsrf_token}} { "name": "{{tsa_name}}", - "url": "{{tsa_url}}" + "url": "{{tsa_url}}", + "cost_type": "{{cost_type}}" } HTTP 201 diff --git a/doc/Architecture/spec-al_x-road_audit_log_events.md b/doc/Architecture/spec-al_x-road_audit_log_events.md index 93a9dd8285..8f02773553 100644 --- a/doc/Architecture/spec-al_x-road_audit_log_events.md +++ b/doc/Architecture/spec-al_x-road_audit_log_events.md @@ -385,7 +385,7 @@ The audit log events related to the system parameters. | **Generate certificate request for TLS** | | | **Import TLS certificate from file** | | | Upload configuration anchor | | -| Add timestamping service | | +| Add timestamping service | | | Delete timestamping service | | | Generate new internal TLS key and certificate | | diff --git a/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md b/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md index 9f98bc9706..a16eb16f98 100644 --- a/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md +++ b/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md @@ -397,12 +397,13 @@ Timestamping service provider (TSP) that is used by the security server to time- #### 2.14.2 Attributes -| Name | Type | Modifiers | Description | -|:----------- |:--------------:|:----------- |:-----------------| -| id [PK] | bigint | NOT NULL | Primary key. | -| conf_id [FK] | bigint | | Identifies the serverconf. References the id in SERVERCONF table. | -| name | character varying(255) | | The name of the TSP. Used for displaying in the user interface. | -| url | character varying(255) | NOT NULL | The URL of the TSP. The security server will send time-stamping request using HTTP POST method. | +| Name | Type | Modifiers | Description | +|:-------------|:----------------------:|:----------|:------------------------------------------------------------------------------------------------------------------------------------| +| id [PK] | bigint | NOT NULL | Primary key. | +| conf_id [FK] | bigint | | Identifies the serverconf. References the id in SERVERCONF table. | +| name | character varying(255) | | The name of the TSP. Used for displaying in the user interface. | +| url | character varying(255) | NOT NULL | The URL of the TSP. The security server will send time-stamping request using HTTP POST method. | +| cost_type | character varying(255) | NOT NULL | The cost type of the TSP, either FREE, PAID or UNDEFINED. Can be used to prioritize the usage of one type of services or the other | ### 2.15 UIUSER diff --git a/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java b/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java index 1b08e74f9d..d8b1508017 100644 --- a/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java +++ b/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java @@ -29,8 +29,8 @@ import io.cucumber.java.After; import io.cucumber.java.en.Step; import org.openqa.selenium.devtools.DevTools; -import org.openqa.selenium.devtools.v140.network.Network; -import org.openqa.selenium.devtools.v140.network.model.ConnectionType; +import org.openqa.selenium.devtools.v142.network.Network; +import org.openqa.selenium.devtools.v142.network.model.ConnectionType; import java.util.Optional; @@ -60,7 +60,7 @@ public void preparePage() { @Step("Browser is set in {} network speed") public void setInBrowserSpeed(String connectionType) { DevTools devTools = chromiumDevTools.getDevTools(); - devTools.send(Network.enable(empty(), empty(), empty(), empty())); + devTools.send(Network.enable(empty(), empty(), empty(), empty(), empty())); devTools.send(Network.emulateNetworkConditions( false, 350, diff --git a/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java b/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java index 24008cf741..8d507895ff 100644 --- a/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java +++ b/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java @@ -110,6 +110,7 @@ public enum RestApiAuditProperty { GENERATED_AT, TSP_NAME, TSP_URL, + TSP_COST_TYPE, OWNER_IDENTIFIER, OWNER_CLASS, diff --git a/src/common/common-core/src/main/java/ee/ria/xroad/common/ServicePrioritizationStrategy.java b/src/common/common-core/src/main/java/ee/ria/xroad/common/ServicePrioritizationStrategy.java new file mode 100644 index 0000000000..929ea9f9bf --- /dev/null +++ b/src/common/common-core/src/main/java/ee/ria/xroad/common/ServicePrioritizationStrategy.java @@ -0,0 +1,36 @@ +/* + * The MIT License + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package ee.ria.xroad.common; + +public enum ServicePrioritizationStrategy { + + ONLY_FREE, + ONLY_PAID, + FREE_FIRST, + PAID_FIRST, + NONE + +} diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem index a0c783b8f2..450ebe69ea 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem @@ -1,31 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIUJ9zcm4Tqm5JHAEOzwniCRuwBbvkwDQYJKoZIhvcNAQEL -BQAwKzEXMBUGA1UECgwOWC1Sb2FkIFRlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0Ew -HhcNMjUwMjI3MDgzODQzWhcNNDUwMjIyMDgzODQzWjArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBALl37rCPYWGAPqnLKKh5ew6f/l/4hU1P2VytOBtm2xS866Ov -VXsHoXpPn2f8MyByRdPtfPIGSi/8CxQ9oVq9dAGEtwECxh2rtuhvKTgEbToqtepv -+xMbH2oECnXM9+FBfaEMUeMcAZVlOHeZS+VZULYBUuL/myegz0+arvWGns+r+00X -9KJDr2Q71rY3ryiA0rfRLYbFuV6zRn4fI7nLxcNrAaxiPdD5muACZvT/lNUrGcMk -hTi4GOWID5QeYczg32xg9tQbvpqTwtbLYz1x3GLmscJyohJU+POHH11BBseoB+GZ -JUSX+Cmr6JUPJTz/6BwgMWHH1PgC0acK+kydaVEaMsMLJuE+ULGTcSLb3AvSy0pP -DTJUr/H30ZXCOprKR3EAd++yfHqWVfR3WssF8fLIVW2yko1g06yuNe/j8gybC5q5 -T/co9mipW3mnBwHlf45gDLfadGvEySjVDQwtDO5B5luUlUH4FAsr+hO6sCh4XJ5W -XR2D4ssIEWS9gvrK6cZrscsKwHfSGZcIaWce7r09M0cwesfGMa2ITI8U3trRUUtw -80ppm24NZaZCvw2nLsF2PymjU9eTmLIspzNvpsRI/uEQYu+WcOOLX0jN0S98n5Oc -j1Dmxsb+D07ax0IMqPfMIck4y6H1Vf7nvt77Huh0/RfTV1+a1wdup1EAdtUNAgMB -AAGjYzBhMB0GA1UdDgQWBBRjaVM4aiW0a1X+3hWBGs+ai5W/ODAfBgNVHSMEGDAW -gBRjaVM4aiW0a1X+3hWBGs+ai5W/ODAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEALz1bAWuksoYibdELYBhVVbgU7qle -1TtRLux38quIRUGdt74u7AG4iMEpygDwcSDlbcPGZslqrpb5LT0h9JyRYDcq/w12 -PGX86GKIZ53XGAv509AuRL6T8EPDCfOo2XMUdCEo2emVrVhbxmvuOcuayqKY7VUA -TSqrmHVeaFSjoNCXEQ9VQ6u/gWuDYgFNpOeyBsOKPlvsvbyM/6zETjp2pRZBiuJN -CRD0tx9lOVlaKU7rrk5Lb0NZ3+/YWY6nesSUfF8aHvH5qi2pQ2owQ6fF8AVm2Qr1 -htNtnAUjvsqaPEwFMM99nDU9qcJp6a5SAQInTQYRXEpFdEGVlSrJWVMTcVvAdn7w -Jtttqx3VS9dfDkYp2mfs0yr7zNoGg26yWkJXMlJ8r7qyjNkcl4c8cmXMcJn0rcja -phOLUn5vkpJy+CFi+B5aHGoEeSQSGOrmmCSmUMKTTF0KT17pf55Gk+1Yt2cg6SZS -k5TbtKIx+PID03m8iqyY1zOZ4TpGCIAbN9x6bb0ssl0OCQevVT1wyRYn+O7ie47+ -5Svy/UxcJN/oNxUPl8oWioMtfvqdKxhwsagbx45MgzmRRcYkOif3+2Yo/gORAqVT -GwyN3Z3SeaiPtBah9OydzSTKiZ1j8tg/o7NZKxx/yFaKF+l10BDo7ZMNpQToedFr -yK6EeBcQfr5ybXY= +MIIFMzCCAxugAwIBAgIURfBdux1XmXS0pv/yMruQ1XpPseQwDQYJKoZIhvcNAQEL +BQAwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTExMDUy +MjA5NDBaFw00NTEwMzEyMjA5NDBaMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMM +B1Rlc3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1OXAZEltW +mIgiMVghqofO/7fjvwDGmhQbOZH3jDeRuUYC87NktDcuYp9Xu2NNrAdSgjQCU/6I +tkpLmTMDsTWkOCH++LA4yN7KrBs9+7xOQvaVFx2X7dv9DDbcwMLlCkOtl0kx2BOy +deOoWp7MoGhEj8Po9JqT15ABfsdnmP5iF6doaGnyhdHLzlL6qEm0df7WatwjkW9n +Uj3E/HLngOTnpEou4N/w9z+WxcIOrvBy71ITzd7aXfH0DYLBUIGXpSuWA1Ka5Ket +1R+rO+S9DnoChxvwqJR4XH9l1hBSp21kAjYS0nwND9hgLjWW7LOcjoVPZ+LlrnfI +BBWnWPr0UaMtDNxubB4AuS4OnRRcZs6ybvs3ELPQs6wEjv4XUrha/4UKzxThHsT2 +1GsXOl/hsEqNMpPVb/UVmnroyaPbYgQlQv16vN+/eeQQzan5qtVhCEW8Q2NOvBUi +LqjLav/HpU5U6U1BW8K7mGI9WldUUoQ7QRwG79d5VoxHQv9U/4kGMKfEPmuyEdAJ +pHyZafRoJGJ65R1bVumqWKT9DIB4cxgoidIUlhcaUcIFeLYCIWQ2C6f6Pq4sLHyV +J7LQyii2YwBEM93B4wLN/buor95LMTXtlebmrziWknnZT4No0+3NO1etf090Vy+2 +mkKhMXeU8I9RKRFIHWwJFV3EqkMtCO2mqQIDAQABo2MwYTAdBgNVHQ4EFgQUUQYm +HrwLywmv6nvMI5YVhxIajicwHwYDVR0jBBgwFoAUUQYmHrwLywmv6nvMI5YVhxIa +jicwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggIBAJJzTBZI/9Sj3XaDkxrUl8Nb9v1odXYxW3g8Q+Sa/LpDwKb55DTtpGoY +S6D9d0gWENWceC4yT7cUJT9O56w1GT1I3B3CfWVNo73m8L5Ml2TBWIVarF4kJJoJ +5MUGvtXBZE8s6JjsZcgpRtig229fPztxcpn8R52bvMP3mHzRkhNh+qphjnFr+iqm +nMW24s7ZF7q029e2kDy3DqOWTxFSmSYhx9qrt4ISC5UhoWLZfoIOShInltFuf3nA +Ig+XUd3K3TwPikDwWf0E1UpwM9c1pdXY3StJD+KEVIwcjF2+IGjdiGOZ4twQjoG0 +i8h2gzS4e/smLkhGKL49dhVdRFtJk0KxoyjJidEJY0ruIha5rdv9WajHCkdnayJ/ +S7CucjfgWa2fMThqxu+Q89HQf4zhSV6GH4IILDZoEew/07AqhKYz9aLW1/sCd2un +NEmDhrUfXJ5lZvQQzO5TVh8IfOSVx6DkI0skIq5A8VZuKsMGJ2BuJrt79KUTLHl/ +So4+2NAzxtFVVncTmw4zNmcAha7+ElYd4j8PNnM/qdYy+Z31zA8eZE40uZVAdl44 +cu2cfak2uLtPRRt5TdxcwcldCAjNcN+U7d+VAxvfXL8ZpAx7DRhg6XveJ2Moq9MR +v2+W4Ds8rBMxa5o4YCwM0qhfZlJE7TjpFLtcP2cNOE9GxKHEoHfI -----END CERTIFICATE----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem index 3702a71be6..9728a88828 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem @@ -1,31 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFSDCCAzCgAwIBAgIBATANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODM4NDRaFw00 -NTAyMjIwODM4NDRaMC0xFzAVBgNVBAoMDlgtUm9hZCBUZXN0IENBMRIwEAYDVQQD -DAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCXg4Xb -WIuywlRq3uIIzrxgk8ZWvw1a6hYyu6ghGiL67RRnCGKv9RjwNLOqAxQWAPbDhc2b -iFvNf07s1sws+a+Nr9/FxBm0fjA96FBhYrJWHR7Te2UpHXkN7S6vkeQnHUevw0k1 -sf92iF1A2wCR5NYwmYhti1/EDy7UAG7Y0lSvCeQo0KKgHXDyATsU62kTgc2mShq1 -95THIgrFgXWDv6gb0P5bRZ45KhyCOgauM9323GH8xg+7WNaGRa3DscOc0lVVkL7Y -hYj1cokHVU/He6YNf0dRYK6pTI2zwbqjM59Twt9NoC1VvhWLQj9U1O307wWCiDV2 -LpC8Ie7Bas3mR2WVubpISBb8EdW23zngp/FSLHQWopJrdEPhYnj4Vyl84NDvGQV4 -h8ST3f1O9w87C59lsEd9dTQVxWKO7faUVcP0xeJYDENl2/O2ngQlixLHpCZW83X8 -ayIvAr9SRh2HXnjGQSjgZhMwBQpRGTwP2Cu9udwe7SWJaLyPE/I2kyyrUHa4TAkF -5qLbAohTtNLk9epOXp++cTYbOYszKZQr+zQqP9v94MBitFiz6mDXQhXtTNi1qhbV -lUTVnDph7rHDj9kr3/DLIG6vnsCEbG3ohrHRrtwd0Rz3V9HAtcNUI3VNNkevR445 -JFh7qxwwfwKLP3vXJcFcE0eG7GhFhiWYEY+1WQIDAQABo3UwczAJBgNVHRMEAjAA -MB0GA1UdDgQWBBQq+iJWzIxysOagBrC4r+aURQ2AojAfBgNVHSMEGDAWgBRjaVM4 -aiW0a1X+3hWBGs+ai5W/ODAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYI -KwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAHd1rFVK3I589jMq4Do5yoXm0/xm -CybKsB1/gHuzqal6/f9MC/Ihoulssf+AbNaYfI9PJksckWdSMEph3jsz8Q7OyH8z -hNdAeCRm7JmDNZv5+3un2ccC+a6JyJ7P4nxu3OUklrUXG8VlrNCcL+JZ/Cr11PvJ -sDs4EYGK0D/tlKj0I3Nqn5sV/6wtSfwCDRjpKJ3OldteV9KFxFjdVYTsKkg50Yzc -pVToxS1sescpCS1rhrtT2PEM+eTxbE+xhxAYhm9an955wC4hY9UWXPwIXIden6Xw -1HQuYCkHNr/s6gFt/Tzm5uR6xh0UFurA6nNlVJulHpzKsjvBqfI/XBoBem7I0XXr -qXqlJTbVqW9Fksi0HZRAeha8RIJ0Lfawd2ay34itTdH64+H1KtX3l9H5a24awDlz -6sEXM8HYsgP00UHs0FZ5JVwAg3SRt3tbhto5hMGKq3yFdOF5P8BYp4Fzj4/ZK1l5 -e3TXiLEFYKbnUmvl1HaioAEJpLol6+JBdBsk8nRRmasN/NuPQR4rNjC4oKjbtovF -bLlF512Wmu/Dv/UzaaS2l/TkYjVbyXQ06++vyfKtue7bxEHpc2BWGTB6fkUSU96i -IvpcggZIUiQf9ouOHtEysty1knsibDthXqy++baiGrmzMR+V1x0BVwGOIRhi4fL8 -WFHGKJSHbl38IUiy +MIIFNDCCAxygAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMDk0M1oXDTQ1MTAzMTIyMDk0 +M1owIzENMAsGA1UECgwEVGVzdDESMBAGA1UEAwwJVGVzdCBPQ1NQMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv3BP4uw0wsLFqG38rC6p8bGbOmwoLoZR +5LX5kW2+99Jdr/nU2ZGPgoHfCpKIR9XVJOMoSwZGDkMkHW2vRi91BPVs9BP1deKU +rkvgALgkVz1LaBbFNwFtwMylX2C8s3TLGONvsagrEUAdI4SoGvatkaRpNJ1vW6z5 +uKZ5+makUTkW920rMDGloipnVpQDG+IBl2SpLz7UF8xfzjVVycnEWmWAzO4df9Wy +c9w4UG5Dybf0uok2MKu8PLNlizYzmqokzSYBALX/ycXWydmfKPYhCjj9cBypLGlN +ivc46GvCYsU44m7v3q/zBlkMJfclF9eoYXWEERlFYu6+/wt/MN0vEbFyDZqrA5B8 +NjyCgx7Un6KDhKdGjtfmI9+Su/22IOybO/lJ9WBh9d/h9hHz2lAkmCY3uV2jq0y9 +M27hf/9D+jqVRvKFjiuWFqvLfM8ZM9gsWlZzZ/ed9LJpEnjjCeG+JdcZaz3a5TuZ +Pgrjp+4agiO61/B3WZKwK78DVOOd35hkpgpOI41A387MaTLMsEJiGovkJVGLAJWS +wA2Y1ilyXDfHt1kcfWGGPQQOJtvoVe9F/1TanTdUAtML0g0QoZTuLE1dkMT3iTMI +iWSptXqF2kG+rIn6W0J8OzRbovvaHE9hWbYK+up6vj7LW/Bde6V5owxSJkIY1xv3 +0WZ1QixfFE0CAwEAAaN1MHMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUExtqj+f/L6sO +UztcXJjaWUbcFZwwHwYDVR0jBBgwFoAUUQYmHrwLywmv6nvMI5YVhxIajicwDgYD +VR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEB +CwUAA4ICAQAuxTQfS/cxw01H27ZSP0vnZ7Oo18H0zlh3OA018popFtJmhEqnVz5E +zWe/uyVP2/BCNJR2jCFuQDAgtWH+CkDtJWMC5/Dv1NnmMLV1eyPMNG4Xz92hi4/2 ++IUK2YefLBtGPEfWTWRpvT74IL6dWLgjDHY+PQGoxcG8sL9SRTND1cOYd2DDGp0r +ia30zKcb2MlWW1mQNceh+vT6CXEiLao9fTod5cdEANQSsiLP02tDQFKv9LAbRTNH +Uu8qnaZPj3qpeWrqfUxbxG1WGNa+RUtPjhMewqMmHsRQcSAEVsnjRgOcE1Tj12GX +X8TxH29AwIJN+RdL8lRY/uN3In87ftjFZ7nCxe8mUk+WQSYce+jU0qt6OcE8ba9m +TOQizEHnHxqRfcThnuXqRzUGgQ2xH/vhW0bRvA5SIX5w3xA/HMg/uyaaTCIpAyOK +Dq6vYiOjnUzvtpvbCGMhTy6f9o8JofT6KKbquhajwhDCsOzKIiLVXksSdk9U8Tc3 +xzhkJ5dGcjt/kg+8mZtfJSAstrVJfwRxtfty3uyb7tkoL3yN0aJA7GQSi4Kksj7o +dFETPkTwU9ItwJLxEA1ATAgLoE5vcS6CjnTZAfmUng19tWhvzcN4rpTaS/8fBKA0 +vIHIXl3Vrbmci2fDD+tWrBwo45iSvjTz1Y5CmDSGS6qo+tgzeZIZpw== -----END CERTIFICATE----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem index 0d64ad8f76..d235ec1bcb 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFPDCCAySgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODM4NDRaFw00 -NTAyMjIwODM4NDRaMCwxFzAVBgNVBAoMDlgtUm9hZCBUZXN0IENBMREwDwYDVQQD -DAhUZXN0IFRTQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALS78/Gt -srlHFVHjG9CrKQ2ySq84t27wnsgL2vDrFdUaY9PB94G34AYTjy8sJUJ1VSQSdCn0 -imxpVRxYMrNnP9JuGUI49tHpUNKwoCpU1jBWOMHWRamqj5KjcV9IdCFzVx0bV770 -gJxZ/iOkBTtW34nHqf+k1TW2Xy/EzcbvI5sXgmIt0XPcEp2AWTPzsl+xgu2BZjUg -BAXY7VfccIxR3pDayYt6GVKOSWt6pR589uyCLlpiowsu1FthKEEAe79y9XqEPNeT -NmkzlylLMaSxpTz8wHAhRVNiIpmYsX5X1l+QLdc0qJ8PMy9FBGSbmRvQqTpHWBxX -0aFJoapzsoOsilAeMPrE5KtHkLt/EpR7hcZ3ah/RYzq7dYQSELbLBAWK6HWUIi+D -TFlwP+u8CcbcdLplweLuJMu3PEqc++SZpGbszHYiyHuptYhJsch2jm+d3K8iiJGC -/vLpk99qUZcLehAfVnR4WLkkMeFPFh4VMPzWPRcBgHWMMnEXKBYwAcmYVU3nFWST -9+Es/hPIBMTR6kIGuy+UJ23CvyttfQf5csOFyS/Sh816w65m6OnO6zGOHJXoGHFv -oCLfxoTyEiGiSmdYRCTMab2Dfd7/SQIpoPjTcFLckodYbKRbRl3wR6yhMe/HOYrY -09tx7lubpCDYcao9VH0xM86fxK3EV4XXZoeFAgMBAAGjajBoMBYGA1UdJQEB/wQM -MAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIGQDAdBgNVHQ4EFgQUxzw/Lkyn0eCb -ckiiQccxFFL7KggwHwYDVR0jBBgwFoAUY2lTOGoltGtV/t4VgRrPmouVvzgwDQYJ -KoZIhvcNAQELBQADggIBAHl8iH70gn4hTVVgLvV3YDr22UizulSAdKWh9YPoC/fw -bvVUyW+FN585fEpDVW6HDE0tZjuF7O9dSbNt43ZNdUWHuYFTb2uIOG5d/zOQ8EM+ -EYzf7u3z9w7A/qiTCppcjEERDninN6I5WPc5aI4/TfMJPJnL7rVKRhZnI2cY883v -BfVWLAZzlzgRKoS9CNOXT1BVRjpGXcyeA3DEDCZCKA52u17wMtCvDNPuKxEaSS4k -0KNRJSpDyHl9yULeQ+7o8brh03am6geQld+VJ6IV8vu0cLE5oMJHzQyX5c5ahN35 -cOXlrejHeBIlLkBWkJttCuwkjqpQz/Ql5fJKTKJSrOCoMe3yt6mufGOFoksPWJMN -ADfionRjCTrk7z/WIXQi/n9Qr6rrkzHoVCqePB4uKPBemqCmiZYmdjzTV+sww0yE -VPvTOaE5mUsNI1pgGHh2EYYrHriO5/hln+g30iNrtrlgtf5Cln6nOagbLQ9n/jpA -HcNv54jHcAhML+VW/nS0zvYM50SaURDEsnoKWUKf5vpFltLbSAWVoDNYILYqokt9 -6jERe7mAC0krhKqSRbAabBitwlK7aYBMbg5ek7JmhRrdWlhcQHkPAiywZ4GCvEE2 -gHYqkbjP2DQMFDInaFFj9zqzIv5lhL335qkFSJJ9IBp5ZikD8cm4Lbqw4+w98a3B +MIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMDk0NVoXDTQ1MTAzMTIyMDk0 +NVowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDjTzIKAzID+GFAYDFXWR/yLMdN3rDnqCTv +7eKB86hbX4/29eLLrxX+vI+6N+F9vcsdFnQpIYgjGfORNAqyJai5CYLLrbNLxN4X +FTh7u2axnYaAZpOeSA2uk5TcWo7C5RXe3gg4CwDouIQZ7/i9AgvCak2f/fcq34yj +JkAX6Z1ZQGqCi1F8EU7qYaV6HosXVKD6OA5lw6DNi5piBr2jTXJyKU687hkJ2PJ7 +pMAEgy4UBm7+LLVkTZRZkX5pzTG++AxIF3TWwOUfo9Qp3cJNnNGBMnDpqUER2i7L +VgD6ZXE1NAYFKLwRD5snBqIdWms+n9i8A/6oJeSl1FFSFyYCAhF66DDdTrcyt7ed +TDpLzh24jMrqlO1zZbpdhz96UmnLsHip+dT9cMWefE4gXRCnKcng8/Czysg9sYh0 +z+8i9+vcNdURptSdtwkjMArMR8Dj8P90uTufTlCZTYahl6TeFvlKu2nDghtSsaZk +zqGCLki7PjNObvyNbHSoTR8vePfR+ZoJvmvo6hGVAwYap7hbqSiW+oXscRHtRigM +yNDNWXTo6vuOLwUAzebOnfIyr7fJJUaMZBMKBDJe55V4DXUn1f20c0cpBzd31VXb +Pd+hGLQgUTgEXuICu0H//ybrClE52tcRnPbqGguoSmoxFfGb/ahHkS31iF24nBBR +bJJE9xO5wwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8B +Af8EBAMCBkAwHQYDVR0OBBYEFGrz4J9nOrYOmoJ/7n1CGxXjD4xeMB8GA1UdIwQY +MBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQCOJ8GN +Xi1QwFH05I1e5BvQsZ93GNoXbV+uNKySqSFwaav8YS8n7vzk3y19csexOc8cYB9X +DW04Tx7iFhBcOQtu7m5hy4ygf05biw00KpUHT6uGBX5gLHe3e7q9rgyWFBDh1A0v +W+5WtUOCsJhmB98nfzU0LUVvfElgpeOCG1/fN+vaRWkCW+8yyHSma8zklGsRm02D +1zu0TSAfPZREvhn0e4/aBQuiWBhyaSd0DEAC/OtOnt0KcaeRy9ADWK/4p+70b70t +DLYru0xPzDmVB5y0rk89OfVx3J28kDuhRVme1b1miA5FpfnU7FEx8os0aczaz8hI +MCoo4mKvYUpcmbrLHDNWDNqiy344swnvlMHcWF+CbKwoPpWV/SFs808IQ4dHBT1p +m55ixkHHowxQxxB7wUTOBT34zIdafn6vSg0+fG9veqB4JHQYyOwdWOSOI+eO0oEw +cOx9V+BhfkJ57hxKD7/Rnlnp1XjTMtHVJbCuboh9mZIATs4yE/APEr3wONBwpx1N +XsfYzwOeEExzDyhPTN86vVPxAy1WB7mHNvF0obNmunluj3ZRGUevbMIms5WJLUF9 +QFgFzOKTVs3dOHdnByjDncEhXr0St2Wl+oXWt2TplvUFdL0RiZoRlcOab655ZJ8q +P7+kFvR80NJYaVvb2WyFMJGtjsSi10Ipju+fyw== -----END CERTIFICATE----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem index 430af61157..1673e9d1fd 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC5d+6wj2FhgD6p -yyioeXsOn/5f+IVNT9lcrTgbZtsUvOujr1V7B6F6T59n/DMgckXT7XzyBkov/AsU -PaFavXQBhLcBAsYdq7bobyk4BG06KrXqb/sTGx9qBAp1zPfhQX2hDFHjHAGVZTh3 -mUvlWVC2AVLi/5snoM9Pmq71hp7Pq/tNF/SiQ69kO9a2N68ogNK30S2Gxbles0Z+ -HyO5y8XDawGsYj3Q+ZrgAmb0/5TVKxnDJIU4uBjliA+UHmHM4N9sYPbUG76ak8LW -y2M9cdxi5rHCcqISVPjzhx9dQQbHqAfhmSVEl/gpq+iVDyU8/+gcIDFhx9T4AtGn -CvpMnWlRGjLDCybhPlCxk3Ei29wL0stKTw0yVK/x99GVwjqaykdxAHfvsnx6llX0 -d1rLBfHyyFVtspKNYNOsrjXv4/IMmwuauU/3KPZoqVt5pwcB5X+OYAy32nRrxMko -1Q0MLQzuQeZblJVB+BQLK/oTurAoeFyeVl0dg+LLCBFkvYL6yunGa7HLCsB30hmX -CGlnHu69PTNHMHrHxjGtiEyPFN7a0VFLcPNKaZtuDWWmQr8Npy7Bdj8po1PXk5iy -LKczb6bESP7hEGLvlnDji19IzdEvfJ+TnI9Q5sbG/g9O2sdCDKj3zCHJOMuh9VX+ -577e+x7odP0X01dfmtcHbqdRAHbVDQIDAQABAoICADjwcP8ThboBPTuze0/9u6HJ -zLZ5/bK2iOzC4S7IbQn41f7ynTOgLBr4xt+NtcSIUJe3mVxUQgJpRp14LklFUJAG -xogw6dHCHe1N80GXWlE5O5A1wMck1IgfpXZ07sTg7ki7F4i52GKdKLDPB1XqDbVS -wred8WxBGmQ+AOiv46GuEwCgEiKe1QHYvRpEDipJImf8eBWgLkC8mS+vL7CitpxA -Bct+favidYHAOwuMS40GJmqak6vOGRaepum6Shw0DWOggSatPd8G7hIzbsw2YIqc -eIZR2x/1plhda2udww8YrxK7iY19elqQxF6+v5fymLfJyl9Skjdx5ht6a02KJgKR -EL3EZC5LpgHfCzZZNqlGqaAnbAK1Y+BqJZkPZ+UHbjSot70KwyWT76BtIVygY9bK -xvij8L0Mv0T3dbcBFUu1G2pUMONYlTNqgqH2mabqfMVDP6K02IG2HVaiWNAW1EON -FxU8oQk+WaOvnv/IxpOxZQ/JHXwsUokahaoZTL2D9SmZNalFECKz5GdXixdc+lqI -fvRyseoKz1fZmcHVjU9cFXZPm45xvYPyIi8BxjjwaSDHEJgupIGiVyCloDKeBl3i -3sAIYF0Cx+4RXsebu8t++ynMpwc7iTG4V9CkIWOgdCKGYchjnuVSfhWzljJ4kUae -+4T+kfe4Sb6n7ouPM0ShAoIBAQD6Cnc7w/fXxxnwnitMwoj97I6F4sM8ymj/nHmn -DUPKNASqavYcRggr662U34G3/cqA0aoVnWX7bHTx849bKTYtYu6BAjktFtQNOADC -pJCNjtLumAsWuTfeGaCpofGlx8w+Rck7CRDdbYeDxeIKTEzpjt2waIKSwV1/COfD -Euel0p8ee227lDlkVFkcM/JyJ9mIYHraNtqFtFXzC3hjGWXHkX9/eWz7+Kw44y7o -NudQ/QvF/bY+rCy6bGZ5FpOGdwa/n9iLnVd57/VzO+nf2kTF7FIpc3b6haeMpl4C -cm5WFK0O3GwfOU12lrJvWzgSXl2oMV35vPdfLggJZFZoNjXfAoIBAQC944Berk2q -Rj1I4SYfRXPM/s/tP3orqWfPuHqazwbMh4NAnnXW8sC0C1qSP7efLPdWGVnRKHFt -y/ef03JCzPM0QsnyiX+RfyKcD8Ud2XdL4d/IHi4U6w/ioE4NS7i2pgGGssMpUk0A -jkM1WfcpvmSrF27VOG5v3+iIvlOqPhyAKGMSl1aOd8ZEJmjT2affwGGVWgNiTByG -GIlyoB26BvJsupMuoKvkK31UlZaNdjNIBOhGeqp4i8YKbelqD/W96dz5R8nT22kL -cSRU2DzmY4kqC2UuFcvX5B9SWDwecDYetnSK7qekheZXacsTKT/qBxesTDw3KSMw -9CGtXTIzStqTAoIBAEYtjc2OcQ906Ejqe8itiPmL3Wyiep2jSdkEN/i09mPYOb8D -ClRhK4X4Pd3c5XGYn6+MKSqr5KWuiRwnegLiDDys2bgHwbhwAdA7+aqnuZKhlX41 -2lbkYVPK6Zbyxvn6m86Wk6YoIz2isjg/3/N3+tZKrNoIWy2JbA5tl27e7XlTJinO -BrxxG7KXIfOSeOelW561RYXdg3Ona8AtZfqadECRC7HhiL8nyl6lFNNEJaRLgXRu -gyoP9PXV2uT9eyZwXcqGuKZm4Nhuivtuw3N6tXa/n0fXCnvB64bEYvpY17L9Vp0n -LImO8bjpDufGOHSfW7YLNQ8VBHEIYGUSblYNcQ0CggEAIUzVRUVh/1tkAfTh/5fp -b+i7xApevWtu9iGO9rkZoyKcpOdlGPXnT2uyTXV5GSQEmAfIFYL3KV8cpN2q6wYQ -HHkd+zebtINMKXwmgE6Tui35VZndUPPMDF06cuB1mypPmDSfPw7czB0msiN90cc+ -1jY8zI2h6GKm39woxfEwhFUQ0sDRgBiHH4pw1b4Uz4toUY3AjCt20RlaeUyVCfuP -5ftuNj4dBt2NlBjLlzFEWvvpU/rNDGjOqSOPTHdSDCUICHtLbKjMqiIEUhC91VVd -R49KBiPyZIDv8TviByB8jTRICdlCcvq8Y1X9M/YG7F6kCyYvZSkEr+AQS9vNIuuc -mwKCAQEAi81M10zZdGFCJeCPnLDyT5dq1k8Apt8enyiNo7QNdp/9HlGpVwgJdfzM -gnCDEE0q4EZ388KVCzEvqyQmHzC8PqINXSBrqqEHvDC4/gI6ByFx7/6/9pZ+CJM4 -J44bI2OcTyjJMF7v3ynmMFVQO6h1rUCLKzcb5oiMEXNu/6/uI3WABDBPXgA9BYts -yxkfnFXRL4jS/TV8EYPh80wFW6i/f6UoJbSHfWG8T91wATtdsx24Ks0Tvedw1+PY -MtkTItz9ZtWUdHzTPJdAzG49fqskdGRDz4YLFosWJLSRQaWPUe3WoupkcazGdkfH -VjDb2p2Dqeathe8DDs4VQzIRWfUlZQ== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC1OXAZEltWmIgi +MVghqofO/7fjvwDGmhQbOZH3jDeRuUYC87NktDcuYp9Xu2NNrAdSgjQCU/6ItkpL +mTMDsTWkOCH++LA4yN7KrBs9+7xOQvaVFx2X7dv9DDbcwMLlCkOtl0kx2BOydeOo +Wp7MoGhEj8Po9JqT15ABfsdnmP5iF6doaGnyhdHLzlL6qEm0df7WatwjkW9nUj3E +/HLngOTnpEou4N/w9z+WxcIOrvBy71ITzd7aXfH0DYLBUIGXpSuWA1Ka5Ket1R+r +O+S9DnoChxvwqJR4XH9l1hBSp21kAjYS0nwND9hgLjWW7LOcjoVPZ+LlrnfIBBWn +WPr0UaMtDNxubB4AuS4OnRRcZs6ybvs3ELPQs6wEjv4XUrha/4UKzxThHsT21GsX +Ol/hsEqNMpPVb/UVmnroyaPbYgQlQv16vN+/eeQQzan5qtVhCEW8Q2NOvBUiLqjL +av/HpU5U6U1BW8K7mGI9WldUUoQ7QRwG79d5VoxHQv9U/4kGMKfEPmuyEdAJpHyZ +afRoJGJ65R1bVumqWKT9DIB4cxgoidIUlhcaUcIFeLYCIWQ2C6f6Pq4sLHyVJ7LQ +yii2YwBEM93B4wLN/buor95LMTXtlebmrziWknnZT4No0+3NO1etf090Vy+2mkKh +MXeU8I9RKRFIHWwJFV3EqkMtCO2mqQIDAQABAoICAAQ1xeNnOET+PSdiMxRxJD+M +VEbPsKJsgOwS/c+c68uQXM6Dv9amkyOaOe5tVYS/6tmhWbj2H5MofPhdokBDNSZQ +AYYtW9at3/MgZW+esgS1bIoRI+hcJ8CssHeXaM+uWd0mBxbH2MlMENJf7JF/Zny1 +RE1cpVyq5NcMDXDcLoiz2PlFd7ShJDsSW34kO7YcCaQMjnmrDsX9NJ8naDn1lhvF +hs2o/rrX25vSk0wJB1/8LFF2dmdnSFAtoiyAhMozlZwiDqC3kCerLFWrighUVkRJ +xD3mhLB5IaKJgw6QgiuRG5V7W1NoW1P8rtUHQbLw4qryFGTWlUTJx4EAQbA8V0iS +Hb11iPjENcf4Pt2LK/BFyxlAXbrcWYt9K8XckeikqYaBIZPrgaMKs+NBjyhDBeWE +z0MnRqHQAFAkPgYoPb9XbgyFjxD/rBOsiKnX9A5LYMWOOUl5GKGuuLw0KE2zHfW8 +OdXEeEdiONQm7NBp/RBkZCuUQuzxI9Y6RqSweCgg412W1KFwjroHBRNlusbQXycC +dW2yClFv0Pn1A2OPUVJRAiSyHhOVfngKYOKu00J754pycL4tloPqx4XPkoS+pumc +7LYKndlwhk2r2N2JIu7QMAxyjVhiph2CJZQHJNS99pqwtCdbSOKFZNz6MsXL2tyl +/2fB/kdcb1/EoPCjaWrLAoIBAQDk1h5scmT6ykYcJKKk9+KL/HvyE3Llvqegxf2v +CtsOQEFYlE3+O4nXeX8BvoJZ2DAKjsYhHTWweMftPO1uwL90Yg7DPvWqWbzmnuMB +Y76YW7yoOR70XKTLAy+ljbOXSg0KgVUaP0R4Qm3TOoxhjytEV2RHZPqJrHGbYHex +IMoOpPGszr6CkwBHp/YoGAn7vo08QzsSqjmp3vF8ws0+49tfLx7xHzTwcB71CGoM +NcEvSp5ZCGUU9sVOyPQvemVfI9lWoGlowikfkRVhobR4GDjSWGH02m7ZZ/0dWhnk +EMJ6qsZkOXKCnLPYS/IavQ+WU1AjsNGqYzSNpNUpS6ADoTEbAoIBAQDKvHwBnZoI +HPbSrrBrP2hFTBHjW880V9NaH7a2duaqtCeY9UImv6TsTyyImP7K3DQtsH1En1z9 +voKgrtQC6rADVr4t/YKlPUJlmXGGPAnw9C6v9QUXUcpskolgpEsiq/IV2iHXviwi +Ba90Hic6cKsxN/zLgSx7h5S7ZjSjbhp/FHtE0XN8YNZKEK3iEsFWzTpQlit0FSfa +gXr1foSqAmyN2TxjrrgjLoAOU1/Nj8KZm23kRT4qqJ3xY3/FwS3to7VLp/R15iw+ +zvzgAwTbgcKzGg5A1Yxbv9z+GyejTB7hZ8UBN8tHH8fGsOz0oyZUUp5tiIWu+MwA +vzTybfa5dMeLAoIBAHkVBtIREXdV0hUQGXM6qoexmA+11MTVxbKfMKUPFGuM+kaZ +ak9MR5pY8igFGsnZR0o+030wDHmM3xSbeXJx0JwPSopq5Og3RWmtxqW0lmPdnoxQ +dR2Na7DzxaFOwikaCJ53YoVZ1qvfUmdDAoaYj6dAqpHQT3TLZu109MAnfmKTSkFK +v6ktiSdhKzF5zsaCxA6P8FDm+03z5klCdgGB5VCPCUtCXOugF/FFe39sbgTM8c5g +T8Pw8uPGFtaMZ9kYieZ5SG0i10mZpfub6XbmMiKym1pIvgCRMm/2fd6cM5teg00C +zKFpswuO29LkGLxM5wmLhNUoWuVbw2JvXoKtJuMCggEBAMRpyWYzTxiPHx3MOoUd +ACMq6KWxu9QFRnEpCnZKSX2WXkqVSkqKHvkGV6nbN/ZHUpH1S9eg4ZG/8YRE/If6 +4R3K+yNJWTpHWD1gZJjdL/BuUZENO6p1Bj0b1tZ3NYfYuAgttd3zk4Q+p9ZCpFS8 +9U4Q5OwwMG1ZVGIeSd8P+8GkkSyCE3Wrx9Anyp6c9wzmdZm/c0faeyr5iKuwsEyZ +Xpwqm5QjoKgNE+lNIyLfJXR2HggqgWkIxUQo1pA7cQirMyiiBnf20GTlWh6ZLiqP +05Z7JtXvTjVRc4QHwOY3CC/uvfFJIbq9cmnv3RHBwo+tH2oU+xciWVpb5Kr+mCri +lbMCggEAFKtCtPAUML6cRbON45xiQgJrN1196FLwW1H+UKpZm9C8IAlYxh6s5Cij +3lH3gdkmFPBlIVaCmjyPy+C4oEKpbeZZq/GS/N50d6Sco63cNsCiZLDzx9kyR7YS +v5HglyZpdv6Ck2AZzuAJz0I93ejALbmcUwTLvkPvE2isWWE8dW0ZQqoW08W4S5Pm +7lKdvtVjtE94Al46MpaxMnn3AApelosq7jaB0hiPmdcuEoOjZTdMTySU4xV5IO2/ +JpfTjTw6ZQBbJvafRPXeeJ0np1C9TA1+NYBwq+KvvPFlbDiU3i1KhQp1dAJPYFuc +shGs6vHBZzwsCNQgohP2TQFygd9TJA== -----END PRIVATE KEY----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem index 828fbb9c80..846a0102e3 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCXg4XbWIuywlRq -3uIIzrxgk8ZWvw1a6hYyu6ghGiL67RRnCGKv9RjwNLOqAxQWAPbDhc2biFvNf07s -1sws+a+Nr9/FxBm0fjA96FBhYrJWHR7Te2UpHXkN7S6vkeQnHUevw0k1sf92iF1A -2wCR5NYwmYhti1/EDy7UAG7Y0lSvCeQo0KKgHXDyATsU62kTgc2mShq195THIgrF -gXWDv6gb0P5bRZ45KhyCOgauM9323GH8xg+7WNaGRa3DscOc0lVVkL7YhYj1cokH -VU/He6YNf0dRYK6pTI2zwbqjM59Twt9NoC1VvhWLQj9U1O307wWCiDV2LpC8Ie7B -as3mR2WVubpISBb8EdW23zngp/FSLHQWopJrdEPhYnj4Vyl84NDvGQV4h8ST3f1O -9w87C59lsEd9dTQVxWKO7faUVcP0xeJYDENl2/O2ngQlixLHpCZW83X8ayIvAr9S -Rh2HXnjGQSjgZhMwBQpRGTwP2Cu9udwe7SWJaLyPE/I2kyyrUHa4TAkF5qLbAohT -tNLk9epOXp++cTYbOYszKZQr+zQqP9v94MBitFiz6mDXQhXtTNi1qhbVlUTVnDph -7rHDj9kr3/DLIG6vnsCEbG3ohrHRrtwd0Rz3V9HAtcNUI3VNNkevR445JFh7qxww -fwKLP3vXJcFcE0eG7GhFhiWYEY+1WQIDAQABAoICABIhhIqnkWwOUjDJxC2+o49B -D8qAqVX4Tji6+Rcg/A+gAEGGIN0ijN3tyJQvMx+g9OaX4+9ZRXcVZXn1CFDXfjkL -01DksxjEwvwdiUTmHSYt7OrsyMG/S6WtfNk4sZ82o0X2rhOVXdcu4U3qByruQe1l -6gwF0itxj66B8MHUhZq+qcVylgtoCoSDPjE2LIhPj673DjQ5UN31hml1IP1nmXPe -shl0/sajce7ph7Qf889fNwCbKPXH30AJJY6V/q0NBHYtUJEzhZytnJU6kcXy13+k -/AFSewQ6a3iX1cBC5K2O088DvHkWuphEELUTl/goBDZHG3KthtdkjiAqKkKEx7SQ -VO+jog5UGTzW0I+Mqt2jsMD1OzZKD60WR/sqPM8KWkndpGepPd8+fLxCiSChdaoz -qrD50vEC3mVHrtZZWGnn7iVgM9ZZNGzqSq6a33PQ5N/mqls+AtDwjnK9FJR5c8Iy -n+y8N5P+N4pptQHdd5Dxzim7nBvrgymiBBABMeufveFjgkPROQIE3f73jwonUlco -UG7PFSF5HxA01IdopSboRVa/TMfQCJta2+yUZr8ocSK70/+J/4nzNk+cOC+IpIL9 -7SInP4Or4/YiHrqpdCyhcS5k/BK3r0VatcCEFt0/FncwNbfE2wdEKRXLKJK91Sm8 -uUf6sg8j2/7mVBNe0KmBAoIBAQDUSZCUj8lFKgqE2fX+Nsez1QysLA+58EncHQ1d -Uin8kkzinm3vIFmJvu4BBvX8cuOND8HOVxvrxUMffu2gMt9hCEp+7HXSY/0CKQbZ -pg3W3c0vj9BpaKlRkjA4pt2R/uuIWa3Hu1urHRanizRT1qN6nWq9uPsphok9fuHU -o972cMp15nrw9ktxWC3SVWQ1lGwFjZ/2sdlxcbUVJ6sO3CH8s11p3k/Tk0bX75Mn -AE8feSTGEy5s6QjsfsPOaq/SpFcciiWcydO2LcBudzyS7a+HN6i8Csq06aQq0YAX -LAQDg2PLQ6FjwtaHA2FkFqloz/nyDwJ0V4r3EOJ0dbigd9Q5AoIBAQC2tlyTulFt -+Nvc2cKBTbNFzNTrLnkx+rN8Ewt/SP4lX1FwxmnPYdVJ0KR1DG0gErcjbvGC/do9 -6XqtxZ382YaWYqLZJSwZNGMQ6MjCbf4gwr4bPhC0msIVzQosblZtqGXdcl3ZXfnM -kQqMm3lk2dBp32sv98JfjqSStevfELINfgiO3vprHJlMeYznNPbKqsWmZfUrNpko -ZOtBsQdwGp0Io4JtudaHHutmdJ0pIF8niXkxe+mu+W6/wHy7TeQiqIMkcYe/fSKy -euctnCklqnDeai3iHetLLhA8sl0WR2G26ePjaZ7M+qMxTkNJ6jRQM/tNWmuj7jXm -1/U7eGw7rCohAoIBAAY6nl5tladM44AgcSJjcxqovrVymYeIMHKf+5toZMj/dfgU -U/93QIlVK+Cl1qPwrxKdir9GORCC+kQ7UjeoJnvPZXgx8gcZXfwpPgU25SMP4Qxr -ON9O7eDx3C5dXxUAmOKoVvwMWFU+BkMmR4PKQYPAiLhGbEA8rVw7k97MbCdpCdfJ -yoO1hmMuBjIsxUL5Nu42yKHReCLnBjw3rMJD3U9v5+bKWidIJAUEB5pWXPv8bwLM -30jc0aE22wH8iWox3kh9GTtvhKHM19+l6gYZqVPbYz0ZR/dk/6ct/IcxiHCd81is -hFjMB8VwaPQp4hCsQZZDsHu/cdlsCmkGZ0N2IKkCggEBAKnTmPsKvDNek2WU1jB/ -ezlOqT0sBiRJZNjXjuExhGBSV41eLu0+fxRMJQBSm3+rRaRes4bQ0zCmuouYWj+y -JGHVro3s+i83PTlzVV87A3GJ8U+7AaYNDoda/LDNofHtCzmo2sh2i//zdH266Tuv -JQOzUZrVTEqreBaRl3rPtt/JnMTHRrWWcHrfo/MnjJhV4L7Il/ghmHwuSWjW1hYB -9qIX8NxyVo9jUuP5UjbuyuMh6Y7wIQWs/J6omIc0X+9C+BpAmC+JbV291PDU7H4B -DUX+JUW+D3zihN8V3mYd1RpCDbrL6nmWIWdr2ily0ksV9egxOkm12U4Gvv8W8GsK -nGECggEBAIWhbV/KapppoQ2/jeE5cZYV2yztR7AAHrtKfivwqrHti7TMcloU7WwX -9wAw1abQWw5Y/G8wuZWkdRlNsO6NjqKg4LH8MSe2vgZ9vDfl45flr5irvzzySkHb -aDummTm1mbG/j0k25Tz2Oj09aR0OD3U+GmHlmFP4bOG1b8hwRU3D2+VO4QjGkrBR -RbtUAdJmWF/dog8xjdq6skx4rpA8LSgqfF2QA1wiD1+2lHdAEGaSqK0QyzVNsmfh -j138ydtQw+jeM92p5PonKRkTMtfYPmhANJ7tJcZfiqGhhmwaAADiwYGikAGlO4vw -f3YUqeI6nTj9+jlJAdO+BUMKkPd3jz4= +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC/cE/i7DTCwsWo +bfysLqnxsZs6bCguhlHktfmRbb730l2v+dTZkY+Cgd8KkohH1dUk4yhLBkYOQyQd +ba9GL3UE9Wz0E/V14pSuS+AAuCRXPUtoFsU3AW3AzKVfYLyzdMsY42+xqCsRQB0j +hKga9q2RpGk0nW9brPm4pnn6ZqRRORb3bSswMaWiKmdWlAMb4gGXZKkvPtQXzF/O +NVXJycRaZYDM7h1/1bJz3DhQbkPJt/S6iTYwq7w8s2WLNjOaqiTNJgEAtf/JxdbJ +2Z8o9iEKOP1wHKksaU2K9zjoa8JixTjibu/er/MGWQwl9yUX16hhdYQRGUVi7r7/ +C38w3S8RsXINmqsDkHw2PIKDHtSfooOEp0aO1+Yj35K7/bYg7Js7+Un1YGH13+H2 +EfPaUCSYJje5XaOrTL0zbuF//0P6OpVG8oWOK5YWq8t8zxkz2CxaVnNn9530smkS +eOMJ4b4l1xlrPdrlO5k+CuOn7hqCI7rX8HdZkrArvwNU453fmGSmCk4jjUDfzsxp +MsywQmIai+QlUYsAlZLADZjWKXJcN8e3WRx9YYY9BA4m2+hV70X/VNqdN1QC0wvS +DRChlO4sTV2QxPeJMwiJZKm1eoXaQb6sifpbQnw7NFui+9ocT2FZtgr66nq+Pstb +8F17pXmjDFImQhjXG/fRZnVCLF8UTQIDAQABAoICACQ/BxkfgPPZPeRggsU1Bp9I +8euTW95HN002+TxES7KPZYaypk7VZRcgMNNHID99qKAV1GS0GOKNatKZmGSRCrZ4 +I3tpJgH+dwkzO4PXWaYc6GCaYxfBkP6+oJcY8VGHDQc21MiN3y2idoHplYyZZQ6c +0wCPyGxSqWuBNbon4few9/y78j/rPoGgRrWZS6dlWMjJ2dCktDKXUxJvfcE5jxBQ +hJ0IfpRcKTAPo6fy4KnaRx9kaFq5wWe6zcCYcBfaHCKtjeYND5Or/jl0l1KBm4rc +dHvcKVnLzE9B9Mfo00KxNc6Fk6wVo01x4b90dlT30500S1+TadRMAOS4UAo37re2 +ZuDp8O3+7vWn6zUFq5AbDCv4RVOvnWV2ktcJxQRUbZfqLj+AboyzwpfCJqCZlJZo +/7tsciS8u1WKPA3BypMQzZYKJLAJFQEWKVYxGyW+elYM3RlR+Q7VquRrHYkcGp3j +j+7SrmqXKqyJBaFwFwSlsuhdqGsOydah3KO7XTdeOGv6evdIyXIFoMS2KK88l+lN +rXPbhsrveNot/gxAqBxmlmTVr6HYiH2AwgohbLscY6r4hYIz2kvJS3wJ7O6cR0jr +B7tjaEtMlJyi0N+UrXuRajsx+5dvRHRxdYuSC3inqfQh9rvcObySuJxXVLlkN1T/ +XCJk7LBp2bRJ54xw14ofAoIBAQDq+BGqkVvFVoZTgaWlWETSxSYv9Dy41bqJ1ZuQ +xBSaATx/cglA2+YmlQbOeRqwEXulpOq0rkoYSKtf0IDjA4Ki3L+wbZtUgIGlSQjx +4zQkT+d7F6Zxe9djG8ruxVu1AL9/aENK0/AtjXldST2fUvJiAGXao1H47wpvDaMp +h5RlHjAeniGyRt4HKlZV9Wh1Jn1UKznOyR7aV+UwrYkrGfT9Q38Dm5AUdvqPwQgI +DZUolGPn2XaAdsBYCyr2KXLHhxS+Mv2XHfyw5Id4XHzNL7PWxeqxzumPu8S4Ksgx +loUxrl8vzx3Wr7Soj32vVMv/9HFGSmA+GXQTbj/oXP1oT7jXAoIBAQDQktE+51PO +t6EO77OLZux5esgL6Q1Jgr8488ajGc1TtPdHn8q6ZlFdhxUwTijkCihdAK3qNon8 +FFgUeufx5lqT4VxCJpfKOFTj9urv7TSTyd6uRs0l5wK2NGgwHTOCmfn5dAS1jVeT +mxExzac6AUhBZvihDQIT2dZgWHFTvNfag72wC13C5+BQlgySWtN1J+8sLIu4rGU1 +F2W7ypXRGrR6MsfcwuI3/6wPMrRnNuPzFgLIhizoDxny73XNxupISySsj/piBZol +5rVSUmQ/rmzVaUltU3hS3xXR/DQkJGcDEpOeWAyXZXmf3WB3yYz07Ko2pwI/JR/T +tY+k0pSJt0N7AoIBAQCI4Q5ZkOgnI2qJBwOaOLuPFS5TzTH6cveCCB/hy3g85u95 +RtNBJ1kBrNsUONRlMSoYquPXcZjUYLEE1g/fL1JQ0cwRWSidp2bfBJbjYnojlTDC +MlrRzVUB9VTYl7v+y3rDG9fnpWNLBhlnUJ1HTSjKEnVDUtUT8Rzg6M7eCI9YAKgD +jhcPJd19yxoUZSv+4vcrqyq33c3NYFqxasZ3h12ClGlPjrX2VgFM8SRenJsB0sAI +dlRkLcmLAKZ8VFT7CyP4UPgNqnhkDB0m7qn9Vgar3QwFnQXOp5HHv5Rz3r2k3XGy +BjPZtu3FLCIJm5pjduDuE7HROz61ewpbsKAmvhptAoIBAQDB7xHCxINHnbSS18yB +HRVaKxEhCfSB2qGFCh4zf4VMhOK8ZVayFPso1Lad8L7SsqMvPrd3JHkOu7feax2J +7h9gi1YmaA4RSGmegfOXXV7a4AQ+1bRgvrjlxDrwKebAU/17tiW+zgqVQ8UsIsWQ +CKsvrNgXn6nD3XQYp4PQUbH/CynwK9FlrgcDx1EvMGaX86bO0yijcSC1yeidQVQm +Vwdi7B6sJUUEvqU0iHf31LEFUP0LiL7uk0QUgBVwXblvuPcDwOgWBpF7FlaYkeWG +1N97W+ebUNZ7b9SxKCkvRe3GjJpXzBUBHKiHPec52l1HS1tFb+qF3jYGuzYyEl9s +4ctLAoIBAQDciDtVddDDP49gl6cTqgVw8Ec7j0uF7oy1LXhPqwWHcaPEi2ZC1m1a +j3BvF7E/7I9QGWDdzGf6AjL9hwnpXoivv2cIeZvPlunFcHPgI+IalzxDCMaRCW36 +IJiFTM/kyV/5Kjz8EEWs8nttPiMu/+rnMPiBcI2U32x1N0MkrgXgEJigGdKp/0lT +R+Meaz3ycZUj6p/l/K52qks0BQRkI3mrV6kjb+lvoHRatkD1Lrl3fGoHlRU8Jx7c +vtiXCDAR74yQKdzp6ITMCZAJLXtZrS3wXpODu34CrjX1+J5mfdybsGxdWCr8SqPV +x0b9IftIvgRlwOw9qTPa/jmW1p56BAq2 -----END PRIVATE KEY----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem index 437bfcafe7..9075970a60 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC0u/PxrbK5RxVR -4xvQqykNskqvOLdu8J7IC9rw6xXVGmPTwfeBt+AGE48vLCVCdVUkEnQp9IpsaVUc -WDKzZz/SbhlCOPbR6VDSsKAqVNYwVjjB1kWpqo+So3FfSHQhc1cdG1e+9ICcWf4j -pAU7Vt+Jx6n/pNU1tl8vxM3G7yObF4JiLdFz3BKdgFkz87JfsYLtgWY1IAQF2O1X -3HCMUd6Q2smLehlSjklreqUefPbsgi5aYqMLLtRbYShBAHu/cvV6hDzXkzZpM5cp -SzGksaU8/MBwIUVTYiKZmLF+V9ZfkC3XNKifDzMvRQRkm5kb0Kk6R1gcV9GhSaGq -c7KDrIpQHjD6xOSrR5C7fxKUe4XGd2of0WM6u3WEEhC2ywQFiuh1lCIvg0xZcD/r -vAnG3HS6ZcHi7iTLtzxKnPvkmaRm7Mx2Ish7qbWISbHIdo5vndyvIoiRgv7y6ZPf -alGXC3oQH1Z0eFi5JDHhTxYeFTD81j0XAYB1jDJxFygWMAHJmFVN5xVkk/fhLP4T -yATE0epCBrsvlCdtwr8rbX0H+XLDhckv0ofNesOuZujpzusxjhyV6Bhxb6Ai38aE -8hIhokpnWEQkzGm9g33e/0kCKaD403BS3JKHWGykW0Zd8EesoTHvxzmK2NPbce5b -m6Qg2HGqPVR9MTPOn8StxFeF12aHhQIDAQABAoICAB18XHwdXn8jvbKyXqNYiUYW -xGB53FNZJk50wK91awZtW8P8bSjYms/i+QU1Ko8BHXbZG+KMZtjxBlWtffgO7Dak -h7JqILp2Wh1Fe5vsY1VXe8MD9jGMBghiaeilpWyfqKKzB0m8Eg9wDyo5ZDEeJzIP -RQjUF4S/0B+29+twsFppJ3hlCTrhuJfBjMwRAhTinP2qksYwBvf9QBuJd0MtSCZR -y3fZ36+8TvYd+DpVIOPNCUrttLPqW/Lckvin34iIdMwcLuDsv3/CTvMJtXutD8w3 -YB3rD6he5k4wvyRhqDPHDfOCP9BTZoJbvC+9wujqzfEYGqPlH+o0XQ+1+HXK/HV3 -bLVX3qFcSLmIXc7sTAgKpwtvFw685Abnq2f++LhoSKoKwKUPE7r/fMbnQyXEkLfy -c+oj9XOsjXlZZGhUUPDndC+Pfoknq56+Hyq2E0/lMxYpXCKQ8G8hPqXYruTCjxjS -EEu2kbMz3fi073yROH3z0IkBHSVi14EgqqWnduV9fD/d22/TYkl/9u+di0eQGiRM -hXEXz4FHMdOfjzKOrfRN3UoDJDohCBSwsjKBKM5I8X+DapzUB/qgJJ4SmlS52dUW -34FPTZ4Mt/yXOOKVJGEeCJNhT+tLryESVekln3iiZvO1Zf2NByIl/7fgEJczPzAR -0Bfy5iAxIJr/9FqPbQKxAoIBAQDjRW2zfFa227nPyO9V8P+h1kpx/4+jDHhMvOAr -FqLuyQyPmTgym7jHqG9mWVfN9LDP30x622nLtvDlVxubG1l4Mffs7hfHDSXukZoA -x1rNUvahPdZ5/yqenitHTB/nGgBBlsR/2YnzXC9ARYgc05lJ3mXF/5k0D4Pvv6l7 -VSubJuIkvL/L+JEywM1UxcaARc7u6HU/Qfd6NNl4kFuzjOyMa3lGhWpCdzSzlEvx -Nt1y8zMQ+/nwvJFIXddzypLDY+bW3PsmoJZ+EDcIFYtys+gCUBUC4RMqboRsArYi -F9hK297vZwnoixzpPON/XwPvx/mQrwqdZO2iZfAAtVgwafXHAoIBAQDLlJI50v3S -QuXiciyEzdlZkuvsf5cUg2No8oqewsgCSU2Lgo3Hz+VAG/pGUQULFqzlw0GAzOMR -tOdkYBMzXxMxP9HsWGlKpe6e+5OQ7bnqCbApgmBQFhiCj6HDtb+C5/pip4KaCAA5 -hZ2vOqpy1R/UbVNuf6bOxvxIKuIShKg6Phhi+TbETq/KucogPNwklqYTeMJAMfVP -EwQPe1LGy59VpxPqMiXMsXllA+ZJFPnxN+6998ewk1fu9o8/cW1ADFuFODrRxWKJ -KaBSoON2sAEl8JvakmiyStIJVroDa+upMHjwfayiZ5pOCSbmh8nIPAwEdz42w2hu -E0T7SvcRNWhTAoIBAQCqZ91YLcuK8fdBb+TcaIYT32wUS810MJ5m01u1kxR5vC95 -4CV99Lq4oXddo3GtkGGei0x59dg+kZ3QJ98gDoKoF7dQZDlZ22bsmSmCmfdgamtX -/Ni6wnM/WVMT82UcT6ePhi8xuXexDBa1tyzWiGWwOFvQ+NPzcAq6EdhPDE5U1/PK -HeglVOvxxRRwEpbCiRUelxeKZbjcXZINzxei6fBXXSIimVhSG7VdTL0gUMX8MZPB -kV0XfxvjydEJFgOzE037HtgFX3VXcmsA2b6kM3arfUYz0XUgZJtPrTzJFV3syy0+ -DeElBmGYFDpzv1dhS2y5ajWoTAvNr2cj8NT+AATzAoIBACshrh1cK3SpwcTJRc9Z -QYxtyVhQ6/Rnpd8tS9s5D2EUoL5HCbzkugBsLQlKzxO7WSRQywb74bv1pPSqOkcv -BITxrYsybBRptXWvfWM+Sp5gMReKTNeK5uR6g95QGmQku/K85Lm3qjyFp5PhjQ1J -RDYgd4W4u+GhXP/5Pe6Ido/oaghGHqlWtn3wAPf1jPqfhE4pzpYFP6DiOYECMtZ1 -e6uM+3Yp68JDc6HIQrkHHbFSlV1gKsmpXf798/mQEYJ5W8aM1EFvXWIMFLCM78RM -o+Gi6ZJUZKQpn/hkjIJ/Ee3FnEnvhmzeIF4aKEi9Si4HMtCbZu35Vp3DrWDEUDYw -J4sCggEALWHOnPhBFu28ipZmPyohEvJiFuaFR26E9iGzdIi0maXK94S+pE0CldO8 -b1lXakgI+pAP3WHpn+B5AWNluG8pJ3DRdflcYxMxfk5qhiMnagT3q/F49kYaPtEA -lkMsCJ8lQIPHlq9IhoMA9W8JfpuCFZgO0hEj3yXeXTFnaie+m3EkFmJqI06SvGCH -DPFkGIfEDR8TjHR+RclYqmbtz0dgKRTuEq5s/HnGX5buFbQvC+Ok7xLSMAS3prVM -IRBr4aUwuFN/fPPz9SPu5xeqJzjDm366tB/0nwAC8wZ7GcfCha2cGUfLf/dEFw/Q -VhGnxjg3mjbqt21aRH14tcsxKJmOSA== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDjTzIKAzID+GFA +YDFXWR/yLMdN3rDnqCTv7eKB86hbX4/29eLLrxX+vI+6N+F9vcsdFnQpIYgjGfOR +NAqyJai5CYLLrbNLxN4XFTh7u2axnYaAZpOeSA2uk5TcWo7C5RXe3gg4CwDouIQZ +7/i9AgvCak2f/fcq34yjJkAX6Z1ZQGqCi1F8EU7qYaV6HosXVKD6OA5lw6DNi5pi +Br2jTXJyKU687hkJ2PJ7pMAEgy4UBm7+LLVkTZRZkX5pzTG++AxIF3TWwOUfo9Qp +3cJNnNGBMnDpqUER2i7LVgD6ZXE1NAYFKLwRD5snBqIdWms+n9i8A/6oJeSl1FFS +FyYCAhF66DDdTrcyt7edTDpLzh24jMrqlO1zZbpdhz96UmnLsHip+dT9cMWefE4g +XRCnKcng8/Czysg9sYh0z+8i9+vcNdURptSdtwkjMArMR8Dj8P90uTufTlCZTYah +l6TeFvlKu2nDghtSsaZkzqGCLki7PjNObvyNbHSoTR8vePfR+ZoJvmvo6hGVAwYa +p7hbqSiW+oXscRHtRigMyNDNWXTo6vuOLwUAzebOnfIyr7fJJUaMZBMKBDJe55V4 +DXUn1f20c0cpBzd31VXbPd+hGLQgUTgEXuICu0H//ybrClE52tcRnPbqGguoSmox +FfGb/ahHkS31iF24nBBRbJJE9xO5wwIDAQABAoICAAm6mQSusFRVLCxqMZJwgRqH +ahxeHKo9mx8dymUPfbQzeeDzEzruin11qp0oySDtn6TmEiC0i7Qc5zzewlpvnDIX +Qx7el1711R+dy+YX1kRh3qDeQxEyOkuvi16HDbcvwOjiDe4AIpDTXOwTRk0oqkIu +9JWVdB/Eo6tT9shPOmnYhPaDagBqaTtE5KU+a2ubNqye+5bFcbt6bygk67bymKRk +OjeB5VZzj6VVHtbSmoVG5TdByJ27aE8RGB0FKEzpJvVq85hBd00MYQdNs4RI4vqp +owWNNfjCouAXFUGiV98UE/HilXIRfe2ErimddhufEdKyRRMDVC740GY4EWtilUbd +wy1pbWtqn4hQEEyWfjRud2dS00yaRkTFK8JcXc/W2RhwPlMXeUdF+ImH3ROYIGHc +NHgvVwSfyuk1OYjn3n0UNh/Y2wqr06xyaIPaTNjWUQJ/ektl05BzW5Buq3h++nFn +J4qD6dut6zWsnQaBIcWQHZlwdXZC10xOfl9dkR6o0DPWOUFLGrW8XODXc2RwW5AH +yPcIUzJubExczWX1v958HqsXY4foWeBP2hmPmE0axqvRqkInRJDXhpgSxGxjmlNm +h1nnjH9Z8EPpvaf9Jfm7u5dH7xEUCnSxymS/gKHN1kc+M10kNaTxwyC2FL+fGAzU +OrqrLx/fM0rFHjdL+kehAoIBAQD3kxRXs9TUvtJC6H0HeGtL7r/FqTxTqDIikTzT +hIFDu5o/arA31ZMzTi5dFS4qBGHc7aM6L0NHi+ty4kXWBrkpPIDcD9OGfkA5S07i +Zttif4f+vSD/C9JScyKWHyGyBWX/lUukRsC4nHXv+Rei4zcBwMtU7fI1a48iXOyL +wLvuYnGWfQYYjokEo5y8uQsePcFEH7PBYlvkvhArTzfMWXXFojSCLyMFTcEgRScX +Jd1RhxvsZlNnZUgFlaWmpPTzI88U11VCawQ0wzEZblUha6D2sdQIW2QuEXoFDESh +vfdvjU/yWFrqjygEh4NfNvI8623KrVbXtwDo/VPSBlanEy4RAoIBAQDrC4/HBdhc +c3W9bAhiLmO8FWjwy508VrS1OEbLFjC4CeGEUP2Q4kk7U8XKcfwhFecUPnFqP1vP +yj/KgE2I5d8sy03OEH3+rhcRrMGt72w0KSXoVBD2YSK1toQBEy61i7mCs+qjHMxn +NN10RQRnaaa+qyMtI/zuyx2RGMtIb73LzNh1l39luhg3dgEJXg7yDByAvE0xz0Jh +EtkDMqlARvZLqqYPKbZeHFLJTCzA1KntI95SEPCEpDFADenS6uziDkg5CmRAVegi +NH34IHXIjvce5ezYRhfsyYI2bDE7o0tSAAGw89yGwXva6mSXSrUVjaxkETGitNvP +oBcHhN2X3eaTAoIBADC0ebMLSNqVs82/6SD4Gru0e3vKYHjgxQQx6HKAReHqXV0O +gx5o4O2d+tcLHKrdc9c/1PXUaHsB1s8iHrUNW432Pi+M2YNDASWEYD+AFrbY+gsu +b/hc/gKEbhB0jW91SmyulVP7K1zmQvlz2qeL5b1tjVLnANhrkZwkBdE0mIQ8T7ZY +YEOifugvu90Q1lQbuBLL3dQ0onlsvseWbRbBnr7Du2rFFTGs60qK8DbIlzK7zs2C +D/RuY23d09nl596Rc+LYvggz/37Vy6oCH7NUdjUyJNGEEUBS5dtqX3ImajBC77Bw +m2o7wZaqhjjMGXnMoyvVUBleAkrT05Kk9pUl29ECggEAK63rWy3/5jZis//mkvBS +AnrsFIuSPctTK7Y4mbcW+KyFZ0RxysHyn/7Sa+vA0hky5zUveHIryrKoJiavwfgO +AFILtHamI3UQvm0fVQaAUjUvYTx2JoMooyI258g7zusXX2219ff9GFTfrqLAzcL5 +hMdi8xmUAIBojzVPWbfCSqRXuYqc1ze9FllsmeQL3PlZNqdHpTECAe4xvAFnKJXH +YYpl771tsZGL5PKuAmvC5FndD90sBUpKCMBNKrATs3K6AzemJ7qPOAQPQNQvb0T6 +MZjC6fIkshFEjH6Qq6eN8MAlkE/RNI2ySZ1zchYlDstUNQho8/auPqhefzw2vekz +1wKCAQEAiXl+8VUi1ZTxX8CFq00rjl8EqTBTcwTw0IaMsp6wl22UThlcwE4iZfmT +v9NGNSrpM1uIsXlI3ZR2BMGfxYWNTFLWslZty4ZpHleOG2HCkXJWY1mTOzB1ESbo +duEVayNLlKOr42x7dM+soJITTz7ISjfmwbV7DfcRo5ouq1iPL4BO6KDMktDpn8uU +Xck1mB6clZOp4U/Weu6/mkfc7TTncbmyBnZ89Ef545K0EmG7hH4TskEnuPfBa3GH +xbZZP4uwbLEPkW86nBsLZTbSOXnYqHdq02+06EwHyWx1OmvxD5hbAbMSnRsEyeDe +tisnYhG39m8vxseoVVxuwHfeGQGM0A== -----END PRIVATE KEY----- diff --git a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java index d21b1f1950..c94ad976c7 100644 --- a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java +++ b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java @@ -37,6 +37,7 @@ import org.niis.xroad.globalconf.impl.FileSystemGlobalConfSource; import org.niis.xroad.globalconf.impl.extension.GlobalConfExtensionFactoryImpl; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -45,6 +46,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; @@ -87,6 +89,16 @@ public List getOcspResponderAddressesForCaCertificate(X509Certificate ca return Collections.emptyList(); } + @Override + public Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert) { + return Collections.emptyMap(); + } + + @Override + public CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl) { + return CostType.UNDEFINED; + } + @Override public List getOcspResponderCertificates() { return Collections.emptyList(); diff --git a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java index 824f636aed..8f338a31ff 100644 --- a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java +++ b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java @@ -38,6 +38,7 @@ import org.niis.xroad.globalconf.cert.CertChain; import org.niis.xroad.globalconf.extension.GlobalConfExtensions; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -48,6 +49,7 @@ import java.security.cert.X509Certificate; import java.util.Collection; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; @@ -133,6 +135,16 @@ public ClientId.Conf getSubjectName(SignCertificateProfileInfo.Parameters parame return globalConfProvider.getSubjectName(parameters, cert); } + @Override + public Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert) { + return globalConfProvider.getOcspResponderAddressesAndCostTypes(instanceIdentifier, caCert); + } + + @Override + public CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl) { + return globalConfProvider.getOcspResponderCostType(instanceIdentifier, ocspUrl); + } + @Override public List getOcspResponderAddresses(X509Certificate member) throws CertificateEncodingException, IOException { return globalConfProvider.getOcspResponderAddresses(member); diff --git a/src/gradle/libs.versions.toml b/src/gradle/libs.versions.toml index 1224fb07e4..989984465b 100644 --- a/src/gradle/libs.versions.toml +++ b/src/gradle/libs.versions.toml @@ -19,7 +19,7 @@ xmlUnit = "2.10.4" bouncyCastle = "1.82" slf4j = "2.0.17" testAutomationFramework = "0.2.21" -selenide="7.11.1" +selenide="7.12.0" allureSelenide = "2.28.0" protoc = "4.32.1" grpc = "1.76.0" diff --git a/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java b/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java index 2c2f57a239..dfc9ee9198 100644 --- a/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java +++ b/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java @@ -36,6 +36,7 @@ import org.niis.xroad.globalconf.cert.CertChain; import org.niis.xroad.globalconf.extension.GlobalConfExtensions; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -47,6 +48,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; @@ -166,6 +168,10 @@ ClientId.Conf getSubjectName( */ List getOcspResponderAddressesForCaCertificate(X509Certificate caCert) throws CertificateEncodingException, IOException; + Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert); + + CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl); + /** * @return a list of known OCSP responder certificates */ diff --git a/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml b/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml index a54228f99e..5dee67d03f 100644 --- a/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml +++ b/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml @@ -59,6 +59,7 @@ neKQsBCiYuP03CJX5gg5yC37MxlcC2NpwdM60Q+7sp+Riz+eGw4tpVnAEmD8ZwHl vuN63j9maswGt/KrgylIF99T/5WpbFVRWQHibbEH + FREE http://www.example.net/ocsp @@ -81,6 +82,7 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= + PAID ee.ria.xroad.common.certificateprofile.impl.TestCertificateProfileInfoProvider @@ -142,7 +144,7 @@ FREE - http://www.example.net/ocsp + http://www.example.net/ocsp2 MIIDizCCAnOgAwIBAgIIOmOWEyqjUj0wDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw HhcNMTIwOTA2MTEzODMwWhcNMTQwOTA2MTEzODMwWjAWMRQwEgYDVQQDDAtPY3Nw @@ -162,7 +164,7 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= - FREE + FREE ee.ria.xroad.common.certificateprofile.impl.TestCertificateProfileInfoProvider @@ -216,7 +218,6 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= - PAID http://www.example.net/ocsp @@ -239,7 +240,6 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= - FREE ee.ria.xroad.common.certificateprofile.impl.TestCertificateProfileInfoProvider diff --git a/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java b/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java index 08dcfcfa95..e8b8d5373f 100644 --- a/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java +++ b/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java @@ -48,6 +48,7 @@ import org.niis.xroad.globalconf.extension.GlobalConfExtensions; import org.niis.xroad.globalconf.impl.cert.CertChainFactory; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalConfInitException; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; @@ -63,6 +64,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.List; +import java.util.Map; import java.util.Objects; import java.util.Optional; import java.util.OptionalInt; @@ -323,6 +325,32 @@ public List getOcspResponderAddressesForCaCertificate(X509Certificate ca return doGetOcspResponderAddressesForCertificate(caCert, true); } + @Override + public Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert) { + Map responders = new java.util.HashMap<>(); + SharedParametersCache sharedParametersCache = getSharedParametersCache(instanceIdentifier); + List ocspInfos = sharedParametersCache.getCaCertsAndOcspData().get(caCert); + if (ocspInfos != null) { + ocspInfos.stream() + .filter(ocspInfo -> StringUtils.isNotBlank(ocspInfo.getUrl())) + .forEach(ocspInfo -> responders.put(ocspInfo.getUrl().trim(), ocspInfo.getCostType())); + } + return responders; + } + + @Override + public CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl) { + SharedParametersCache sharedParametersCache = getSharedParametersCache(instanceIdentifier); + for (List ocspInfos : sharedParametersCache.getCaCertsAndOcspData().values()) { + for (SharedParameters.OcspInfo ocspInfo : ocspInfos) { + if (StringUtils.isNotBlank(ocspInfo.getUrl()) && ocspInfo.getUrl().trim().equals(ocspUrl.trim())) { + return ocspInfo.getCostType(); + } + } + } + return CostType.UNDEFINED; + } + @Override public List getOcspResponderCertificates() { List responderCerts = new ArrayList<>(); diff --git a/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java new file mode 100644 index 0000000000..6e82d67a95 --- /dev/null +++ b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java @@ -0,0 +1,129 @@ +/* + * The MIT License + * + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.niis.xroad.globalconf.impl; + +import ee.ria.xroad.common.ExpectedCodedException; +import ee.ria.xroad.common.SystemProperties; +import ee.ria.xroad.common.TestCertUtil; + +import org.apache.commons.io.FileUtils; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.extension.GlobalConfExtensions; +import org.niis.xroad.globalconf.impl.extension.GlobalConfExtensionFactoryImpl; +import org.niis.xroad.globalconf.model.CostType; + +import java.io.File; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import static ee.ria.xroad.common.SystemProperties.getConfigurationPath; +import static org.junit.Assert.assertEquals; + +public class GlobalConfVer6Test { + private static final String GOOD_CONF_DIR = "../globalconf-core/src/test/resources/globalconf_good_v6"; + private static final Path GOOD_CONF_FILES = Paths.get(GOOD_CONF_DIR, "files"); + + @Rule + public ExpectedCodedException thrown = ExpectedCodedException.none(); + + private static GlobalConfProvider globalConfProvider; + + @BeforeClass + public static void setUpBeforeClass() throws Exception { + System.setProperty(SystemProperties.CONFIGURATION_PATH, GOOD_CONF_DIR); + + createConfigurationFiles(); + + FileSystemGlobalConfSource globalConfSource = new FileSystemGlobalConfSource(getConfigurationPath()); + globalConfProvider = + new GlobalConfImpl(globalConfSource, new GlobalConfExtensions(globalConfSource, new GlobalConfExtensionFactoryImpl())); + + } + + private static void createConfigurationFiles() throws IOException { + List confFiles = new ArrayList<>(); + File files = GOOD_CONF_FILES.toFile(); + + confFiles.add(getConfFileName("bar", "shared-params.xml")); + confFiles.add(getConfFileName("EE", "private-params.xml")); + confFiles.add(getConfFileName("EE", "shared-params.xml")); + confFiles.add(getConfFileName("foo_v2", "private-params.xml")); + confFiles.add(getConfFileName("foo_v2", "shared-params.xml")); + confFiles.add(getConfFileName("baz_v3", "private-params.xml")); + confFiles.add(getConfFileName("baz_v3", "shared-params.xml")); + confFiles.add(getConfFileName("qux_v4", "private-params.xml")); + confFiles.add(getConfFileName("qux_v4", "shared-params.xml")); + confFiles.add(getConfFileName("quux_v5", "private-params.xml")); + confFiles.add(getConfFileName("quux_v5", "shared-params.xml")); + + FileUtils.writeLines(files, StandardCharsets.UTF_8.name(), confFiles); + } + + private static String getConfFileName(String instanceIdentifier, String fileName) { + return Paths.get(GOOD_CONF_DIR, instanceIdentifier, fileName).toAbsolutePath().normalize().toString(); + } + + @AfterClass + public static void cleanUpAfterClass() { + deleteConfigurationFiles(); + } + + private static void deleteConfigurationFiles() { + try { + Files.delete(GlobalConfVer6Test.GOOD_CONF_FILES); + } catch (IOException e) { + // Ignore. + } + } + + @Test + public void getOcspResponderAddressesAndCostTypes() { + + Map addressesAndCostTypes = + globalConfProvider.getOcspResponderAddressesAndCostTypes("EE", TestCertUtil.getCaCert()); + + assertEquals(2, addressesAndCostTypes.size()); + assertEquals(CostType.FREE, addressesAndCostTypes.get("http://127.0.0.1:8082/ocsp")); + assertEquals(CostType.PAID, addressesAndCostTypes.get("http://www.example.net/ocsp")); + } + + @Test + public void getOcspResponderCostType() { + CostType costType = globalConfProvider.getOcspResponderCostType("EE", "http://www.example.net/ocsp2"); + assertEquals(CostType.FREE, costType); + } +} diff --git a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java index 13eee82ace..667a506c69 100644 --- a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java +++ b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java @@ -191,6 +191,8 @@ InternalSSLKey getSSLKey() */ List getTspUrl(); + String getTspCostType(String tspUrl); + /** * @param serviceId the service identifier * @return the type of the service as {@link DescriptionType} diff --git a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java index c585c28602..df5ce1bf60 100644 --- a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java +++ b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java @@ -38,4 +38,5 @@ public class TimestampingService { private Long id; private String name; private String url; + private String costType; } diff --git a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java index 1e53bb662f..8112b6a1d8 100644 --- a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java +++ b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java @@ -367,6 +367,15 @@ public List getTspUrl() { .collect(Collectors.toList())); } + @Override + public String getTspCostType(String tspUrl) { + return tx(session -> getConf(session).getTimestampingServices().stream() + .filter(t -> StringUtils.equals(t.getUrl(), tspUrl)) + .findFirst() + .map(TimestampingService::getCostType) + .orElse(null)); + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return tx(session -> { diff --git a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java index b82e945efd..d84c9e4d59 100644 --- a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java +++ b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java @@ -57,4 +57,7 @@ public class TimestampingServiceEntity { @Column(name = "url", nullable = false) private String url; + + @Column(name = "cost_type") + private String costType; } diff --git a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java index 5bfec609b8..e61f17ec41 100644 --- a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java +++ b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java @@ -40,6 +40,7 @@ import org.junit.Rule; import org.junit.Test; import org.niis.xroad.common.identifiers.jpa.mapper.XRoadIdMapper; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.serverconf.IsAuthentication; import org.niis.xroad.serverconf.ServerConfProvider; import org.niis.xroad.serverconf.impl.dao.ServiceDAOImpl; @@ -322,6 +323,14 @@ public void getTsps() { } } + @Test + public void getTspCostType() { + String costType0 = serverConfProvider.getTspCostType("tspUrl0"); + String costType2 = serverConfProvider.getTspCostType("tspUrl2"); + assertEquals(CostType.UNDEFINED.name(), costType0); + assertEquals(CostType.FREE.name(), costType2); + } + /** * Tests getting services. */ diff --git a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java index b8fbdc06a1..924cccf0d7 100644 --- a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java +++ b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java @@ -38,6 +38,7 @@ import org.niis.xroad.common.identifiers.jpa.entity.ServiceIdEntity; import org.niis.xroad.common.identifiers.jpa.entity.XRoadIdEntity; import org.niis.xroad.common.identifiers.jpa.mapper.XRoadIdMapper; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.serverconf.ServerConfCommonProperties; import org.niis.xroad.serverconf.ServerConfDbProperties; import org.niis.xroad.serverconf.impl.entity.AccessRightEntity; @@ -289,14 +290,20 @@ static ServerConfEntity createTestData(Session session) { client.getLocalGroups().add(localGroup); } + addTimestampingServices(conf); + + return conf; + } + + private static void addTimestampingServices(ServerConfEntity conf) { for (int j = 0; j < NUM_TSPS; j++) { TimestampingServiceEntity tsp = new TimestampingServiceEntity(); tsp.setName("tspName" + j); tsp.setUrl("tspUrl" + j); + tsp.setCostType(CostType.UNDEFINED.name()); conf.getTimestampingServices().add(tsp); } - - return conf; + conf.getTimestampingServices().get(2).setCostType(CostType.FREE.name()); } static ServiceId.Conf createTestServiceId(String memberCode, String serviceCode) { diff --git a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java index dabcf4372c..8b94968d96 100644 --- a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java +++ b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java @@ -143,6 +143,11 @@ public List getTspUrl() { return emptyList(); } + @Override + public String getTspCostType(String tspUrl) { + return null; + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return null; diff --git a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java index 2ff875de67..291fe3de5b 100644 --- a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java +++ b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java @@ -161,6 +161,12 @@ public List getTspUrl() { return serverConfProvider.getTspUrl(); } + + @Override + public String getTspCostType(String tspUrl) { + return serverConfProvider.getTspCostType(tspUrl); + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return serverConfProvider.getDescriptionType(serviceId); diff --git a/src/package.json b/src/package.json index eff4b556dd..11f8dff6f5 100644 --- a/src/package.json +++ b/src/package.json @@ -10,6 +10,11 @@ "prepReportDirs": "mkdirp ./build && mkdirp ./build/reports", "npx-check-audit": "pnpm run prepReportDirs && pnpm dlx audit-ci@^7 --config shared-ui/audit-ci-shared.json >build/reports/audit-ci.txt" }, + "pnpm": { + "overrides": { + "glob": "^11.1.0" + } + }, "devDependencies": { "@eslint/js": "^9.39.1", "@intlify/eslint-plugin-vue-i18n": "^4.1.0", diff --git a/src/pnpm-lock.yaml b/src/pnpm-lock.yaml index f00910ca28..c1460f20d2 100644 --- a/src/pnpm-lock.yaml +++ b/src/pnpm-lock.yaml @@ -4,6 +4,9 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + glob: ^11.1.0 + importers: .: @@ -464,6 +467,14 @@ packages: resolution: {integrity: sha512-Om86EjuQtA69hdNj3GQec9ZC0L0vPSAnXzB3gP/gyJ7+mA7t06d9aOAiqMZ+xEOsumGP4eEBlfl8zF2LOTzf2A==} engines: {node: '>= 16'} + '@isaacs/balanced-match@4.0.1': + resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} + engines: {node: 20 || >=22} + + '@isaacs/brace-expansion@5.0.0': + resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} + engines: {node: 20 || >=22} + '@isaacs/cliui@8.0.2': resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} @@ -593,10 +604,6 @@ packages: peerDependencies: pinia: '>=3.0.4' - '@pkgjs/parseargs@0.11.0': - resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} - engines: {node: '>=14'} - '@pkgr/core@0.2.9': resolution: {integrity: sha512-QNqXyfVS2wm9hweSYD2O7F0G06uurj9kZ96TRQE5Y9hU7+tgdZwIkbAKc5Ocy1HxEY2kuDQa6cQ1WRs/O5LFKA==} engines: {node: ^12.20.0 || ^14.18.0 || >=16.0.0} @@ -1538,9 +1545,6 @@ packages: resolution: {integrity: sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==} engines: {node: '>=6 <7 || >=8'} - fs.realpath@1.0.0: - resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} - fsevents@2.3.3: resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==} engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0} @@ -1581,14 +1585,11 @@ packages: resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==} engines: {node: '>=10.13.0'} - glob@10.4.5: - resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} + glob@11.1.0: + resolution: {integrity: sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==} + engines: {node: 20 || >=22} hasBin: true - glob@7.2.3: - resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} - deprecated: Glob versions prior to v9 are no longer supported - globals@14.0.0: resolution: {integrity: sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==} engines: {node: '>=18'} @@ -1662,10 +1663,6 @@ packages: resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==} engines: {node: '>=0.8.19'} - inflight@1.0.6: - resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} - deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. - inherits@2.0.3: resolution: {integrity: sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==} @@ -1717,8 +1714,9 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - jackspeak@3.4.3: - resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} + jackspeak@4.1.1: + resolution: {integrity: sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==} + engines: {node: 20 || >=22} jiti@2.6.1: resolution: {integrity: sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==} @@ -1803,8 +1801,9 @@ packages: lodash@4.17.21: resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} - lru-cache@10.4.3: - resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==} + lru-cache@11.2.2: + resolution: {integrity: sha512-F9ODfyqML2coTIsQpSkRHnLSZMtkU8Q+mSfcaIyKwy58u+8k5nvAYeiNhsyMARvzNcXJ9QfWVrcPsC9e9rAxtg==} + engines: {node: 20 || >=22} magic-string@0.30.21: resolution: {integrity: sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==} @@ -1832,6 +1831,10 @@ packages: resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==} engines: {node: '>= 0.6'} + minimatch@10.1.1: + resolution: {integrity: sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==} + engines: {node: 20 || >=22} + minimatch@3.1.2: resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} @@ -1900,9 +1903,6 @@ packages: ohash@2.0.11: resolution: {integrity: sha512-RdR9FQrFwNBNXAr4GixM8YaRZRJ5PUWbKYbE5eOsrwAjJW0q2REGcf79oYPsLyskQCZG1PLN+S/K1V00joZAoQ==} - once@1.4.0: - resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==} - openapi-types@12.1.3: resolution: {integrity: sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw==} @@ -1955,17 +1955,13 @@ packages: resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==} engines: {node: '>=8'} - path-is-absolute@1.0.1: - resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} - engines: {node: '>=0.10.0'} - path-key@3.1.1: resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==} engines: {node: '>=8'} - path-scurry@1.11.1: - resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} - engines: {node: '>=16 || 14 >=14.18'} + path-scurry@2.0.1: + resolution: {integrity: sha512-oWyT4gICAu+kaA7QWk/jvCHWarMKNs6pXOGWKDTr7cw4IGcUbW+PeTfbaQiLGheFRpjo6O9J0PmyMfQPjH71oA==} + engines: {node: 20 || >=22} path-type@4.0.0: resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==} @@ -2572,9 +2568,6 @@ packages: resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==} engines: {node: '>=12'} - wrappy@1.0.2: - resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} - xml-name-validator@4.0.0: resolution: {integrity: sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw==} engines: {node: '>=12'} @@ -2779,7 +2772,7 @@ snapshots: debug: 4.4.3 eslint: 9.39.1(jiti@2.6.1) eslint-compat-utils: 0.6.5(eslint@9.39.1(jiti@2.6.1)) - glob: 10.4.5 + glob: 11.1.0 globals: 16.5.0 ignore: 7.0.5 import-fresh: 3.3.1 @@ -2803,6 +2796,12 @@ snapshots: '@intlify/shared@11.1.12': {} + '@isaacs/balanced-match@4.0.1': {} + + '@isaacs/brace-expansion@5.0.0': + dependencies: + '@isaacs/balanced-match': 4.0.1 + '@isaacs/cliui@8.0.2': dependencies: string-width: 5.1.2 @@ -2944,9 +2943,6 @@ snapshots: dependencies: pinia: 3.0.4(typescript@5.9.3)(vue@3.5.24(typescript@5.9.3)) - '@pkgjs/parseargs@0.11.0': - optional: true - '@pkgr/core@0.2.9': {} '@rolldown/pluginutils@1.0.0-beta.29': {} @@ -3950,8 +3946,6 @@ snapshots: jsonfile: 4.0.0 universalify: 0.1.2 - fs.realpath@1.0.0: {} - fsevents@2.3.3: optional: true @@ -3999,23 +3993,14 @@ snapshots: dependencies: is-glob: 4.0.3 - glob@10.4.5: + glob@11.1.0: dependencies: foreground-child: 3.3.1 - jackspeak: 3.4.3 - minimatch: 9.0.5 + jackspeak: 4.1.1 + minimatch: 10.1.1 minipass: 7.1.2 package-json-from-dist: 1.0.1 - path-scurry: 1.11.1 - - glob@7.2.3: - dependencies: - fs.realpath: 1.0.0 - inflight: 1.0.6 - inherits: 2.0.4 - minimatch: 3.1.2 - once: 1.4.0 - path-is-absolute: 1.0.1 + path-scurry: 2.0.1 globals@14.0.0: {} @@ -4027,7 +4012,7 @@ snapshots: array-union: 2.1.0 dir-glob: 3.0.1 fast-glob: 3.3.3 - glob: 7.2.3 + glob: 11.1.0 ignore: 5.3.2 merge2: 1.4.1 slash: 3.0.0 @@ -4082,11 +4067,6 @@ snapshots: imurmurhash@0.1.4: {} - inflight@1.0.6: - dependencies: - once: 1.4.0 - wrappy: 1.0.2 - inherits@2.0.3: {} inherits@2.0.4: {} @@ -4122,11 +4102,9 @@ snapshots: isexe@2.0.0: {} - jackspeak@3.4.3: + jackspeak@4.1.1: dependencies: '@isaacs/cliui': 8.0.2 - optionalDependencies: - '@pkgjs/parseargs': 0.11.0 jiti@2.6.1: optional: true @@ -4135,7 +4113,7 @@ snapshots: dependencies: config-chain: 1.1.13 editorconfig: 1.0.4 - glob: 10.4.5 + glob: 11.1.0 js-cookie: 3.0.5 nopt: 7.2.1 @@ -4218,7 +4196,7 @@ snapshots: lodash@4.17.21: {} - lru-cache@10.4.3: {} + lru-cache@11.2.2: {} magic-string@0.30.21: dependencies: @@ -4241,6 +4219,10 @@ snapshots: dependencies: mime-db: 1.52.0 + minimatch@10.1.1: + dependencies: + '@isaacs/brace-expansion': 5.0.0 + minimatch@3.1.2: dependencies: brace-expansion: 1.1.12 @@ -4305,10 +4287,6 @@ snapshots: ohash@2.0.11: optional: true - once@1.4.0: - dependencies: - wrappy: 1.0.2 - openapi-types@12.1.3: {} openapi-typescript-codegen@0.29.0: @@ -4362,13 +4340,11 @@ snapshots: path-exists@4.0.0: {} - path-is-absolute@1.0.1: {} - path-key@3.1.1: {} - path-scurry@1.11.1: + path-scurry@2.0.1: dependencies: - lru-cache: 10.4.3 + lru-cache: 11.2.2 minipass: 7.1.2 path-type@4.0.0: {} @@ -4628,7 +4604,7 @@ snapshots: dependencies: css: 3.0.0 debug: 4.4.3 - glob: 7.2.3 + glob: 11.1.0 safer-buffer: 2.1.2 sax: 1.2.4 source-map: 0.7.6 @@ -4639,7 +4615,7 @@ snapshots: dependencies: '@adobe/css-tools': 4.3.3 debug: 4.4.3 - glob: 10.4.5 + glob: 11.1.0 sax: 1.4.3 source-map: 0.7.6 transitivePeerDependencies: @@ -4957,8 +4933,6 @@ snapshots: string-width: 5.1.2 strip-ansi: 7.1.2 - wrappy@1.0.2: {} - xml-name-validator@4.0.0: {} y18n@4.0.3: {} diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java index df21526e74..ed2fc67b9a 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java @@ -27,11 +27,15 @@ package org.niis.xroad.securityserver.restapi.converter; import com.google.common.collect.Streams; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.ApprovedCaDto; import org.niis.xroad.securityserver.restapi.openapi.model.CertificateAuthorityDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; +import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDto; import org.springframework.stereotype.Component; import java.util.List; +import java.util.Map; import java.util.Set; import java.util.stream.Collectors; @@ -51,7 +55,7 @@ public class CertificateAuthorityConverter { public CertificateAuthorityDto convert(ApprovedCaDto approvedCaDto) { CertificateAuthorityDto ca = new CertificateAuthorityDto(); ca.setName(approvedCaDto.getName()); - ca.setAuthenticationOnly(Boolean.TRUE.equals(approvedCaDto.isAuthenticationOnly())); + ca.setAuthenticationOnly(approvedCaDto.isAuthenticationOnly()); ca.setNotAfter(approvedCaDto.getNotAfter()); ca.setIssuerDistinguishedName(approvedCaDto.getIssuerDistinguishedName()); ca.setSubjectDistinguishedName(approvedCaDto.getSubjectDistinguishedName()); @@ -65,9 +69,20 @@ public CertificateAuthorityDto convert(ApprovedCaDto approvedCaDto) { .map(ips -> ips.split(",")) .map(List::of) .orElse(null)); + ca.setOcspResponders(convertOcspResponders(approvedCaDto.getOcspUrlsAndCostTypes())); return ca; } + private List convertOcspResponders(Map ocspUrlsAndCostTypes) { + return ocspUrlsAndCostTypes.entrySet().stream() + .map(entry -> new OcspResponderDto(entry.getKey(), convertCostType(entry.getValue()))) + .toList(); + } + + private static CostTypeDto convertCostType(CostType costType) { + return costType != null ? CostTypeDto.valueOf(costType.name()) : CostTypeDto.UNDEFINED; + } + /** * convert a group of ApprovedCaDtos into a list of CertificateAuthorities * @param approvedCaDtos diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java index 4a6cb6cc43..ad20571e08 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java @@ -43,8 +43,7 @@ public EndpointDto convert(Endpoint endpoint) { endpointDto.setId(String.valueOf(endpoint.getId())); endpointDto.setServiceCode(endpoint.getServiceCode()); - endpointDto.setClientId(clientIdConverter.convertId( - endpoint.getClient().getIdentifier())); + endpointDto.setClientId(clientIdConverter.convertId(endpoint.getClient().getIdentifier())); endpointDto.setMethod(EndpointDto.MethodEnum.fromValue(endpoint.getMethod())); endpointDto.setPath(endpoint.getPath()); endpointDto.setGenerated(endpoint.isGenerated()); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java index 261f16db5f..d8ef2331d6 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java @@ -29,10 +29,14 @@ import ee.ria.xroad.common.DiagnosticsStatus; import com.google.common.collect.Streams; +import lombok.RequiredArgsConstructor; +import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.OcspResponderDiagnosticsStatus; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.CodeWithDetailsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDto; import org.springframework.stereotype.Component; import java.util.List; @@ -43,27 +47,33 @@ * Converter for certificate authority diagnostics related data between openapi and service domain classes */ @Component +@RequiredArgsConstructor public class OcspResponderDiagnosticConverter { - public OcspResponderDiagnosticsDto convert( + private final GlobalConfProvider globalConfProvider; + + public CaOcspDiagnosticsDto convert( OcspResponderDiagnosticsStatus ocspResponderDiagnosticsStatus) { - OcspResponderDiagnosticsDto ocspResponderDiagnostics = new OcspResponderDiagnosticsDto(); + CaOcspDiagnosticsDto ocspResponderDiagnostics = new CaOcspDiagnosticsDto(); ocspResponderDiagnostics.setDistinguishedName(ocspResponderDiagnosticsStatus.getName()); - List ocspResponders = convertOcspResponders( + List ocspResponders = convertOcspResponders( ocspResponderDiagnosticsStatus.getOcspResponderStatusMap()); ocspResponderDiagnostics.setOcspResponders(ocspResponders); return ocspResponderDiagnostics; } - public Set convert(Iterable statuses) { + public Set convert(Iterable statuses) { return Streams.stream(statuses) .map(this::convert) .collect(Collectors.toSet()); } - private OcspResponderDto convertOcspResponder(DiagnosticsStatus diagnosticsStatus) { - OcspResponderDto ocspResponder = new OcspResponderDto(); + private OcspResponderDiagnosticsDto convertOcspResponder(DiagnosticsStatus diagnosticsStatus) { + OcspResponderDiagnosticsDto ocspResponder = new OcspResponderDiagnosticsDto(); ocspResponder.setUrl(diagnosticsStatus.getDescription()); + CostType ocspResponderCostType = + globalConfProvider.getOcspResponderCostType(globalConfProvider.getInstanceIdentifier(), diagnosticsStatus.getDescription()); + ocspResponder.setCostType(CostTypeDto.fromValue(ocspResponderCostType.name())); if (diagnosticsStatus.getErrorCode() != null) { ocspResponder.setError(new CodeWithDetailsDto(diagnosticsStatus.getErrorCode().code()) .metadata(diagnosticsStatus.getErrorCodeMetadata())); @@ -76,7 +86,7 @@ private OcspResponderDto convertOcspResponder(DiagnosticsStatus diagnosticsStatu return ocspResponder; } - private List convertOcspResponders(Iterable statuses) { + private List convertOcspResponders(Iterable statuses) { return Streams.stream(statuses) .map(this::convertOcspResponder) .collect(Collectors.toList()); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java index 489e5e2419..66124bf3f9 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java @@ -27,6 +27,7 @@ package org.niis.xroad.securityserver.restapi.converter; import com.google.common.collect.Streams; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.serverconf.model.TimestampingService; import org.springframework.stereotype.Component; @@ -43,6 +44,7 @@ public class TimestampingServiceConverter { public TimestampingServiceDto convert(TimestampingService tsp) { TimestampingServiceDto timestampingServiceDto = new TimestampingServiceDto(); timestampingServiceDto.setUrl(tsp.getUrl()); + timestampingServiceDto.setCostType(CostTypeDto.valueOf(tsp.getCostType())); timestampingServiceDto.setName(tsp.getName()); return timestampingServiceDto; } @@ -57,6 +59,7 @@ public TimestampingService convert(TimestampingServiceDto timestampingServiceDto TimestampingService timestampingService = new TimestampingService(); timestampingService.setUrl(timestampingServiceDto.getUrl()); timestampingService.setName(timestampingServiceDto.getName()); + timestampingService.setCostType(timestampingServiceDto.getCostType().name()); return timestampingService; } } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java index 1d11aafde7..7eaf286f5c 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java @@ -29,8 +29,11 @@ import ee.ria.xroad.common.DiagnosticsStatus; import com.google.common.collect.Streams; +import lombok.RequiredArgsConstructor; import org.niis.xroad.securityserver.restapi.openapi.model.CodeWithDetailsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; +import org.niis.xroad.serverconf.ServerConfProvider; import org.springframework.stereotype.Component; import java.util.Set; @@ -40,11 +43,15 @@ * Converter for timestamping service diagnostics related data between openapi and service domain classes */ @Component +@RequiredArgsConstructor public class TimestampingServiceDiagnosticConverter { + private final ServerConfProvider serverConfProvider; + public TimestampingServiceDiagnosticsDto convert(DiagnosticsStatus diagnosticsStatus) { TimestampingServiceDiagnosticsDto timestampingServiceDiagnostics = new TimestampingServiceDiagnosticsDto(); timestampingServiceDiagnostics.setUrl(diagnosticsStatus.getDescription()); + timestampingServiceDiagnostics.setCostType(getCostType(diagnosticsStatus)); timestampingServiceDiagnostics.setStatusClass(DiagnosticStatusClassMapping.map(diagnosticsStatus.getStatus())); if (DiagnosticStatus.ERROR.equals(diagnosticsStatus.getStatus())) { CodeWithDetailsDto codeWithDetails = new CodeWithDetailsDto(diagnosticsStatus.getErrorCode().code()) @@ -58,6 +65,11 @@ public TimestampingServiceDiagnosticsDto convert(DiagnosticsStatus diagnosticsSt return timestampingServiceDiagnostics; } + private CostTypeDto getCostType(DiagnosticsStatus diagnosticsStatus) { + String tspCostType = serverConfProvider.getTspCostType(diagnosticsStatus.getDescription()); + return tspCostType != null ? CostTypeDto.valueOf(tspCostType) : CostTypeDto.UNDEFINED; + } + public Set convert(Iterable statuses) { return Streams.stream(statuses) .map(this::convert) diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java index f5a0c06bc9..37ad40a324 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java @@ -27,9 +27,11 @@ import lombok.Builder; import lombok.Getter; +import org.niis.xroad.globalconf.model.CostType; import java.time.OffsetDateTime; import java.util.List; +import java.util.Map; /** * DTO for approved certificate authority data @@ -50,4 +52,5 @@ public class ApprovedCaDto { private final String certificateProfileInfo; private final boolean acmeCapable; private final String acmeServerIpAddress; + private final Map ocspUrlsAndCostTypes; } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java index 65bc4c0051..33362df14d 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java @@ -47,6 +47,7 @@ import org.niis.xroad.securityserver.restapi.openapi.model.CertificateAuthorityDto; import org.niis.xroad.securityserver.restapi.openapi.model.CsrSubjectFieldDescriptionDto; import org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageTypeDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.service.CertificateAuthorityNotFoundException; import org.niis.xroad.securityserver.restapi.service.CertificateAuthorityService; import org.niis.xroad.securityserver.restapi.service.ClientNotFoundException; @@ -108,6 +109,13 @@ public ResponseEntity> getApprovedCertificateAuthor return new ResponseEntity<>(cas, HttpStatus.OK); } + @Override + @PreAuthorize("hasAuthority('VIEW_APPROVED_CERTIFICATE_AUTHORITIES')") + public ResponseEntity getOcspPrioritizationStrategy() { + var strategy = certificateAuthorityService.getOcspPrioritizationStrategy(); + return ResponseEntity.ok(ServicePrioritizationStrategyDto.valueOf(strategy.name())); + } + @SuppressWarnings("squid:S3655") // see reason below @Override @PreAuthorize("(hasAuthority('GENERATE_AUTH_CERT_REQ') and " diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java index cd54ccc358..27bbd49cd5 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java @@ -52,11 +52,11 @@ import org.niis.xroad.securityserver.restapi.dto.OcspResponderDiagnosticsStatus; import org.niis.xroad.securityserver.restapi.openapi.model.AddOnStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.BackupEncryptionStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.ConnectionStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfConnectionStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.MessageLogEncryptionStatusDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.OperationalDataIntervalDto; import org.niis.xroad.securityserver.restapi.openapi.model.ProxyMemoryUsageStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; @@ -122,7 +122,7 @@ public ResponseEntity> getTimestampingSer @Override @PreAuthorize("hasAuthority('DIAGNOSTICS')") - public ResponseEntity> getOcspRespondersDiagnostics() { + public ResponseEntity> getOcspRespondersDiagnostics() { List statuses = diagnosticService.queryOcspResponderStatus(); return new ResponseEntity<>(ocspResponderDiagnosticConverter.convert(statuses), HttpStatus.OK); } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java index 5186dff8c6..f462dbd4ca 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java @@ -57,6 +57,7 @@ import org.niis.xroad.securityserver.restapi.openapi.model.NodeTypeResponseDto; import org.niis.xroad.securityserver.restapi.openapi.model.SecurityServerAddressDto; import org.niis.xroad.securityserver.restapi.openapi.model.SecurityServerAddressStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.openapi.model.VersionInfoDto; import org.niis.xroad.securityserver.restapi.service.GlobalConfService; @@ -151,6 +152,13 @@ public ResponseEntity> getConfiguredTimestampingServ return new ResponseEntity<>(timestampingServiceDtos, HttpStatus.OK); } + @Override + @PreAuthorize("hasAuthority('VIEW_TSPS')") + public ResponseEntity getTimestampingPrioritizationStrategy() { + var strategy = systemService.getTimestampingPrioritizationStrategy(); + return ResponseEntity.ok(ServicePrioritizationStrategyDto.valueOf(strategy.name())); + } + @Override @PreAuthorize("hasAuthority('ADD_TSP')") @AuditEventMethod(event = RestApiAuditEvent.ADD_TSP) diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java index 9cb2105260..bdd5caa9e5 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java @@ -183,7 +183,7 @@ private void updateServerConf() { /** * Matches timestamping services in globalTsps with localTsps by name and checks if the URLs have changed. - * If the change is unambiguous, it's performed on localTsps. Otherwise a warning is logged. + * If the change is unambiguous, it's performed on localTsps. Otherwise, a warning is logged. * * @param globalTsps timestamping services from global configuration * @param localTsps timestamping services from local database diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java index 668275e77e..520bb28e3f 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java @@ -25,6 +25,7 @@ */ package org.niis.xroad.securityserver.restapi.service; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfo; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfoProvider; import ee.ria.xroad.common.certificateprofile.GetCertificateProfile; @@ -41,6 +42,7 @@ import org.niis.xroad.common.exception.InternalServerErrorException; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.proxy.proto.ProxyRpcClient; import org.niis.xroad.restapi.util.FormatUtils; import org.niis.xroad.securityserver.restapi.cache.CurrentSecurityServerId; import org.niis.xroad.securityserver.restapi.dto.ApprovedCaDto; @@ -84,6 +86,7 @@ public class CertificateAuthorityService { private final CurrentSecurityServerId currentSecurityServerId; private final AcmeService acmeService; private final AcmeProperties acmeProperties; + private final ProxyRpcClient proxyRpcClient; /** * {@link CertificateAuthorityService#getCertificateAuthorities(KeyUsageInfo, boolean)} @@ -209,6 +212,8 @@ private ApprovedCaDto buildCertificateAuthorityDto( builder.subjectDnPath(subjectDnPath); builder.topCa(subjectDnPath.size() <= 1 && subjectName.equals(subjectDnPath.getFirst())); + builder.ocspUrlsAndCostTypes(globalConfService.getOcspResponderAddressesAndCostTypes(certificate)); + return builder.build(); } @@ -229,6 +234,10 @@ List buildPath(X509Certificate certificate, return pathElements; } + public ServicePrioritizationStrategy getOcspPrioritizationStrategy() { + return proxyRpcClient.getOcspPrioritizationStrategy(); + } + public boolean isAcmeExternalAccountBindingRequired(String caName) throws CertificateAuthorityNotFoundException { final var acmeUrl = getCertificateAuthorityInfo(caName).getAcmeServerDirectoryUrl(); return acmeUrl != null && acmeService.isExternalAccountBindingRequired(acmeUrl); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java index af39bc3e22..b7572edd2c 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java @@ -36,6 +36,7 @@ import org.niis.xroad.common.core.exception.XrdRuntimeException; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -47,6 +48,7 @@ import java.util.Collection; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.OptionalInt; import java.util.Set; import java.util.stream.Collectors; @@ -154,6 +156,10 @@ public ApprovedCAInfo getApprovedCAForThisInstance(X509Certificate certificate) return globalConfProvider.getApprovedCA(globalConfProvider.getInstanceIdentifier(), certificate); } + public Map getOcspResponderAddressesAndCostTypes(X509Certificate certificate) { + return globalConfProvider.getOcspResponderAddressesAndCostTypes(globalConfProvider.getInstanceIdentifier(), certificate); + } + /** * @return CA certs for current instance */ @@ -180,6 +186,7 @@ private TimestampingService createTspType(SharedParameters.ApprovedTSA approvedT TimestampingService tsp = new TimestampingService(); tsp.setUrl(approvedTSA.getUrl()); tsp.setName(approvedTSA.getName()); + tsp.setCostType(approvedTSA.getCostType() != null ? approvedTSA.getCostType().name() : CostType.UNDEFINED.name()); return tsp; } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java index 1a077ebfc7..6a8812a38f 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java @@ -26,6 +26,7 @@ package org.niis.xroad.securityserver.restapi.service; import ee.ria.xroad.common.CodedException; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.crypto.Digests; import lombok.RequiredArgsConstructor; @@ -38,6 +39,7 @@ import org.niis.xroad.confclient.rpc.ConfClientRpcClient; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ConfigurationAnchor; +import org.niis.xroad.proxy.proto.ProxyRpcClient; import org.niis.xroad.restapi.config.audit.AuditDataHelper; import org.niis.xroad.restapi.config.audit.RestApiAuditProperty; import org.niis.xroad.restapi.service.ConfigurationVerifier; @@ -95,6 +97,7 @@ public class SystemService { private final ConfClientRpcClient confClientRpcClient; private final MaintenanceModeStatus maintenanceModeStatus; private final GlobalConfProvider globalConfProvider; + private final ProxyRpcClient proxyRpcClient; private static final String ANCHOR_DOWNLOAD_FILENAME_PREFIX = "configuration_anchor_UTC_"; private static final String ANCHOR_DOWNLOAD_DATE_TIME_FORMAT = "yyyy-MM-dd_HH_mm_ss"; @@ -117,6 +120,7 @@ public List getConfiguredTimestampingServices() { private void auditLog(TimestampingService timestampingService) { auditDataHelper.put(RestApiAuditProperty.TSP_NAME, timestampingService.getName()); auditDataHelper.put(RestApiAuditProperty.TSP_URL, timestampingService.getUrl()); + auditDataHelper.put(RestApiAuditProperty.TSP_COST_TYPE, timestampingService.getCostType()); } public void addConfiguredTimestampingService(TimestampingService timestampingServiceToAdd) @@ -396,6 +400,10 @@ public NodeProperties.NodeType getServerNodeType() { return NodeProperties.getServerNodeType(); } + public ServicePrioritizationStrategy getTimestampingPrioritizationStrategy() { + return proxyRpcClient.getTimestampingPrioritizationStrategy(); + } + public boolean isManagementServiceProvider() { var managementRequestService = globalConfProvider.getManagementRequestService(); return globalConfService.isSecurityServerClientForThisInstance(managementRequestService); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java index 64067d3104..1c17dfbdf1 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java @@ -27,7 +27,7 @@ import lombok.RequiredArgsConstructor; import org.niis.xroad.securityserver.restapi.converter.OcspResponderDiagnosticConverter; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.service.DiagnosticService; import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; @@ -37,7 +37,7 @@ @Component @RequiredArgsConstructor @Order(DiagnosticCollector.ORDER_GROUP3) -public class OscpReponderCollector implements DiagnosticCollector> { +public class OscpReponderCollector implements DiagnosticCollector> { private final DiagnosticService diagnosticService; private final OcspResponderDiagnosticConverter ocspResponderDiagnosticConverter; @@ -47,7 +47,7 @@ public String name() { } @Override - public Set collect() { + public Set collect() { return ocspResponderDiagnosticConverter.convert(diagnosticService.queryOcspResponderStatus()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java index 9867b86963..0c9092dd29 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java @@ -33,15 +33,20 @@ import org.junit.Before; import org.junit.Test; import org.niis.xroad.common.core.exception.ErrorCode; +import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.OcspResponderDiagnosticsStatus; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DiagnosticStatusClassDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; import java.time.OffsetDateTime; import java.util.Arrays; import java.util.Set; import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; /** * Test CertificateAuthorityDiagnosticConverter @@ -58,7 +63,12 @@ public class OcspResponderDiagnosticConverterTest { @Before public void setup() { - ocspResponderDiagnosticConverter = new OcspResponderDiagnosticConverter(); + GlobalConfProvider globalConfProvider = mock(GlobalConfProvider.class); + when(globalConfProvider.getInstanceIdentifier()).thenReturn("DEV"); + when(globalConfProvider.getOcspResponderCostType("DEV", URL_1)).thenReturn(CostType.FREE); + when(globalConfProvider.getOcspResponderCostType("DEV", URL_2)).thenReturn(CostType.PAID); + + ocspResponderDiagnosticConverter = new OcspResponderDiagnosticConverter(globalConfProvider); } @Test @@ -68,7 +78,7 @@ public void convertSingleCertificateAuthorityDiagnostics() { diagnosticsStatus.setDescription(URL_1); status.setOcspResponderStatusMap(Arrays.asList(diagnosticsStatus)); - OcspResponderDiagnosticsDto caDiagnostics = ocspResponderDiagnosticConverter.convert(status); + CaOcspDiagnosticsDto caDiagnostics = ocspResponderDiagnosticConverter.convert(status); assertEquals(1, caDiagnostics.getOcspResponders().size()); @@ -77,6 +87,7 @@ public void convertSingleCertificateAuthorityDiagnostics() { assertEquals(PREVIOUS_UPDATE_1, caDiagnostics.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_1, caDiagnostics.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(URL_1, caDiagnostics.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.FREE, caDiagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -96,14 +107,14 @@ public void convertMultipleCertificateAuthorityDiagnostics() { diagnosticsStatus3.setDescription(URL_1); status2.setOcspResponderStatusMap(Arrays.asList(diagnosticsStatus2, diagnosticsStatus3)); - Set diagnostics = ocspResponderDiagnosticConverter.convert( + Set diagnostics = ocspResponderDiagnosticConverter.convert( Arrays.asList(status1, status2)); - OcspResponderDiagnosticsDto firstDiagnostic = diagnostics + CaOcspDiagnosticsDto firstDiagnostic = diagnostics .stream() .filter(item -> item.getDistinguishedName().equals(CA_NAME_1)) .findFirst() .orElse(null); - OcspResponderDiagnosticsDto secondDiagnostic = diagnostics + CaOcspDiagnosticsDto secondDiagnostic = diagnostics .stream() .filter(item -> item.getDistinguishedName().equals(CA_NAME_2)) .findFirst() @@ -118,6 +129,7 @@ public void convertMultipleCertificateAuthorityDiagnostics() { assertEquals(PREVIOUS_UPDATE_1, firstDiagnostic.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_1, firstDiagnostic.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(URL_1, firstDiagnostic.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.FREE, firstDiagnostic.getOcspResponders().get(0).getCostType()); assertEquals(CA_NAME_2, secondDiagnostic.getDistinguishedName()); @@ -125,6 +137,7 @@ public void convertMultipleCertificateAuthorityDiagnostics() { assertEquals(null, secondDiagnostic.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_2, secondDiagnostic.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(URL_2, secondDiagnostic.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.PAID, secondDiagnostic.getOcspResponders().get(0).getCostType()); assertEquals(ErrorCode.OCSP_RESPONSE_PARSING_FAILURE.code(), secondDiagnostic.getOcspResponders() .get(1).getError().getCode()); @@ -132,5 +145,6 @@ public void convertMultipleCertificateAuthorityDiagnostics() { assertEquals(PREVIOUS_UPDATE_1, secondDiagnostic.getOcspResponders().get(1).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_1, secondDiagnostic.getOcspResponders().get(1).getNextUpdateAt()); assertEquals(URL_1, secondDiagnostic.getOcspResponders().get(1).getUrl()); + assertEquals(CostTypeDto.FREE, secondDiagnostic.getOcspResponders().get(1).getCostType()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java index 68a12d1d90..b6ce173475 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java @@ -28,6 +28,8 @@ import org.junit.Before; import org.junit.Test; +import org.niis.xroad.globalconf.model.CostType; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.util.TestUtils; import org.niis.xroad.serverconf.model.TimestampingService; @@ -64,10 +66,11 @@ public void setup() { @Test public void convertSingleTspType() { TimestampingServiceDto timestampingService = timestampingServiceConverter.convert( - TestUtils.createTspType(TSA_1_URL, TSA_1_NAME)); + TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.FREE.name())); assertEquals(TSA_1_URL, timestampingService.getUrl()); assertEquals(TSA_1_NAME, timestampingService.getName()); + assertEquals(CostTypeDto.FREE, timestampingService.getCostType()); } @Test @@ -82,7 +85,7 @@ public void convertEmptyTspTypeList() { @Test public void convertMultipleTspTypes() { List tspTypes = new ArrayList<>(Arrays.asList(TestUtils.createTspType( - TSA_1_URL, TSA_1_NAME), TestUtils.createTspType(TSA_2_URL, TSA_2_NAME))); + TSA_1_URL, TSA_1_NAME, CostType.PAID.name()), TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.FREE.name()))); Set timestampingServices = timestampingServiceConverter.convert(tspTypes); @@ -92,9 +95,10 @@ public void convertMultipleTspTypes() { @Test public void convertSingleTimestampingService() { TimestampingService timestampingService = timestampingServiceConverter.convert(TestUtils - .createTimestampingService(TSA_1_URL, TSA_1_NAME)); + .createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.FREE)); assertEquals(TSA_1_URL, timestampingService.getUrl()); assertEquals(TSA_1_NAME, timestampingService.getName()); + assertEquals(CostTypeDto.FREE.name(), timestampingService.getCostType()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java index a825edfacc..44e3f3bc4f 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java @@ -32,8 +32,10 @@ import org.junit.Before; import org.junit.Test; import org.niis.xroad.common.core.exception.ErrorCode; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DiagnosticStatusClassDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; +import org.niis.xroad.serverconf.ServerConfProvider; import java.time.OffsetDateTime; import java.util.ArrayList; @@ -42,6 +44,8 @@ import java.util.Set; import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; /** * Test TimestampingServiceDiagnosticConverter @@ -53,7 +57,10 @@ public class TimestampingServiceDiagnosticConverterTest { @Before public void setup() { - timestampingServiceDiagnosticConverter = new TimestampingServiceDiagnosticConverter(); + ServerConfProvider serverConfProvider = mock(ServerConfProvider.class); + when(serverConfProvider.getTspCostType(URL_1)).thenReturn(CostTypeDto.PAID.name()); + when(serverConfProvider.getTspCostType(URL_2)).thenReturn(CostTypeDto.FREE.name()); + timestampingServiceDiagnosticConverter = new TimestampingServiceDiagnosticConverter(serverConfProvider); } @Test @@ -67,6 +74,8 @@ public void convertSingleTimestampingServiceDiagnostics() { assertEquals(DiagnosticStatusClassDto.OK, timestampingServiceDiagnostics.getStatusClass()); assertEquals(now, timestampingServiceDiagnostics.getPrevUpdateAt()); + assertEquals(URL_1, timestampingServiceDiagnostics.getUrl()); + assertEquals(CostTypeDto.PAID, timestampingServiceDiagnostics.getCostType()); } @Test @@ -95,8 +104,12 @@ public void convertMultipleTimestampingServiceDiagnostics() { assertEquals(ErrorCode.TIMESTAMP_TOKEN_SIGNER_INFO_NOT_FOUND.code(), firstDiagnostic.getError().getCode()); assertEquals(DiagnosticStatusClassDto.FAIL, firstDiagnostic.getStatusClass()); assertEquals(prevUpdate, firstDiagnostic.getPrevUpdateAt()); + assertEquals(URL_1, firstDiagnostic.getUrl()); + assertEquals(CostTypeDto.PAID, firstDiagnostic.getCostType()); assertEquals(DiagnosticStatusClassDto.WAITING, secondDiagnostic.getStatusClass()); assertEquals(prevUpdate2, secondDiagnostic.getPrevUpdateAt()); + assertEquals(URL_2, secondDiagnostic.getUrl()); + assertEquals(CostTypeDto.FREE, secondDiagnostic.getCostType()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java index ff8eebca40..cf4f6c5953 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java @@ -26,6 +26,7 @@ */ package org.niis.xroad.securityserver.restapi.openapi; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfo; import ee.ria.xroad.common.certificateprofile.DnFieldDescription; import ee.ria.xroad.common.certificateprofile.DnFieldValue; @@ -36,6 +37,7 @@ import org.niis.xroad.securityserver.restapi.openapi.model.AcmeOrderDto; import org.niis.xroad.securityserver.restapi.openapi.model.CertificateAuthorityDto; import org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageTypeDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.service.KeyNotFoundException; import org.niis.xroad.securityserver.restapi.util.TokenTestUtils; import org.niis.xroad.signer.api.dto.KeyInfo; @@ -159,6 +161,17 @@ public void getApprovedCertificateAuthoritiesAuthWithSignPermission() throws Exc } } + @Test + @WithMockUser(authorities = {"VIEW_APPROVED_CERTIFICATE_AUTHORITIES"}) + public void getOcspPrioritizationStrategy() { + when(certificateAuthorityService.getOcspPrioritizationStrategy()) + .thenReturn(ServicePrioritizationStrategy.ONLY_PAID); + + ResponseEntity response = caController.getOcspPrioritizationStrategy(); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertEquals(ServicePrioritizationStrategyDto.ONLY_PAID, response.getBody()); + } + @Test @WithMockUser(authorities = {"GENERATE_AUTH_CERT_REQ"}) public void getSubjectFieldDescriptionsAuthWithAuthPermission() throws Exception { diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java index 50bf6b5d08..d392cc41ae 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java @@ -37,6 +37,7 @@ import org.junit.Test; import org.niis.xroad.common.core.exception.ErrorCode; import org.niis.xroad.common.rpc.mapper.DiagnosticStatusMapper; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.opmonitor.api.OperationalDataInterval; import org.niis.xroad.opmonitor.api.OperationalDataIntervalProto; import org.niis.xroad.proxy.proto.dto.MessageLogArchiveEncryptionMember; @@ -44,12 +45,13 @@ import org.niis.xroad.restapi.exceptions.DeviationCodes; import org.niis.xroad.securityserver.restapi.openapi.model.AddOnStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.BackupEncryptionStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.ConnectionStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DiagnosticStatusClassDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfConnectionStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.MessageLogEncryptionStatusDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.OperationalDataIntervalDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; import org.niis.xroad.securityserver.restapi.service.diagnostic.DiagnosticReportService; @@ -329,20 +331,22 @@ public void getOcspResponderDiagnosticsSuccess() { var diagnosticsResponse = new CertificationServiceDiagnostics(); diagnosticsResponse.update(Map.of(CA_NAME_1, certServiceStatus)); when(signerRpcClient.getCertificationServiceDiagnostics()).thenReturn(diagnosticsResponse); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.PAID); - ResponseEntity> response = + ResponseEntity> response = diagnosticsApiController.getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); + CaOcspDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); assertEquals(1, diagnostics.getOcspResponders().size()); assertEquals(CA_NAME_1, diagnostics.getDistinguishedName()); assertEquals(DiagnosticStatusClassDto.OK, diagnostics.getOcspResponders().getFirst().getStatusClass()); assertEquals(PREVIOUS_UPDATE, diagnostics.getOcspResponders().getFirst().getPrevUpdateAt()); assertEquals(NEXT_UPDATE, diagnostics.getOcspResponders().getFirst().getNextUpdateAt()); assertEquals(OCSP_URL_1, diagnostics.getOcspResponders().getFirst().getUrl()); + assertEquals(CostTypeDto.PAID, diagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -353,20 +357,22 @@ public void getOcspResponderDiagnosticsWaiting() { var diagnosticsResponse = new CertificationServiceDiagnostics(); diagnosticsResponse.update(Map.of(CA_NAME_2, certServiceStatus)); when(signerRpcClient.getCertificationServiceDiagnostics()).thenReturn(diagnosticsResponse); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.FREE); - ResponseEntity> response = + ResponseEntity> response = diagnosticsApiController.getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); + CaOcspDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); assertEquals(1, diagnostics.getOcspResponders().size()); assertEquals(CA_NAME_2, diagnostics.getDistinguishedName()); assertEquals(DiagnosticStatusClassDto.WAITING, diagnostics.getOcspResponders().getFirst().getStatusClass()); assertNull(diagnostics.getOcspResponders().getFirst().getPrevUpdateAt()); assertEquals(NEXT_UPDATE, diagnostics.getOcspResponders().getFirst().getNextUpdateAt()); assertEquals(OCSP_URL_2, diagnostics.getOcspResponders().getFirst().getUrl()); + assertEquals(CostTypeDto.FREE, diagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -382,14 +388,15 @@ public void getOcspResponderDiagnosticsFailNextUpdateTomorrow() { var diagnosticsResponse = new CertificationServiceDiagnostics(); diagnosticsResponse.update(Map.of(CA_NAME_1, certServiceStatus)); when(signerRpcClient.getCertificationServiceDiagnostics()).thenReturn(diagnosticsResponse); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.PAID); - ResponseEntity> response = diagnosticsApiController + ResponseEntity> response = diagnosticsApiController .getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); + CaOcspDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); assertEquals(1, diagnostics.getOcspResponders().size()); assertEquals(CA_NAME_1, diagnostics.getDistinguishedName()); assertEquals(ErrorCode.OCSP_RESPONSE_PARSING_FAILURE.code(), diagnostics.getOcspResponders() @@ -398,6 +405,7 @@ public void getOcspResponderDiagnosticsFailNextUpdateTomorrow() { assertNull(diagnostics.getOcspResponders().getFirst().getPrevUpdateAt()); assertEquals(NEXT_UPDATE_MIDNIGHT, diagnostics.getOcspResponders().getFirst().getNextUpdateAt()); assertEquals(OCSP_URL_1, diagnostics.getOcspResponders().getFirst().getUrl()); + assertEquals(CostTypeDto.PAID, diagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -408,14 +416,15 @@ public void getOcspResponderDiagnosticsFailPreviousUpdateYesterday() { var diagnosticsResponse = new CertificationServiceDiagnostics(); diagnosticsResponse.update(Map.of(CA_NAME_2, certServiceStatus)); when(signerRpcClient.getCertificationServiceDiagnostics()).thenReturn(diagnosticsResponse); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.FREE); - ResponseEntity> response = diagnosticsApiController + ResponseEntity> response = diagnosticsApiController .getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet + CaOcspDiagnosticsDto diagnostics = diagnosticsSet .stream() .findFirst() .orElse(null); @@ -425,6 +434,7 @@ public void getOcspResponderDiagnosticsFailPreviousUpdateYesterday() { assertEquals(PREVIOUS_UPDATE_MIDNIGHT, diagnostics.getOcspResponders().getFirst().getPrevUpdateAt()); assertEquals(NEXT_UPDATE_MIDNIGHT, diagnostics.getOcspResponders().getFirst().getNextUpdateAt()); assertEquals(OCSP_URL_2, diagnostics.getOcspResponders().getFirst().getUrl()); + assertEquals(CostTypeDto.FREE, diagnostics.getOcspResponders().get(0).getCostType()); } @Test diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java index 042dcfe24d..1723dcf023 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java @@ -25,6 +25,7 @@ */ package org.niis.xroad.securityserver.restapi.openapi; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.util.CryptoUtils; import org.apache.commons.io.FileUtils; @@ -35,16 +36,19 @@ import org.niis.xroad.common.exception.ConflictException; import org.niis.xroad.common.exception.InternalServerErrorException; import org.niis.xroad.common.properties.NodeProperties; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.AnchorFile; import org.niis.xroad.securityserver.restapi.dto.MaintenanceMode; import org.niis.xroad.securityserver.restapi.dto.VersionInfo; import org.niis.xroad.securityserver.restapi.openapi.model.AnchorDto; import org.niis.xroad.securityserver.restapi.openapi.model.CertificateDetailsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DistinguishedNameDto; import org.niis.xroad.securityserver.restapi.openapi.model.MaintenanceModeMessageDto; import org.niis.xroad.securityserver.restapi.openapi.model.MaintenanceModeStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.NodeTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.NodeTypeResponseDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.openapi.model.VersionInfoDto; import org.niis.xroad.securityserver.restapi.service.AnchorFileNotFoundException; @@ -173,8 +177,8 @@ private void getSystemCertificate() throws IOException { @WithMockUser(authorities = {"VIEW_TSPS"}) public void getConfiguredTimestampingServices() { when(systemService.getConfiguredTimestampingServices()).thenReturn(new ArrayList<>( - Arrays.asList(TestUtils.createTspType(TSA_1_URL, TSA_1_NAME), - TestUtils.createTspType(TSA_2_URL, TSA_2_NAME)))); + Arrays.asList(TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.FREE.name()), + TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.PAID.name())))); ResponseEntity> response = systemApiController.getConfiguredTimestampingServices(); @@ -199,10 +203,21 @@ public void getConfiguredTimestampingServicesEmptyList() { assertEquals(0, timestampingServices.size()); } + @Test + @WithMockUser(authorities = {"VIEW_TSPS"}) + public void getTimestampingPrioritizationStrategy() { + when(systemService.getTimestampingPrioritizationStrategy()) + .thenReturn(ServicePrioritizationStrategy.FREE_FIRST); + + ResponseEntity response = systemApiController.getTimestampingPrioritizationStrategy(); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertEquals(ServicePrioritizationStrategyDto.FREE_FIRST, response.getBody()); + } + @Test @WithMockUser(authorities = {"ADD_TSP"}) public void addConfiguredTimestampingService() { - TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_2_URL, TSA_2_NAME); + TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_2_URL, TSA_2_NAME, CostTypeDto.UNDEFINED); ResponseEntity response = systemApiController .addConfiguredTimestampingService(timestampingService); @@ -210,13 +225,14 @@ public void addConfiguredTimestampingService() { assertEquals(HttpStatus.CREATED, response.getStatusCode()); assertEquals(TSA_2_NAME, response.getBody().getName()); assertEquals(TSA_2_URL, response.getBody().getUrl()); + assertEquals(CostTypeDto.UNDEFINED, response.getBody().getCostType()); } @Test @WithMockUser(authorities = {"ADD_TSP"}) public void addDuplicateConfiguredTimestampingService() throws SystemService.DuplicateConfiguredTimestampingServiceException, TimestampingServiceNotFoundException { - TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME); + TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.FREE); Mockito.doThrow(new SystemService.DuplicateConfiguredTimestampingServiceException("")).when(systemService) .addConfiguredTimestampingService(any()); @@ -236,7 +252,7 @@ public void addNonExistingConfiguredTimestampingService() throws SystemService.DuplicateConfiguredTimestampingServiceException, TimestampingServiceNotFoundException { TimestampingServiceDto timestampingService = TestUtils - .createTimestampingService("http://dummy.com", "Dummy"); + .createTimestampingService("http://dummy.com", "Dummy", CostTypeDto.UNDEFINED); Mockito.doThrow(new TimestampingServiceNotFoundException("")).when(systemService) .addConfiguredTimestampingService(any()); @@ -253,14 +269,14 @@ public void addNonExistingConfiguredTimestampingService() throws @WithMockUser(authorities = {"DELETE_TSP"}) public void deleteConfiguredTimestampingService() { ResponseEntity response = systemApiController - .deleteConfiguredTimestampingService(TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME)); + .deleteConfiguredTimestampingService(TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.UNDEFINED)); assertEquals(HttpStatus.NO_CONTENT, response.getStatusCode()); } @Test @WithMockUser(authorities = {"DELETE_TSP"}) public void deleteNonExistingConfiguredTimestampingService() throws TimestampingServiceNotFoundException { - TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME); + TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.UNDEFINED); Mockito.doThrow(new TimestampingServiceNotFoundException("")).when(systemService) .deleteConfiguredTimestampingService(any()); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java index 79356e5462..23975e292c 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java @@ -27,6 +27,7 @@ import org.junit.Before; import org.junit.Test; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.util.TestUtils; import org.niis.xroad.serverconf.model.TimestampingService; @@ -65,8 +66,8 @@ public class TimestampingServiceApiControllerTest extends AbstractApiControllerT @Before public void setup() { - TimestampingService tsa1 = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME); - TimestampingService tsa2 = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME); + TimestampingService tsa1 = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.FREE.name()); + TimestampingService tsa2 = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.PAID.name()); APPROVED_TIMESTAMPING_SERVICES.put(tsa1.getName(), tsa1); APPROVED_TIMESTAMPING_SERVICES.put(tsa2.getName(), tsa2); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java index 4be6ce946f..504561d170 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java @@ -34,6 +34,7 @@ import org.junit.Test; import org.mockito.MockedStatic; import org.niis.xroad.common.properties.NodeProperties; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; import org.niis.xroad.securityserver.restapi.config.AbstractFacadeMockingTestContext; @@ -322,54 +323,60 @@ public void testUpdateTimestampServiceUrls() { // test with single matching items List approvedTSATypes = - Collections.singletonList(TestUtils.createApprovedTsaType("http://example.com:8121", "Foo")); + Collections.singletonList(TestUtils.createApprovedTsaType("http://example.com:8121", "Foo", CostType.FREE)); List timestampingServices = - Collections.singletonList(TestUtils.createTspType("http://example.com:8121", "Foo")); + Collections.singletonList(TestUtils.createTspType("http://example.com:8121", "Foo", CostType.FREE.name())); globalConfChecker.updateTimestampServiceUrls(approvedTSATypes, timestampingServices); assertEquals(1, approvedTSATypes.size()); assertEquals(1, timestampingServices.size()); assertEquals(approvedTSATypes.getFirst().getName(), timestampingServices.getFirst().getName()); assertEquals(approvedTSATypes.getFirst().getUrl(), timestampingServices.getFirst().getUrl()); + assertEquals(approvedTSATypes.get(0).getCostType().name(), timestampingServices.get(0).getCostType()); // test the normal update case // the change in approvedTSAType1 URL should be reflected to tspType1 URL List approvedTSATypes1 = Arrays.asList( - TestUtils.createApprovedTsaType("http://example.com:9999", "Foo"), - TestUtils.createApprovedTsaType("http://example.net", "Bar") + TestUtils.createApprovedTsaType("http://example.com:9999", "Foo", CostType.FREE), + TestUtils.createApprovedTsaType("http://example.net", "Bar", CostType.PAID) ); List tspTypes1 = Arrays.asList( - TestUtils.createTspType("http://example.com:8121", "Foo"), - TestUtils.createTspType("http://example.net", "Bar") + TestUtils.createTspType("http://example.com:8121", "Foo", CostType.FREE.name()), + TestUtils.createTspType("http://example.net", "Bar", CostType.PAID.name()) ); globalConfChecker.updateTimestampServiceUrls(approvedTSATypes1, tspTypes1); assertEquals(2, approvedTSATypes1.size()); assertEquals(2, tspTypes1.size()); assertEquals(approvedTSATypes1.getFirst().getName(), tspTypes1.getFirst().getName()); assertEquals(approvedTSATypes1.getFirst().getUrl(), tspTypes1.getFirst().getUrl()); + assertEquals(approvedTSATypes1.get(0).getCostType().name(), tspTypes1.get(0).getCostType()); assertEquals(approvedTSATypes1.get(1).getName(), tspTypes1.get(1).getName()); assertEquals(approvedTSATypes1.get(1).getUrl(), tspTypes1.get(1).getUrl()); + assertEquals(approvedTSATypes1.get(1).getCostType().name(), tspTypes1.get(1).getCostType()); // test the conflicting update case // the change in approvedTSAType3 URL should not be reflected to tspType3 URL because of ambiguous names List approvedTSATypes2 = Arrays.asList( - TestUtils.createApprovedTsaType("http://example.com:9898", "Foo"), - TestUtils.createApprovedTsaType("http://example.net", "Foo"), - TestUtils.createApprovedTsaType("http://example.org:8080", "Zzz") + TestUtils.createApprovedTsaType("http://example.com:9898", "Foo", CostType.FREE), + TestUtils.createApprovedTsaType("http://example.net", "Foo", CostType.PAID), + TestUtils.createApprovedTsaType("http://example.org:8080", "Zzz", CostType.UNDEFINED) ); List tspTypes2 = Arrays.asList( - TestUtils.createTspType("http://example.com:8121", "Foo"), - TestUtils.createTspType("http://example.net", "Foo"), - TestUtils.createTspType("http://example.org:8080", "Zzz") + TestUtils.createTspType("http://example.com:8121", "Foo", CostType.FREE.name()), + TestUtils.createTspType("http://example.net", "Foo", CostType.PAID.name()), + TestUtils.createTspType("http://example.org:8080", "Zzz", CostType.UNDEFINED.name()) ); globalConfChecker.updateTimestampServiceUrls(approvedTSATypes2, tspTypes2); assertEquals(3, approvedTSATypes2.size()); assertEquals(3, tspTypes2.size()); assertEquals(approvedTSATypes2.getFirst().getName(), tspTypes2.getFirst().getName()); assertNotEquals(approvedTSATypes2.getFirst().getUrl(), tspTypes2.getFirst().getUrl()); + assertEquals(approvedTSATypes2.get(0).getCostType().name(), tspTypes2.get(0).getCostType()); assertEquals(approvedTSATypes2.get(1).getName(), tspTypes2.get(1).getName()); assertEquals(approvedTSATypes2.get(1).getUrl(), tspTypes2.get(1).getUrl()); + assertEquals(approvedTSATypes2.get(1).getCostType().name(), tspTypes2.get(1).getCostType()); assertEquals(approvedTSATypes2.get(2).getName(), tspTypes2.get(2).getName()); assertEquals(approvedTSATypes2.get(2).getUrl(), tspTypes2.get(2).getUrl()); + assertEquals(approvedTSATypes2.get(2).getCostType().name(), tspTypes2.get(2).getCostType()); } @Test diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java index 6c5d0bd1d7..db8108b3b3 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java @@ -36,6 +36,7 @@ import org.junit.Before; import org.junit.Test; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.ApprovedCaDto; import org.niis.xroad.securityserver.restapi.util.CertificateTestUtils; import org.niis.xroad.serverconf.impl.entity.ClientEntity; @@ -82,6 +83,7 @@ public class CertificateAuthorityServiceTest extends AbstractServiceTestContext "CN=X-Road Test CA CN, OU=X-Road Test CA OU, O=X-Road Test, C=FI"; public static final String MOCK_INTERMEDIATE_CA_SUBJECT_DN = "CN=int-cn, O=X-Road Test int"; + public static final String MOCK_OCSP_RESPONDER_ADDRESS = "http://ocsp-responder.example.com"; @Before public void setup() throws Exception { @@ -99,6 +101,8 @@ public void setup() throws Exception { approvedCAInfos.add(new ApprovedCAInfo("mock-intermediate-ca", false, "ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider", null, null, null, null)); when(globalConfProvider.getApprovedCAs(any())).thenReturn(approvedCAInfos); + when(globalConfProvider.getOcspResponderAddressesAndCostTypes(any(), any())).thenReturn(Map.of(MOCK_OCSP_RESPONDER_ADDRESS, + CostType.FREE)); List caCerts = new ArrayList<>(); caCerts.add(CertificateTestUtils.getMockCertificate()); @@ -262,6 +266,7 @@ public void getCertificateAuthorities() throws Exception { assertEquals(Collections.singletonList("CN=N/A"), ca.getSubjectDnPath()); assertTrue(ca.isTopCa()); assertEquals("good", ca.getOcspResponse()); + assertEquals(CostType.FREE, ca.getOcspUrlsAndCostTypes().get(MOCK_OCSP_RESPONDER_ADDRESS)); assertEquals(OffsetDateTime.parse("2038-01-01T00:00Z"), ca.getNotAfter()); assertTrue(ca.isAcmeCapable()); @@ -275,6 +280,7 @@ public void getCertificateAuthorities() throws Exception { assertEquals(Collections.singletonList(MOCK_AUTH_CERT_SUBJECT), ca2.getSubjectDnPath()); assertTrue(ca2.isTopCa()); assertEquals("not available", ca2.getOcspResponse()); + assertEquals(CostType.FREE, ca.getOcspUrlsAndCostTypes().get(MOCK_OCSP_RESPONDER_ADDRESS)); assertEquals(OffsetDateTime.parse("2039-11-23T09:20:27Z"), ca2.getNotAfter()); assertFalse(ca2.isAcmeCapable()); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java index d109ddf1d8..6843ee5d4a 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java @@ -31,6 +31,7 @@ import org.junit.Test; import org.niis.xroad.common.identifiers.jpa.entity.MemberIdEntity; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.util.TestUtils; import org.niis.xroad.serverconf.impl.entity.TimestampingServiceEntity; import org.springframework.beans.factory.annotation.Autowired; @@ -64,9 +65,9 @@ public void getSecurityServerOwnerId() { @Test public void getConfiguredTimestampingServices() { List configuredTimestampingServices = new ArrayList<>(); - configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa3.com", "TSA 3")); - configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa2.com", "TSA 2")); - configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa1.com", "TSA 1")); + configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa3.com", "TSA 3", CostType.UNDEFINED.name())); + configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa2.com", "TSA 2", CostType.FREE.name())); + configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa1.com", "TSA 1", CostType.PAID.name())); when(serverConfRepository.getServerConf()).thenReturn(serverConfEntity); when(serverConfEntity.getTimestampingServices()).thenReturn(configuredTimestampingServices); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java index 6173a315e8..63199bcc0f 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java @@ -42,7 +42,9 @@ import org.niis.xroad.common.exception.InternalServerErrorException; import org.niis.xroad.confclient.rpc.ConfClientRpcClient; import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.SharedParameters; +import org.niis.xroad.proxy.proto.ProxyRpcClient; import org.niis.xroad.restapi.config.audit.AuditDataHelper; import org.niis.xroad.restapi.config.audit.RestApiAuditProperty; import org.niis.xroad.securityserver.restapi.cache.CurrentSecurityServerId; @@ -94,6 +96,8 @@ public class SystemServiceTest { @Mock private ConfClientRpcClient confClientRpcClient; @Mock + private ProxyRpcClient proxyRpcClient; + @Mock private AuditDataHelper auditDataHelper; private final SecurityServerAddressChangeStatus addressChangeStatus = new SecurityServerAddressChangeStatus(); private final MaintenanceModeStatus maintenanceModeStatus = new MaintenanceModeStatus(); @@ -104,8 +108,8 @@ public class SystemServiceTest { @Before public void setup() throws Exception { - TimestampingServiceEntity tsa1 = TestUtils.createTspTypeEntity(TSA_1_URL, TSA_1_NAME); - TimestampingServiceEntity tsa2 = TestUtils.createTspTypeEntity(TSA_2_URL, TSA_2_NAME); + TimestampingServiceEntity tsa1 = TestUtils.createTspTypeEntity(TSA_1_URL, TSA_1_NAME, CostType.UNDEFINED.name()); + TimestampingServiceEntity tsa2 = TestUtils.createTspTypeEntity(TSA_2_URL, TSA_2_NAME, CostType.PAID.name()); when(globalConfService.getApprovedTspsForThisInstance()).thenReturn(TimestampingServiceMapper.get().toTargets(List.of(tsa1, tsa2))); ClientId.Conf ownerId = ClientId.Conf.create("CS", "GOV", "1111"); @@ -115,13 +119,13 @@ public void setup() throws Exception { systemService = new SystemService(globalConfService, serverConfService, currentSecurityServerId, managementRequestSenderService, auditDataHelper, - addressChangeStatus, confClientRpcClient, maintenanceModeStatus, globalConfProvider); + addressChangeStatus, confClientRpcClient, maintenanceModeStatus, globalConfProvider, proxyRpcClient); } @Test public void addConfiguredTimestampingService() throws SystemService.DuplicateConfiguredTimestampingServiceException, TimestampingServiceNotFoundException { - TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.FREE.name()); assertEquals(1, serverConfService.getConfiguredTimestampingServiceEntities().size()); @@ -130,19 +134,20 @@ public void addConfiguredTimestampingService() assertEquals(2, serverConfService.getConfiguredTimestampingServiceEntities().size()); assertEquals(TSA_2_NAME, serverConfService.getConfiguredTimestampingServiceEntities().get(1).getName()); assertEquals(TSA_2_URL, serverConfService.getConfiguredTimestampingServiceEntities().get(1).getUrl()); + assertEquals(CostType.FREE.name(), serverConfService.getConfiguredTimestampingServiceEntities().get(1).getCostType()); } @Test public void addConfiguredTimestampingServiceNonApproved() throws SystemService.DuplicateConfiguredTimestampingServiceException { - TimestampingService timestampingService = TestUtils.createTspType("http://test.com", "TSA 3"); + TimestampingService timestampingService = TestUtils.createTspType("http://test.com", "TSA 3", CostType.FREE.name()); assertThrows(TimestampingServiceNotFoundException.class, () -> systemService.addConfiguredTimestampingService(timestampingService)); } @Test public void addConfiguredTimestampingServiceDuplicate() throws TimestampingServiceNotFoundException { - TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.UNDEFINED.name()); assertThrows(SystemService.DuplicateConfiguredTimestampingServiceException.class, () -> systemService.addConfiguredTimestampingService(timestampingService)); @@ -150,7 +155,7 @@ public void addConfiguredTimestampingServiceDuplicate() throws TimestampingServi @Test public void deleteConfiguredTimestampingService() throws TimestampingServiceNotFoundException { - TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.PAID.name()); assertEquals(1, serverConfService.getConfiguredTimestampingServiceEntities().size()); @@ -161,7 +166,7 @@ public void deleteConfiguredTimestampingService() throws TimestampingServiceNotF @Test public void deleteConfiguredTimestampingServiceNonExisting() { - TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.FREE.name()); assertThrows(TimestampingServiceNotFoundException.class, () -> systemService.deleteConfiguredTimestampingService(timestampingService)); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java index c63fa867c4..dcdb182d70 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java @@ -366,8 +366,8 @@ private void mockGetCertForHash() { return switch (certHash) { case NOT_FOUND_CERT_HASH -> throw XrdRuntimeException.systemException(CERT_NOT_FOUND).build(); case EXISTING_CERT_HASH, EXISTING_CERT_IN_AUTH_KEY_HASH, EXISTING_CERT_IN_SIGN_KEY_HASH, - SIGNER_EX_CERT_WITH_ID_NOT_FOUND_HASH, SIGNER_EX_INTERNAL_ERROR_HASH, SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, - SIGNER_EX_TOKEN_READONLY_HASH, HASH_FOR_ACME_IMPORT -> + SIGNER_EX_CERT_WITH_ID_NOT_FOUND_HASH, SIGNER_EX_INTERNAL_ERROR_HASH, SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, + SIGNER_EX_TOKEN_READONLY_HASH, HASH_FOR_ACME_IMPORT -> // cert will have same id as hash new CertificateTestUtils.CertificateInfoBuilder().id(certHash).build(); case MISSING_CERTIFICATE_HASH -> createCertificateInfo(null, false, false, "status", "certID", @@ -427,7 +427,7 @@ private void mockGetTokenAndKeyIdForCertificateHash(KeyInfo authKey, KeyInfo goo new TokenInfoAndKeyId(tokenInfo, authKey.getId()); case EXISTING_CERT_IN_SIGN_KEY_HASH -> new TokenInfoAndKeyId(tokenInfo, signKey.getId()); case NOT_FOUND_CERT_HASH, EXISTING_CERT_HASH, SIGNER_EX_CERT_WITH_ID_NOT_FOUND_HASH, SIGNER_EX_INTERNAL_ERROR_HASH, - SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, SIGNER_EX_TOKEN_READONLY_HASH, CertificateTestUtils.MOCK_CERTIFICATE_HASH -> + SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, SIGNER_EX_TOKEN_READONLY_HASH, CertificateTestUtils.MOCK_CERTIFICATE_HASH -> new TokenInfoAndKeyId(tokenInfo, goodKey.getId()); default -> throw new CertificateNotFoundException("unknown cert: " + hash); }; diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java index 190b7d34c8..9e1f21e96e 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java @@ -34,10 +34,12 @@ import org.niis.xroad.common.core.exception.WarningDeviation; import org.niis.xroad.common.identifiers.jpa.entity.ClientIdEntity; import org.niis.xroad.common.identifiers.jpa.mapper.XRoadIdMapper; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; import org.niis.xroad.restapi.converter.ClientIdConverter; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.serverconf.impl.entity.TimestampingServiceEntity; import org.niis.xroad.serverconf.model.TimestampingService; @@ -307,17 +309,19 @@ public static void addApiKeyAuthorizationHeader(TestRestTemplate testRestTemplat * @param name * @return */ - public static TimestampingService createTspType(String url, String name) { + public static TimestampingService createTspType(String url, String name, String costType) { TimestampingService tsp = new TimestampingService(); tsp.setUrl(url); tsp.setName(name); + tsp.setCostType(costType); return tsp; } - public static TimestampingServiceEntity createTspTypeEntity(String url, String name) { + public static TimestampingServiceEntity createTspTypeEntity(String url, String name, String costType) { TimestampingServiceEntity tsp = new TimestampingServiceEntity(); tsp.setUrl(url); tsp.setName(name); + tsp.setCostType(costType); return tsp; } @@ -328,10 +332,11 @@ public static TimestampingServiceEntity createTspTypeEntity(String url, String n * @param name * @return */ - public static SharedParameters.ApprovedTSA createApprovedTsaType(String url, String name) { + public static SharedParameters.ApprovedTSA createApprovedTsaType(String url, String name, CostType costType) { SharedParameters.ApprovedTSA approvedTSA = new SharedParameters.ApprovedTSA(); approvedTSA.setUrl(url); approvedTSA.setName(name); + approvedTSA.setCostType(costType); return approvedTSA; } @@ -342,10 +347,11 @@ public static SharedParameters.ApprovedTSA createApprovedTsaType(String url, Str * @param name * @return */ - public static TimestampingServiceDto createTimestampingService(String url, String name) { + public static TimestampingServiceDto createTimestampingService(String url, String name, CostTypeDto costType) { TimestampingServiceDto timestampingService = new TimestampingServiceDto(); timestampingService.setUrl(url); timestampingService.setName(name); + timestampingService.costType(costType); return timestampingService; } diff --git a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml index fd301bc5c3..fdb056fc82 100644 --- a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml +++ b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml @@ -21,6 +21,7 @@ + diff --git a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/010-add-tps-cost.xml b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/010-add-tps-cost.xml new file mode 100644 index 0000000000..2f79245586 --- /dev/null +++ b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/010-add-tps-cost.xml @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/src/security-server/admin-service/ui/src/locales/en.json b/src/security-server/admin-service/ui/src/locales/en.json index 8889e39cde..a1ed0ffca6 100644 --- a/src/security-server/admin-service/ui/src/locales/en.json +++ b/src/security-server/admin-service/ui/src/locales/en.json @@ -197,6 +197,7 @@ "ok": "Everything ok", "test": "Test" }, + "costType": "Cost Type", "downloadReport": "Download Diagnostic Report", "encryption": { "backup": { @@ -921,7 +922,9 @@ "acmeIpAddresses": "ACME Server IP", "distinguishedName": "Distinguished Name", "expires": "Expires", - "ocspResponse": "OCSP Response" + "ocspCostType": "OCSP Cost Type", + "ocspResponse": "OCSP Response", + "ocspUrl": "OCSP URL" }, "notAvailable": "N/A", "ocspResponse": { @@ -959,6 +962,11 @@ }, "title": "Configuration Anchor" }, + "costType": { + "FREE": "Free", + "PAID": "Paid", + "UNDEFINED": "Undefined" + }, "securityServer": { "addressChangeInProgress": "CHANGE IN PROGRESS", "editDialog": { @@ -968,6 +976,24 @@ "serverAddress": "Server address", "updateSubmitted": "Security Server address change successfully submitted" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Timestamping prioritization strategy: ", + "ONLY_FREE": "use only free timestamping services", + "ONLY_PAID": "use only paid timestamping services", + "FREE_FIRST": "use free timestamping services first, if all of them fail or none are available then use paid ones", + "PAID_FIRST": "use paid timestamping services first, if all of them fail or none are available then use free ones", + "NONE": "use all timestamping services without prioritization" + }, + "ocsp": { + "label": "OCSP prioritization strategy: ", + "ONLY_FREE": "use only free OCSP services", + "ONLY_PAID": "use only paid OCSP services", + "FREE_FIRST": "use free OCSP services first, if all of them fail or none are available then use paid ones", + "PAID_FIRST": "use paid OCSP services first, if all of them fail or none are available then use free ones", + "NONE": "use all OCSP services without prioritization" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/es.json b/src/security-server/admin-service/ui/src/locales/es.json index cc362b60ef..4b9dd7c87a 100644 --- a/src/security-server/admin-service/ui/src/locales/es.json +++ b/src/security-server/admin-service/ui/src/locales/es.json @@ -179,6 +179,7 @@ "ok": "Ok", "test": "Prueba" }, + "costType": "Tipo de costo", "encryption": { "backup": { "configuredKeyId": "Clave de ID configurada", @@ -797,6 +798,7 @@ "acmeIpAddresses": "IP del servidor ACME", "distinguishedName": "Nombre distinguido", "expires": "Expira", + "ocspCostType": "Tipo de coste OCSP", "ocspResponse": "Respuesta OCSP" }, "notAvailable": "No disponible", @@ -835,6 +837,11 @@ }, "title": "Ancla de configuración" }, + "costType": { + "FREE": "Gratis", + "PAID": "De pago", + "UNDEFINED": "Indefinido" + }, "securityServer": { "addressChangeInProgress": "Cambio en proceso", "editDialog": { @@ -844,6 +851,24 @@ "serverAddress": "Dirección del servidor", "updateSubmitted": "Cambio de dirección del servidor de seguridad enviado correctamente" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Estrategia de priorización de sellado de tiempo: ", + "ONLY_FREE": "usar solo servicios de sellado de tiempo gratuitos", + "ONLY_PAID": "usar solo servicios de sellado de tiempo de pago", + "FREE_FIRST": "usar primero los servicios gratuitos de sellado de tiempo, si todos fallan o no hay disponibles, usar los de pago", + "PAID_FIRST": "usar primero los servicios de pago de sellado de tiempo, si todos fallan o no hay disponibles, usar los gratuitos", + "NONE": "usar todos los servicios de sellado de tiempo sin priorización" + }, + "ocsp": { + "label": "Estrategia de priorización OCSP: ", + "ONLY_FREE": "usar solo servicios OCSP gratuitos", + "ONLY_PAID": "usar solo servicios OCSP de pago", + "FREE_FIRST": "usar primero los servicios OCSP gratuitos, si todos fallan o no hay disponibles, usar los de pago", + "PAID_FIRST": "usar primero los servicios OCSP de pago, si todos fallan o no hay disponibles, usar los gratuitos", + "NONE": "usar todos los servicios OCSP sin priorización" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/et.json b/src/security-server/admin-service/ui/src/locales/et.json index 823101c6ab..604c95e9a2 100644 --- a/src/security-server/admin-service/ui/src/locales/et.json +++ b/src/security-server/admin-service/ui/src/locales/et.json @@ -191,6 +191,7 @@ "ok": "Kõik on korras", "test": "Test" }, + "costType": "Hinna tüüp", "downloadReport": "Salvesta Diagnostika Raport", "encryption": { "backup": { @@ -854,6 +855,7 @@ "acmeIpAddresses": "ACME serveri IP", "distinguishedName": "Eristusnimi", "expires": "Aegub", + "ocspCostType": "OCSP hinna tüüp", "ocspResponse": "OCSP vastus" }, "notAvailable": "Ei kohaldata", @@ -892,6 +894,11 @@ }, "title": "Konfiguratsiooniankur" }, + "costType": { + "FREE": "Tasuta", + "PAID": "Tasuline", + "UNDEFINED": "Määramata" + }, "securityServer": { "addressChangeInProgress": "MUUTUS ON POOLELI", "editDialog": { @@ -901,6 +908,24 @@ "serverAddress": "Serveri aadress", "updateSubmitted": "Turvaserveri aadressi muutus edukalt esitatud" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Ajatemplite eelistamise strateegia: ", + "ONLY_FREE": "kasuta ainult tasuta ajatempliteenuseid", + "ONLY_PAID": "kasuta ainult tasulisi ajatempliteenuseid", + "FREE_FIRST": "kasuta esmalt tasuta ajatempliteenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasulisi", + "PAID_FIRST": "kasuta esmalt tasulisi ajatempliteenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasuta", + "NONE": "kasuta kõiki ajatempliteenuseid ilma eelistuseta" + }, + "ocsp": { + "label": "OCSP eelistamise strateegia: ", + "ONLY_FREE": "kasuta ainult tasuta OCSP teenuseid", + "ONLY_PAID": "kasuta ainult tasulisi OCSP teenuseid", + "FREE_FIRST": "kasuta esmalt tasuta OCSP teenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasulisi", + "PAID_FIRST": "kasuta esmalt tasulisi OCSP teenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasuta", + "NONE": "kasuta kõiki OCSP teenuseid ilma eelistuseta" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/pt-BR.json b/src/security-server/admin-service/ui/src/locales/pt-BR.json index 6164e83808..775591763a 100644 --- a/src/security-server/admin-service/ui/src/locales/pt-BR.json +++ b/src/security-server/admin-service/ui/src/locales/pt-BR.json @@ -191,6 +191,7 @@ "ok": "Tudo certo", "test": "Teste" }, + "costType": "Tipo de custo", "downloadReport": "Baixar relatório de diagnóstico", "encryption": { "backup": { @@ -854,6 +855,7 @@ "acmeIpAddresses": "IP do Servidor ACME", "distinguishedName": "Titular do Certificado (DN)", "expires": "Expira em", + "ocspCostType": "Tipo de custo OCSP", "ocspResponse": "Resposta OCSP" }, "notAvailable": "N/D", @@ -892,6 +894,11 @@ }, "title": "Âncora de Configuração" }, + "costType": { + "FREE": "Grátis", + "PAID": "Pago", + "UNDEFINED": "Indefinido" + }, "securityServer": { "addressChangeInProgress": "MUDANÇA EM ANDAMENTO", "editDialog": { @@ -901,6 +908,24 @@ "serverAddress": "Endereço do servidor", "updateSubmitted": "Alteração de endereço do Servidor Seguro enviada com sucesso" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Estratégia de priorização de carimbo de tempo: ", + "ONLY_FREE": "usar apenas serviços de carimbo de tempo gratuitos", + "ONLY_PAID": "usar apenas serviços de carimbo de tempo pagos", + "FREE_FIRST": "usar primeiro os serviços gratuitos de carimbo de tempo, se todos falharem ou não estiverem disponíveis, usar os pagos", + "PAID_FIRST": "usar primeiro os serviços pagos de carimbo de tempo, se todos falharem ou não estiverem disponíveis, usar os gratuitos", + "NONE": "usar todos os serviços de carimbo de tempo sem priorização" + }, + "ocsp": { + "label": "Estratégia de priorização OCSP: ", + "ONLY_FREE": "usar apenas serviços OCSP gratuitos", + "ONLY_PAID": "usar apenas serviços OCSP pagos", + "FREE_FIRST": "usar primeiro os serviços OCSP gratuitos, se todos falharem ou não estiverem disponíveis, usar os pagos", + "PAID_FIRST": "usar primeiro os serviços OCSP pagos, se todos falharem ou não estiverem disponíveis, usar os gratuitos", + "NONE": "usar todos os serviços OCSP sem priorização" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/ru.json b/src/security-server/admin-service/ui/src/locales/ru.json index 760fd0ae2c..7540faaad4 100644 --- a/src/security-server/admin-service/ui/src/locales/ru.json +++ b/src/security-server/admin-service/ui/src/locales/ru.json @@ -174,6 +174,7 @@ "ok": "Все в порядке", "test": "Тест" }, + "costType": "Тип стоимости", "encryption": { "backup": { "configuredKeyId": "Настроенный идентификатор ключа", @@ -774,6 +775,7 @@ "acmeIpAddresses": "IP-адрес сервера ACME", "distinguishedName": "Отличительное имя", "expires": "Истекает", + "ocspCostType": "Тип стоимости OCSP", "ocspResponse": "Ответ OCSP" }, "notAvailable": "Не доступно", @@ -812,6 +814,11 @@ }, "title": "Якорь конфигурации" }, + "costType": { + "FREE": "Бесплатно", + "PAID": "Платно", + "UNDEFINED": "Не определено" + }, "securityServer": { "addressChangeInProgress": "ИЗМЕНЕНИЕ В ПРОЦЕССЕ", "editDialog": { @@ -821,6 +828,24 @@ "serverAddress": "Адрес сервера", "updateSubmitted": "Изменение адреса сервера безопасности успешно отправлено" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Стратегия приоритизации сервисов временных меток: ", + "ONLY_FREE": "использовать только бесплатные сервисы временных меток", + "ONLY_PAID": "использовать только платные сервисы временных меток", + "FREE_FIRST": "использовать сначала бесплатные сервисы временных меток, если все они недоступны или не работают, использовать платные", + "PAID_FIRST": "использовать сначала платные сервисы временных меток, если все они недоступны или не работают, использовать бесплатные", + "NONE": "использовать все сервисы временных меток без приоритизации" + }, + "ocsp": { + "label": "Стратегия приоритизации OCSP: ", + "ONLY_FREE": "использовать только бесплатные OCSP сервисы", + "ONLY_PAID": "использовать только платные OCSP сервисы", + "FREE_FIRST": "использовать сначала бесплатные OCSP сервисы, если все они недоступны или не работают, использовать платные", + "PAID_FIRST": "использовать сначала платные OCSP сервисы, если все они недоступны или не работают, использовать бесплатные", + "NONE": "использовать все OCSP сервисы без приоритизации" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/tk.json b/src/security-server/admin-service/ui/src/locales/tk.json index d592538073..a243ed4e59 100644 --- a/src/security-server/admin-service/ui/src/locales/tk.json +++ b/src/security-server/admin-service/ui/src/locales/tk.json @@ -174,6 +174,7 @@ "ok": "Her şey yolunda", "test": "Test" }, + "costType": "Gurluş görnüşi", "encryption": { "backup": { "configuredKeyId": "Açaryň sazlanan Id-si", @@ -774,6 +775,7 @@ "acmeIpAddresses": "ACME Serweriň IP-si", "distinguishedName": "Tapawutlanan at", "expires": "Möhleti gutarýar", + "ocspCostType": "OCSP çykdajy görnüşi", "ocspResponse": "OCSP jogap" }, "notAvailable": "Maglumat ýok", @@ -812,6 +814,11 @@ }, "title": "Konfigurasiýanyň labyry" }, + "costType": { + "FREE": "Mugt", + "PAID": "Tölegli", + "UNDEFINED": "Kesgitlenmedik" + }, "securityServer": { "addressChangeInProgress": "ÜÝTGETME DOWAM EDIP DUR", "editDialog": { @@ -821,6 +828,24 @@ "serverAddress": "Seweriň salgysy", "updateSubmitted": "Howpsuzlyk Serweriniň salgysynyň üýtgemegi üstünlikli iberildi" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Wagty bellige alyş hyzmatlarynyň ileri tutulma strategiýasy: ", + "ONLY_FREE": "diňe mugt wagty bellige alyş hyzmatlaryny ulanyň", + "ONLY_PAID": "diňe tölegli wagty bellige alyş hyzmatlaryny ulanyň", + "FREE_FIRST": "ilki mugt wagty bellige alyş hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, tölegli hyzmatlary ulanyň", + "PAID_FIRST": "ilki tölegli wagty bellige alyş hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, mugt hyzmatlary ulanyň", + "NONE": "prioritetleşdirilmezden ähli wagty bellige alyş hyzmatlaryny ulanyň" + }, + "ocsp": { + "label": "OCSP ileri tutulma strategiýasy: ", + "ONLY_FREE": "diňe mugt OCSP hyzmatlaryny ulanyň", + "ONLY_PAID": "diňe tölegli OCSP hyzmatlaryny ulanyň", + "FREE_FIRST": "ilki mugt OCSP hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, tölegli hyzmatlary ulanyň", + "PAID_FIRST": "ilki tölegli OCSP hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, mugt hyzmatlary ulanyň", + "NONE": "prioritetleşdirilmezden ähli OCSP hyzmatlaryny ulanyň" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue index bf9b365364..d1997d9532 100644 --- a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue +++ b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue @@ -42,7 +42,8 @@ {{ $t('diagnostics.serviceUrl') }} - {{ $t('diagnostics.message') }} + {{ $t('diagnostics.costType') }} + {{ $t('diagnostics.message') }} {{ $t('diagnostics.previousUpdate') }} @@ -59,7 +60,10 @@ {{ ocsp.url }} - + + {{ $t('systemParameters.costType.' + ocsp.cost_type) }} + + {{ statusMessage(ocsp) }} diff --git a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue index 85a0d2011c..2e96d5f737 100644 --- a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue +++ b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue @@ -39,6 +39,7 @@ {{ $t('diagnostics.status') }} {{ $t('diagnostics.serviceUrl') }} + {{ $t('diagnostics.costType') }} {{ $t('diagnostics.message') }} {{ $t('diagnostics.previousUpdate') }} @@ -54,6 +55,9 @@ {{ timestampingService.url }} + + {{ $t('systemParameters.costType.' + timestampingService.cost_type) }} + {{ getStatusMessage(timestampingService) }} diff --git a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/AddTimestampingServiceDialog.vue b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/AddTimestampingServiceDialog.vue index c3e9194cd5..ce5e8cda27 100644 --- a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/AddTimestampingServiceDialog.vue +++ b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/AddTimestampingServiceDialog.vue @@ -57,8 +57,13 @@ class="xrd" :label="$t('systemParameters.timestampingServices.action.add.dialog.info')" > -
+
+ {{ $t('systemParameters.costType.' + timestampingService.cost_type) }}
diff --git a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue index 476e65c859..ab8336e707 100644 --- a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue +++ b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue @@ -141,6 +141,12 @@ + + {{ $t('systemParameters.servicePrioritizationStrategy.timestamping.label') }} + {{ timestampingPrioritizationStrategy }} + {{ ' - ' }} + {{ $t(`systemParameters.servicePrioritizationStrategy.timestamping.${timestampingPrioritizationStrategy}`) }} + @@ -150,6 +156,9 @@ {{ $t('systemParameters.timestampingServices.table.header.serviceURL') }} + + {{ $t('systemParameters.timestampingServices.table.header.costType') }} +   @@ -177,6 +186,12 @@ class="settings-block" :class="{ 'ts-disabled': !messageLogEnabled }" > + + {{ $t('systemParameters.servicePrioritizationStrategy.ocsp.label') }} + {{ ocspPrioritizationStrategy }} + {{ ' - ' }} + {{ $t(`systemParameters.servicePrioritizationStrategy.ocsp.${ocspPrioritizationStrategy}`) }} + @@ -186,6 +201,12 @@ {{ $t('systemParameters.approvedCertificateAuthorities.table.header.acmeIpAddresses') }} + + {{ $t('systemParameters.approvedCertificateAuthorities.table.header.ocspUrl') }} + + + {{ $t('systemParameters.approvedCertificateAuthorities.table.header.ocspCostType') }} + {{ $t('systemParameters.approvedCertificateAuthorities.table.header.ocspResponse') }} @@ -195,7 +216,7 @@ - + +

+ {{ ocspResponder.url }} +

+
+ + +
+

+ {{ $t('systemParameters.costType.' + ocspResponder.cost_type) }} +

+
+ {{ $t('systemParameters.approvedCertificateAuthorities.table.ocspResponse.NOT_AVAILABLE') }} @@ -299,7 +334,9 @@ export default defineComponent({ configurationAnchor: undefined as Anchor | undefined, downloadingAnchor: false, configuredTimestampingServices: [] as TimestampingService[], + timestampingPrioritizationStrategy: undefined as ServicePrioritizationStrategy | undefined, certificateAuthorities: [] as CertificateAuthority[], + ocspPrioritizationStrategy: undefined as ServicePrioritizationStrategy | undefined, permissions: Permissions, loadingTimestampingservices: false, loadingAnchor: false, @@ -327,10 +364,12 @@ export default defineComponent({ if (this.hasPermission(Permissions.VIEW_TSPS)) { this.fetchMessageLogEnabled(); this.fetchConfiguredTimestampingServiced(); + this.fetchTimestampingPrioritizationStrategy(); } if (this.hasPermission(Permissions.VIEW_APPROVED_CERTIFICATE_AUTHORITIES)) { this.fetchApprovedCertificateAuthorities(); + this.fetchOcspPrioritizationStrategy(); } if (this.hasPermission(Permissions.CHANGE_SS_ADDRESS)) { this.fetchServerAddress(); @@ -361,6 +400,12 @@ export default defineComponent({ .catch((error) => this.addError(error)) .finally(() => (this.loadingTimestampingservices = false)); }, + async fetchTimestampingPrioritizationStrategy() { + return api + .get('/system/timestamping-services/prioritization-strategy') + .then((resp) => (this.timestampingPrioritizationStrategy = resp.data)) + .catch((error) => this.showError(error)); + }, async fetchApprovedCertificateAuthorities() { this.loadingCAs = true; return api @@ -369,6 +414,12 @@ export default defineComponent({ .catch((error) => this.addError(error)) .finally(() => (this.loadingCAs = false)); }, + async fetchOcspPrioritizationStrategy() { + return api + .get('/certificate-authorities/ocsp-prioritization-strategy') + .then((resp) => (this.ocspPrioritizationStrategy = resp.data)) + .catch((error) => this.showError(error)); + }, downloadAnchor(): void { this.downloadingAnchor = true; api @@ -412,4 +463,8 @@ export default defineComponent({ .settings-block:not(:last-child) { margin-bottom: 16px; } + +.vertical-align-top { + vertical-align: top; +} diff --git a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue index 24541db635..f3bc1e3327 100644 --- a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue +++ b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue @@ -32,6 +32,9 @@ {{ timestampingService.url }} + + {{ $t('systemParameters.costType.' + timestampingService.cost_type) }} + Administrator views the timestamping prioritization strategy. + responses: + '200': + description: Timestamping prioritization strategy + content: + application/json: + schema: + $ref: '#/components/schemas/ServicePrioritizationStrategy' + '400': + description: request was invalid + '401': + description: authentication credentials are missing + '403': + description: request has been refused + '500': + description: internal server error /system/node-type: get: tags: @@ -5226,6 +5248,28 @@ paths: description: an existing item already exists, outdated global conf or token not logged in '500': description: internal server error + /certificate-authorities/ocsp-prioritization-strategy: + get: + tags: + - certificate-authorities + summary: get OCSP responders prioritization strategy + operationId: getOcspPrioritizationStrategy + description:

Administrator views the OCSP prioritization strategy.

+ responses: + '200': + description: OCSP prioritization strategy + content: + application/json: + schema: + $ref: '#/components/schemas/ServicePrioritizationStrategy' + '400': + description: request was invalid + '401': + description: authentication credentials are missing + '403': + description: request has been refused + '500': + description: internal server error /mail/mail-notification-status: get: tags: @@ -6325,7 +6369,7 @@ components: $ref: '#/components/schemas/CertificateStatus' possible_actions: $ref: '#/components/schemas/PossibleActions' - OcspResponderDiagnostics: + CaOcspDiagnostics: type: object description: Ocsp responder diagnostics required: @@ -6344,7 +6388,7 @@ components: type: array readOnly: true items: - $ref: '#/components/schemas/OcspResponder' + $ref: '#/components/schemas/OcspResponderDiagnostics' CertificateDetails: type: object description: certificate details for any kind of certificate (TLS, auth, sign) @@ -6560,6 +6604,11 @@ components: items: type: string format: text + ocsp_responders: + type: array + description: list of ocsp responders for this CA + items: + $ref: '#/components/schemas/OcspResponder' CertificateStatus: type: string format: enum @@ -7371,6 +7420,23 @@ components: auth_provider_type: $ref: '#/components/schemas/AuthProviderType' OcspResponder: + type: object + description: OCSP responder + required: + - url + - cost_type + properties: + url: + type: string + format: url + description: url of the OCSP responder + example: http://dev.xroad.rocks:123 + minLength: 1 + maxLength: 255 + readOnly: true + cost_type: + $ref: '#/components/schemas/CostType' + OcspResponderDiagnostics: type: object description: OCSP responder diagnostics required: @@ -7386,6 +7452,8 @@ components: minLength: 1 maxLength: 255 readOnly: true + cost_type: + $ref: '#/components/schemas/CostType' status_class: $ref: '#/components/schemas/DiagnosticStatusClass' prev_update_at: @@ -7888,6 +7956,17 @@ components: default: false type: $ref: '#/components/schemas/ServiceType' + ServicePrioritizationStrategy: + type: string + format: enum + description: service prioritization strategy + example: FREE_FIRST + enum: + - ONLY_FREE + - ONLY_PAID + - FREE_FIRST + - PAID_FIRST + - NONE ServiceType: type: string format: text @@ -7913,6 +7992,7 @@ components: required: - name - url + - cost_type properties: name: type: string @@ -7928,6 +8008,8 @@ components: example: http://dev.xroad.rocks:123 minLength: 1 maxLength: 255 + cost_type: + $ref: '#/components/schemas/CostType' TimestampingServiceDiagnostics: type: object description: timestamping service diagnostics @@ -7944,6 +8026,8 @@ components: minLength: 1 maxLength: 255 readOnly: true + cost_type: + $ref: '#/components/schemas/CostType' status_class: $ref: '#/components/schemas/DiagnosticStatusClass' prev_update_at: @@ -7956,6 +8040,15 @@ components: readOnly: true error: $ref: '#/components/schemas/CodeWithDetails' + CostType: + description: cost type for services like TSP-s and OCSP responders + enum: + - FREE + - PAID + - UNDEFINED + example: FREE + format: enum + type: string Token: type: object description: Token. Also includes the possible actions that can be done to this object, diff --git a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/container/service/TestTokenService.java b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/container/service/TestTokenService.java index c09d0e1f2f..723f379e05 100644 --- a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/container/service/TestTokenService.java +++ b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/container/service/TestTokenService.java @@ -120,24 +120,24 @@ INSERT INTO signer_certificates (external_id, key_id, data, status, active, memb private String getPublicKey(String keyId) { // These values should be moved to a configuration file var publicKeys = Map.of( - "E67CCA8E9B3DA52DB740CDCDC0926F356F431063", + "DF9242D3CBDE6DAC8058D2878340C3B527041FD0", """ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jWpRCjP+NCTTHdpab5DjCzt4Yi5KQi48vz6yjLAR4A5WhoN4PDi9sienylWQrXAT\ - T5ajjTlHaDEPcW8q0elUfD8f1wWqv/uGswfd4PHbydMNntRqyu1CobGFQrAwxr6a4Ikhv785q5aLxI/F3Ub161diubYC7/EEeTJJEmVpiv21M\ - 60z27PcGI14g0hbUKQEGyukWQCvpcXDxZCSLJORhwMVScQ/JF81uDOHCYp9lw5X1nbddCryPRrGzYr45tOU+3mUwU/Og4UTQSOua1z19brS7Y\ - pgvGBhMOp5F9sJYYgQGZXXWy5HGeiJu5oVeWPhxUFQaxTVguhkEZY5OVCzQIDAQAB""", - "056A952E76B40A46C07628C7B13E5934E39A9C78", + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp1Ls34vBfJkD2bHtmnvb1HxhMBoBPP8rvwtcjGfVCTA7i+DlF3gTLV49k81FMi5gRHQNWLde1\ + NmLTKTzFSoPUerCT7ohvTCTAm4h5W/328xoMo6m2h/nGyuIoAIIUJi/CKf+Ih+zZCklsZqWaOd1f1QIPJOtjQkoMl+2olj2tw1o4/Biim8B03aVTYXfkGh\ + DRC2D6nZJm4Gi9EBZ+USMEAO6CCFobGLLThomWkHDUxjliSGsT4EJA3iR4h9gSuOfMpqHZv5/lY4X4axsR90c8oFEYMfuk9oZSL/dE0oqYpODW1mW7hEm/\ + 8afUfTR/8ZtGsvYZFT70VcGcYNNdfoxwIDAQAB""", + "1342B84B4829BB79226AB268B4D8E70B01068613", """ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR0Yz6qnGBLjGYjZR9D1gShOg0oC0OdBpoxYDBZ40N+/DY3JNUzzcLNeH7X3/E+QQQlKJl3cu\ - LuKxkHkkjymOTNdtTTAv4w35Ginbb4theZ/1ma3QGaPSdESKfw26/RZsHf4qIZMSmNM6+6DUf57AhyODemXyNolPPuHTp8Tq/LwcPFE+TwRR/BiCorj0y\ - afykSkg7hfHr+EAuilxk+kNFqThb08buYsHYeVfF8JoQAM5NL56wTxFMp6eSOO7EsirGMj+y0+TEMZ8a4ofiVEnPN69qJzIJnx9akUFxV2b5+YpWi1GuN\ - w3PqBxTx/8aNFeU9hoUpQ7W5h1soWWyrxqQIDAQAB""", - "A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D", + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSTwszL4sROAQbi6WSuPoQ3+K/dPQoPTdLK/dZvCMkiWW5UmwZRx0PHCjNwUX+FtCYZZ6GF0V\ + /9yrCwMvud+WAuKct/5n9bJLq+FXijupEvhXeyC0I/r6NaOUWK2jyXdMMdQOoBXojQTkNHECj/v7C3NZgHG0QDaXcLvLEJeL8tpec+9qctF0wyKiMvnN9\ + hXiPYG3s9cOEouOn3QL+VYI02Hz/y3zxwDHFiGJ4FAHv2nxnYnhZgeCn5FVeH6aa1IUuS9YEAaqmYSCG6hOsaV5PiPiy51ZmsI8j8KpYTti79ejjN9TuG\ + iEfk1gTPod2iv43sQiszZpcm89kwF3ZHCIwIDAQAB""", + "FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0", """ - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNqJJoIa1hcPGnY2768V8b/xLcgjdQQ9Dk7KQmAtKj/7EwqfFGbVyaltXZwCWE82yVtHlPTo\ - z1Mr73qXz+twZ/+j6SxWNBmJLlHpP0E7RV9OI6e7YuJWh4GgaCe5VT7Rywwrfp3vrtSM4C1Lg2dml32W1gX58Xd3fMHVGqh7GgtKQOVWpB4+8aq1NJEJ\ - p1F5+dSn+5039oV7iWyOSyJvWam4kXq/fgl93IiH0yfEuv/a+qUJEO5lG5v5tCHXPSmCMd83sfTqRL7O69AozagH5gEkCVg9m570SuL+OmSxh8PuZ3Fy\ - FW3Y2ibPruw9CnYMIJJPjcsEIpVXI3bftsx3LQIDAQAB""" + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvzMECjq7ImY9NHu6pGJsAQ1JliHd7KSASVf40WTBEbeIOlPTLKHQeZwxzTWZ2kzuUlmKmPY9\ + S9jVhyJUrimB0vvqp1vu3UfTX9grJ4JyDXojn/gJfKeNmUTILWm+BU+VVv26UhOSMQKxZnX7ow+4NTy1tQWLRscTKjiMf3JtcI2HM7DpedBTHqGziCQzX\ + 9jQSSpfag95LEnUv2UwKwtSK2q/CS/TYSWbUCjLv/LAlV26qh9fSWAzgM9UqxxIUWsV1OPUoSUpDBC/SsuP365Bz8n9qRdt17mDE3bVjWiKOSAeiHMmcM\ + EDrRLG0ajasfHZnQeYMQqrBc+rsZLk3cn4QIDAQAB""" ); return publicKeys.get(keyId); } diff --git a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java index beb32325b0..0f3bd75706 100644 --- a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java +++ b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java @@ -33,6 +33,7 @@ import static com.codeborne.selenide.Condition.disabled; import static com.codeborne.selenide.Condition.enabled; +import static com.codeborne.selenide.Condition.text; import static com.codeborne.selenide.Condition.visible; import static org.niis.xroad.common.test.ui.utils.VuetifyHelper.vSwitch; import static org.niis.xroad.common.test.ui.utils.VuetifyHelper.vTextField; @@ -72,10 +73,16 @@ public void validateTimestampingTable(int size) { systemParametersPageObj.tableTimestampingServicesRows().shouldBe(CollectionCondition.size(size)); } - @Step("Timestamping services table row {} has service {string} and url {string}") - public void validateTimestampingRow(int row, String service, String url) { + @Step("Timestamping services table row {} has service {string} and url {string} and cost type {string}") + public void validateTimestampingRow(int row, String service, String url, String costType) { systemParametersPageObj.tableTimestampingServiceNameByRow(row, service).shouldBe(visible); systemParametersPageObj.tableTimestampingServiceUrlByRow(row, url).shouldBe(visible); + systemParametersPageObj.tableTimestampingServiceCostTypeByRow(row, costType).shouldBe(visible); + } + + @Step("Timestamping prioritization strategy is {string}") + public void timestampingPrioritizationStrategy(String strategy) { + systemParametersPageObj.timestampingPrioritizationStrategy().should(text(strategy)); } @Step("Timestamping service on row {} is deleted") @@ -84,6 +91,18 @@ public void deleteTimestampingRow(int index) { commonPageObj.dialog.btnSave().click(); } + @Step("Approved CAs table row {} has distinguished name {string} and ocsp url {string} and ocsp cost type {string}") + public void validateApprovedCaRow(int row, String distinguishedName, String ocspUrl, String ocspCostType) { + systemParametersPageObj.tableApprovedCasNameByRow(row, distinguishedName).shouldBe(visible); + systemParametersPageObj.tableApprovedCasOcspUrlByRow(row, ocspUrl).shouldBe(visible); + systemParametersPageObj.tableApprovedCasOcspCostTypeByRow(row, ocspCostType).shouldBe(visible); + } + + @Step("Ocsp prioritization strategy is {string}") + public void ocspPrioritizationStrategy(String strategy) { + systemParametersPageObj.ocspPrioritizationStrategy().should(text(strategy)); + } + @Step("Security Server address is displayed") public void securityServerAddressIsDisplayed() { systemParametersPageObj.tableServerAddress().shouldBe(visible); diff --git a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java index 48edb17d55..cf49627a0f 100644 --- a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java +++ b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java @@ -67,15 +67,43 @@ public SelenideElement tableTimestampingServiceUrlByRow(int index, String url) { return tableTimestampingServicesRows().get(index).$x(format("./td[2][text() = '%s']", url)); } + public SelenideElement tableTimestampingServiceCostTypeByRow(int index, String costType) { + return tableTimestampingServicesRows().get(index).$x(format("./td[3][text() = '%s']", costType)); + } + public SelenideElement btnDeleteTimestampingServicesByRow(int index) { return $$x("//tr[@data-test='system-parameters-timestamping-service-row']") .get(index).$x(".//button[@data-test='system-parameters-timestamping-service-delete-button']"); } + public SelenideElement timestampingPrioritizationStrategy() { + return $x("//strong[@data-test='timestamping-prioritization-strategy']"); + } + public SelenideElement toggleMaintenanceMode() { return $x("//div[@data-test='maintenance-mode-switch']"); } + public ElementsCollection tableApprovedCasRows() { + return $$x("//tr[@data-test='system-parameters-approved-ca-row']"); + } + + public SelenideElement tableApprovedCasNameByRow(int index, String name) { + return tableApprovedCasRows().get(index).$x(format("./td[1][text() = '%s']", name)); + } + + public SelenideElement tableApprovedCasOcspUrlByRow(int index, String url) { + return tableApprovedCasRows().get(index).$x(format("./td[3]//*[text() = '%s']", url)); + } + + public SelenideElement tableApprovedCasOcspCostTypeByRow(int index, String costType) { + return tableApprovedCasRows().get(index).$x(format("./td[4]//*[text() = '%s']", costType)); + } + + public SelenideElement ocspPrioritizationStrategy() { + return $x("//strong[@data-test='ocsp-prioritization-strategy']"); + } + public static class DialogEditServerAddress { public SelenideElement addressField() { return $x("//div[@data-test='security-server-address-edit-field']"); diff --git a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature index bc1aa5a025..71771356c5 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature @@ -27,13 +27,18 @@ Feature: 0400 - SS: System Parameters Then Timestamping services table has 0 entries Scenario: Timestamping service is selected - And Timestamping services table has 0 entries + Given Timestamping services table has 0 entries When Add Timestamping services dialog is opened And Add Timestamping services dialog is closed And Add Timestamping services dialog is opened And First timestamping option is selected Then Timestamping services table has 1 entries - And Timestamping services table row 0 has service "Test TSA" and url "http://testca:8899" + And Timestamping services table row 0 has service "Test TSA" and url "http://testca:8899" and cost type "Free" + And Timestamping prioritization strategy is "PAID_FIRST" + + Scenario: Approved CA component has correct values + Then Approved CAs table row 0 has distinguished name "CN=Test CA, O=Test" and ocsp url "http://testca:8888" and ocsp cost type "Free" + And Ocsp prioritization strategy is "ONLY_FREE" Scenario: Administrator cannot turn on maintenance mode for management services provider Then maintenance mode toggle is off diff --git a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature index ae512bb63e..f4e8b6053a 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature @@ -16,7 +16,7 @@ Feature: 0520 - SS: Client Details Then Certificate fields as follows: | Version | 3 | | Signature Algorithm | SHA256withRSA | - | Issuer Distinguished Name | CN=Test CA, O=X-Road Test CA | + | Issuer Distinguished Name | CN=Test CA, O=Test | | Subject Distinguished Name | SERIALNUMBER=DEV/SS0/COM, CN=1234, O=ui-test, C=FI | And Certificate is closed diff --git a/src/security-server/system-test/src/intTest/resources/behavior/02-addons/2300-ss-proxy-healthcheck.feature b/src/security-server/system-test/src/intTest/resources/behavior/02-addons/2300-ss-proxy-healthcheck.feature index 8410d56f50..bfb20367b9 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/02-addons/2300-ss-proxy-healthcheck.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/02-addons/2300-ss-proxy-healthcheck.feature @@ -16,12 +16,12 @@ Feature: 2300 - SS Proxy: healthcheck And healthcheck has errors and error message is "No certificate chain available in authentication key." When HSM tokens are deleted And All Signer keys are deleted - And authentication key "E67CCA8E9B3DA52DB740CDCDC0926F356F431063" named "Auth key" is added to softtoken - And authentication certificate "D7D15F0ED1A1320EBA0190C838506B60EC07C994" is added for key "E67CCA8E9B3DA52DB740CDCDC0926F356F431063" - And signing key "056A952E76B40A46C07628C7B13E5934E39A9C78" named "Sign key" is added to softtoken - And signing certificate "E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE" is added for member "DEV:COM:1234" under key "056A952E76B40A46C07628C7B13E5934E39A9C78" - And signing key "A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D" named "TestClient SIGN" is added to softtoken - And signing certificate "84E4773AFCC4051226ACAEF9AC256AAE4059EE93" is added for member "DEV:COM:4321" under key "A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D" + And authentication key "DF9242D3CBDE6DAC8058D2878340C3B527041FD0" named "Auth key" is added to softtoken + And authentication certificate "5BC622B62052EE89F2020C2FA91872CB49EB1502" is added for key "DF9242D3CBDE6DAC8058D2878340C3B527041FD0" + And signing key "1342B84B4829BB79226AB268B4D8E70B01068613" named "Sign key" is added to softtoken + And signing certificate "15A0AFEE2602D2846621118997E268F5FA843C94" is added for member "DEV:COM:1234" under key "1342B84B4829BB79226AB268B4D8E70B01068613" + And signing key "FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0" named "TestClient SIGN" is added to softtoken + And signing certificate "2383ECC7DCE9C81826F99FC79FE96393A342FE42" is added for member "DEV:COM:4321" under key "FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0" And signer service is restarted And User logs in token: softToken-0 with PIN: Secret1234 Then Token: softToken-0 is logged-in diff --git a/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature b/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature index 54edc8a6a7..c6967c9503 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature @@ -3,6 +3,6 @@ Feature: 3000 - SS: Global Conf Scenario: Global conf sign keys rotation - Given Security Server's global conf expiration date is equal to 2035-03-01T14:39:11Z + Given Security Server's global conf expiration date is equal to 2035-11-11T03:07:40Z When Central Server's global conf is updated by a new active signing key - Then Security Server's global conf expiration date is equal to 2035-03-01T14:38:31Z + Then Security Server's global conf expiration date is equal to 2035-11-11T03:08:40Z diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.yaml b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.yaml index f085b78d57..e98b740486 100644 --- a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.yaml +++ b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.yaml @@ -17,6 +17,7 @@ xroad: ssl-enabled: false # Can be removed once UI system tests configure a functional AUTH certificate health-check-port: 5558 message-log: + timestamping-prioritization-strategy: PAID_FIRST database-encryption: enabled: true key-id: default @@ -31,6 +32,8 @@ xroad: host: op-monitor scheme: https socket-timeout-seconds: 1 + ocsp-responder: + ocsp-prioritization-strategy: ONLY_FREE proxy-ui-api: enforce-user-password-policy: true rate-limit-enabled: true diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/keyconf.xml b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/keyconf.xml new file mode 100644 index 0000000000..c33b3b1cea --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/keyconf.xml @@ -0,0 +1,55 @@ + + + + softToken + softToken-0 + 0 + 0 + + Auth key + + DF9242D3CBDE6DAC8058D2878340C3B527041FD0 + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp1Ls34vBfJkD2bHtmnvb1HxhMBoBPP8rvwtcjGfVCTA7i+DlF3gTLV49k81FMi5gRHQNWLde1NmLTKTzFSoPUerCT7ohvTCTAm4h5W/328xoMo6m2h/nGyuIoAIIUJi/CKf+Ih+zZCklsZqWaOd1f1QIPJOtjQkoMl+2olj2tw1o4/Biim8B03aVTYXfkGhDRC2D6nZJm4Gi9EBZ+USMEAO6CCFobGLLThomWkHDUxjliSGsT4EJA3iR4h9gSuOfMpqHZv5/lY4X4axsR90c8oFEYMfuk9oZSL/dE0oqYpODW1mW7hEm/8afUfTR/8ZtGsvYZFT70VcGcYNNdfoxwIDAQAB + + MIIEXzCCAkegAwIBAgIBAzANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwMVoXDTQ1MTAzMTIyMTEwMVowRzELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQwwCgYDVQQDDANzczAxFDASBgNVBAUTC0RFVi9TUzAvQ09NMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp1Ls34vBfJkD2bHtmnvb1HxhMBoBPP8rvwtcjGfVCTA7i+DlF3gTLV49k81FMi5gRHQNWLde1NmLTKTzFSoPUerCT7ohvTCTAm4h5W/328xoMo6m2h/nGyuIoAIIUJi/CKf+Ih+zZCklsZqWaOd1f1QIPJOtjQkoMl+2olj2tw1o4/Biim8B03aVTYXfkGhDRC2D6nZJm4Gi9EBZ+USMEAO6CCFobGLLThomWkHDUxjliSGsT4EJA3iR4h9gSuOfMpqHZv5/lY4X4axsR90c8oFEYMfuk9oZSL/dE0oqYpODW1mW7hEm/8afUfTR/8ZtGsvYZFT70VcGcYNNdfoxwIDAQABo3wwejAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFF757d7rOx/BzngYLRV8hOUpJDR3MB8GA1UdIwQYMBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQCympOjqsvo6cJPSLN2FJ83VFVTtbp9JIY8WQ5ltHMi7nncSJZ0pKfx5rjA+TNb4lWvjUko6ijRDyr8DwNU3ik69DffIlz7SmbhTxnP5hbgVma/xYgPRSYw0LIln1EksRvhTSSHdZfxrKvdXeK0XTO6zmmgTPpYzpuN1kdsRFsua7H5IuDMMzPeH7vw++HsGAHpd0/Vp9cdknqpFZZOZckK65HAGD2xltfd5HIZ9nGz1M9QDir/+oiwkwDOF53OVC2lxpnKA4m6mKmuJ4TISy2l04chJuNfRWqrqssnQDOhZkzIfDi/7NTdE25wA0KiXPl6cVQ/IZxJ6a6uCEOC+cISxRfWvyuA4UDnnWDCKRdbDLv6f3O2/wDUIvWGjNU3j8xshA0axxb8VxXuLTLqBo8o0DMq4EBdAaumgzHuAO+Cj8dJs3yVkeK37MwvBUkmar7+gQmUL7U+mA9KUxMxalm8VAHZy2n7rlLU5kQCACyhEYWAtuUGZKHzLsqB3MOXKpIkbL5fqVNnHGeI0WxoorS3y/SQf5OaRybZLFmkDESCOqL8zqd3XO4jUB7NMX5MMX1883KfkeiuWBRTZQD4JTq9I7YsWGyI1YpIOxA2Mjz8wu+EmFIvvZ7ersui3MsnTwoYqxymEPx0QiYVD3BHQXkPkI2T2rVe4ptaiH2t3MhYDw== + registered + 2045-10-17T22:11:01.000Z + + CKM_RSA_PKCS + + + Sign key + + 1342B84B4829BB79226AB268B4D8E70B01068613 + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSTwszL4sROAQbi6WSuPoQ3+K/dPQoPTdLK/dZvCMkiWW5UmwZRx0PHCjNwUX+FtCYZZ6GF0V/9yrCwMvud+WAuKct/5n9bJLq+FXijupEvhXeyC0I/r6NaOUWK2jyXdMMdQOoBXojQTkNHECj/v7C3NZgHG0QDaXcLvLEJeL8tpec+9qctF0wyKiMvnN9hXiPYG3s9cOEouOn3QL+VYI02Hz/y3zxwDHFiGJ4FAHv2nxnYnhZgeCn5FVeH6aa1IUuS9YEAaqmYSCG6hOsaV5PiPiy51ZmsI8j8KpYTti79ejjN9TuGiEfk1gTPod2iv43sQiszZpcm89kwF3ZHCIwIDAQAB + + + DEV + COM + 1234 + + MIIEQTCCAimgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwNFoXDTQ1MTAzMTIyMTEwNFowSDELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQ0wCwYDVQQDDAQxMjM0MRQwEgYDVQQFEwtERVYvU1MwL0NPTTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0k8LMy+LETgEG4ulkrj6EN/iv3T0KD03Syv3WbwjJIlluVJsGUcdDxwozcFF/hbQmGWehhdFf/cqwsDL7nflgLinLf+Z/WyS6vhV4o7qRL4V3sgtCP6+jWjlFito8l3TDHUDqAV6I0E5DRxAo/7+wtzWYBxtEA2l3C7yxCXi/LaXnPvanLRdMMiojL5zfYV4j2Bt7PXDhKLjp90C/lWCNNh8/8t88cAxxYhieBQB79p8Z2J4WYHgp+RVXh+mmtSFLkvWBAGqpmEghuoTrGleT4j4sudWZrCPI/CqWE7Yu/Xo4zfU7hohH5NYEz6Hdor+N7EIrM2aXJvPZMBd2RwiMCAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFJiL+gB6lCj5ggX7nXaSjdH0zYcdMB8GA1UdIwQYMBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQA12nl19PaM3RM+kyoqu4MUSln1PK8YaSkz66/XQlG7gbs4hv37IbKIe5JtfpRYZDcWsYLG2qC+1nngfrMJX+otrE3OrRu7hnFASuPQ24Yut8WicyM+V826c+tDISTL3+lvoQrXI/Eedmxsge1oGf591luc+GR3HaJMg7sC3sZryFY/0xq9zlzjCzTD5LwzPrBGQI3a/z93nb4oAPSZgQZtXjYt1d/gYNmoQiQBX+KOpeH1LywvhHoOy+wG/ArqGhsKoAzNjCOdp2nBSlYK7ye5yn9iE1ILyKHybNckMC52swjb6FDDwohwlRBCI40NNukKpLEXUvMwDZRg6YhMNICLuD+9EnhmY0DmYuB18dEFOsihPPWkaQe0oBpeC6/i8vxyz4sp9GXzHXj+Xw0GZ/FJNCQJSKbL9pvi7aTpK7YXog5V4NnGAcwRxlMGeZoGf7twsLaFlPfuiG0ESAZ8Oj/hwVYA7FA1Na7aHNxnfLSnZVMFeOxnocqr9UEp3ge2Nrs47L69hHFqLE3xgjkQMKUuSkbW4IwFUJNe56/f6DA0fA5nzShFLdbc1iNQWVv7GgYvKOxsdyG9MYqzuBpXAQM4gcFptL0+MoghLH3ZXkWca79a56Tn6coZ4i7nlNFvm1l92E2+SUYBlv36n6Q7rpCp4kN6OZWX7IYbfMirP0/afQ== + registered + 2045-10-17T22:11:04.000Z + + CKM_RSA_PKCS + + + + + FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0 + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvzMECjq7ImY9NHu6pGJsAQ1JliHd7KSASVf40WTBEbeIOlPTLKHQeZwxzTWZ2kzuUlmKmPY9S9jVhyJUrimB0vvqp1vu3UfTX9grJ4JyDXojn/gJfKeNmUTILWm+BU+VVv26UhOSMQKxZnX7ow+4NTy1tQWLRscTKjiMf3JtcI2HM7DpedBTHqGziCQzX9jQSSpfag95LEnUv2UwKwtSK2q/CS/TYSWbUCjLv/LAlV26qh9fSWAzgM9UqxxIUWsV1OPUoSUpDBC/SsuP365Bz8n9qRdt17mDE3bVjWiKOSAeiHMmcMEDrRLG0ajasfHZnQeYMQqrBc+rsZLk3cn4QIDAQAB + + + DEV + COM + 4321 + + MIIEQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNjE4MjUxMFoXDTQ1MTEwMTE4MjUxMFowSTELMAkGA1UEBhMCRkkxFTATBgNVBAoMDE9yZ2FuaXphdGlvbjENMAsGA1UEAwwENDMyMTEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC/MwQKOrsiZj00e7qkYmwBDUmWId3spIBJV/jRZMERt4g6U9MsodB5nDHNNZnaTO5SWYqY9j1L2NWHIlSuKYHS++qnW+7dR9Nf2CsngnINeiOf+Al8p42ZRMgtab4FT5VW/bpSE5IxArFmdfujD7g1PLW1BYtGxxMqOIx/cm1wjYczsOl50FMeobOIJDNf2NBJKl9qD3ksSdS/ZTArC1Irar8JL9NhJZtQKMu/8sCVXbqqH19JYDOAz1SrHEhRaxXU49ShJSkMEL9Ky4/frkHPyf2pF23XuYMTdtWNaIo5IB6IcyZwwQOtEsbRqNqx8dmdB5gxCqsFz6uxkuTdyfhAgMBAAGjXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMB0GA1UdDgQWBBSmCq5TPHuU1Z8D+JlUad2BU1st3DAfBgNVHSMEGDAWgBRRBiYevAvLCa/qe8wjlhWHEhqOJzANBgkqhkiG9w0BAQsFAAOCAgEAY3LhOo6bPW/faBbyA37D3AJP1IskqlE4U1hKbAdXMcGDiWYjRI2Q2Kno9yMVQzP0OZ/NP+5dETcspMI5VsLYFd41y285RWQcGC0nlSZuKtcb3ENONi0iitolkAGa12x6npz9RU997BvmDTFOZooORFO3DEbvYf/vL/7hBWeub7JsDmCEAafZmj52iCJysfAaH8hKyDFkT0RMwq3zUHZqcsYYrmsc2vz7H+6h4WH8dfX+FfG1TYyZz/THQl6N/P9KDn9rf/1TKxDpGXMhNzAx9ldPV21MO85X8dL8jLiCy43821fDaRY1V4MLP+S2C2pQn8Ej+3vbpTeV6mWEQSed7kJnEeziD8zD2kAVSBNA4e8ph9f+6SVhOkCksHtorMdVNdUjVIWJRrwN6hg5V7uEMNE2tA4vHegzB38pOcq7YObp/ZKagW/JSw8k3cOnl48+qv2K58tSV9H8p4MBj6VpDTPCPLKcZzIghbvFuNqMAb1FzN7Rp0x2DLB1VNRDQe60/JsUGpObz+smJef9pHMZD3UQYXrbDpWTg4qA/lOM+C2kuYon4kRM9V+JZc7BP2FqLsC5WTemw9t1wxxD1Qjgz8NFQu37O1l7AL+HirORwvEoL+jQoc+VvPbc4YStKi5LajuNsXtsfPtQ9SPW1iYRadp/PEfRvkNeOvwkpgKiAAk= + registered + 2045-10-18T18:25:10.000Z + + CKM_RSA_PKCS + + + diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/private-params.xml b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/private-params.xml new file mode 100644 index 0000000000..2245edb7e0 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/private-params.xml @@ -0,0 +1,15 @@ + + + DEV + + https://cs:4001/managementservice/ + MIIDJTCCAg2gAwIBAgIUMZw/qaccO23KFoyyBhDsT1vVk9IwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEwNTIyMDc1MFoXDTQ1MTAzMTIyMDc1MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4MJ/UgVWdjH1/gwsO0YPv85aWAGbiiEpb7HgKqaSoUZNJvKlZsgp5WsgkygSzc+8oXgxw4FQmJtrvU9a0H7VNO0vW8J8p/Oo2Usurqwvsbt46jaS/VKvFtOM7/+RfdiHiVV8gm405SZQfraWrhFp3/QDxvcPttmVTOoFX2M9G4G+6nkptcw7HlK3nNOFtM/Hl2439z+iETTuTDhuKEpwiZy6jqoAer+17EHnPMprHwIZKE0KHPP804uChj9cOGDxETQfN0Xv+0JECF2bMIdt8YeISlnafRVR+83Obtcj69y0tRSzAtvSAOreg/599IjY6Tb+rjHjAO4pWFjpMDztwIDAQABo28wbTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DArBgNVHREEJDAihwQKAAECgglsb2NhbGhvc3SCD2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUFtBl5Xaw1sAu5dUBaDYTpWpMM5kwDQYJKoZIhvcNAQELBQADggEBAHdUYK4yRGQlTitKBltwviWazFeqkBsamV66dQzpnUmdW+FrOujN+cRXGWiRn6+MJ4qRCZGektQUdYxthV3lb1T4YaPcl80eeKZBghl1Jfe1+1Ucjiv4/Ln8+Fz3QoG97wOs+asRqwm7huP5YJZq/nL0f3Ih32TKrlv6PKyMA4RHjwHiMQQTrhjzoBzpDY1rnYoVV429iJICv/7RM0Ndd+T2aFC+p8H1qtnNMd7zzT4sqSS1h5Zj1dOrAweNv2q4bXsQjqaUJZEoNq3nMvzUcpG9LH57ejhHpMlHDtLvnUOOTxaBquLh5Mw12QLkrXlb803S0OQYGe17yrhRtwWHtyo= + + DEV + COM + 1234 + MANAGEMENT + + + 60 + diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/shared-params.xml b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/shared-params.xml new file mode 100644 index 0000000000..6f0a16a889 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/shared-params.xml @@ -0,0 +1,115 @@ + + + DEV + +
cs
+ MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmxPFSE0oUbKCa1xYSArCtSseHX3GioLMqTDMjd3HYjJ1dShJWklrVRZAcKx6+mOk5/LPYXS2WBphxS+4iWjWIkPy9tDbwVRNs3ep51e9iIfMpRRXHC6E2hIASzaFYh8Qt/ljVfaYf4xxBkG8czvq7Dc5rKlzYhGXlLp8Yx8BkRmRjtqc1h6y3Afc+YVwhSf35MrsTwVhTkjnecnntr9q67eIJ5wCbO65BZhL8SompeyxB6srp3VsQVz8qsT5SJp8FYDDUGAdyBYBPGGNR4ZsLgIZRwSeftwhMHQuauOenDPMGDLMPJGsVJg5t3BFS94+EoGfSQLmmi+A28XSJacf3AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB9oKNXNgfeJAJnG6NPhS3gS0VigT2fCquUl38Rzv6tqc1uEKHkJqJ6jS2AO0wC7ykmCqU5Ex7mLFo1l70oaA85GdMuUlETxRLyhYw/XImeRHMLYxvML3e11DpyIb5GcnBr80iLlRs3eCGNLts/8b9F4akR21HZPCY0lZra6OcxTpnARGIxLqC5fD7O12Nf1Zu3sitKWgMBj4FswIS9fWSoI4vONY11KSmP8/aaKPpOOGDs99CNR4ay7ug/ch9/kePlmIu9Vidn9mkrMTseM/x7O0hr+iO3GG0wab1daXRZpUSvbP3ZqPXLIwePcvUUjlxHvB7GlT89C3dE0NVMDAuK + + + Test CA + false + + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQXh1Z0F3SUJBZ0lVUmZCZHV4MVhtWFMwcHYveU1ydVExWHBQc2VRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURU5NQXNHQTFVRUNnd0VWR1Z6ZERFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEV4TURVeQpNakE1TkRCYUZ3MDBOVEV3TXpFeU1qQTVOREJhTUNFeERUQUxCZ05WQkFvTUJGUmxjM1F4RURBT0JnTlZCQU1NCkIxUmxjM1FnUTBFd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUMxT1hBWkVsdFcKbUlnaU1WZ2hxb2ZPLzdmanZ3REdtaFFiT1pIM2pEZVJ1VVlDODdOa3REY3VZcDlYdTJOTnJBZFNnalFDVS82SQp0a3BMbVRNRHNUV2tPQ0grK0xBNHlON0tyQnM5Kzd4T1F2YVZGeDJYN2R2OUREYmN3TUxsQ2tPdGwwa3gyQk95CmRlT29XcDdNb0doRWo4UG85SnFUMTVBQmZzZG5tUDVpRjZkb2FHbnloZEhMemxMNnFFbTBkZjdXYXR3amtXOW4KVWozRS9ITG5nT1RucEVvdTROL3c5eitXeGNJT3J2Qnk3MUlUemQ3YVhmSDBEWUxCVUlHWHBTdVdBMUthNUtldAoxUityTytTOURub0NoeHZ3cUpSNFhIOWwxaEJTcDIxa0FqWVMwbndORDloZ0xqV1c3TE9jam9WUForTGxybmZJCkJCV25XUHIwVWFNdEROeHViQjRBdVM0T25SUmNaczZ5YnZzM0VMUFFzNndFanY0WFVyaGEvNFVLenhUaEhzVDIKMUdzWE9sL2hzRXFOTXBQVmIvVVZtbnJveWFQYllnUWxRdjE2dk4rL2VlUVF6YW41cXRWaENFVzhRMk5PdkJVaQpMcWpMYXYvSHBVNVU2VTFCVzhLN21HSTlXbGRVVW9RN1FSd0c3OWQ1Vm94SFF2OVUvNGtHTUtmRVBtdXlFZEFKCnBIeVphZlJvSkdKNjVSMWJWdW1xV0tUOURJQjRjeGdvaWRJVWxoY2FVY0lGZUxZQ0lXUTJDNmY2UHE0c0xIeVYKSjdMUXlpaTJZd0JFTTkzQjR3TE4vYnVvcjk1TE1UWHRsZWJtcnppV2tublpUNE5vMCszTk8xZXRmMDkwVnkrMgpta0toTVhlVThJOVJLUkZJSFd3SkZWM0Vxa010Q08ybXFRSURBUUFCbzJNd1lUQWRCZ05WSFE0RUZnUVVVUVltCkhyd0x5d212Nm52TUk1WVZoeElhamljd0h3WURWUjBqQkJnd0ZvQVVVUVltSHJ3THl3bXY2bnZNSTVZVmh4SWEKamljd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFKSnpUQlpJLzlTajNYYURreHJVbDhOYjl2MW9kWFl4VzNnOFErU2EvTHBEd0tiNTVEVHRwR29ZClM2RDlkMGdXRU5XY2VDNHlUN2NVSlQ5TzU2dzFHVDFJM0IzQ2ZXVk5vNzNtOEw1TWwyVEJXSVZhckY0a0pKb0oKNU1VR3Z0WEJaRThzNkpqc1pjZ3BSdGlnMjI5ZlB6dHhjcG44UjUyYnZNUDNtSHpSa2hOaCtxcGhqbkZyK2lxbQpuTVcyNHM3WkY3cTAyOWUya0R5M0RxT1dUeEZTbVNZaHg5cXJ0NElTQzVVaG9XTFpmb0lPU2hJbmx0RnVmM25BCklnK1hVZDNLM1R3UGlrRHdXZjBFMVVwd005YzFwZFhZM1N0SkQrS0VWSXdjakYyK0lHamRpR09aNHR3UWpvRzAKaThoMmd6UzRlL3NtTGtoR0tMNDlkaFZkUkZ0SmswS3hveWpKaWRFSlkwcnVJaGE1cmR2OVdhakhDa2RuYXlKLwpTN0N1Y2pmZ1dhMmZNVGhxeHUrUTg5SFFmNHpoU1Y2R0g0SUlMRFpvRWV3LzA3QXFoS1l6OWFMVzEvc0NkMnVuCk5FbURoclVmWEo1bFp2UVF6TzVUVmg4SWZPU1Z4NkRrSTBza0lxNUE4Vlp1S3NNR0oyQnVKcnQ3OUtVVExIbC8KU280KzJOQXp4dEZWVm5jVG13NHpObWNBaGE3K0VsWWQ0ajhQTm5NL3FkWXkrWjMxekE4ZVpFNDB1WlZBZGw0NApjdTJjZmFrMnVMdFBSUnQ1VGR4Y3djbGRDQWpOY04rVTdkK1ZBeHZmWEw4WnBBeDdEUmhnNlh2ZUoyTW9xOU1SCnYyK1c0RHM4ckJNeGE1bzRZQ3dNMHFoZlpsSkU3VGpwRkx0Y1AyY05PRTlHeEtIRW9IZkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + + http://testca:8888 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZORENDQXh5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBNMW9YRFRRMU1UQXpNVEl5TURrMApNMW93SXpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVTTUJBR0ExVUVBd3dKVkdWemRDQlBRMU5RTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdjNCUDR1dzB3c0xGcUczOHJDNnA4YkdiT213b0xvWlIKNUxYNWtXMis5OUpkci9uVTJaR1Bnb0hmQ3BLSVI5WFZKT01vU3daR0RrTWtIVzJ2Umk5MUJQVnM5QlAxZGVLVQpya3ZnQUxna1Z6MUxhQmJGTndGdHdNeWxYMkM4czNUTEdPTnZzYWdyRVVBZEk0U29HdmF0a2FScE5KMXZXNno1CnVLWjUrbWFrVVRrVzkyMHJNREdsb2lwblZwUURHK0lCbDJTcEx6N1VGOHhmempWVnljbkVXbVdBek80ZGY5V3kKYzl3NFVHNUR5YmYwdW9rMk1LdThQTE5saXpZem1xb2t6U1lCQUxYL3ljWFd5ZG1mS1BZaENqajljQnlwTEdsTgppdmM0Nkd2Q1lzVTQ0bTd2M3EvekJsa01KZmNsRjllb1lYV0VFUmxGWXU2Ky93dC9NTjB2RWJGeURacXJBNUI4Ck5qeUNneDdVbjZLRGhLZEdqdGZtSTkrU3UvMjJJT3liTy9sSjlXQmg5ZC9oOWhIejJsQWttQ1kzdVYyanEweTkKTTI3aGYvOUQranFWUnZLRmppdVdGcXZMZk04Wk05Z3NXbFp6Wi9lZDlMSnBFbmpqQ2VHK0pkY1phejNhNVR1WgpQZ3JqcCs0YWdpTzYxL0IzV1pLd0s3OERWT09kMzVoa3BncE9JNDFBMzg3TWFUTE1zRUppR292a0pWR0xBSldTCndBMlkxaWx5WERmSHQxa2NmV0dHUFFRT0p0dm9WZTlGLzFUYW5UZFVBdE1MMGcwUW9aVHVMRTFka01UM2lUTUkKaVdTcHRYcUYya0crckluNlcwSjhPelJib3Z2YUhFOWhXYllLK3VwNnZqN0xXL0JkZTZWNW93eFNKa0lZMXh2MwowV1oxUWl4ZkZFMENBd0VBQWFOMU1ITXdDUVlEVlIwVEJBSXdBREFkQmdOVkhRNEVGZ1FVRXh0cWorZi9MNnNPClV6dGNYSmphV1ViY0Zad3dId1lEVlIwakJCZ3dGb0FVVVFZbUhyd0x5d212Nm52TUk1WVZoeElhamljd0RnWUQKVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUZCd01KTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQ0FRQXV4VFFmUy9jeHcwMUgyN1pTUDB2blo3T28xOEgwemxoM09BMDE4cG9wRnRKbWhFcW5WejVFCnpXZS91eVZQMi9CQ05KUjJqQ0Z1UURBZ3RXSCtDa0R0SldNQzUvRHYxTm5tTUxWMWV5UE1ORzRYejkyaGk0LzIKK0lVSzJZZWZMQnRHUEVmV1RXUnB2VDc0SUw2ZFdMZ2pESFkrUFFHb3hjRzhzTDlTUlRORDFjT1lkMkRER3AwcgppYTMwektjYjJNbFdXMW1RTmNlaCt2VDZDWEVpTGFvOWZUb2Q1Y2RFQU5RU3NpTFAwMnREUUZLdjlMQWJSVE5IClV1OHFuYVpQajNxcGVXcnFmVXhieEcxV0dOYStSVXRQamhNZXdxTW1Ic1JRY1NBRVZzbmpSZ09jRTFUajEyR1gKWDhUeEgyOUF3SUpOK1JkTDhsUlkvdU4zSW44N2Z0akZaN25DeGU4bVVrK1dRU1ljZStqVTBxdDZPY0U4YmE5bQpUT1FpekVIbkh4cVJmY1RobnVYcVJ6VUdnUTJ4SC92aFcwYlJ2QTVTSVg1dzN4QS9ITWcvdXlhYVRDSXBBeU9LCkRxNnZZaU9qblV6dnRwdmJDR01oVHk2ZjlvOEpvZlQ2S0ticXVoYWp3aERDc096S0lpTFZYa3NTZGs5VThUYzMKeHpoa0o1ZEdjanQva2crOG1adGZKU0FzdHJWSmZ3Unh0ZnR5M3V5Yjd0a29MM3lOMGFKQTdHUVNpNEtrc2o3bwpkRkVUUGtUd1U5SXR3Skx4RUExQVRBZ0xvRTV2Y1M2Q2puVFpBZm1VbmcxOXRXaHZ6Y040cnBUYVMvOGZCS0EwCnZJSElYbDNWcmJtY2kyZkREK3RXckJ3bzQ1aVN2alR6MVk1Q21EU0dTNnFvK3RnemVaSVpwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + FREE + + + ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider + PEM + + http://testca:8887 + + + + Test TSA + http://testca:8899 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBOVm9YRFRRMU1UQXpNVEl5TURrMApOVm93SWpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVSTUE4R0ExVUVBd3dJVkdWemRDQlVVMEV3Z2dJaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURqVHpJS0F6SUQrR0ZBWURGWFdSL3lMTWROM3JEbnFDVHYKN2VLQjg2aGJYNC8yOWVMTHJ4WCt2SSs2TitGOXZjc2RGblFwSVlnakdmT1JOQXF5SmFpNUNZTExyYk5MeE40WApGVGg3dTJheG5ZYUFacE9lU0EydWs1VGNXbzdDNVJYZTNnZzRDd0RvdUlRWjcvaTlBZ3ZDYWsyZi9mY3EzNHlqCkprQVg2WjFaUUdxQ2kxRjhFVTdxWWFWNkhvc1hWS0Q2T0E1bHc2RE5pNXBpQnIyalRYSnlLVTY4N2hrSjJQSjcKcE1BRWd5NFVCbTcrTExWa1RaUlprWDVwelRHKytBeElGM1RXd09VZm85UXAzY0pObk5HQk1uRHBxVUVSMmk3TApWZ0Q2WlhFMU5BWUZLTHdSRDVzbkJxSWRXbXMrbjlpOEEvNm9KZVNsMUZGU0Z5WUNBaEY2NkREZFRyY3l0N2VkClREcEx6aDI0ak1ycWxPMXpaYnBkaHo5NlVtbkxzSGlwK2RUOWNNV2VmRTRnWFJDbktjbmc4L0N6eXNnOXNZaDAKeis4aTkrdmNOZFVScHRTZHR3a2pNQXJNUjhEajhQOTB1VHVmVGxDWlRZYWhsNlRlRnZsS3UybkRnaHRTc2Faawp6cUdDTGtpN1BqTk9idnlOYkhTb1RSOHZlUGZSK1pvSnZtdm82aEdWQXdZYXA3aGJxU2lXK29Yc2NSSHRSaWdNCnlORE5XWFRvNnZ1T0x3VUF6ZWJPbmZJeXI3ZkpKVWFNWkJNS0JESmU1NVY0RFhVbjFmMjBjMGNwQnpkMzFWWGIKUGQraEdMUWdVVGdFWHVJQ3UwSC8veWJyQ2xFNTJ0Y1JuUGJxR2d1b1Ntb3hGZkdiL2FoSGtTMzFpRjI0bkJCUgpiSkpFOXhPNXd3SURBUUFCbzJvd2FEQVdCZ05WSFNVQkFmOEVEREFLQmdnckJnRUZCUWNEQ0RBT0JnTlZIUThCCkFmOEVCQU1DQmtBd0hRWURWUjBPQkJZRUZHcno0SjluT3JZT21vSi83bjFDR3hYakQ0eGVNQjhHQTFVZEl3UVkKTUJhQUZGRUdKaDY4QzhzSnIrcDd6Q09XRlljU0dvNG5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNPSjhHTgpYaTFRd0ZIMDVJMWU1QnZRc1o5M0dOb1hiVit1Tkt5U3FTRndhYXY4WVM4bjd2emszeTE5Y3NleE9jOGNZQjlYCkRXMDRUeDdpRmhCY09RdHU3bTVoeTR5Z2YwNWJpdzAwS3BVSFQ2dUdCWDVnTEhlM2U3cTlyZ3lXRkJEaDFBMHYKVys1V3RVT0NzSmhtQjk4bmZ6VTBMVVZ2ZkVsZ3BlT0NHMS9mTit2YVJXa0NXKzh5eUhTbWE4emtsR3NSbTAyRAoxenUwVFNBZlBaUkV2aG4wZTQvYUJRdWlXQmh5YVNkMERFQUMvT3RPbnQwS2NhZVJ5OUFEV0svNHArNzBiNzB0CkRMWXJ1MHhQekRtVkI1eTByazg5T2ZWeDNKMjhrRHVoUlZtZTFiMW1pQTVGcGZuVTdGRXg4b3MwYWN6YXo4aEkKTUNvbzRtS3ZZVXBjbWJyTEhETldETnFpeTM0NHN3bnZsTUhjV0YrQ2JLd29QcFdWL1NGczgwOElRNGRIQlQxcAptNTVpeGtISG93eFF4eEI3d1VUT0JUMzR6SWRhZm42dlNnMCtmRzl2ZXFCNEpIUVl5T3dkV09TT0krZU8wb0V3CmNPeDlWK0JoZmtKNTdoeEtENy9SbmxucDFYalRNdEhWSmJDdWJvaDltWklBVHM0eUUvQVBFcjN3T05Cd3B4MU4KWHNmWXp3T2VFRXh6RHloUFROODZ2VlB4QXkxV0I3bUhOdkYwb2JObXVubHVqM1pSR1VldmJNSW1zNVdKTFVGOQpRRmdGek9LVFZzM2RPSGRuQnlqRG5jRWhYcjBTdDJXbCtvWFd0MlRwbHZVRmRMMFJpWm9SbGNPYWI2NTVaSjhxClA3K2tGdlI4ME5KWWFWdmIyV3lGTUpHdGpzU2kxMElwanUrZnl3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + FREE + + + + COM + Commercial + + 1234 + Test member + + MANAGEMENT + Management services + + + TestService + Test service + + + TestSaved + Test saved + + + test-consumer + Test consumer + + + + + COM + Commercial + + 4321 + Test client + + TestClient + Test client subsystem + + + + id0 + SS0 +
ss0
+ 7Meh1uzLrM0z4DWhf30PPzICihqTHGgRSmWczyAIWB8= + id1 + id2 + id3 + id6 + + + id5 + SS1 +
ss1
+ ZW/oMvScXIzXpjWL68Dkd5ybl2ClA14qACkLJTWN8wk= + id6 + id4 + + + security-server-owners + Security server owners + + DEV + COM + 1234 + + + DEV + COM + 4321 + + + + + COM + Commercial + + + GOV + Governmental organisations + + + ORG + Non-profit organisations + + 3600 + + diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf new file mode 100644 index 0000000000..f5b4dd38f7 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf @@ -0,0 +1,27 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=z4B0y4A4IQsHupzWQ00L + +--z4B0y4A4IQsHupzWQ00L +Content-Type: multipart/mixed; charset=UTF-8; boundary=ELqYfwY0DNwFqhpFeOBJ + +--ELqYfwY0DNwFqhpFeOBJ +Expire-date: 2035-11-11T03:08:40Z +Version: 6 + +--ELqYfwY0DNwFqhpFeOBJ +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170100462771000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--ELqYfwY0DNwFqhpFeOBJ-- + +--z4B0y4A4IQsHupzWQ00L +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +Z5VDwFE53GsYy6DkZ7t1jMIRJj3qC/PO9wL1qUbXwe2evf1moufyP/L5rzYTzrOjHLRWjcF4rDS7Y2mGO8PKDjzJLxASIAgyLVDQ4lejKE9cfoT58msDOnxhii6DRSnwSRr5CvaKfs1nFHYl/EqiyKrwq0aDGNg9foFb0DqTskzMWGF9PqH5+UfbkTczDAFTL7meNnTj6t3anFZPzfh9ALVSRQS+xok3sV/7F0YlTl6BanS4QVKIs3BF7dCyKkuSwDDqmHuHFquEt1bl77OuDKJGtUWHieiz4ka0+Ebd00pkwbrHvGVvmX5SFqX91GxeSfQt4fmMo+tQUhGHVEM0kg== +--z4B0y4A4IQsHupzWQ00L-- diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf new file mode 100644 index 0000000000..ab238f280e --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf @@ -0,0 +1,35 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=nj3J1133jI6NB6snk3gL + +--nj3J1133jI6NB6snk3gL +Content-Type: multipart/mixed; charset=UTF-8; boundary=tvvzow1Zh1suGa6qRhZb + +--tvvzow1Zh1suGa6qRhZb +Expire-date: 2035-11-11T03:08:40Z +Version: 6 + +--tvvzow1Zh1suGa6qRhZb +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170100462771000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--tvvzow1Zh1suGa6qRhZb +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: PRIVATE-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170100462771000/private-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== +--tvvzow1Zh1suGa6qRhZb-- + +--nj3J1133jI6NB6snk3gL +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +KyVSr+V/4uu1hvezmWGb6/WKl48/VUIqpigpm2oSa57OR/YC9p9hx4mc79YLMmOUR7Y4OgnTOCYKlNq/hgIrM+imYqX+Gc4ZcRz79mg5MXT1lIyvYqOLfS5ABn0Syc5FJTosH/QBXimEykkngDfgTUOO+H2EJ4j/Ze8QyO+MhnDHhYhuOC2GOKG68e5UKgbeUcOPTwZ7ze5F1vxXkC3PzcRkNOVIa/4l2tWEpdJwkN3AvSnhjj+M/4EGBFUzzL058yAifRiHZ2/T1mXKRSmDrGwpB12N0+3UOTrOQKTIf2u+A8o7c0EIzPFSCAro+NtYCSXLmfzCn642ySfLacEfPQ== +--nj3J1133jI6NB6snk3gL-- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/056A952E76B40A46C07628C7B13E5934E39A9C78.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/056A952E76B40A46C07628C7B13E5934E39A9C78.p12 deleted file mode 100644 index 6d5050a484..0000000000 Binary files a/src/security-server/system-test/src/intTest/resources/files/keystores/056A952E76B40A46C07628C7B13E5934E39A9C78.p12 and /dev/null differ diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/1342B84B4829BB79226AB268B4D8E70B01068613.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/1342B84B4829BB79226AB268B4D8E70B01068613.p12 new file mode 100644 index 0000000000..fa1bdf9960 Binary files /dev/null and b/src/security-server/system-test/src/intTest/resources/files/keystores/1342B84B4829BB79226AB268B4D8E70B01068613.p12 differ diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 deleted file mode 100644 index 8dd73f1c17..0000000000 Binary files a/src/security-server/system-test/src/intTest/resources/files/keystores/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 and /dev/null differ diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/DF9242D3CBDE6DAC8058D2878340C3B527041FD0.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/DF9242D3CBDE6DAC8058D2878340C3B527041FD0.p12 new file mode 100644 index 0000000000..b060a4a11c Binary files /dev/null and b/src/security-server/system-test/src/intTest/resources/files/keystores/DF9242D3CBDE6DAC8058D2878340C3B527041FD0.p12 differ diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 deleted file mode 100644 index e1a85cff70..0000000000 Binary files a/src/security-server/system-test/src/intTest/resources/files/keystores/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 and /dev/null differ diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0.p12 new file mode 100644 index 0000000000..cb6154cff3 Binary files /dev/null and b/src/security-server/system-test/src/intTest/resources/files/keystores/FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0.p12 differ diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/15A0AFEE2602D2846621118997E268F5FA843C94.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/15A0AFEE2602D2846621118997E268F5FA843C94.pem new file mode 100644 index 0000000000..9605da405f --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/15A0AFEE2602D2846621118997E268F5FA843C94.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQTCCAimgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwNFoXDTQ1MTAzMTIyMTEw +NFowSDELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQ0wCwYDVQQD +DAQxMjM0MRQwEgYDVQQFEwtERVYvU1MwL0NPTTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK0k8LMy+LETgEG4ulkrj6EN/iv3T0KD03Syv3WbwjJIlluV +JsGUcdDxwozcFF/hbQmGWehhdFf/cqwsDL7nflgLinLf+Z/WyS6vhV4o7qRL4V3s +gtCP6+jWjlFito8l3TDHUDqAV6I0E5DRxAo/7+wtzWYBxtEA2l3C7yxCXi/LaXnP +vanLRdMMiojL5zfYV4j2Bt7PXDhKLjp90C/lWCNNh8/8t88cAxxYhieBQB79p8Z2 +J4WYHgp+RVXh+mmtSFLkvWBAGqpmEghuoTrGleT4j4sudWZrCPI/CqWE7Yu/Xo4z +fU7hohH5NYEz6Hdor+N7EIrM2aXJvPZMBd2RwiMCAwEAAaNdMFswCQYDVR0TBAIw +ADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFJiL+gB6lCj5ggX7nXaSjdH0zYcd +MB8GA1UdIwQYMBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUA +A4ICAQA12nl19PaM3RM+kyoqu4MUSln1PK8YaSkz66/XQlG7gbs4hv37IbKIe5Jt +fpRYZDcWsYLG2qC+1nngfrMJX+otrE3OrRu7hnFASuPQ24Yut8WicyM+V826c+tD +ISTL3+lvoQrXI/Eedmxsge1oGf591luc+GR3HaJMg7sC3sZryFY/0xq9zlzjCzTD +5LwzPrBGQI3a/z93nb4oAPSZgQZtXjYt1d/gYNmoQiQBX+KOpeH1LywvhHoOy+wG +/ArqGhsKoAzNjCOdp2nBSlYK7ye5yn9iE1ILyKHybNckMC52swjb6FDDwohwlRBC +I40NNukKpLEXUvMwDZRg6YhMNICLuD+9EnhmY0DmYuB18dEFOsihPPWkaQe0oBpe +C6/i8vxyz4sp9GXzHXj+Xw0GZ/FJNCQJSKbL9pvi7aTpK7YXog5V4NnGAcwRxlMG +eZoGf7twsLaFlPfuiG0ESAZ8Oj/hwVYA7FA1Na7aHNxnfLSnZVMFeOxnocqr9UEp +3ge2Nrs47L69hHFqLE3xgjkQMKUuSkbW4IwFUJNe56/f6DA0fA5nzShFLdbc1iNQ +WVv7GgYvKOxsdyG9MYqzuBpXAQM4gcFptL0+MoghLH3ZXkWca79a56Tn6coZ4i7n +lNFvm1l92E2+SUYBlv36n6Q7rpCp4kN6OZWX7IYbfMirP0/afQ== +-----END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/2383ECC7DCE9C81826F99FC79FE96393A342FE42.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/2383ECC7DCE9C81826F99FC79FE96393A342FE42.pem new file mode 100644 index 0000000000..d669253c64 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/2383ECC7DCE9C81826F99FC79FE96393A342FE42.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNjE4MjUxMFoXDTQ1MTEwMTE4MjUx +MFowSTELMAkGA1UEBhMCRkkxFTATBgNVBAoMDE9yZ2FuaXphdGlvbjENMAsGA1UE +AwwENDMyMTEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDC/MwQKOrsiZj00e7qkYmwBDUmWId3spIBJV/jRZMERt4g +6U9MsodB5nDHNNZnaTO5SWYqY9j1L2NWHIlSuKYHS++qnW+7dR9Nf2CsngnINeiO +f+Al8p42ZRMgtab4FT5VW/bpSE5IxArFmdfujD7g1PLW1BYtGxxMqOIx/cm1wjYc +zsOl50FMeobOIJDNf2NBJKl9qD3ksSdS/ZTArC1Irar8JL9NhJZtQKMu/8sCVXbq +qH19JYDOAz1SrHEhRaxXU49ShJSkMEL9Ky4/frkHPyf2pF23XuYMTdtWNaIo5IB6 +IcyZwwQOtEsbRqNqx8dmdB5gxCqsFz6uxkuTdyfhAgMBAAGjXTBbMAkGA1UdEwQC +MAAwDgYDVR0PAQH/BAQDAgZAMB0GA1UdDgQWBBSmCq5TPHuU1Z8D+JlUad2BU1st +3DAfBgNVHSMEGDAWgBRRBiYevAvLCa/qe8wjlhWHEhqOJzANBgkqhkiG9w0BAQsF +AAOCAgEAY3LhOo6bPW/faBbyA37D3AJP1IskqlE4U1hKbAdXMcGDiWYjRI2Q2Kno +9yMVQzP0OZ/NP+5dETcspMI5VsLYFd41y285RWQcGC0nlSZuKtcb3ENONi0iitol +kAGa12x6npz9RU997BvmDTFOZooORFO3DEbvYf/vL/7hBWeub7JsDmCEAafZmj52 +iCJysfAaH8hKyDFkT0RMwq3zUHZqcsYYrmsc2vz7H+6h4WH8dfX+FfG1TYyZz/TH +Ql6N/P9KDn9rf/1TKxDpGXMhNzAx9ldPV21MO85X8dL8jLiCy43821fDaRY1V4ML +P+S2C2pQn8Ej+3vbpTeV6mWEQSed7kJnEeziD8zD2kAVSBNA4e8ph9f+6SVhOkCk +sHtorMdVNdUjVIWJRrwN6hg5V7uEMNE2tA4vHegzB38pOcq7YObp/ZKagW/JSw8k +3cOnl48+qv2K58tSV9H8p4MBj6VpDTPCPLKcZzIghbvFuNqMAb1FzN7Rp0x2DLB1 +VNRDQe60/JsUGpObz+smJef9pHMZD3UQYXrbDpWTg4qA/lOM+C2kuYon4kRM9V+J +Zc7BP2FqLsC5WTemw9t1wxxD1Qjgz8NFQu37O1l7AL+HirORwvEoL+jQoc+VvPbc +4YStKi5LajuNsXtsfPtQ9SPW1iYRadp/PEfRvkNeOvwkpgKiAAk= +-----END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/5BC622B62052EE89F2020C2FA91872CB49EB1502.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/5BC622B62052EE89F2020C2FA91872CB49EB1502.pem new file mode 100644 index 0000000000..bbcf9c6590 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/5BC622B62052EE89F2020C2FA91872CB49EB1502.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXzCCAkegAwIBAgIBAzANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwMVoXDTQ1MTAzMTIyMTEw +MVowRzELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQwwCgYDVQQD +DANzczAxFDASBgNVBAUTC0RFVi9TUzAvQ09NMIIBIjANBgkqhkiG9w0BAQEFAAOCA +Q8AMIIBCgKCAQEApp1Ls34vBfJkD2bHtmnvb1HxhMBoBPP8rvwtcjGfVCTA7i+Dl +F3gTLV49k81FMi5gRHQNWLde1NmLTKTzFSoPUerCT7ohvTCTAm4h5W/328xoMo6m +2h/nGyuIoAIIUJi/CKf+Ih+zZCklsZqWaOd1f1QIPJOtjQkoMl+2olj2tw1o4/Bi +im8B03aVTYXfkGhDRC2D6nZJm4Gi9EBZ+USMEAO6CCFobGLLThomWkHDUxjliSGs +T4EJA3iR4h9gSuOfMpqHZv5/lY4X4axsR90c8oFEYMfuk9oZSL/dE0oqYpODW1mW +7hEm/8afUfTR/8ZtGsvYZFT70VcGcYNNdfoxwIDAQABo3wwejAJBgNVHRMEAjAAM +A4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwH +QYDVR0OBBYEFF757d7rOx/BzngYLRV8hOUpJDR3MB8GA1UdIwQYMBaAFFEGJh68C +8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQCympOjqsvo6cJPSLN2F +J83VFVTtbp9JIY8WQ5ltHMi7nncSJZ0pKfx5rjA+TNb4lWvjUko6ijRDyr8DwNU3 +ik69DffIlz7SmbhTxnP5hbgVma/xYgPRSYw0LIln1EksRvhTSSHdZfxrKvdXeK0X +TO6zmmgTPpYzpuN1kdsRFsua7H5IuDMMzPeH7vw++HsGAHpd0/Vp9cdknqpFZZOZ +ckK65HAGD2xltfd5HIZ9nGz1M9QDir/+oiwkwDOF53OVC2lxpnKA4m6mKmuJ4TIS +y2l04chJuNfRWqrqssnQDOhZkzIfDi/7NTdE25wA0KiXPl6cVQ/IZxJ6a6uCEOC+ +cISxRfWvyuA4UDnnWDCKRdbDLv6f3O2/wDUIvWGjNU3j8xshA0axxb8VxXuLTLqB +o8o0DMq4EBdAaumgzHuAO+Cj8dJs3yVkeK37MwvBUkmar7+gQmUL7U+mA9KUxMxa +lm8VAHZy2n7rlLU5kQCACyhEYWAtuUGZKHzLsqB3MOXKpIkbL5fqVNnHGeI0Wxoo +rS3y/SQf5OaRybZLFmkDESCOqL8zqd3XO4jUB7NMX5MMX1883KfkeiuWBRTZQD4J +Tq9I7YsWGyI1YpIOxA2Mjz8wu+EmFIvvZ7ersui3MsnTwoYqxymEPx0QiYVD3BHQ +XkPkI2T2rVe4ptaiH2t3MhYDw== +-----END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/84E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/84E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem deleted file mode 100644 index 1462e13e4d..0000000000 --- a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/84E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIERDCCAiygAwIBAgIBCDANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjgwOTIyNTVaFw00 -NTAyMjMwOTIyNTVaMEExCzAJBgNVBAYTAkZJMQ0wCwYDVQQKDAR0ZXN0MQ0wCwYD -VQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvU1MwL0NPTTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMzaiSaCGtYXDxp2Nu+vFfG/8S3II3UEPQ5OykJgLSo/ -+xMKnxRm1cmpbV2cAlhPNslbR5T06M9TK+96l8/rcGf/o+ksVjQZiS5R6T9BO0Vf -TiOnu2LiVoeBoGgnuVU+0csMK36d767UjOAtS4NnZpd9ltYF+fF3d3zB1RqoexoL -SkDlVqQePvGqtTSRCadRefnUp/udN/aFe4lsjksib1mpuJF6v34JfdyIh9MnxLr/ -2vqlCRDuZRub+bQh1z0pgjHfN7H06kS+zuvQKM2oB+YBJAlYPZue9Eri/jpksYfD -7mdxchVt2Nomz67sPQp2DCCST43LBCKVVyN237bMdy0CAwEAAaNdMFswCQYDVR0T -BAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFAHAxWWIfTMyiFjUfxtP087Z -FWiKMB8GA1UdIwQYMBaAFGNpUzhqJbRrVf7eFYEaz5qLlb84MA0GCSqGSIb3DQEB -CwUAA4ICAQCSnX6DxwUDtTobj6yUPANbAOErfwegQOdh9WuP+goMP3VRraOGPbAA -Rs2W+EA1VJsXchsyMaOINZZK2GULQXJNbofpdiToph07HMVTg2Rc4xdHX+ZCq8Sr -xHW0WG8uYutmTJgmuKZ8+tYg8j/T/XE7oZTwBmFIrnwUqLSNSpNGC4EODTFIOY7H -XZvPhdAOQ8G9hzqaka3ztf5TempnfkOY+71l4eLj5voB/TGSqP2LcboTWa3oZhX6 -Qhm9OWqrdS5pOzFoiDX1bQiyCQtWSxyySYQJpmKAIgLUfQRvN+pa+VaVou068r4W -1epyvDgRyvReYVYvshPCr3tarL523dKT6+RPHcPpZgjWwghuYsMtJPJ8EomC6QA8 -s09q/4xmfZ0w133LTqomptTGvqL9WICtcyBi5XPO6to563tAblVaFtfIKQ79AJQg -DiHpkexe5ys/tFxQ+jFJFixAH89T+0+FSyr/obBMriMkMxaKtDnbp20/sq66jzV8 -nyxgvdgMVtMRL02ykmFjG0dmdeL8WDHdIffH69xNds1jbE8RRLgvTvXB0zydzHZs -fsfwR2gEDc5GZKZfMVqzmF6MK4kwV962wDOZi2vI5c+VGHEiP7qf5s1VCSJnhDZd -xWfnxUzuY1g+0EJFoznAri1kc2jU0/Xj+lOJOG8sfj9NBHbPa/0NcA== ------END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/D7D15F0ED1A1320EBA0190C838506B60EC07C994.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/D7D15F0ED1A1320EBA0190C838506B60EC07C994.pem deleted file mode 100644 index 1ccd5950a3..0000000000 --- a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/D7D15F0ED1A1320EBA0190C838506B60EC07C994.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEbTCCAlWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODQwNDZaFw00 -NTAyMjIwODQwNDZaMEsxCzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZXN0IG1lbWJl -cjEQMA4GA1UEAwwHeHJkLXNzMDEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyNalEKM/40JNMd2lpvkOMLO3hiLkp -CLjy/PrKMsBHgDlaGg3g8OL2yJ6fKVZCtcBNPlqONOUdoMQ9xbyrR6VR8Px/XBaq -/+4azB93g8dvJ0w2e1GrK7UKhsYVCsDDGvprgiSG/vzmrlovEj8XdRvXrV2K5tgL -v8QR5MkkSZWmK/bUzrTPbs9wYjXiDSFtQpAQbK6RZAK+lxcPFkJIsk5GHAxVJxD8 -kXzW4M4cJin2XDlfWdt10KvI9GsbNivjm05T7eZTBT86DhRNBI65rXPX1utLtimC -8YGEw6nkX2wlhiBAZlddbLkcZ6Im7mhV5Y+HFQVBrFNWC6GQRljk5ULNAgMBAAGj -fDB6MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgO4MB0GA1UdJQQWMBQGCCsGAQUF -BwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUMpbjRQF6QZzWKzqt4czCirJo3rwwHwYD -VR0jBBgwFoAUY2lTOGoltGtV/t4VgRrPmouVvzgwDQYJKoZIhvcNAQELBQADggIB -ACALBepGr5bRrXXNnr0PUQCU5rjAqv28NGxSdznVe8Df1Lz3v0gHmfy8TCX0naF4 -eUqw2I4NsqEnu4L2qxr+klknz+X6qLFQaUXiUe/dC4Dh2gxc8gGANzKWdXoKCATp -gr2d1rYTcvokOMtrus91Ch3t09vi80FcyZEbVStI/vHT1q5lq37swpNzVv0XuAQB -6Op+ufvFTw/1FS4V0cKEfbRdd6egFTZ0NXZS+gNe/zgUadoxXbO0aefnNjuErLVw -m5IofnQlRN3M+0wqn5nlCE4tzPKMQUaxwCqcjau/MskfalU/OKWwwXE3tN7aMgDW -WTXf6z37lQ00bvn7lLN4hTLUje2NKCgr70Y/xmAHIEdWAaKaispSQltHYixf8zm9 -ZY1sPDYv+wYOHSQi6xMBLFO9tMw2d2IEcgTfftJ118H9OGu4b27ox3KYnMK6Iq2E -7GjXk/bpaYI5jU6rxTLOi2gAGOzEeqOOGt+94fOpPgqt+xK9z4EffuD0m2C5tMAC -Lmw+7TQ+60nI0hVt7LOlplKfy+np4K/wuwhcSdRAGeejVMoEqaefQYUqj1l8JX2O -J4MewMu3F5CXK7PmLJK/K4edHc+L2bnfYuDsIQZgvg8ZmDJOHecAX052LxsaFgWJ -HiHHcxqZvZ9iQTgjFRvgyrHYlidHV6EVT1t0mdFZqwOQ ------END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem deleted file mode 100644 index 2f584ebe68..0000000000 --- a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIESzCCAjOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODQwNDlaFw00 -NTAyMjIwODQwNDlaMEgxCzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZXN0IG1lbWJl -cjENMAsGA1UEAwwEMTIzNDEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChHRjPqqcYEuMZiNlH0PWBKE6DSgLQ50Gm -jFgMFnjQ378Njck1TPNws14ftff8T5BBCUomXdy4u4rGQeSSPKY5M121NMC/jDfk -aKdtvi2F5n/WZrdAZo9J0RIp/Dbr9Fmwd/iohkxKY0zr7oNR/nsCHI4N6ZfI2iU8 -+4dOnxOr8vBw8UT5PBFH8GIKiuPTJp/KRKSDuF8ev4QC6KXGT6Q0WpOFvTxu5iwd -h5V8XwmhAAzk0vnrBPEUynp5I47sSyKsYyP7LT5MQxnxrih+JUSc83r2onMgmfH1 -qRQXFXZvn5ilaLUa43Dc+oHFPH/xo0V5T2GhSlDtbmHWyhZbKvGpAgMBAAGjXTBb -MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMB0GA1UdDgQWBBROYou+TxqDwfPj -gLBA5Ik8e/2bIzAfBgNVHSMEGDAWgBRjaVM4aiW0a1X+3hWBGs+ai5W/ODANBgkq -hkiG9w0BAQsFAAOCAgEAFDOcJIMLKaU1VnzAJSfx7lPFE3I4qycjQmKMsp9af8qr -ZC/OtuWR48KOQ5PTaTvKpO5phrIpV4t7kPoyqozz12EXfcmao7dJvXqqpEWk78h3 -xPRff/yUrZ7EiGwlvngzkMVry6fzL1kkMaYNj9BAIpjz+XQwtmOp6N7f4jhCowj/ -z28ScRfOtmrhPR/ruTscLRKv/QCbIuQ9pnKKmLL1yGbvK6HkvpsT5m/CXmU0Mqia -Id+r9aZX251W5vjKw4LZpOnZ0QWaMyA1Xan83QUYtLp+/1frxHjAMZVr1HoI44pA -jzmhX//sQrTmccyt7KqXUGIq6e9JMWRdgWgjzjk97xiY5Tp+VZz1mLKW4OP9RU5D -0OD/J9GszO+4Ov30PY8pQ6uvtSmtRRq43AjFp1nMgd7/XO0aBIlWNoJKjip6wYYa -kq6flQz2Ym84+DcYW4jHAr8q1E1AFBhit0/wNCE0fMU4re5ntVt7TjS/lOZc/w5O -oB0+h6EvYmEf0GjUw1R+aA+HGUGjNx2N30OVE+80HDBMimO2Kcw/oZNR6dbR10jB -KoBQJEEFHSFi7FcddBCDcY1/asxiLB34wyjau1KSZQxKq1uGmB5l+QA5IwJ1sDxb -H77LVNjaPYMTuwVC8VP/Fs6b4G6jPxeR6Fj0DdZWwgw7UoB9M13a1VnW6nPB26E= ------END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml b/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml index 4dfa5cb50a..5c64a99779 100644 --- a/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml +++ b/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml @@ -1,13 +1,13 @@ - 2025-02-27T13:07:14.441Z + 2025-11-05T22:10:45.770Z DEV http://cs/internalconf - MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvZwWBRJABPy8I4KXdFC2O2GdUzqkiu2d5q3NWja/upfd1oVqxZH7DG7zfHVmEsWjQO/GFVPDJDn2sJCux/+4PTJt+mJ1kmErJ84rhw2PsoJVmBDZRswR9VDoNRTCsFa7qUYdzie9ksOO573kEjQR6hqpSQxlnl0/W2vkyLbMtpym1zkspRpttPjDRZ4n6g0vscsL/JiTR6M7Mrx+1JFMsCEXsrcX14cWHHq/C7nQapaVtrkTBWKRw0JsuAJjyA7ofUNfJDRyT/4DRH9glPHb93HRkTTEZtzGNLwm2VGlQZaHEB0ZLAE6Er2iuzGQWZAYcnvnWgA5eMpTrlO/L8FbAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAZ2W5AOAT0MlePq30HFiQZIghV2aCQFUi5QdZ0f32HFvkMUef/yqKPf1Z9A2c16qG4BMe3sdwoErS2V+Alac80ySTZgpsMXTohop4OQ/UMJeserQFWVVVhLLj2izOKqjoAooBh99IiwOKGvBQwjiIjoKXnHCAcL4lfLVEUD1Gud7qT1HnjGs1AEztxC4V2YxfcM2WasiYlAZ5iKcWfc8XDZ4+nxDQyPuPXKvDRWQtK9cnt9QWVUqCUG87u2FTHqax0qW4kggzG68g7Rz2mzbcwBTpW6gCmFJVkkk7Tk5ptrPsgOLElXqH/xNH54d2DX9s9AwZYImbZFXEoc97dorM1 + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O https://cs/internalconf - MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvZwWBRJABPy8I4KXdFC2O2GdUzqkiu2d5q3NWja/upfd1oVqxZH7DG7zfHVmEsWjQO/GFVPDJDn2sJCux/+4PTJt+mJ1kmErJ84rhw2PsoJVmBDZRswR9VDoNRTCsFa7qUYdzie9ksOO573kEjQR6hqpSQxlnl0/W2vkyLbMtpym1zkspRpttPjDRZ4n6g0vscsL/JiTR6M7Mrx+1JFMsCEXsrcX14cWHHq/C7nQapaVtrkTBWKRw0JsuAJjyA7ofUNfJDRyT/4DRH9glPHb93HRkTTEZtzGNLwm2VGlQZaHEB0ZLAE6Er2iuzGQWZAYcnvnWgA5eMpTrlO/L8FbAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAZ2W5AOAT0MlePq30HFiQZIghV2aCQFUi5QdZ0f32HFvkMUef/yqKPf1Z9A2c16qG4BMe3sdwoErS2V+Alac80ySTZgpsMXTohop4OQ/UMJeserQFWVVVhLLj2izOKqjoAooBh99IiwOKGvBQwjiIjoKXnHCAcL4lfLVEUD1Gud7qT1HnjGs1AEztxC4V2YxfcM2WasiYlAZ5iKcWfc8XDZ4+nxDQyPuPXKvDRWQtK9cnt9QWVUqCUG87u2FTHqax0qW4kggzG68g7Rz2mzbcwBTpW6gCmFJVkkk7Tk5ptrPsgOLElXqH/xNH54d2DX9s9AwZYImbZFXEoc97dorM1 + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/private-params.xml b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/private-params.xml new file mode 100644 index 0000000000..2245edb7e0 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/private-params.xml @@ -0,0 +1,15 @@ + + + DEV + + https://cs:4001/managementservice/ + MIIDJTCCAg2gAwIBAgIUMZw/qaccO23KFoyyBhDsT1vVk9IwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEwNTIyMDc1MFoXDTQ1MTAzMTIyMDc1MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4MJ/UgVWdjH1/gwsO0YPv85aWAGbiiEpb7HgKqaSoUZNJvKlZsgp5WsgkygSzc+8oXgxw4FQmJtrvU9a0H7VNO0vW8J8p/Oo2Usurqwvsbt46jaS/VKvFtOM7/+RfdiHiVV8gm405SZQfraWrhFp3/QDxvcPttmVTOoFX2M9G4G+6nkptcw7HlK3nNOFtM/Hl2439z+iETTuTDhuKEpwiZy6jqoAer+17EHnPMprHwIZKE0KHPP804uChj9cOGDxETQfN0Xv+0JECF2bMIdt8YeISlnafRVR+83Obtcj69y0tRSzAtvSAOreg/599IjY6Tb+rjHjAO4pWFjpMDztwIDAQABo28wbTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DArBgNVHREEJDAihwQKAAECgglsb2NhbGhvc3SCD2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUFtBl5Xaw1sAu5dUBaDYTpWpMM5kwDQYJKoZIhvcNAQELBQADggEBAHdUYK4yRGQlTitKBltwviWazFeqkBsamV66dQzpnUmdW+FrOujN+cRXGWiRn6+MJ4qRCZGektQUdYxthV3lb1T4YaPcl80eeKZBghl1Jfe1+1Ucjiv4/Ln8+Fz3QoG97wOs+asRqwm7huP5YJZq/nL0f3Ih32TKrlv6PKyMA4RHjwHiMQQTrhjzoBzpDY1rnYoVV429iJICv/7RM0Ndd+T2aFC+p8H1qtnNMd7zzT4sqSS1h5Zj1dOrAweNv2q4bXsQjqaUJZEoNq3nMvzUcpG9LH57ejhHpMlHDtLvnUOOTxaBquLh5Mw12QLkrXlb803S0OQYGe17yrhRtwWHtyo= + + DEV + COM + 1234 + MANAGEMENT + + + 60 + diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/shared-params.xml b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/shared-params.xml new file mode 100644 index 0000000000..6f0a16a889 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/shared-params.xml @@ -0,0 +1,115 @@ + + + DEV + +
cs
+ MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmxPFSE0oUbKCa1xYSArCtSseHX3GioLMqTDMjd3HYjJ1dShJWklrVRZAcKx6+mOk5/LPYXS2WBphxS+4iWjWIkPy9tDbwVRNs3ep51e9iIfMpRRXHC6E2hIASzaFYh8Qt/ljVfaYf4xxBkG8czvq7Dc5rKlzYhGXlLp8Yx8BkRmRjtqc1h6y3Afc+YVwhSf35MrsTwVhTkjnecnntr9q67eIJ5wCbO65BZhL8SompeyxB6srp3VsQVz8qsT5SJp8FYDDUGAdyBYBPGGNR4ZsLgIZRwSeftwhMHQuauOenDPMGDLMPJGsVJg5t3BFS94+EoGfSQLmmi+A28XSJacf3AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB9oKNXNgfeJAJnG6NPhS3gS0VigT2fCquUl38Rzv6tqc1uEKHkJqJ6jS2AO0wC7ykmCqU5Ex7mLFo1l70oaA85GdMuUlETxRLyhYw/XImeRHMLYxvML3e11DpyIb5GcnBr80iLlRs3eCGNLts/8b9F4akR21HZPCY0lZra6OcxTpnARGIxLqC5fD7O12Nf1Zu3sitKWgMBj4FswIS9fWSoI4vONY11KSmP8/aaKPpOOGDs99CNR4ay7ug/ch9/kePlmIu9Vidn9mkrMTseM/x7O0hr+iO3GG0wab1daXRZpUSvbP3ZqPXLIwePcvUUjlxHvB7GlT89C3dE0NVMDAuK + + + Test CA + false + + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQXh1Z0F3SUJBZ0lVUmZCZHV4MVhtWFMwcHYveU1ydVExWHBQc2VRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURU5NQXNHQTFVRUNnd0VWR1Z6ZERFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEV4TURVeQpNakE1TkRCYUZ3MDBOVEV3TXpFeU1qQTVOREJhTUNFeERUQUxCZ05WQkFvTUJGUmxjM1F4RURBT0JnTlZCQU1NCkIxUmxjM1FnUTBFd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUMxT1hBWkVsdFcKbUlnaU1WZ2hxb2ZPLzdmanZ3REdtaFFiT1pIM2pEZVJ1VVlDODdOa3REY3VZcDlYdTJOTnJBZFNnalFDVS82SQp0a3BMbVRNRHNUV2tPQ0grK0xBNHlON0tyQnM5Kzd4T1F2YVZGeDJYN2R2OUREYmN3TUxsQ2tPdGwwa3gyQk95CmRlT29XcDdNb0doRWo4UG85SnFUMTVBQmZzZG5tUDVpRjZkb2FHbnloZEhMemxMNnFFbTBkZjdXYXR3amtXOW4KVWozRS9ITG5nT1RucEVvdTROL3c5eitXeGNJT3J2Qnk3MUlUemQ3YVhmSDBEWUxCVUlHWHBTdVdBMUthNUtldAoxUityTytTOURub0NoeHZ3cUpSNFhIOWwxaEJTcDIxa0FqWVMwbndORDloZ0xqV1c3TE9jam9WUForTGxybmZJCkJCV25XUHIwVWFNdEROeHViQjRBdVM0T25SUmNaczZ5YnZzM0VMUFFzNndFanY0WFVyaGEvNFVLenhUaEhzVDIKMUdzWE9sL2hzRXFOTXBQVmIvVVZtbnJveWFQYllnUWxRdjE2dk4rL2VlUVF6YW41cXRWaENFVzhRMk5PdkJVaQpMcWpMYXYvSHBVNVU2VTFCVzhLN21HSTlXbGRVVW9RN1FSd0c3OWQ1Vm94SFF2OVUvNGtHTUtmRVBtdXlFZEFKCnBIeVphZlJvSkdKNjVSMWJWdW1xV0tUOURJQjRjeGdvaWRJVWxoY2FVY0lGZUxZQ0lXUTJDNmY2UHE0c0xIeVYKSjdMUXlpaTJZd0JFTTkzQjR3TE4vYnVvcjk1TE1UWHRsZWJtcnppV2tublpUNE5vMCszTk8xZXRmMDkwVnkrMgpta0toTVhlVThJOVJLUkZJSFd3SkZWM0Vxa010Q08ybXFRSURBUUFCbzJNd1lUQWRCZ05WSFE0RUZnUVVVUVltCkhyd0x5d212Nm52TUk1WVZoeElhamljd0h3WURWUjBqQkJnd0ZvQVVVUVltSHJ3THl3bXY2bnZNSTVZVmh4SWEKamljd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFKSnpUQlpJLzlTajNYYURreHJVbDhOYjl2MW9kWFl4VzNnOFErU2EvTHBEd0tiNTVEVHRwR29ZClM2RDlkMGdXRU5XY2VDNHlUN2NVSlQ5TzU2dzFHVDFJM0IzQ2ZXVk5vNzNtOEw1TWwyVEJXSVZhckY0a0pKb0oKNU1VR3Z0WEJaRThzNkpqc1pjZ3BSdGlnMjI5ZlB6dHhjcG44UjUyYnZNUDNtSHpSa2hOaCtxcGhqbkZyK2lxbQpuTVcyNHM3WkY3cTAyOWUya0R5M0RxT1dUeEZTbVNZaHg5cXJ0NElTQzVVaG9XTFpmb0lPU2hJbmx0RnVmM25BCklnK1hVZDNLM1R3UGlrRHdXZjBFMVVwd005YzFwZFhZM1N0SkQrS0VWSXdjakYyK0lHamRpR09aNHR3UWpvRzAKaThoMmd6UzRlL3NtTGtoR0tMNDlkaFZkUkZ0SmswS3hveWpKaWRFSlkwcnVJaGE1cmR2OVdhakhDa2RuYXlKLwpTN0N1Y2pmZ1dhMmZNVGhxeHUrUTg5SFFmNHpoU1Y2R0g0SUlMRFpvRWV3LzA3QXFoS1l6OWFMVzEvc0NkMnVuCk5FbURoclVmWEo1bFp2UVF6TzVUVmg4SWZPU1Z4NkRrSTBza0lxNUE4Vlp1S3NNR0oyQnVKcnQ3OUtVVExIbC8KU280KzJOQXp4dEZWVm5jVG13NHpObWNBaGE3K0VsWWQ0ajhQTm5NL3FkWXkrWjMxekE4ZVpFNDB1WlZBZGw0NApjdTJjZmFrMnVMdFBSUnQ1VGR4Y3djbGRDQWpOY04rVTdkK1ZBeHZmWEw4WnBBeDdEUmhnNlh2ZUoyTW9xOU1SCnYyK1c0RHM4ckJNeGE1bzRZQ3dNMHFoZlpsSkU3VGpwRkx0Y1AyY05PRTlHeEtIRW9IZkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + + http://testca:8888 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZORENDQXh5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBNMW9YRFRRMU1UQXpNVEl5TURrMApNMW93SXpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVTTUJBR0ExVUVBd3dKVkdWemRDQlBRMU5RTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdjNCUDR1dzB3c0xGcUczOHJDNnA4YkdiT213b0xvWlIKNUxYNWtXMis5OUpkci9uVTJaR1Bnb0hmQ3BLSVI5WFZKT01vU3daR0RrTWtIVzJ2Umk5MUJQVnM5QlAxZGVLVQpya3ZnQUxna1Z6MUxhQmJGTndGdHdNeWxYMkM4czNUTEdPTnZzYWdyRVVBZEk0U29HdmF0a2FScE5KMXZXNno1CnVLWjUrbWFrVVRrVzkyMHJNREdsb2lwblZwUURHK0lCbDJTcEx6N1VGOHhmempWVnljbkVXbVdBek80ZGY5V3kKYzl3NFVHNUR5YmYwdW9rMk1LdThQTE5saXpZem1xb2t6U1lCQUxYL3ljWFd5ZG1mS1BZaENqajljQnlwTEdsTgppdmM0Nkd2Q1lzVTQ0bTd2M3EvekJsa01KZmNsRjllb1lYV0VFUmxGWXU2Ky93dC9NTjB2RWJGeURacXJBNUI4Ck5qeUNneDdVbjZLRGhLZEdqdGZtSTkrU3UvMjJJT3liTy9sSjlXQmg5ZC9oOWhIejJsQWttQ1kzdVYyanEweTkKTTI3aGYvOUQranFWUnZLRmppdVdGcXZMZk04Wk05Z3NXbFp6Wi9lZDlMSnBFbmpqQ2VHK0pkY1phejNhNVR1WgpQZ3JqcCs0YWdpTzYxL0IzV1pLd0s3OERWT09kMzVoa3BncE9JNDFBMzg3TWFUTE1zRUppR292a0pWR0xBSldTCndBMlkxaWx5WERmSHQxa2NmV0dHUFFRT0p0dm9WZTlGLzFUYW5UZFVBdE1MMGcwUW9aVHVMRTFka01UM2lUTUkKaVdTcHRYcUYya0crckluNlcwSjhPelJib3Z2YUhFOWhXYllLK3VwNnZqN0xXL0JkZTZWNW93eFNKa0lZMXh2MwowV1oxUWl4ZkZFMENBd0VBQWFOMU1ITXdDUVlEVlIwVEJBSXdBREFkQmdOVkhRNEVGZ1FVRXh0cWorZi9MNnNPClV6dGNYSmphV1ViY0Zad3dId1lEVlIwakJCZ3dGb0FVVVFZbUhyd0x5d212Nm52TUk1WVZoeElhamljd0RnWUQKVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUZCd01KTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQ0FRQXV4VFFmUy9jeHcwMUgyN1pTUDB2blo3T28xOEgwemxoM09BMDE4cG9wRnRKbWhFcW5WejVFCnpXZS91eVZQMi9CQ05KUjJqQ0Z1UURBZ3RXSCtDa0R0SldNQzUvRHYxTm5tTUxWMWV5UE1ORzRYejkyaGk0LzIKK0lVSzJZZWZMQnRHUEVmV1RXUnB2VDc0SUw2ZFdMZ2pESFkrUFFHb3hjRzhzTDlTUlRORDFjT1lkMkRER3AwcgppYTMwektjYjJNbFdXMW1RTmNlaCt2VDZDWEVpTGFvOWZUb2Q1Y2RFQU5RU3NpTFAwMnREUUZLdjlMQWJSVE5IClV1OHFuYVpQajNxcGVXcnFmVXhieEcxV0dOYStSVXRQamhNZXdxTW1Ic1JRY1NBRVZzbmpSZ09jRTFUajEyR1gKWDhUeEgyOUF3SUpOK1JkTDhsUlkvdU4zSW44N2Z0akZaN25DeGU4bVVrK1dRU1ljZStqVTBxdDZPY0U4YmE5bQpUT1FpekVIbkh4cVJmY1RobnVYcVJ6VUdnUTJ4SC92aFcwYlJ2QTVTSVg1dzN4QS9ITWcvdXlhYVRDSXBBeU9LCkRxNnZZaU9qblV6dnRwdmJDR01oVHk2ZjlvOEpvZlQ2S0ticXVoYWp3aERDc096S0lpTFZYa3NTZGs5VThUYzMKeHpoa0o1ZEdjanQva2crOG1adGZKU0FzdHJWSmZ3Unh0ZnR5M3V5Yjd0a29MM3lOMGFKQTdHUVNpNEtrc2o3bwpkRkVUUGtUd1U5SXR3Skx4RUExQVRBZ0xvRTV2Y1M2Q2puVFpBZm1VbmcxOXRXaHZ6Y040cnBUYVMvOGZCS0EwCnZJSElYbDNWcmJtY2kyZkREK3RXckJ3bzQ1aVN2alR6MVk1Q21EU0dTNnFvK3RnemVaSVpwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + FREE + + + ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider + PEM + + http://testca:8887 + + + + Test TSA + http://testca:8899 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBOVm9YRFRRMU1UQXpNVEl5TURrMApOVm93SWpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVSTUE4R0ExVUVBd3dJVkdWemRDQlVVMEV3Z2dJaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURqVHpJS0F6SUQrR0ZBWURGWFdSL3lMTWROM3JEbnFDVHYKN2VLQjg2aGJYNC8yOWVMTHJ4WCt2SSs2TitGOXZjc2RGblFwSVlnakdmT1JOQXF5SmFpNUNZTExyYk5MeE40WApGVGg3dTJheG5ZYUFacE9lU0EydWs1VGNXbzdDNVJYZTNnZzRDd0RvdUlRWjcvaTlBZ3ZDYWsyZi9mY3EzNHlqCkprQVg2WjFaUUdxQ2kxRjhFVTdxWWFWNkhvc1hWS0Q2T0E1bHc2RE5pNXBpQnIyalRYSnlLVTY4N2hrSjJQSjcKcE1BRWd5NFVCbTcrTExWa1RaUlprWDVwelRHKytBeElGM1RXd09VZm85UXAzY0pObk5HQk1uRHBxVUVSMmk3TApWZ0Q2WlhFMU5BWUZLTHdSRDVzbkJxSWRXbXMrbjlpOEEvNm9KZVNsMUZGU0Z5WUNBaEY2NkREZFRyY3l0N2VkClREcEx6aDI0ak1ycWxPMXpaYnBkaHo5NlVtbkxzSGlwK2RUOWNNV2VmRTRnWFJDbktjbmc4L0N6eXNnOXNZaDAKeis4aTkrdmNOZFVScHRTZHR3a2pNQXJNUjhEajhQOTB1VHVmVGxDWlRZYWhsNlRlRnZsS3UybkRnaHRTc2Faawp6cUdDTGtpN1BqTk9idnlOYkhTb1RSOHZlUGZSK1pvSnZtdm82aEdWQXdZYXA3aGJxU2lXK29Yc2NSSHRSaWdNCnlORE5XWFRvNnZ1T0x3VUF6ZWJPbmZJeXI3ZkpKVWFNWkJNS0JESmU1NVY0RFhVbjFmMjBjMGNwQnpkMzFWWGIKUGQraEdMUWdVVGdFWHVJQ3UwSC8veWJyQ2xFNTJ0Y1JuUGJxR2d1b1Ntb3hGZkdiL2FoSGtTMzFpRjI0bkJCUgpiSkpFOXhPNXd3SURBUUFCbzJvd2FEQVdCZ05WSFNVQkFmOEVEREFLQmdnckJnRUZCUWNEQ0RBT0JnTlZIUThCCkFmOEVCQU1DQmtBd0hRWURWUjBPQkJZRUZHcno0SjluT3JZT21vSi83bjFDR3hYakQ0eGVNQjhHQTFVZEl3UVkKTUJhQUZGRUdKaDY4QzhzSnIrcDd6Q09XRlljU0dvNG5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNPSjhHTgpYaTFRd0ZIMDVJMWU1QnZRc1o5M0dOb1hiVit1Tkt5U3FTRndhYXY4WVM4bjd2emszeTE5Y3NleE9jOGNZQjlYCkRXMDRUeDdpRmhCY09RdHU3bTVoeTR5Z2YwNWJpdzAwS3BVSFQ2dUdCWDVnTEhlM2U3cTlyZ3lXRkJEaDFBMHYKVys1V3RVT0NzSmhtQjk4bmZ6VTBMVVZ2ZkVsZ3BlT0NHMS9mTit2YVJXa0NXKzh5eUhTbWE4emtsR3NSbTAyRAoxenUwVFNBZlBaUkV2aG4wZTQvYUJRdWlXQmh5YVNkMERFQUMvT3RPbnQwS2NhZVJ5OUFEV0svNHArNzBiNzB0CkRMWXJ1MHhQekRtVkI1eTByazg5T2ZWeDNKMjhrRHVoUlZtZTFiMW1pQTVGcGZuVTdGRXg4b3MwYWN6YXo4aEkKTUNvbzRtS3ZZVXBjbWJyTEhETldETnFpeTM0NHN3bnZsTUhjV0YrQ2JLd29QcFdWL1NGczgwOElRNGRIQlQxcAptNTVpeGtISG93eFF4eEI3d1VUT0JUMzR6SWRhZm42dlNnMCtmRzl2ZXFCNEpIUVl5T3dkV09TT0krZU8wb0V3CmNPeDlWK0JoZmtKNTdoeEtENy9SbmxucDFYalRNdEhWSmJDdWJvaDltWklBVHM0eUUvQVBFcjN3T05Cd3B4MU4KWHNmWXp3T2VFRXh6RHloUFROODZ2VlB4QXkxV0I3bUhOdkYwb2JObXVubHVqM1pSR1VldmJNSW1zNVdKTFVGOQpRRmdGek9LVFZzM2RPSGRuQnlqRG5jRWhYcjBTdDJXbCtvWFd0MlRwbHZVRmRMMFJpWm9SbGNPYWI2NTVaSjhxClA3K2tGdlI4ME5KWWFWdmIyV3lGTUpHdGpzU2kxMElwanUrZnl3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + FREE + + + + COM + Commercial + + 1234 + Test member + + MANAGEMENT + Management services + + + TestService + Test service + + + TestSaved + Test saved + + + test-consumer + Test consumer + + + + + COM + Commercial + + 4321 + Test client + + TestClient + Test client subsystem + + + + id0 + SS0 +
ss0
+ 7Meh1uzLrM0z4DWhf30PPzICihqTHGgRSmWczyAIWB8= + id1 + id2 + id3 + id6 + + + id5 + SS1 +
ss1
+ ZW/oMvScXIzXpjWL68Dkd5ybl2ClA14qACkLJTWN8wk= + id6 + id4 + + + security-server-owners + Security server owners + + DEV + COM + 1234 + + + DEV + COM + 4321 + + + + + COM + Commercial + + + GOV + Governmental organisations + + + ORG + Non-profit organisations + + 3600 + + diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf new file mode 100644 index 0000000000..02281f16e2 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf @@ -0,0 +1,27 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=d84U0L3CmhYqodd20ebO + +--d84U0L3CmhYqodd20ebO +Content-Type: multipart/mixed; charset=UTF-8; boundary=KD5PN27E3y2oVhx3HmHP + +--KD5PN27E3y2oVhx3HmHP +Expire-date: 2035-11-11T03:07:40Z +Version: 6 + +--KD5PN27E3y2oVhx3HmHP +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170000548026000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--KD5PN27E3y2oVhx3HmHP-- + +--d84U0L3CmhYqodd20ebO +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +dge8MLbpYIFpcVKFDYl6+6STJ8wb4P2ayl9wxeUSMsIKuJ+oBBYmvw320fvoarcnjaKYRHpVs5ShK9jGlIsc4ezHwNDb04EDtnOaFf8Rw3d6x4Z6UHS51tuJPHzfoz7wC19BEf/K0+yLa9FaJE8q1jtZCf5UMtCvqG/s0Xkf7idmQ13jNcJ5i/jA3hUZp8VRSb2Yr1Oinmv1xRa2Hs7dba5FicHBKqP+JLCA1inUoOtqwUwfnwN02raWtOsvdSRRIKsUyOZngXktNuf6CkYFXZ/9UXy+l2R0iNHGAQls9a5pLNyPwHyPh0Lp4kgNh8iIWQU6w+MbmtF3MVyiPoD9zQ== +--d84U0L3CmhYqodd20ebO-- diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf new file mode 100644 index 0000000000..0db6a9a341 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf @@ -0,0 +1,35 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=liXZvQn3qLHSIEaQqiHo + +--liXZvQn3qLHSIEaQqiHo +Content-Type: multipart/mixed; charset=UTF-8; boundary=mxVldgyFMoulDBLDTGjc + +--mxVldgyFMoulDBLDTGjc +Expire-date: 2035-11-11T03:07:40Z +Version: 6 + +--mxVldgyFMoulDBLDTGjc +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170000548026000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--mxVldgyFMoulDBLDTGjc +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: PRIVATE-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170000548026000/private-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== +--mxVldgyFMoulDBLDTGjc-- + +--liXZvQn3qLHSIEaQqiHo +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +icOXZrvplB0li0JcF+NTPOU0N7qkpaVxj8+4xAe5irll6zMLyNayXunVC7yPyqos5PMxyay9/yje0PPo0amm4dOyRzkihYoumMifE+fQNZzusmpAcL9WL5iQyTWiNZSAx0y5eH6nilUZXGAIbeePSaW+MPU8vo92BTaIlneaJjyK+g0m1O7UiDnjFfkpaWmxgs9ax2yt1n3uIYZ6kjDjB7a2J5pc45kCXrinxrFuGvR/AGbNBkfkIMkg5KnqKmx1gH2eWpsjI3rlgBgEhDpgnPrB4b+i4adbInCy0KUCImaSUwbeipFY/bMoAtAtuXX3CHp3Vww86daIIpZPjyqkew== +--liXZvQn3qLHSIEaQqiHo-- diff --git a/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java b/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java index 9344782f8c..9f883c62ed 100644 --- a/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java +++ b/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java @@ -115,6 +115,11 @@ public List getTspUrl() { return emptyList(); } + @Override + public String getTspCostType(String tspUrl) { + return null; + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return null; diff --git a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java index 981430bd00..9d5c3a2e24 100644 --- a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java +++ b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java @@ -38,12 +38,16 @@ import org.niis.xroad.messagelog.archive.EncryptionConfigProvider; import org.niis.xroad.proxy.core.admin.handler.TimestampStatusHandler; import org.niis.xroad.proxy.core.configuration.ProxyMessageLogProperties; +import org.niis.xroad.proxy.core.configuration.ProxyProperties; import org.niis.xroad.proxy.proto.AddOnStatusResp; import org.niis.xroad.proxy.proto.AdminServiceGrpc; import org.niis.xroad.proxy.proto.MessageLogArchiveEncryptionMember; import org.niis.xroad.proxy.proto.MessageLogEncryptionStatusResp; +import org.niis.xroad.proxy.proto.OcspPrioritizationStrategyResp; import org.niis.xroad.proxy.proto.ProxyMemoryStatusResp; +import org.niis.xroad.proxy.proto.ServicePrioritizationStrategy; import org.niis.xroad.proxy.proto.TimestampStatusResp; +import org.niis.xroad.proxy.proto.TimestampingPrioritizationStrategyResp; import org.niis.xroad.proxy.proto.dto.MessageLogEncryptionStatusDiagnostics; import org.niis.xroad.rpc.common.Empty; import org.niis.xroad.serverconf.ServerConfProvider; @@ -64,6 +68,7 @@ public class AdminService extends AdminServiceGrpc.AdminServiceImplBase { private final ProxyMemoryStatusService proxyMemoryStatusService; private final EncryptionConfigProvider encryptionConfigProvider; private final ProxyMessageLogProperties messageLogProperties; + private final ProxyProperties.OcspResponderProperties ocspResponderProperties; private MessageLogEncryptionStatusDiagnostics messageLogEncryptionStatusDiagnostics; @@ -92,6 +97,17 @@ public void clearConfCache(Empty request, StreamObserver responseObserver handleRequest(responseObserver, this::handleClearConfCache); } + @Override + public void getTimestampingPrioritizationStrategy( + Empty request, StreamObserver responseObserver) { + handleRequest(responseObserver, this::handleGetTimestampingPrioritizationStrategy); + } + + @Override + public void getOcspPrioritizationStrategy(Empty request, StreamObserver responseObserver) { + handleRequest(responseObserver, this::handleGetOcspPrioritizationStrategy); + } + private void handleRequest(StreamObserver responseObserver, Supplier handler) { try { responseObserver.onNext(handler.get()); @@ -178,4 +194,25 @@ private List g member.keys(), member.defaultKeyUsed())) .toList(); } + + private OcspPrioritizationStrategyResp handleGetOcspPrioritizationStrategy() { + var strategy = ocspResponderProperties.ocspPrioritizationStrategy(); + return OcspPrioritizationStrategyResp.newBuilder() + .setStrategy(getServicePrioritizationStrategy(strategy)) + .build(); + } + + private TimestampingPrioritizationStrategyResp handleGetTimestampingPrioritizationStrategy() { + var strategy = messageLogProperties.timestampingPrioritizationStrategy(); + return TimestampingPrioritizationStrategyResp.newBuilder() + .setStrategy(getServicePrioritizationStrategy(strategy)) + .build(); + } + + private static ServicePrioritizationStrategy getServicePrioritizationStrategy( + ee.ria.xroad.common.ServicePrioritizationStrategy strategy) { + return ee.ria.xroad.common.ServicePrioritizationStrategy.NONE.equals(strategy) + ? ServicePrioritizationStrategy.SERVICE_PRIORITIZATION_STRATEGY_NONE + : ServicePrioritizationStrategy.valueOf(strategy.name()); + } } diff --git a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java index 6ca573cd62..9391a3daf9 100644 --- a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java +++ b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java @@ -26,6 +26,7 @@ */ package org.niis.xroad.proxy.core.configuration; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.crypto.identifier.DigestAlgorithm; import io.smallrye.config.ConfigMapping; @@ -70,6 +71,10 @@ public interface ProxyMessageLogProperties { @WithDefault("SHA-512") String hashAlgoIdStr(); + @WithName("timestamping-prioritization-strategy") + @WithDefault("NONE") + ServicePrioritizationStrategy timestampingPrioritizationStrategy(); + default DigestAlgorithm hashAlg() { return Optional.ofNullable(hashAlgoIdStr()) .map(DigestAlgorithm::ofName) diff --git a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java index 57fbfd0d37..9774141c93 100644 --- a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java +++ b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java @@ -27,6 +27,8 @@ package org.niis.xroad.proxy.core.configuration; +import ee.ria.xroad.common.ServicePrioritizationStrategy; + import io.smallrye.config.ConfigMapping; import io.smallrye.config.WithDefault; import io.smallrye.config.WithName; @@ -221,6 +223,10 @@ interface OcspResponderProperties { @WithName("jetty-configuration-file") @WithDefault("classpath:jetty/ocsp-responder.xml") String jettyConfigurationFile(); + + @WithName("ocsp-prioritization-strategy") + @WithDefault("NONE") + ServicePrioritizationStrategy ocspPrioritizationStrategy(); } @ConfigMapping(prefix = "xroad.proxy.addon") diff --git a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/EmptyServerConf.java b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/EmptyServerConf.java index 0c6c3e863b..52539037fc 100644 --- a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/EmptyServerConf.java +++ b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/EmptyServerConf.java @@ -115,6 +115,11 @@ public List getTspUrl() { return emptyList(); } + @Override + public String getTspCostType(String tspUrl) { + return null; + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return null; diff --git a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/TestServerConfWrapper.java b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/TestServerConfWrapper.java index f737807fb6..5fe56d8fe3 100644 --- a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/TestServerConfWrapper.java +++ b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/addon/messagelog/TestServerConfWrapper.java @@ -162,6 +162,11 @@ public List getTspUrl() { return serverConfProvider.getTspUrl(); } + @Override + public String getTspCostType(String tspUrl) { + return serverConfProvider.getTspCostType(tspUrl); + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return serverConfProvider.getDescriptionType(serviceId); diff --git a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java index 8acd6a4ac6..8f65d6ed3e 100644 --- a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java +++ b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java @@ -25,6 +25,7 @@ */ package org.niis.xroad.proxy.core.clientproxy; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.TestCertUtil; import ee.ria.xroad.common.identifier.ServiceId; import ee.ria.xroad.common.util.CryptoUtils; @@ -129,6 +130,11 @@ public int clientReadTimeout() { public String jettyConfigurationFile() { return "src/test/ocsp-responder.xml"; } + + @Override + public ServicePrioritizationStrategy ocspPrioritizationStrategy() { + return ServicePrioritizationStrategy.NONE; + } }); authTrustVerifier = new AuthTrustVerifier(ocspResponderClient, globalConfProvider, keyConfProvider, new CertHelper(globalConfProvider, new OcspVerifierFactory())); diff --git a/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java b/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java index b9d76e66ff..a3e593f03e 100644 --- a/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java +++ b/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java @@ -31,6 +31,7 @@ import ee.ria.xroad.common.AddOnStatusDiagnostics; import ee.ria.xroad.common.DiagnosticsStatus; import ee.ria.xroad.common.ProxyMemory; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.util.CryptoUtils; import com.google.protobuf.ByteString; @@ -187,4 +188,23 @@ public X509Certificate importInternalTlsCertificate(byte[] certificateBytes) { var response = exec(() -> internalTlsServiceBlockingStub.importInternalTlsCertificate(request)); return CryptoUtils.readCertificate(response.getInternalTlsCertificate().toByteArray()); } + + public ServicePrioritizationStrategy getTimestampingPrioritizationStrategy() { + var response = exec(() -> adminServiceBlockingStub + .getTimestampingPrioritizationStrategy(Empty.getDefaultInstance())); + return getServicePrioritizationStrategy(response.getStrategy()); + } + + public ServicePrioritizationStrategy getOcspPrioritizationStrategy() { + var response = exec(() -> adminServiceBlockingStub + .getOcspPrioritizationStrategy(Empty.getDefaultInstance())); + return getServicePrioritizationStrategy(response.getStrategy()); + } + + private static ServicePrioritizationStrategy getServicePrioritizationStrategy( + org.niis.xroad.proxy.proto.ServicePrioritizationStrategy strategy) { + return org.niis.xroad.proxy.proto.ServicePrioritizationStrategy.SERVICE_PRIORITIZATION_STRATEGY_NONE.equals(strategy) + ? ServicePrioritizationStrategy.NONE + : ServicePrioritizationStrategy.valueOf(strategy.name()); + } } diff --git a/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto b/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto index 9cfb50e15b..9de3dbbf4d 100644 --- a/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto +++ b/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto @@ -38,6 +38,8 @@ service AdminService { rpc GetProxyMemoryStatus(Empty) returns (ProxyMemoryStatusResp) {} rpc ClearConfCache(Empty) returns (Empty) {} rpc TriggerDSAssetUpdate(Empty) returns (Empty) {} + rpc GetTimestampingPrioritizationStrategy(Empty) returns (TimestampingPrioritizationStrategyResp) {} + rpc GetOcspPrioritizationStrategy(Empty) returns (OcspPrioritizationStrategyResp) {} } message AddOnStatusResp { @@ -71,3 +73,18 @@ message ProxyMemoryStatusResp { optional int64 threshold = 6; } +message TimestampingPrioritizationStrategyResp { + ServicePrioritizationStrategy strategy = 1; +} + +message OcspPrioritizationStrategyResp { + ServicePrioritizationStrategy strategy = 1; +} + +enum ServicePrioritizationStrategy { + SERVICE_PRIORITIZATION_STRATEGY_NONE = 0; + ONLY_FREE = 1; + ONLY_PAID = 2; + FREE_FIRST = 3; + PAID_FIRST = 4; +} diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml index 56f950c299..2245edb7e0 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml @@ -3,7 +3,7 @@ DEV https://cs:4001/managementservice/ - MIIDCzCCAfOgAwIBAgIUcu57YpCg67bCvmY3941+9huLEoYwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGeHJkLWNzMB4XDTI1MDIyNzA4Mzc0NloXDTQ1MDIyMjA4Mzc0NlowETEPMA0GA1UEAwwGeHJkLWNzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/ROzD2VYRCBPXFmFB7CgRK0LYPGxAr03awfxR+0chkEuNw1upF28mq5c2tfMNljPa5ct6tNSqsNsUjtdxcMcCMkEJV2XcNNfro41EPpvTWqrYepQ2IlyBokMl8sZq1CuQIhZRYsk/ahLC7RN+zc2f7sOnZ+X+dExtddUHFDb5+ehhaisrbma2fmWrc3GPBCeq600Yidw8DR0DaLxSmfc/SyTfvlM12qHZoxsexlSc6q7TqiO3depj1JGtKR7v6SFNBNxiOl5r1xiK1a9Iz5N/jm37q5Bz2CPhiYYbo0II3dj/Jg7vSm5T4h2ZhjBrjnmaQ9TgukQhPKMcXk/oEvDwIDAQABo1swWTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DAXBgNVHREEEDAOhwQKCgqPggZ4cmQtY3MwHQYDVR0OBBYEFBplw655gAtSR1F109j+TK7QvjRIMA0GCSqGSIb3DQEBCwUAA4IBAQCcIxF4w73bpbZSTMBowNR2RyssunS2qELwOTxMKNQu8S4MOWgPUy4wrXmCQMZApl2Sw7nsFkIbchbPA4oyOBwpltvzbBcpnoorYAocTW71iTr6fiHMZvX8jICzUsMXlhe8dd2Jnvegt9xqczk5znG+hQI6+rX/TTjQTpN6CJp8tWRAGP3q4b5mzMmBuavmeP8hU0/H/d3iBo/iwuE1NWD1B7/+1WsfZm25xbCFwFO056Jyv3Dmcua+jPFPyc0K7gmIord2WUqAQdL5KBaMJ8TzO1ECDmKMoNtH46xsQ6ScJ1ffLW2ilZcoC6lnwG0qz4ZdWY8j9EMPeaZC+AL3e+Vb + MIIDJTCCAg2gAwIBAgIUMZw/qaccO23KFoyyBhDsT1vVk9IwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEwNTIyMDc1MFoXDTQ1MTAzMTIyMDc1MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4MJ/UgVWdjH1/gwsO0YPv85aWAGbiiEpb7HgKqaSoUZNJvKlZsgp5WsgkygSzc+8oXgxw4FQmJtrvU9a0H7VNO0vW8J8p/Oo2Usurqwvsbt46jaS/VKvFtOM7/+RfdiHiVV8gm405SZQfraWrhFp3/QDxvcPttmVTOoFX2M9G4G+6nkptcw7HlK3nNOFtM/Hl2439z+iETTuTDhuKEpwiZy6jqoAer+17EHnPMprHwIZKE0KHPP804uChj9cOGDxETQfN0Xv+0JECF2bMIdt8YeISlnafRVR+83Obtcj69y0tRSzAtvSAOreg/599IjY6Tb+rjHjAO4pWFjpMDztwIDAQABo28wbTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DArBgNVHREEJDAihwQKAAECgglsb2NhbGhvc3SCD2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUFtBl5Xaw1sAu5dUBaDYTpWpMM5kwDQYJKoZIhvcNAQELBQADggEBAHdUYK4yRGQlTitKBltwviWazFeqkBsamV66dQzpnUmdW+FrOujN+cRXGWiRn6+MJ4qRCZGektQUdYxthV3lb1T4YaPcl80eeKZBghl1Jfe1+1Ucjiv4/Ln8+Fz3QoG97wOs+asRqwm7huP5YJZq/nL0f3Ih32TKrlv6PKyMA4RHjwHiMQQTrhjzoBzpDY1rnYoVV429iJICv/7RM0Ndd+T2aFC+p8H1qtnNMd7zzT4sqSS1h5Zj1dOrAweNv2q4bXsQjqaUJZEoNq3nMvzUcpG9LH57ejhHpMlHDtLvnUOOTxaBquLh5Mw12QLkrXlb803S0OQYGe17yrhRtwWHtyo= DEV COM diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata index 51304c9d13..ffa7dd8693 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata @@ -1 +1 @@ -{"contentIdentifier":"PRIVATE-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-03-01T14:39:11Z","contentLocation":"/V5/20250303143911136407000/private-params.xml","configurationVersion":"5"} +{"contentIdentifier":"PRIVATE-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-11-07T04:52:26Z","contentLocation":"/V6/20251106184446407787000/private-params.xml","configurationVersion":"6"} diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml index ba2779a9df..6f0a16a889 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml @@ -3,20 +3,22 @@ DEV
cs
- MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvZwWBRJABPy8I4KXdFC2O2GdUzqkiu2d5q3NWja/upfd1oVqxZH7DG7zfHVmEsWjQO/GFVPDJDn2sJCux/+4PTJt+mJ1kmErJ84rhw2PsoJVmBDZRswR9VDoNRTCsFa7qUYdzie9ksOO573kEjQR6hqpSQxlnl0/W2vkyLbMtpym1zkspRpttPjDRZ4n6g0vscsL/JiTR6M7Mrx+1JFMsCEXsrcX14cWHHq/C7nQapaVtrkTBWKRw0JsuAJjyA7ofUNfJDRyT/4DRH9glPHb93HRkTTEZtzGNLwm2VGlQZaHEB0ZLAE6Er2iuzGQWZAYcnvnWgA5eMpTrlO/L8FbAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAZ2W5AOAT0MlePq30HFiQZIghV2aCQFUi5QdZ0f32HFvkMUef/yqKPf1Z9A2c16qG4BMe3sdwoErS2V+Alac80ySTZgpsMXTohop4OQ/UMJeserQFWVVVhLLj2izOKqjoAooBh99IiwOKGvBQwjiIjoKXnHCAcL4lfLVEUD1Gud7qT1HnjGs1AEztxC4V2YxfcM2WasiYlAZ5iKcWfc8XDZ4+nxDQyPuPXKvDRWQtK9cnt9QWVUqCUG87u2FTHqax0qW4kggzG68g7Rz2mzbcwBTpW6gCmFJVkkk7Tk5ptrPsgOLElXqH/xNH54d2DX9s9AwZYImbZFXEoc97dorM1 - MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjuLv07I6FywICvewmVZu+Q5Pxo9U3kgSr9H/fdv6oAdvtf5xQakvo/HjGDiYL/MnRc8x1cr8HRoIR72dgqrggDSfQAliPt10OgvTxBe60jsLXhx31UDkvT/QlgRsS4qlp/CR/0jlqP76t2S8u6TB24BZOSFAtJvREM2T46nbkQ4DmvsLkG0xUArD6TtVh05YidQkLktyrqs7fYwL/H0bYm/KZsy3FjGN5uBkr91ZNP6KTBCQSNqucz2ykbGc/uf8iYlKdsfIz4EXsrbiq0GqmrddPdAOCiBPka+doN+fC3hV43k9DoEUrNhM8wNr0iMal0NUOmp8apaqX0wUcaE9pAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAy8o5Es7nbjNkKZx4HGdQ7Y9qFuf4Fd9/IjEcbpZua5VtyxGq0H4U1dDJdOFP+YVhDi6oIOdCYtYWHdEc2K78IPAhLWw/VmtptkKD2EqJxKZgxI2ypazAwstBGnCe0rAu6OAdgh+FvgGHWRwUNs2tTNuvfcOHW5iuf9ake3Q6J1WYU4/y57BsceJVgFGMFU4TpNKciEHweogzCCXAPmvXYYKRDvrkXC1vjbX/K50XPhZH5+Kpw/u9pmyr1HUKvCJ/hDb5aqVMaHCcUxSikF+qfgpU218fJVbCAnJcNIOPaBuo1sYJpbRQFXjJpOULkLwWjl5Wdnpua6ZdHoWFEczY8 + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmxPFSE0oUbKCa1xYSArCtSseHX3GioLMqTDMjd3HYjJ1dShJWklrVRZAcKx6+mOk5/LPYXS2WBphxS+4iWjWIkPy9tDbwVRNs3ep51e9iIfMpRRXHC6E2hIASzaFYh8Qt/ljVfaYf4xxBkG8czvq7Dc5rKlzYhGXlLp8Yx8BkRmRjtqc1h6y3Afc+YVwhSf35MrsTwVhTkjnecnntr9q67eIJ5wCbO65BZhL8SompeyxB6srp3VsQVz8qsT5SJp8FYDDUGAdyBYBPGGNR4ZsLgIZRwSeftwhMHQuauOenDPMGDLMPJGsVJg5t3BFS94+EoGfSQLmmi+A28XSJacf3AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB9oKNXNgfeJAJnG6NPhS3gS0VigT2fCquUl38Rzv6tqc1uEKHkJqJ6jS2AO0wC7ykmCqU5Ex7mLFo1l70oaA85GdMuUlETxRLyhYw/XImeRHMLYxvML3e11DpyIb5GcnBr80iLlRs3eCGNLts/8b9F4akR21HZPCY0lZra6OcxTpnARGIxLqC5fD7O12Nf1Zu3sitKWgMBj4FswIS9fWSoI4vONY11KSmP8/aaKPpOOGDs99CNR4ay7ug/ch9/kePlmIu9Vidn9mkrMTseM/x7O0hr+iO3GG0wab1daXRZpUSvbP3ZqPXLIwePcvUUjlxHvB7GlT89C3dE0NVMDAuK Test CA false - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZSekNDQXkrZ0F3SUJBZ0lVSjl6Y200VHFtNUpIQUVPenduaUNSdXdCYnZrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0t6RVhNQlVHQTFVRUNnd09XQzFTYjJGa0lGUmxjM1FnUTBFeEVEQU9CZ05WQkFNTUIxUmxjM1FnUTBFdwpIaGNOTWpVd01qSTNNRGd6T0RReldoY05ORFV3TWpJeU1EZ3pPRFF6V2pBck1SY3dGUVlEVlFRS0RBNVlMVkp2CllXUWdWR1Z6ZENCRFFURVFNQTRHQTFVRUF3d0hWR1Z6ZENCRFFUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dJUEFEQ0NBZ29DZ2dJQkFMbDM3ckNQWVdHQVBxbkxLS2g1ZXc2Zi9sLzRoVTFQMlZ5dE9CdG0yeFM4NjZPdgpWWHNIb1hwUG4yZjhNeUJ5UmRQdGZQSUdTaS84Q3hROW9WcTlkQUdFdHdFQ3hoMnJ0dWh2S1RnRWJUb3F0ZXB2Cit4TWJIMm9FQ25YTTkrRkJmYUVNVWVNY0FaVmxPSGVaUytWWlVMWUJVdUwvbXllZ3owK2FydldHbnMrciswMFgKOUtKRHIyUTcxclkzcnlpQTByZlJMWWJGdVY2elJuNGZJN25MeGNOckFheGlQZEQ1bXVBQ1p2VC9sTlVyR2NNawpoVGk0R09XSUQ1UWVZY3pnMzJ4Zzl0UWJ2cHFUd3RiTFl6MXgzR0xtc2NKeW9oSlUrUE9ISDExQkJzZW9CK0daCkpVU1grQ21yNkpVUEpUei82QndnTVdISDFQZ0MwYWNLK2t5ZGFWRWFNc01MSnVFK1VMR1RjU0xiM0F2U3kwcFAKRFRKVXIvSDMwWlhDT3ByS1IzRUFkKyt5ZkhxV1ZmUjNXc3NGOGZMSVZXMnlrbzFnMDZ5dU5lL2o4Z3liQzVxNQpUL2NvOW1pcFczbW5Cd0hsZjQ1Z0RMZmFkR3ZFeVNqVkRRd3RETzVCNWx1VWxVSDRGQXNyK2hPNnNDaDRYSjVXClhSMkQ0c3NJRVdTOWd2cks2Y1pyc2NzS3dIZlNHWmNJYVdjZTdyMDlNMGN3ZXNmR01hMklUSThVM3RyUlVVdHcKODBwcG0yNE5aYVpDdncybkxzRjJQeW1qVTllVG1MSXNwek52cHNSSS91RVFZdStXY09PTFgwak4wUzk4bjVPYwpqMURteHNiK0QwN2F4MElNcVBmTUljazR5NkgxVmY3bnZ0NzdIdWgwL1JmVFYxK2Exd2R1cDFFQWR0VU5BZ01CCkFBR2pZekJoTUIwR0ExVWREZ1FXQkJSamFWTTRhaVcwYTFYKzNoV0JHcythaTVXL09EQWZCZ05WSFNNRUdEQVcKZ0JSamFWTTRhaVcwYTFYKzNoV0JHcythaTVXL09EQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQgovd1FFQXdJQmhqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFMejFiQVd1a3NvWWliZEVMWUJoVlZiZ1U3cWxlCjFUdFJMdXgzOHF1SVJVR2R0NzR1N0FHNGlNRXB5Z0R3Y1NEbGJjUEdac2xxcnBiNUxUMGg5SnlSWURjcS93MTIKUEdYODZHS0laNTNYR0F2NTA5QXVSTDZUOEVQRENmT28yWE1VZENFbzJlbVZyVmhieG12dU9jdWF5cUtZN1ZVQQpUU3FybUhWZWFGU2pvTkNYRVE5VlE2dS9nV3VEWWdGTnBPZXlCc09LUGx2c3ZieU0vNnpFVGpwMnBSWkJpdUpOCkNSRDB0eDlsT1ZsYUtVN3JyazVMYjBOWjMrL1lXWTZuZXNTVWZGOGFIdkg1cWkycFEyb3dRNmZGOEFWbTJRcjEKaHROdG5BVWp2c3FhUEV3Rk1NOTluRFU5cWNKcDZhNVNBUUluVFFZUlhFcEZkRUdWbFNySldWTVRjVnZBZG43dwpKdHR0cXgzVlM5ZGZEa1lwMm1mczB5cjd6Tm9HZzI2eVdrSlhNbEo4cjdxeWpOa2NsNGM4Y21YTWNKbjByY2phCnBoT0xVbjV2a3BKeStDRmkrQjVhSEdvRWVTUVNHT3JtbUNTbVVNS1RURjBLVDE3cGY1NUdrKzFZdDJjZzZTWlMKazVUYnRLSXgrUElEMDNtOGlxeVkxek9aNFRwR0NJQWJOOXg2YmIwc3NsME9DUWV2VlQxd3lSWW4rTzdpZTQ3Kwo1U3Z5L1V4Y0pOL29OeFVQbDhvV2lvTXRmdnFkS3hod3NhZ2J4NDVNZ3ptUlJjWWtPaWYzKzJZby9nT1JBcVZUCkd3eU4zWjNTZWFpUHRCYWg5T3lkelNUS2laMWo4dGcvbzdOWkt4eC95RmFLRitsMTBCRG83Wk1OcFFUb2VkRnIKeUs2RWVCY1FmcjV5YlhZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQXh1Z0F3SUJBZ0lVUmZCZHV4MVhtWFMwcHYveU1ydVExWHBQc2VRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURU5NQXNHQTFVRUNnd0VWR1Z6ZERFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEV4TURVeQpNakE1TkRCYUZ3MDBOVEV3TXpFeU1qQTVOREJhTUNFeERUQUxCZ05WQkFvTUJGUmxjM1F4RURBT0JnTlZCQU1NCkIxUmxjM1FnUTBFd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUMxT1hBWkVsdFcKbUlnaU1WZ2hxb2ZPLzdmanZ3REdtaFFiT1pIM2pEZVJ1VVlDODdOa3REY3VZcDlYdTJOTnJBZFNnalFDVS82SQp0a3BMbVRNRHNUV2tPQ0grK0xBNHlON0tyQnM5Kzd4T1F2YVZGeDJYN2R2OUREYmN3TUxsQ2tPdGwwa3gyQk95CmRlT29XcDdNb0doRWo4UG85SnFUMTVBQmZzZG5tUDVpRjZkb2FHbnloZEhMemxMNnFFbTBkZjdXYXR3amtXOW4KVWozRS9ITG5nT1RucEVvdTROL3c5eitXeGNJT3J2Qnk3MUlUemQ3YVhmSDBEWUxCVUlHWHBTdVdBMUthNUtldAoxUityTytTOURub0NoeHZ3cUpSNFhIOWwxaEJTcDIxa0FqWVMwbndORDloZ0xqV1c3TE9jam9WUForTGxybmZJCkJCV25XUHIwVWFNdEROeHViQjRBdVM0T25SUmNaczZ5YnZzM0VMUFFzNndFanY0WFVyaGEvNFVLenhUaEhzVDIKMUdzWE9sL2hzRXFOTXBQVmIvVVZtbnJveWFQYllnUWxRdjE2dk4rL2VlUVF6YW41cXRWaENFVzhRMk5PdkJVaQpMcWpMYXYvSHBVNVU2VTFCVzhLN21HSTlXbGRVVW9RN1FSd0c3OWQ1Vm94SFF2OVUvNGtHTUtmRVBtdXlFZEFKCnBIeVphZlJvSkdKNjVSMWJWdW1xV0tUOURJQjRjeGdvaWRJVWxoY2FVY0lGZUxZQ0lXUTJDNmY2UHE0c0xIeVYKSjdMUXlpaTJZd0JFTTkzQjR3TE4vYnVvcjk1TE1UWHRsZWJtcnppV2tublpUNE5vMCszTk8xZXRmMDkwVnkrMgpta0toTVhlVThJOVJLUkZJSFd3SkZWM0Vxa010Q08ybXFRSURBUUFCbzJNd1lUQWRCZ05WSFE0RUZnUVVVUVltCkhyd0x5d212Nm52TUk1WVZoeElhamljd0h3WURWUjBqQkJnd0ZvQVVVUVltSHJ3THl3bXY2bnZNSTVZVmh4SWEKamljd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFKSnpUQlpJLzlTajNYYURreHJVbDhOYjl2MW9kWFl4VzNnOFErU2EvTHBEd0tiNTVEVHRwR29ZClM2RDlkMGdXRU5XY2VDNHlUN2NVSlQ5TzU2dzFHVDFJM0IzQ2ZXVk5vNzNtOEw1TWwyVEJXSVZhckY0a0pKb0oKNU1VR3Z0WEJaRThzNkpqc1pjZ3BSdGlnMjI5ZlB6dHhjcG44UjUyYnZNUDNtSHpSa2hOaCtxcGhqbkZyK2lxbQpuTVcyNHM3WkY3cTAyOWUya0R5M0RxT1dUeEZTbVNZaHg5cXJ0NElTQzVVaG9XTFpmb0lPU2hJbmx0RnVmM25BCklnK1hVZDNLM1R3UGlrRHdXZjBFMVVwd005YzFwZFhZM1N0SkQrS0VWSXdjakYyK0lHamRpR09aNHR3UWpvRzAKaThoMmd6UzRlL3NtTGtoR0tMNDlkaFZkUkZ0SmswS3hveWpKaWRFSlkwcnVJaGE1cmR2OVdhakhDa2RuYXlKLwpTN0N1Y2pmZ1dhMmZNVGhxeHUrUTg5SFFmNHpoU1Y2R0g0SUlMRFpvRWV3LzA3QXFoS1l6OWFMVzEvc0NkMnVuCk5FbURoclVmWEo1bFp2UVF6TzVUVmg4SWZPU1Z4NkRrSTBza0lxNUE4Vlp1S3NNR0oyQnVKcnQ3OUtVVExIbC8KU280KzJOQXp4dEZWVm5jVG13NHpObWNBaGE3K0VsWWQ0ajhQTm5NL3FkWXkrWjMxekE4ZVpFNDB1WlZBZGw0NApjdTJjZmFrMnVMdFBSUnQ1VGR4Y3djbGRDQWpOY04rVTdkK1ZBeHZmWEw4WnBBeDdEUmhnNlh2ZUoyTW9xOU1SCnYyK1c0RHM4ckJNeGE1bzRZQ3dNMHFoZlpsSkU3VGpwRkx0Y1AyY05PRTlHeEtIRW9IZkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= http://testca:8888 - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZTRENDQXpDZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFyTVJjd0ZRWURWUVFLREE1WUxWSnYKWVdRZ1ZHVnpkQ0JEUVRFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEF5TWpjd09ETTRORFJhRncwMApOVEF5TWpJd09ETTRORFJhTUMweEZ6QVZCZ05WQkFvTURsZ3RVbTloWkNCVVpYTjBJRU5CTVJJd0VBWURWUVFECkRBbFVaWE4wSUU5RFUxQXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDWGc0WGIKV0l1eXdsUnEzdUlJenJ4Z2s4Wld2dzFhNmhZeXU2Z2hHaUw2N1JSbkNHS3Y5Ump3TkxPcUF4UVdBUGJEaGMyYgppRnZOZjA3czFzd3MrYStOcjkvRnhCbTBmakE5NkZCaFlySldIUjdUZTJVcEhYa043UzZ2a2VRbkhVZXZ3MGsxCnNmOTJpRjFBMndDUjVOWXdtWWh0aTEvRUR5N1VBRzdZMGxTdkNlUW8wS0tnSFhEeUFUc1U2MmtUZ2MybVNocTEKOTVUSElnckZnWFdEdjZnYjBQNWJSWjQ1S2h5Q09nYXVNOTMyM0dIOHhnKzdXTmFHUmEzRHNjT2MwbFZWa0w3WQpoWWoxY29rSFZVL0hlNllOZjBkUllLNnBUSTJ6d2Jxak01OVR3dDlOb0MxVnZoV0xRajlVMU8zMDd3V0NpRFYyCkxwQzhJZTdCYXMzbVIyV1Z1YnBJU0JiOEVkVzIzem5ncC9GU0xIUVdvcEpyZEVQaFluajRWeWw4NE5EdkdRVjQKaDhTVDNmMU85dzg3QzU5bHNFZDlkVFFWeFdLTzdmYVVWY1AweGVKWURFTmwyL08ybmdRbGl4TEhwQ1pXODNYOApheUl2QXI5U1JoMkhYbmpHUVNqZ1poTXdCUXBSR1R3UDJDdTl1ZHdlN1NXSmFMeVBFL0kya3l5clVIYTRUQWtGCjVxTGJBb2hUdE5MazllcE9YcCsrY1RZYk9Zc3pLWlFyK3pRcVA5djk0TUJpdEZpejZtRFhRaFh0VE5pMXFoYlYKbFVUVm5EcGg3ckhEajlrcjMvRExJRzZ2bnNDRWJHM29ockhScnR3ZDBSejNWOUhBdGNOVUkzVk5Oa2V2UjQ0NQpKRmg3cXh3d2Z3S0xQM3ZYSmNGY0UwZUc3R2hGaGlXWUVZKzFXUUlEQVFBQm8zVXdjekFKQmdOVkhSTUVBakFBCk1CMEdBMVVkRGdRV0JCUXEraUpXekl4eXNPYWdCckM0cithVVJRMkFvakFmQmdOVkhTTUVHREFXZ0JSamFWTTQKYWlXMGExWCszaFdCR3MrYWk1Vy9PREFPQmdOVkhROEJBZjhFQkFNQ0I0QXdGZ1lEVlIwbEFRSC9CQXd3Q2dZSQpLd1lCQlFVSEF3a3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBSGQxckZWSzNJNTg5ak1xNERvNXlvWG0wL3htCkN5YktzQjEvZ0h1enFhbDYvZjlNQy9JaG91bHNzZitBYk5hWWZJOVBKa3Nja1dkU01FcGgzanN6OFE3T3lIOHoKaE5kQWVDUm03Sm1ETlp2NSszdW4yY2NDK2E2SnlKN1A0bnh1M09Va2xyVVhHOFZsck5DY0wrSlovQ3IxMVB2SgpzRHM0RVlHSzBEL3RsS2owSTNOcW41c1YvNnd0U2Z3Q0RSanBLSjNPbGR0ZVY5S0Z4RmpkVllUc0trZzUwWXpjCnBWVG94UzFzZXNjcENTMXJocnRUMlBFTStlVHhiRSt4aHhBWWhtOWFuOTU1d0M0aFk5VVdYUHdJWElkZW42WHcKMUhRdVlDa0hOci9zNmdGdC9Uem01dVI2eGgwVUZ1ckE2bk5sVkp1bEhwektzanZCcWZJL1hCb0JlbTdJMFhYcgpxWHFsSlRiVnFXOUZrc2kwSFpSQWVoYThSSUowTGZhd2QyYXkzNGl0VGRINjQrSDFLdFgzbDlINWEyNGF3RGx6CjZzRVhNOEhZc2dQMDBVSHMwRlo1SlZ3QWczU1J0M3RiaHRvNWhNR0txM3lGZE9GNVA4QllwNEZ6ajQvWksxbDUKZTNUWGlMRUZZS2JuVW12bDFIYWlvQUVKcExvbDYrSkJkQnNrOG5SUm1hc04vTnVQUVI0ck5qQzRvS2pidG92RgpiTGxGNTEyV211L0R2L1V6YWFTMmwvVGtZalZieVhRMDYrK3Z5Zkt0dWU3YnhFSHBjMkJXR1RCNmZrVVNVOTZpCkl2cGNnZ1pJVWlRZjlvdU9IdEV5c3R5MWtuc2liRHRoWHF5KytiYWlHcm16TVIrVjF4MEJWd0dPSVJoaTRmTDgKV0ZIR0tKU0hibDM4SVVpeQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZORENDQXh5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBNMW9YRFRRMU1UQXpNVEl5TURrMApNMW93SXpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVTTUJBR0ExVUVBd3dKVkdWemRDQlBRMU5RTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdjNCUDR1dzB3c0xGcUczOHJDNnA4YkdiT213b0xvWlIKNUxYNWtXMis5OUpkci9uVTJaR1Bnb0hmQ3BLSVI5WFZKT01vU3daR0RrTWtIVzJ2Umk5MUJQVnM5QlAxZGVLVQpya3ZnQUxna1Z6MUxhQmJGTndGdHdNeWxYMkM4czNUTEdPTnZzYWdyRVVBZEk0U29HdmF0a2FScE5KMXZXNno1CnVLWjUrbWFrVVRrVzkyMHJNREdsb2lwblZwUURHK0lCbDJTcEx6N1VGOHhmempWVnljbkVXbVdBek80ZGY5V3kKYzl3NFVHNUR5YmYwdW9rMk1LdThQTE5saXpZem1xb2t6U1lCQUxYL3ljWFd5ZG1mS1BZaENqajljQnlwTEdsTgppdmM0Nkd2Q1lzVTQ0bTd2M3EvekJsa01KZmNsRjllb1lYV0VFUmxGWXU2Ky93dC9NTjB2RWJGeURacXJBNUI4Ck5qeUNneDdVbjZLRGhLZEdqdGZtSTkrU3UvMjJJT3liTy9sSjlXQmg5ZC9oOWhIejJsQWttQ1kzdVYyanEweTkKTTI3aGYvOUQranFWUnZLRmppdVdGcXZMZk04Wk05Z3NXbFp6Wi9lZDlMSnBFbmpqQ2VHK0pkY1phejNhNVR1WgpQZ3JqcCs0YWdpTzYxL0IzV1pLd0s3OERWT09kMzVoa3BncE9JNDFBMzg3TWFUTE1zRUppR292a0pWR0xBSldTCndBMlkxaWx5WERmSHQxa2NmV0dHUFFRT0p0dm9WZTlGLzFUYW5UZFVBdE1MMGcwUW9aVHVMRTFka01UM2lUTUkKaVdTcHRYcUYya0crckluNlcwSjhPelJib3Z2YUhFOWhXYllLK3VwNnZqN0xXL0JkZTZWNW93eFNKa0lZMXh2MwowV1oxUWl4ZkZFMENBd0VBQWFOMU1ITXdDUVlEVlIwVEJBSXdBREFkQmdOVkhRNEVGZ1FVRXh0cWorZi9MNnNPClV6dGNYSmphV1ViY0Zad3dId1lEVlIwakJCZ3dGb0FVVVFZbUhyd0x5d212Nm52TUk1WVZoeElhamljd0RnWUQKVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUZCd01KTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQ0FRQXV4VFFmUy9jeHcwMUgyN1pTUDB2blo3T28xOEgwemxoM09BMDE4cG9wRnRKbWhFcW5WejVFCnpXZS91eVZQMi9CQ05KUjJqQ0Z1UURBZ3RXSCtDa0R0SldNQzUvRHYxTm5tTUxWMWV5UE1ORzRYejkyaGk0LzIKK0lVSzJZZWZMQnRHUEVmV1RXUnB2VDc0SUw2ZFdMZ2pESFkrUFFHb3hjRzhzTDlTUlRORDFjT1lkMkRER3AwcgppYTMwektjYjJNbFdXMW1RTmNlaCt2VDZDWEVpTGFvOWZUb2Q1Y2RFQU5RU3NpTFAwMnREUUZLdjlMQWJSVE5IClV1OHFuYVpQajNxcGVXcnFmVXhieEcxV0dOYStSVXRQamhNZXdxTW1Ic1JRY1NBRVZzbmpSZ09jRTFUajEyR1gKWDhUeEgyOUF3SUpOK1JkTDhsUlkvdU4zSW44N2Z0akZaN25DeGU4bVVrK1dRU1ljZStqVTBxdDZPY0U4YmE5bQpUT1FpekVIbkh4cVJmY1RobnVYcVJ6VUdnUTJ4SC92aFcwYlJ2QTVTSVg1dzN4QS9ITWcvdXlhYVRDSXBBeU9LCkRxNnZZaU9qblV6dnRwdmJDR01oVHk2ZjlvOEpvZlQ2S0ticXVoYWp3aERDc096S0lpTFZYa3NTZGs5VThUYzMKeHpoa0o1ZEdjanQva2crOG1adGZKU0FzdHJWSmZ3Unh0ZnR5M3V5Yjd0a29MM3lOMGFKQTdHUVNpNEtrc2o3bwpkRkVUUGtUd1U5SXR3Skx4RUExQVRBZ0xvRTV2Y1M2Q2puVFpBZm1VbmcxOXRXaHZ6Y040cnBUYVMvOGZCS0EwCnZJSElYbDNWcmJtY2kyZkREK3RXckJ3bzQ1aVN2alR6MVk1Q21EU0dTNnFvK3RnemVaSVpwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + FREE ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider + PEM http://testca:8887 @@ -24,7 +26,8 @@ Test TSA http://testca:8899 - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZQRENDQXlTZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFyTVJjd0ZRWURWUVFLREE1WUxWSnYKWVdRZ1ZHVnpkQ0JEUVRFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEF5TWpjd09ETTRORFJhRncwMApOVEF5TWpJd09ETTRORFJhTUN3eEZ6QVZCZ05WQkFvTURsZ3RVbTloWkNCVVpYTjBJRU5CTVJFd0R3WURWUVFECkRBaFVaWE4wSUZSVFFUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxTNzgvR3QKc3JsSEZWSGpHOUNyS1EyeVNxODR0Mjd3bnNnTDJ2RHJGZFVhWTlQQjk0RzM0QVlUank4c0pVSjFWU1FTZENuMAppbXhwVlJ4WU1yTm5QOUp1R1VJNDl0SHBVTkt3b0NwVTFqQldPTUhXUmFtcWo1S2pjVjlJZENGelZ4MGJWNzcwCmdKeFovaU9rQlR0VzM0bkhxZitrMVRXMlh5L0V6Y2J2STVzWGdtSXQwWFBjRXAyQVdUUHpzbCt4Z3UyQlpqVWcKQkFYWTdWZmNjSXhSM3BEYXlZdDZHVktPU1d0NnBSNTg5dXlDTGxwaW93c3UxRnRoS0VFQWU3OXk5WHFFUE5lVApObWt6bHlsTE1hU3hwVHo4d0hBaFJWTmlJcG1Zc1g1WDFsK1FMZGMwcUo4UE15OUZCR1NibVJ2UXFUcEhXQnhYCjBhRkpvYXB6c29Pc2lsQWVNUHJFNUt0SGtMdC9FcFI3aGNaM2FoL1JZenE3ZFlRU0VMYkxCQVdLNkhXVUlpK0QKVEZsd1ArdThDY2JjZExwbHdlTHVKTXUzUEVxYysrU1pwR2JzekhZaXlIdXB0WWhKc2NoMmptK2QzSzhpaUpHQwovdkxwazk5cVVaY0xlaEFmVm5SNFdMa2tNZUZQRmg0Vk1QeldQUmNCZ0hXTU1uRVhLQll3QWNtWVZVM25GV1NUCjkrRXMvaFBJQk1UUjZrSUd1eStVSjIzQ3Z5dHRmUWY1Y3NPRnlTL1NoODE2dzY1bTZPbk82ekdPSEpYb0dIRnYKb0NMZnhvVHlFaUdpU21kWVJDVE1hYjJEZmQ3L1NRSXBvUGpUY0ZMY2tvZFliS1JiUmwzd1I2eWhNZS9IT1lyWQowOXR4N2x1YnBDRFljYW85VkgweE04NmZ4SzNFVjRYWFpvZUZBZ01CQUFHamFqQm9NQllHQTFVZEpRRUIvd1FNCk1Bb0dDQ3NHQVFVRkJ3TUlNQTRHQTFVZER3RUIvd1FFQXdJR1FEQWRCZ05WSFE0RUZnUVV4encvTGt5bjBlQ2IKY2tpaVFjY3hGRkw3S2dnd0h3WURWUjBqQkJnd0ZvQVVZMmxUT0dvbHRHdFYvdDRWZ1JyUG1vdVZ2emd3RFFZSgpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFIbDhpSDcwZ240aFRWVmdMdlYzWURyMjJVaXp1bFNBZEtXaDlZUG9DL2Z3CmJ2VlV5VytGTjU4NWZFcERWVzZIREUwdFpqdUY3TzlkU2JOdDQzWk5kVVdIdVlGVGIydUlPRzVkL3pPUThFTSsKRVl6Zjd1M3o5dzdBL3FpVENwcGNqRUVSRG5pbk42STVXUGM1YUk0L1RmTUpQSm5MN3JWS1JoWm5JMmNZODgzdgpCZlZXTEFaemx6Z1JLb1M5Q05PWFQxQlZSanBHWGN5ZUEzREVEQ1pDS0E1MnUxN3dNdEN2RE5QdUt4RWFTUzRrCjBLTlJKU3BEeUhsOXlVTGVRKzdvOGJyaDAzYW02Z2VRbGQrVko2SVY4dnUwY0xFNW9NSkh6UXlYNWM1YWhOMzUKY09YbHJlakhlQklsTGtCV2tKdHRDdXdranFwUXovUWw1ZkpLVEtKU3JPQ29NZTN5dDZtdWZHT0Zva3NQV0pNTgpBRGZpb25SakNUcms3ei9XSVhRaS9uOVFyNnJya3pIb1ZDcWVQQjR1S1BCZW1xQ21pWlltZGp6VFYrc3d3MHlFClZQdlRPYUU1bVVzTkkxcGdHSGgyRVlZckhyaU81L2hsbitnMzBpTnJ0cmxndGY1Q2xuNm5PYWdiTFE5bi9qcEEKSGNOdjU0akhjQWhNTCtWVy9uUzB6dllNNTBTYVVSREVzbm9LV1VLZjV2cEZsdExiU0FXVm9ETllJTFlxb2t0OQo2akVSZTdtQUMwa3JoS3FTUmJBYWJCaXR3bEs3YVlCTWJnNWVrN0ptaFJyZFdsaGNRSGtQQWl5d1o0R0N2RUUyCmdIWXFrYmpQMkRRTUZESW5hRkZqOXpxekl2NWxoTDMzNXFrRlNKSjlJQnA1WmlrRDhjbTRMYnF3NCt3OThhM0IKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBOVm9YRFRRMU1UQXpNVEl5TURrMApOVm93SWpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVSTUE4R0ExVUVBd3dJVkdWemRDQlVVMEV3Z2dJaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURqVHpJS0F6SUQrR0ZBWURGWFdSL3lMTWROM3JEbnFDVHYKN2VLQjg2aGJYNC8yOWVMTHJ4WCt2SSs2TitGOXZjc2RGblFwSVlnakdmT1JOQXF5SmFpNUNZTExyYk5MeE40WApGVGg3dTJheG5ZYUFacE9lU0EydWs1VGNXbzdDNVJYZTNnZzRDd0RvdUlRWjcvaTlBZ3ZDYWsyZi9mY3EzNHlqCkprQVg2WjFaUUdxQ2kxRjhFVTdxWWFWNkhvc1hWS0Q2T0E1bHc2RE5pNXBpQnIyalRYSnlLVTY4N2hrSjJQSjcKcE1BRWd5NFVCbTcrTExWa1RaUlprWDVwelRHKytBeElGM1RXd09VZm85UXAzY0pObk5HQk1uRHBxVUVSMmk3TApWZ0Q2WlhFMU5BWUZLTHdSRDVzbkJxSWRXbXMrbjlpOEEvNm9KZVNsMUZGU0Z5WUNBaEY2NkREZFRyY3l0N2VkClREcEx6aDI0ak1ycWxPMXpaYnBkaHo5NlVtbkxzSGlwK2RUOWNNV2VmRTRnWFJDbktjbmc4L0N6eXNnOXNZaDAKeis4aTkrdmNOZFVScHRTZHR3a2pNQXJNUjhEajhQOTB1VHVmVGxDWlRZYWhsNlRlRnZsS3UybkRnaHRTc2Faawp6cUdDTGtpN1BqTk9idnlOYkhTb1RSOHZlUGZSK1pvSnZtdm82aEdWQXdZYXA3aGJxU2lXK29Yc2NSSHRSaWdNCnlORE5XWFRvNnZ1T0x3VUF6ZWJPbmZJeXI3ZkpKVWFNWkJNS0JESmU1NVY0RFhVbjFmMjBjMGNwQnpkMzFWWGIKUGQraEdMUWdVVGdFWHVJQ3UwSC8veWJyQ2xFNTJ0Y1JuUGJxR2d1b1Ntb3hGZkdiL2FoSGtTMzFpRjI0bkJCUgpiSkpFOXhPNXd3SURBUUFCbzJvd2FEQVdCZ05WSFNVQkFmOEVEREFLQmdnckJnRUZCUWNEQ0RBT0JnTlZIUThCCkFmOEVCQU1DQmtBd0hRWURWUjBPQkJZRUZHcno0SjluT3JZT21vSi83bjFDR3hYakQ0eGVNQjhHQTFVZEl3UVkKTUJhQUZGRUdKaDY4QzhzSnIrcDd6Q09XRlljU0dvNG5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNPSjhHTgpYaTFRd0ZIMDVJMWU1QnZRc1o5M0dOb1hiVit1Tkt5U3FTRndhYXY4WVM4bjd2emszeTE5Y3NleE9jOGNZQjlYCkRXMDRUeDdpRmhCY09RdHU3bTVoeTR5Z2YwNWJpdzAwS3BVSFQ2dUdCWDVnTEhlM2U3cTlyZ3lXRkJEaDFBMHYKVys1V3RVT0NzSmhtQjk4bmZ6VTBMVVZ2ZkVsZ3BlT0NHMS9mTit2YVJXa0NXKzh5eUhTbWE4emtsR3NSbTAyRAoxenUwVFNBZlBaUkV2aG4wZTQvYUJRdWlXQmh5YVNkMERFQUMvT3RPbnQwS2NhZVJ5OUFEV0svNHArNzBiNzB0CkRMWXJ1MHhQekRtVkI1eTByazg5T2ZWeDNKMjhrRHVoUlZtZTFiMW1pQTVGcGZuVTdGRXg4b3MwYWN6YXo4aEkKTUNvbzRtS3ZZVXBjbWJyTEhETldETnFpeTM0NHN3bnZsTUhjV0YrQ2JLd29QcFdWL1NGczgwOElRNGRIQlQxcAptNTVpeGtISG93eFF4eEI3d1VUT0JUMzR6SWRhZm42dlNnMCtmRzl2ZXFCNEpIUVl5T3dkV09TT0krZU8wb0V3CmNPeDlWK0JoZmtKNTdoeEtENy9SbmxucDFYalRNdEhWSmJDdWJvaDltWklBVHM0eUUvQVBFcjN3T05Cd3B4MU4KWHNmWXp3T2VFRXh6RHloUFROODZ2VlB4QXkxV0I3bUhOdkYwb2JObXVubHVqM1pSR1VldmJNSW1zNVdKTFVGOQpRRmdGek9LVFZzM2RPSGRuQnlqRG5jRWhYcjBTdDJXbCtvWFd0MlRwbHZVRmRMMFJpWm9SbGNPYWI2NTVaSjhxClA3K2tGdlI4ME5KWWFWdmIyV3lGTUpHdGpzU2kxMElwanUrZnl3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + FREE @@ -62,24 +65,24 @@ Test client subsystem - - id5 - SS1 -
ss1
- 3HxwE/+PUFC7dPdJCOB+eOouVh8z0kJ4SeMSasi7Z6k= - id6 - id4 - id0 SS0
ss0
- iWJ4PMXoxImvwPQMVcNHRg3pFXwHhc9oDi9Kdl3li/E= + 7Meh1uzLrM0z4DWhf30PPzICihqTHGgRSmWczyAIWB8= id1 id2 id3 id6 + + id5 + SS1 +
ss1
+ ZW/oMvScXIzXpjWL68Dkd5ybl2ClA14qACkLJTWN8wk= + id6 + id4 + security-server-owners Security server owners diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata index 5ba80a0b21..829f831906 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata @@ -1 +1 @@ -{"contentIdentifier":"SHARED-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-03-01T14:39:11Z","contentLocation":"/V5/20250303143911136407000/shared-params.xml","configurationVersion":"5"} +{"contentIdentifier":"SHARED-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-11-07T04:52:26Z","contentLocation":"/V6/20251106184446407787000/shared-params.xml","configurationVersion":"6"}