From 0e5c30e4268ec147378fefe76a963abb6a486e89 Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Fri, 7 Nov 2025 17:03:23 +0200 Subject: [PATCH 1/8] feat: As a Security Server Administrator I want to be able to define what policy is used for choosing TSA-s and OCSP responders so that I can better manage costs refs: XRDDEV-2980 --- development/hurl/scenarios/setup.hurl | 7 +- .../spec-al_x-road_audit_log_events.md | 2 +- ...ecurity_server_configuration_data_model.md | 13 +- .../core/messagelog/EmptyServerConf.java | 5 + .../messagelog/TestServerConfWrapper.java | 5 + .../config/audit/RestApiAuditProperty.java | 1 + .../ee/ria/xroad/common/SystemProperties.java | 21 ++ .../files/home/ca/CA/certs/ca.cert.pem | 57 +++-- .../files/home/ca/CA/certs/ocsp.cert.pem | 57 +++-- .../files/home/ca/CA/certs/tsa.cert.pem | 56 ++--- .../files/home/ca/CA/private/ca.key.pem | 100 ++++---- .../files/home/ca/CA/private/ocsp.key.pem | 100 ++++---- .../files/home/ca/CA/private/tsa.key.pem | 100 ++++---- .../test/globalconf/EmptyGlobalConf.java | 12 + .../globalconf/TestGlobalConfWrapper.java | 12 + .../xroad/globalconf/GlobalConfProvider.java | 6 + .../globalconf_good_v6/EE/shared-params.xml | 8 +- .../xroad/globalconf/impl/GlobalConfImpl.java | 34 ++- .../xroad/globalconf/impl/GlobalConfTest.java | 12 +- .../globalconf/impl/GlobalConfVer6Test.java | 125 ++++++++++ .../xroad/serverconf/ServerConfProvider.java | 2 + .../serverconf/model/TimestampingService.java | 1 + .../xroad/serverconf/impl/ServerConfImpl.java | 14 ++ .../entity/TimestampingServiceEntity.java | 3 + .../xroad/serverconf/impl/ServerConfTest.java | 9 + .../niis/xroad/serverconf/impl/TestUtil.java | 11 +- .../test/serverconf/EmptyServerConf.java | 5 + .../serverconf/TestServerConfWrapper.java | 6 + .../CertificateAuthorityConverter.java | 17 +- .../OcspResponderDiagnosticConverter.java | 26 ++- .../TimestampingServiceConverter.java | 3 + ...imestampingServiceDiagnosticConverter.java | 12 + .../restapi/dto/ApprovedCaDto.java | 3 + .../CertificateAuthoritiesApiController.java | 8 + .../openapi/DiagnosticsApiController.java | 4 +- .../restapi/openapi/SystemApiController.java | 8 + .../restapi/scheduling/GlobalConfChecker.java | 2 +- .../service/CertificateAuthorityService.java | 7 + .../restapi/service/GlobalConfService.java | 7 + .../restapi/service/SystemService.java | 5 + .../diagnostic/OscpReponderCollector.java | 6 +- .../OcspResponderDiagnosticConverterTest.java | 26 ++- .../TimestampingServiceConverterTest.java | 10 +- ...tampingServiceDiagnosticConverterTest.java | 15 +- ...rtificateAuthoritiesApiControllerTest.java | 13 ++ .../openapi/DiagnosticsApiControllerTest.java | 36 +-- .../openapi/SystemApiControllerTest.java | 29 ++- .../TimestampingServiceApiControllerTest.java | 5 +- .../scheduling/GlobalConfCheckerTest.java | 31 ++- .../CertificateAuthorityServiceTest.java | 6 + .../service/ServerConfServiceTest.java | 7 +- .../restapi/service/SystemServiceTest.java | 16 +- .../restapi/util/TestUtils.java | 14 +- .../liquibase/serverconf-changelog.xml | 1 + .../liquibase/serverconf/004-add-tps-cost.xml | 15 ++ .../admin-service/ui/src/locales/en.json | 28 ++- .../admin-service/ui/src/locales/es.json | 25 ++ .../admin-service/ui/src/locales/et.json | 25 ++ .../admin-service/ui/src/locales/pt-BR.json | 25 ++ .../admin-service/ui/src/locales/ru.json | 25 ++ .../admin-service/ui/src/locales/tk.json | 25 ++ .../DiagnosticsOcspRespondersCard.vue | 8 +- .../DiagnosticsTimestampingServiceCard.vue | 12 + .../AddTimestampingServiceDialog.vue | 3 + .../SystemParameters/SystemParameters.vue | 221 +++++++++++++----- .../TimestampingServiceRow.vue | 3 + .../META-INF/openapi-definition.yaml | 99 +++++++- .../ui/glue/SystemParametersStepDefs.java | 23 +- .../test/ui/page/SystemParametersPageObj.java | 28 +++ .../01-ui/0400-ss-system-parameters.feature | 9 +- .../01-ui/0520-ss-client-details.feature | 2 +- ...3000-global-conf-sign-key-rotation.feature | 4 +- .../etc/xroad/conf.d/local.ini | 2 + .../private-params.xml | 15 ++ .../20251106184246391905000/shared-params.xml | 115 +++++++++ .../V6/externalconf | 27 +++ .../V6/internalconf | 35 +++ .../configuration_anchor_CS_internal.xml | 6 +- .../private-params.xml | 15 ++ .../20251106184346396745000/shared-params.xml | 115 +++++++++ .../var/lib/xroad/public/V6/externalconf | 27 +++ .../var/lib/xroad/public/V6/internalconf | 35 +++ .../xroad/monitor/core/EmptyServerConf.java | 5 + .../xroad/globalconf/DEV/private-params.xml | 2 +- .../DEV/private-params.xml.metadata | 2 +- .../xroad/globalconf/DEV/shared-params.xml | 31 +-- .../globalconf/DEV/shared-params.xml.metadata | 2 +- 87 files changed, 1694 insertions(+), 421 deletions(-) create mode 100644 src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java create mode 100644 src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/004-add-tps-cost.xml create mode 100644 src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/private-params.xml create mode 100644 src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/shared-params.xml create mode 100644 src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf create mode 100644 src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf create mode 100644 src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/private-params.xml create mode 100644 src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/shared-params.xml create mode 100644 src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf create mode 100644 src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf diff --git a/development/hurl/scenarios/setup.hurl b/development/hurl/scenarios/setup.hurl index c4f62f7c17..1bc9602504 100644 --- a/development/hurl/scenarios/setup.hurl +++ b/development/hurl/scenarios/setup.hurl @@ -545,12 +545,14 @@ HTTP 200 [Captures] tsa_name: jsonpath "$[0].name" tsa_url: jsonpath "$[0].url" +cost_type: jsonpath "$[0].cost_type" POST https://{{ss0_host}}:4000/api/v1/system/timestamping-services X-XSRF-TOKEN: {{ss0_xsrf_token}} { "name": "{{tsa_name}}", - "url": "{{tsa_url}}" + "url": "{{tsa_url}}", + "cost_type": "{{cost_type}}" } HTTP 201 @@ -800,7 +802,8 @@ POST https://{{ss1_host}}:4000/api/v1/system/timestamping-services X-XSRF-TOKEN: {{ss1_xsrf_token}} { "name": "{{tsa_name}}", - "url": "{{tsa_url}}" + "url": "{{tsa_url}}", + "cost_type": "{{cost_type}}" } HTTP 201 diff --git a/doc/Architecture/spec-al_x-road_audit_log_events.md b/doc/Architecture/spec-al_x-road_audit_log_events.md index 93a9dd8285..8f02773553 100644 --- a/doc/Architecture/spec-al_x-road_audit_log_events.md +++ b/doc/Architecture/spec-al_x-road_audit_log_events.md @@ -385,7 +385,7 @@ The audit log events related to the system parameters. | **Generate certificate request for TLS** | | | **Import TLS certificate from file** | | | Upload configuration anchor | | -| Add timestamping service | | +| Add timestamping service | | | Delete timestamping service | | | Generate new internal TLS key and certificate | | diff --git a/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md b/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md index 9d3a0b8e57..39f3f7812b 100644 --- a/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md +++ b/doc/DataModels/dm-ss_x-road_security_server_configuration_data_model.md @@ -393,12 +393,13 @@ Timestamping service provider (TSP) that is used by the security server to time- #### 2.14.2 Attributes -| Name | Type | Modifiers | Description | -|:----------- |:--------------:|:----------- |:-----------------| -| id [PK] | bigint | NOT NULL | Primary key. | -| conf_id [FK] | bigint | | Identifies the serverconf. References the id in SERVERCONF table. | -| name | character varying(255) | | The name of the TSP. Used for displaying in the user interface. | -| url | character varying(255) | NOT NULL | The URL of the TSP. The security server will send time-stamping request using HTTP POST method. | +| Name | Type | Modifiers | Description | +|:-------------|:----------------------:|:----------|:------------------------------------------------------------------------------------------------------------------------------------| +| id [PK] | bigint | NOT NULL | Primary key. | +| conf_id [FK] | bigint | | Identifies the serverconf. References the id in SERVERCONF table. | +| name | character varying(255) | | The name of the TSP. Used for displaying in the user interface. | +| url | character varying(255) | NOT NULL | The URL of the TSP. The security server will send time-stamping request using HTTP POST method. | +| cost_type | character varying(255) | NOT NULL | The cost type of the TSP, either FREE, PAID or UNDEFINED. Can be used to prioritize the usage of one type of services or the other | ### 2.15 UIUSER diff --git a/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/EmptyServerConf.java b/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/EmptyServerConf.java index 49b1662ef0..d10fd6e41f 100644 --- a/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/EmptyServerConf.java +++ b/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/EmptyServerConf.java @@ -115,6 +115,11 @@ public List getTspUrl() { return emptyList(); } + @Override + public String getTspCostType(String tspUrl) { + return null; + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return null; diff --git a/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/TestServerConfWrapper.java b/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/TestServerConfWrapper.java index 5ab8231b1f..984e694200 100644 --- a/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/TestServerConfWrapper.java +++ b/src/addons/messagelog/messagelog-addon/src/test/java/org/niis/xroad/proxy/core/messagelog/TestServerConfWrapper.java @@ -161,6 +161,11 @@ public List getTspUrl() { return serverConfProvider.getTspUrl(); } + @Override + public String getTspCostType(String tspUrl) { + return serverConfProvider.getTspCostType(tspUrl); + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return serverConfProvider.getDescriptionType(serviceId); diff --git a/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java b/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java index 272744e552..446ef1b64c 100644 --- a/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java +++ b/src/common/common-admin-api/src/main/java/org/niis/xroad/restapi/config/audit/RestApiAuditProperty.java @@ -110,6 +110,7 @@ public enum RestApiAuditProperty { GENERATED_AT, TSP_NAME, TSP_URL, + TSP_COST_TYPE, OWNER_IDENTIFIER, OWNER_CLASS, diff --git a/src/common/common-core/src/main/java/ee/ria/xroad/common/SystemProperties.java b/src/common/common-core/src/main/java/ee/ria/xroad/common/SystemProperties.java index 4b84e504bb..57655c9139 100644 --- a/src/common/common-core/src/main/java/ee/ria/xroad/common/SystemProperties.java +++ b/src/common/common-core/src/main/java/ee/ria/xroad/common/SystemProperties.java @@ -374,6 +374,11 @@ private SystemProperties() { private static final String PROXY_MESSAGE_SIGN_DIGEST_NAME = PROXY_PREFIX + "message-sign-digest-name"; public static final String PROXY_MEMORY_USAGE_THRESHOLD = PROXY_PREFIX + "memory-usage-threshold"; + private static final String PROXY_TIMESTAMPING_PRIORITIZATION_STRATEGY = PROXY_PREFIX + "timestamping_prioritization_strategy"; + private static final String PROXY_OCSP_PRIORITIZATION_STRATEGY = PROXY_PREFIX + "ocsp_prioritization_strategy"; + + public enum ServicePrioritizationStrategy { ONLY_FREE, ONLY_PAID, FREE_FIRST, PAID_FIRST, NONE } + private static final String FALSE = Boolean.FALSE.toString(); private static final String TRUE = Boolean.TRUE.toString(); private static final String DEFAULT_HSM_HEALTH_CHECK_ENABLED = FALSE; @@ -2008,6 +2013,22 @@ public static Long getProxyMemoryUsageThreshold() { .orElse(null); } + public static ServicePrioritizationStrategy getTimestampingPrioritizationStrategy() { + return getServicePrioritizationStrategy(PROXY_TIMESTAMPING_PRIORITIZATION_STRATEGY); + } + + public static ServicePrioritizationStrategy getOcspPrioritizationStrategy() { + return getServicePrioritizationStrategy(PROXY_OCSP_PRIORITIZATION_STRATEGY); + } + + + private static ServicePrioritizationStrategy getServicePrioritizationStrategy(String systemPropertyName) { + return Arrays.stream(ServicePrioritizationStrategy.values()) + .filter(e -> e.name().equalsIgnoreCase(System.getProperty(systemPropertyName))) + .findAny() + .orElse(ServicePrioritizationStrategy.NONE); + } + /** * @return gRPC signer host. */ diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem index a0c783b8f2..450ebe69ea 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ca.cert.pem @@ -1,31 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFRzCCAy+gAwIBAgIUJ9zcm4Tqm5JHAEOzwniCRuwBbvkwDQYJKoZIhvcNAQEL -BQAwKzEXMBUGA1UECgwOWC1Sb2FkIFRlc3QgQ0ExEDAOBgNVBAMMB1Rlc3QgQ0Ew -HhcNMjUwMjI3MDgzODQzWhcNNDUwMjIyMDgzODQzWjArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQAD -ggIPADCCAgoCggIBALl37rCPYWGAPqnLKKh5ew6f/l/4hU1P2VytOBtm2xS866Ov -VXsHoXpPn2f8MyByRdPtfPIGSi/8CxQ9oVq9dAGEtwECxh2rtuhvKTgEbToqtepv -+xMbH2oECnXM9+FBfaEMUeMcAZVlOHeZS+VZULYBUuL/myegz0+arvWGns+r+00X -9KJDr2Q71rY3ryiA0rfRLYbFuV6zRn4fI7nLxcNrAaxiPdD5muACZvT/lNUrGcMk -hTi4GOWID5QeYczg32xg9tQbvpqTwtbLYz1x3GLmscJyohJU+POHH11BBseoB+GZ -JUSX+Cmr6JUPJTz/6BwgMWHH1PgC0acK+kydaVEaMsMLJuE+ULGTcSLb3AvSy0pP -DTJUr/H30ZXCOprKR3EAd++yfHqWVfR3WssF8fLIVW2yko1g06yuNe/j8gybC5q5 -T/co9mipW3mnBwHlf45gDLfadGvEySjVDQwtDO5B5luUlUH4FAsr+hO6sCh4XJ5W -XR2D4ssIEWS9gvrK6cZrscsKwHfSGZcIaWce7r09M0cwesfGMa2ITI8U3trRUUtw -80ppm24NZaZCvw2nLsF2PymjU9eTmLIspzNvpsRI/uEQYu+WcOOLX0jN0S98n5Oc -j1Dmxsb+D07ax0IMqPfMIck4y6H1Vf7nvt77Huh0/RfTV1+a1wdup1EAdtUNAgMB -AAGjYzBhMB0GA1UdDgQWBBRjaVM4aiW0a1X+3hWBGs+ai5W/ODAfBgNVHSMEGDAW -gBRjaVM4aiW0a1X+3hWBGs+ai5W/ODAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB -/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEALz1bAWuksoYibdELYBhVVbgU7qle -1TtRLux38quIRUGdt74u7AG4iMEpygDwcSDlbcPGZslqrpb5LT0h9JyRYDcq/w12 -PGX86GKIZ53XGAv509AuRL6T8EPDCfOo2XMUdCEo2emVrVhbxmvuOcuayqKY7VUA -TSqrmHVeaFSjoNCXEQ9VQ6u/gWuDYgFNpOeyBsOKPlvsvbyM/6zETjp2pRZBiuJN -CRD0tx9lOVlaKU7rrk5Lb0NZ3+/YWY6nesSUfF8aHvH5qi2pQ2owQ6fF8AVm2Qr1 -htNtnAUjvsqaPEwFMM99nDU9qcJp6a5SAQInTQYRXEpFdEGVlSrJWVMTcVvAdn7w -Jtttqx3VS9dfDkYp2mfs0yr7zNoGg26yWkJXMlJ8r7qyjNkcl4c8cmXMcJn0rcja -phOLUn5vkpJy+CFi+B5aHGoEeSQSGOrmmCSmUMKTTF0KT17pf55Gk+1Yt2cg6SZS -k5TbtKIx+PID03m8iqyY1zOZ4TpGCIAbN9x6bb0ssl0OCQevVT1wyRYn+O7ie47+ -5Svy/UxcJN/oNxUPl8oWioMtfvqdKxhwsagbx45MgzmRRcYkOif3+2Yo/gORAqVT -GwyN3Z3SeaiPtBah9OydzSTKiZ1j8tg/o7NZKxx/yFaKF+l10BDo7ZMNpQToedFr -yK6EeBcQfr5ybXY= +MIIFMzCCAxugAwIBAgIURfBdux1XmXS0pv/yMruQ1XpPseQwDQYJKoZIhvcNAQEL +BQAwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTExMDUy +MjA5NDBaFw00NTEwMzEyMjA5NDBaMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMM +B1Rlc3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1OXAZEltW +mIgiMVghqofO/7fjvwDGmhQbOZH3jDeRuUYC87NktDcuYp9Xu2NNrAdSgjQCU/6I +tkpLmTMDsTWkOCH++LA4yN7KrBs9+7xOQvaVFx2X7dv9DDbcwMLlCkOtl0kx2BOy +deOoWp7MoGhEj8Po9JqT15ABfsdnmP5iF6doaGnyhdHLzlL6qEm0df7WatwjkW9n +Uj3E/HLngOTnpEou4N/w9z+WxcIOrvBy71ITzd7aXfH0DYLBUIGXpSuWA1Ka5Ket +1R+rO+S9DnoChxvwqJR4XH9l1hBSp21kAjYS0nwND9hgLjWW7LOcjoVPZ+LlrnfI +BBWnWPr0UaMtDNxubB4AuS4OnRRcZs6ybvs3ELPQs6wEjv4XUrha/4UKzxThHsT2 +1GsXOl/hsEqNMpPVb/UVmnroyaPbYgQlQv16vN+/eeQQzan5qtVhCEW8Q2NOvBUi +LqjLav/HpU5U6U1BW8K7mGI9WldUUoQ7QRwG79d5VoxHQv9U/4kGMKfEPmuyEdAJ +pHyZafRoJGJ65R1bVumqWKT9DIB4cxgoidIUlhcaUcIFeLYCIWQ2C6f6Pq4sLHyV +J7LQyii2YwBEM93B4wLN/buor95LMTXtlebmrziWknnZT4No0+3NO1etf090Vy+2 +mkKhMXeU8I9RKRFIHWwJFV3EqkMtCO2mqQIDAQABo2MwYTAdBgNVHQ4EFgQUUQYm +HrwLywmv6nvMI5YVhxIajicwHwYDVR0jBBgwFoAUUQYmHrwLywmv6nvMI5YVhxIa +jicwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL +BQADggIBAJJzTBZI/9Sj3XaDkxrUl8Nb9v1odXYxW3g8Q+Sa/LpDwKb55DTtpGoY +S6D9d0gWENWceC4yT7cUJT9O56w1GT1I3B3CfWVNo73m8L5Ml2TBWIVarF4kJJoJ +5MUGvtXBZE8s6JjsZcgpRtig229fPztxcpn8R52bvMP3mHzRkhNh+qphjnFr+iqm +nMW24s7ZF7q029e2kDy3DqOWTxFSmSYhx9qrt4ISC5UhoWLZfoIOShInltFuf3nA +Ig+XUd3K3TwPikDwWf0E1UpwM9c1pdXY3StJD+KEVIwcjF2+IGjdiGOZ4twQjoG0 +i8h2gzS4e/smLkhGKL49dhVdRFtJk0KxoyjJidEJY0ruIha5rdv9WajHCkdnayJ/ +S7CucjfgWa2fMThqxu+Q89HQf4zhSV6GH4IILDZoEew/07AqhKYz9aLW1/sCd2un +NEmDhrUfXJ5lZvQQzO5TVh8IfOSVx6DkI0skIq5A8VZuKsMGJ2BuJrt79KUTLHl/ +So4+2NAzxtFVVncTmw4zNmcAha7+ElYd4j8PNnM/qdYy+Z31zA8eZE40uZVAdl44 +cu2cfak2uLtPRRt5TdxcwcldCAjNcN+U7d+VAxvfXL8ZpAx7DRhg6XveJ2Moq9MR +v2+W4Ds8rBMxa5o4YCwM0qhfZlJE7TjpFLtcP2cNOE9GxKHEoHfI -----END CERTIFICATE----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem index 3702a71be6..9728a88828 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/ocsp.cert.pem @@ -1,31 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFSDCCAzCgAwIBAgIBATANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODM4NDRaFw00 -NTAyMjIwODM4NDRaMC0xFzAVBgNVBAoMDlgtUm9hZCBUZXN0IENBMRIwEAYDVQQD -DAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCXg4Xb -WIuywlRq3uIIzrxgk8ZWvw1a6hYyu6ghGiL67RRnCGKv9RjwNLOqAxQWAPbDhc2b -iFvNf07s1sws+a+Nr9/FxBm0fjA96FBhYrJWHR7Te2UpHXkN7S6vkeQnHUevw0k1 -sf92iF1A2wCR5NYwmYhti1/EDy7UAG7Y0lSvCeQo0KKgHXDyATsU62kTgc2mShq1 -95THIgrFgXWDv6gb0P5bRZ45KhyCOgauM9323GH8xg+7WNaGRa3DscOc0lVVkL7Y -hYj1cokHVU/He6YNf0dRYK6pTI2zwbqjM59Twt9NoC1VvhWLQj9U1O307wWCiDV2 -LpC8Ie7Bas3mR2WVubpISBb8EdW23zngp/FSLHQWopJrdEPhYnj4Vyl84NDvGQV4 -h8ST3f1O9w87C59lsEd9dTQVxWKO7faUVcP0xeJYDENl2/O2ngQlixLHpCZW83X8 -ayIvAr9SRh2HXnjGQSjgZhMwBQpRGTwP2Cu9udwe7SWJaLyPE/I2kyyrUHa4TAkF -5qLbAohTtNLk9epOXp++cTYbOYszKZQr+zQqP9v94MBitFiz6mDXQhXtTNi1qhbV -lUTVnDph7rHDj9kr3/DLIG6vnsCEbG3ohrHRrtwd0Rz3V9HAtcNUI3VNNkevR445 -JFh7qxwwfwKLP3vXJcFcE0eG7GhFhiWYEY+1WQIDAQABo3UwczAJBgNVHRMEAjAA -MB0GA1UdDgQWBBQq+iJWzIxysOagBrC4r+aURQ2AojAfBgNVHSMEGDAWgBRjaVM4 -aiW0a1X+3hWBGs+ai5W/ODAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYI -KwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAHd1rFVK3I589jMq4Do5yoXm0/xm -CybKsB1/gHuzqal6/f9MC/Ihoulssf+AbNaYfI9PJksckWdSMEph3jsz8Q7OyH8z -hNdAeCRm7JmDNZv5+3un2ccC+a6JyJ7P4nxu3OUklrUXG8VlrNCcL+JZ/Cr11PvJ -sDs4EYGK0D/tlKj0I3Nqn5sV/6wtSfwCDRjpKJ3OldteV9KFxFjdVYTsKkg50Yzc -pVToxS1sescpCS1rhrtT2PEM+eTxbE+xhxAYhm9an955wC4hY9UWXPwIXIden6Xw -1HQuYCkHNr/s6gFt/Tzm5uR6xh0UFurA6nNlVJulHpzKsjvBqfI/XBoBem7I0XXr -qXqlJTbVqW9Fksi0HZRAeha8RIJ0Lfawd2ay34itTdH64+H1KtX3l9H5a24awDlz -6sEXM8HYsgP00UHs0FZ5JVwAg3SRt3tbhto5hMGKq3yFdOF5P8BYp4Fzj4/ZK1l5 -e3TXiLEFYKbnUmvl1HaioAEJpLol6+JBdBsk8nRRmasN/NuPQR4rNjC4oKjbtovF -bLlF512Wmu/Dv/UzaaS2l/TkYjVbyXQ06++vyfKtue7bxEHpc2BWGTB6fkUSU96i -IvpcggZIUiQf9ouOHtEysty1knsibDthXqy++baiGrmzMR+V1x0BVwGOIRhi4fL8 -WFHGKJSHbl38IUiy +MIIFNDCCAxygAwIBAgIBATANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMDk0M1oXDTQ1MTAzMTIyMDk0 +M1owIzENMAsGA1UECgwEVGVzdDESMBAGA1UEAwwJVGVzdCBPQ1NQMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv3BP4uw0wsLFqG38rC6p8bGbOmwoLoZR +5LX5kW2+99Jdr/nU2ZGPgoHfCpKIR9XVJOMoSwZGDkMkHW2vRi91BPVs9BP1deKU +rkvgALgkVz1LaBbFNwFtwMylX2C8s3TLGONvsagrEUAdI4SoGvatkaRpNJ1vW6z5 +uKZ5+makUTkW920rMDGloipnVpQDG+IBl2SpLz7UF8xfzjVVycnEWmWAzO4df9Wy +c9w4UG5Dybf0uok2MKu8PLNlizYzmqokzSYBALX/ycXWydmfKPYhCjj9cBypLGlN +ivc46GvCYsU44m7v3q/zBlkMJfclF9eoYXWEERlFYu6+/wt/MN0vEbFyDZqrA5B8 +NjyCgx7Un6KDhKdGjtfmI9+Su/22IOybO/lJ9WBh9d/h9hHz2lAkmCY3uV2jq0y9 +M27hf/9D+jqVRvKFjiuWFqvLfM8ZM9gsWlZzZ/ed9LJpEnjjCeG+JdcZaz3a5TuZ +Pgrjp+4agiO61/B3WZKwK78DVOOd35hkpgpOI41A387MaTLMsEJiGovkJVGLAJWS +wA2Y1ilyXDfHt1kcfWGGPQQOJtvoVe9F/1TanTdUAtML0g0QoZTuLE1dkMT3iTMI +iWSptXqF2kG+rIn6W0J8OzRbovvaHE9hWbYK+up6vj7LW/Bde6V5owxSJkIY1xv3 +0WZ1QixfFE0CAwEAAaN1MHMwCQYDVR0TBAIwADAdBgNVHQ4EFgQUExtqj+f/L6sO +UztcXJjaWUbcFZwwHwYDVR0jBBgwFoAUUQYmHrwLywmv6nvMI5YVhxIajicwDgYD +VR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMA0GCSqGSIb3DQEB +CwUAA4ICAQAuxTQfS/cxw01H27ZSP0vnZ7Oo18H0zlh3OA018popFtJmhEqnVz5E +zWe/uyVP2/BCNJR2jCFuQDAgtWH+CkDtJWMC5/Dv1NnmMLV1eyPMNG4Xz92hi4/2 ++IUK2YefLBtGPEfWTWRpvT74IL6dWLgjDHY+PQGoxcG8sL9SRTND1cOYd2DDGp0r +ia30zKcb2MlWW1mQNceh+vT6CXEiLao9fTod5cdEANQSsiLP02tDQFKv9LAbRTNH +Uu8qnaZPj3qpeWrqfUxbxG1WGNa+RUtPjhMewqMmHsRQcSAEVsnjRgOcE1Tj12GX +X8TxH29AwIJN+RdL8lRY/uN3In87ftjFZ7nCxe8mUk+WQSYce+jU0qt6OcE8ba9m +TOQizEHnHxqRfcThnuXqRzUGgQ2xH/vhW0bRvA5SIX5w3xA/HMg/uyaaTCIpAyOK +Dq6vYiOjnUzvtpvbCGMhTy6f9o8JofT6KKbquhajwhDCsOzKIiLVXksSdk9U8Tc3 +xzhkJ5dGcjt/kg+8mZtfJSAstrVJfwRxtfty3uyb7tkoL3yN0aJA7GQSi4Kksj7o +dFETPkTwU9ItwJLxEA1ATAgLoE5vcS6CjnTZAfmUng19tWhvzcN4rpTaS/8fBKA0 +vIHIXl3Vrbmci2fDD+tWrBwo45iSvjTz1Y5CmDSGS6qo+tgzeZIZpw== -----END CERTIFICATE----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem index 0d64ad8f76..d235ec1bcb 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/certs/tsa.cert.pem @@ -1,30 +1,30 @@ -----BEGIN CERTIFICATE----- -MIIFPDCCAySgAwIBAgIBAjANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODM4NDRaFw00 -NTAyMjIwODM4NDRaMCwxFzAVBgNVBAoMDlgtUm9hZCBUZXN0IENBMREwDwYDVQQD -DAhUZXN0IFRTQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALS78/Gt -srlHFVHjG9CrKQ2ySq84t27wnsgL2vDrFdUaY9PB94G34AYTjy8sJUJ1VSQSdCn0 -imxpVRxYMrNnP9JuGUI49tHpUNKwoCpU1jBWOMHWRamqj5KjcV9IdCFzVx0bV770 -gJxZ/iOkBTtW34nHqf+k1TW2Xy/EzcbvI5sXgmIt0XPcEp2AWTPzsl+xgu2BZjUg -BAXY7VfccIxR3pDayYt6GVKOSWt6pR589uyCLlpiowsu1FthKEEAe79y9XqEPNeT -NmkzlylLMaSxpTz8wHAhRVNiIpmYsX5X1l+QLdc0qJ8PMy9FBGSbmRvQqTpHWBxX -0aFJoapzsoOsilAeMPrE5KtHkLt/EpR7hcZ3ah/RYzq7dYQSELbLBAWK6HWUIi+D -TFlwP+u8CcbcdLplweLuJMu3PEqc++SZpGbszHYiyHuptYhJsch2jm+d3K8iiJGC -/vLpk99qUZcLehAfVnR4WLkkMeFPFh4VMPzWPRcBgHWMMnEXKBYwAcmYVU3nFWST -9+Es/hPIBMTR6kIGuy+UJ23CvyttfQf5csOFyS/Sh816w65m6OnO6zGOHJXoGHFv -oCLfxoTyEiGiSmdYRCTMab2Dfd7/SQIpoPjTcFLckodYbKRbRl3wR6yhMe/HOYrY -09tx7lubpCDYcao9VH0xM86fxK3EV4XXZoeFAgMBAAGjajBoMBYGA1UdJQEB/wQM -MAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIGQDAdBgNVHQ4EFgQUxzw/Lkyn0eCb -ckiiQccxFFL7KggwHwYDVR0jBBgwFoAUY2lTOGoltGtV/t4VgRrPmouVvzgwDQYJ -KoZIhvcNAQELBQADggIBAHl8iH70gn4hTVVgLvV3YDr22UizulSAdKWh9YPoC/fw -bvVUyW+FN585fEpDVW6HDE0tZjuF7O9dSbNt43ZNdUWHuYFTb2uIOG5d/zOQ8EM+ -EYzf7u3z9w7A/qiTCppcjEERDninN6I5WPc5aI4/TfMJPJnL7rVKRhZnI2cY883v -BfVWLAZzlzgRKoS9CNOXT1BVRjpGXcyeA3DEDCZCKA52u17wMtCvDNPuKxEaSS4k -0KNRJSpDyHl9yULeQ+7o8brh03am6geQld+VJ6IV8vu0cLE5oMJHzQyX5c5ahN35 -cOXlrejHeBIlLkBWkJttCuwkjqpQz/Ql5fJKTKJSrOCoMe3yt6mufGOFoksPWJMN -ADfionRjCTrk7z/WIXQi/n9Qr6rrkzHoVCqePB4uKPBemqCmiZYmdjzTV+sww0yE -VPvTOaE5mUsNI1pgGHh2EYYrHriO5/hln+g30iNrtrlgtf5Cln6nOagbLQ9n/jpA -HcNv54jHcAhML+VW/nS0zvYM50SaURDEsnoKWUKf5vpFltLbSAWVoDNYILYqokt9 -6jERe7mAC0krhKqSRbAabBitwlK7aYBMbg5ek7JmhRrdWlhcQHkPAiywZ4GCvEE2 -gHYqkbjP2DQMFDInaFFj9zqzIv5lhL335qkFSJJ9IBp5ZikD8cm4Lbqw4+w98a3B +MIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMDk0NVoXDTQ1MTAzMTIyMDk0 +NVowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDjTzIKAzID+GFAYDFXWR/yLMdN3rDnqCTv +7eKB86hbX4/29eLLrxX+vI+6N+F9vcsdFnQpIYgjGfORNAqyJai5CYLLrbNLxN4X +FTh7u2axnYaAZpOeSA2uk5TcWo7C5RXe3gg4CwDouIQZ7/i9AgvCak2f/fcq34yj +JkAX6Z1ZQGqCi1F8EU7qYaV6HosXVKD6OA5lw6DNi5piBr2jTXJyKU687hkJ2PJ7 +pMAEgy4UBm7+LLVkTZRZkX5pzTG++AxIF3TWwOUfo9Qp3cJNnNGBMnDpqUER2i7L +VgD6ZXE1NAYFKLwRD5snBqIdWms+n9i8A/6oJeSl1FFSFyYCAhF66DDdTrcyt7ed +TDpLzh24jMrqlO1zZbpdhz96UmnLsHip+dT9cMWefE4gXRCnKcng8/Czysg9sYh0 +z+8i9+vcNdURptSdtwkjMArMR8Dj8P90uTufTlCZTYahl6TeFvlKu2nDghtSsaZk +zqGCLki7PjNObvyNbHSoTR8vePfR+ZoJvmvo6hGVAwYap7hbqSiW+oXscRHtRigM +yNDNWXTo6vuOLwUAzebOnfIyr7fJJUaMZBMKBDJe55V4DXUn1f20c0cpBzd31VXb +Pd+hGLQgUTgEXuICu0H//ybrClE52tcRnPbqGguoSmoxFfGb/ahHkS31iF24nBBR +bJJE9xO5wwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8B +Af8EBAMCBkAwHQYDVR0OBBYEFGrz4J9nOrYOmoJ/7n1CGxXjD4xeMB8GA1UdIwQY +MBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQCOJ8GN +Xi1QwFH05I1e5BvQsZ93GNoXbV+uNKySqSFwaav8YS8n7vzk3y19csexOc8cYB9X +DW04Tx7iFhBcOQtu7m5hy4ygf05biw00KpUHT6uGBX5gLHe3e7q9rgyWFBDh1A0v +W+5WtUOCsJhmB98nfzU0LUVvfElgpeOCG1/fN+vaRWkCW+8yyHSma8zklGsRm02D +1zu0TSAfPZREvhn0e4/aBQuiWBhyaSd0DEAC/OtOnt0KcaeRy9ADWK/4p+70b70t +DLYru0xPzDmVB5y0rk89OfVx3J28kDuhRVme1b1miA5FpfnU7FEx8os0aczaz8hI +MCoo4mKvYUpcmbrLHDNWDNqiy344swnvlMHcWF+CbKwoPpWV/SFs808IQ4dHBT1p +m55ixkHHowxQxxB7wUTOBT34zIdafn6vSg0+fG9veqB4JHQYyOwdWOSOI+eO0oEw +cOx9V+BhfkJ57hxKD7/Rnlnp1XjTMtHVJbCuboh9mZIATs4yE/APEr3wONBwpx1N +XsfYzwOeEExzDyhPTN86vVPxAy1WB7mHNvF0obNmunluj3ZRGUevbMIms5WJLUF9 +QFgFzOKTVs3dOHdnByjDncEhXr0St2Wl+oXWt2TplvUFdL0RiZoRlcOab655ZJ8q +P7+kFvR80NJYaVvb2WyFMJGtjsSi10Ipju+fyw== -----END CERTIFICATE----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem index 430af61157..1673e9d1fd 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ca.key.pem @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC5d+6wj2FhgD6p -yyioeXsOn/5f+IVNT9lcrTgbZtsUvOujr1V7B6F6T59n/DMgckXT7XzyBkov/AsU -PaFavXQBhLcBAsYdq7bobyk4BG06KrXqb/sTGx9qBAp1zPfhQX2hDFHjHAGVZTh3 -mUvlWVC2AVLi/5snoM9Pmq71hp7Pq/tNF/SiQ69kO9a2N68ogNK30S2Gxbles0Z+ -HyO5y8XDawGsYj3Q+ZrgAmb0/5TVKxnDJIU4uBjliA+UHmHM4N9sYPbUG76ak8LW -y2M9cdxi5rHCcqISVPjzhx9dQQbHqAfhmSVEl/gpq+iVDyU8/+gcIDFhx9T4AtGn -CvpMnWlRGjLDCybhPlCxk3Ei29wL0stKTw0yVK/x99GVwjqaykdxAHfvsnx6llX0 -d1rLBfHyyFVtspKNYNOsrjXv4/IMmwuauU/3KPZoqVt5pwcB5X+OYAy32nRrxMko -1Q0MLQzuQeZblJVB+BQLK/oTurAoeFyeVl0dg+LLCBFkvYL6yunGa7HLCsB30hmX -CGlnHu69PTNHMHrHxjGtiEyPFN7a0VFLcPNKaZtuDWWmQr8Npy7Bdj8po1PXk5iy -LKczb6bESP7hEGLvlnDji19IzdEvfJ+TnI9Q5sbG/g9O2sdCDKj3zCHJOMuh9VX+ -577e+x7odP0X01dfmtcHbqdRAHbVDQIDAQABAoICADjwcP8ThboBPTuze0/9u6HJ -zLZ5/bK2iOzC4S7IbQn41f7ynTOgLBr4xt+NtcSIUJe3mVxUQgJpRp14LklFUJAG -xogw6dHCHe1N80GXWlE5O5A1wMck1IgfpXZ07sTg7ki7F4i52GKdKLDPB1XqDbVS -wred8WxBGmQ+AOiv46GuEwCgEiKe1QHYvRpEDipJImf8eBWgLkC8mS+vL7CitpxA -Bct+favidYHAOwuMS40GJmqak6vOGRaepum6Shw0DWOggSatPd8G7hIzbsw2YIqc -eIZR2x/1plhda2udww8YrxK7iY19elqQxF6+v5fymLfJyl9Skjdx5ht6a02KJgKR -EL3EZC5LpgHfCzZZNqlGqaAnbAK1Y+BqJZkPZ+UHbjSot70KwyWT76BtIVygY9bK -xvij8L0Mv0T3dbcBFUu1G2pUMONYlTNqgqH2mabqfMVDP6K02IG2HVaiWNAW1EON -FxU8oQk+WaOvnv/IxpOxZQ/JHXwsUokahaoZTL2D9SmZNalFECKz5GdXixdc+lqI -fvRyseoKz1fZmcHVjU9cFXZPm45xvYPyIi8BxjjwaSDHEJgupIGiVyCloDKeBl3i -3sAIYF0Cx+4RXsebu8t++ynMpwc7iTG4V9CkIWOgdCKGYchjnuVSfhWzljJ4kUae -+4T+kfe4Sb6n7ouPM0ShAoIBAQD6Cnc7w/fXxxnwnitMwoj97I6F4sM8ymj/nHmn -DUPKNASqavYcRggr662U34G3/cqA0aoVnWX7bHTx849bKTYtYu6BAjktFtQNOADC -pJCNjtLumAsWuTfeGaCpofGlx8w+Rck7CRDdbYeDxeIKTEzpjt2waIKSwV1/COfD -Euel0p8ee227lDlkVFkcM/JyJ9mIYHraNtqFtFXzC3hjGWXHkX9/eWz7+Kw44y7o -NudQ/QvF/bY+rCy6bGZ5FpOGdwa/n9iLnVd57/VzO+nf2kTF7FIpc3b6haeMpl4C -cm5WFK0O3GwfOU12lrJvWzgSXl2oMV35vPdfLggJZFZoNjXfAoIBAQC944Berk2q -Rj1I4SYfRXPM/s/tP3orqWfPuHqazwbMh4NAnnXW8sC0C1qSP7efLPdWGVnRKHFt -y/ef03JCzPM0QsnyiX+RfyKcD8Ud2XdL4d/IHi4U6w/ioE4NS7i2pgGGssMpUk0A -jkM1WfcpvmSrF27VOG5v3+iIvlOqPhyAKGMSl1aOd8ZEJmjT2affwGGVWgNiTByG -GIlyoB26BvJsupMuoKvkK31UlZaNdjNIBOhGeqp4i8YKbelqD/W96dz5R8nT22kL -cSRU2DzmY4kqC2UuFcvX5B9SWDwecDYetnSK7qekheZXacsTKT/qBxesTDw3KSMw -9CGtXTIzStqTAoIBAEYtjc2OcQ906Ejqe8itiPmL3Wyiep2jSdkEN/i09mPYOb8D -ClRhK4X4Pd3c5XGYn6+MKSqr5KWuiRwnegLiDDys2bgHwbhwAdA7+aqnuZKhlX41 -2lbkYVPK6Zbyxvn6m86Wk6YoIz2isjg/3/N3+tZKrNoIWy2JbA5tl27e7XlTJinO -BrxxG7KXIfOSeOelW561RYXdg3Ona8AtZfqadECRC7HhiL8nyl6lFNNEJaRLgXRu -gyoP9PXV2uT9eyZwXcqGuKZm4Nhuivtuw3N6tXa/n0fXCnvB64bEYvpY17L9Vp0n -LImO8bjpDufGOHSfW7YLNQ8VBHEIYGUSblYNcQ0CggEAIUzVRUVh/1tkAfTh/5fp -b+i7xApevWtu9iGO9rkZoyKcpOdlGPXnT2uyTXV5GSQEmAfIFYL3KV8cpN2q6wYQ -HHkd+zebtINMKXwmgE6Tui35VZndUPPMDF06cuB1mypPmDSfPw7czB0msiN90cc+ -1jY8zI2h6GKm39woxfEwhFUQ0sDRgBiHH4pw1b4Uz4toUY3AjCt20RlaeUyVCfuP -5ftuNj4dBt2NlBjLlzFEWvvpU/rNDGjOqSOPTHdSDCUICHtLbKjMqiIEUhC91VVd -R49KBiPyZIDv8TviByB8jTRICdlCcvq8Y1X9M/YG7F6kCyYvZSkEr+AQS9vNIuuc -mwKCAQEAi81M10zZdGFCJeCPnLDyT5dq1k8Apt8enyiNo7QNdp/9HlGpVwgJdfzM -gnCDEE0q4EZ388KVCzEvqyQmHzC8PqINXSBrqqEHvDC4/gI6ByFx7/6/9pZ+CJM4 -J44bI2OcTyjJMF7v3ynmMFVQO6h1rUCLKzcb5oiMEXNu/6/uI3WABDBPXgA9BYts -yxkfnFXRL4jS/TV8EYPh80wFW6i/f6UoJbSHfWG8T91wATtdsx24Ks0Tvedw1+PY -MtkTItz9ZtWUdHzTPJdAzG49fqskdGRDz4YLFosWJLSRQaWPUe3WoupkcazGdkfH -VjDb2p2Dqeathe8DDs4VQzIRWfUlZQ== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC1OXAZEltWmIgi +MVghqofO/7fjvwDGmhQbOZH3jDeRuUYC87NktDcuYp9Xu2NNrAdSgjQCU/6ItkpL +mTMDsTWkOCH++LA4yN7KrBs9+7xOQvaVFx2X7dv9DDbcwMLlCkOtl0kx2BOydeOo +Wp7MoGhEj8Po9JqT15ABfsdnmP5iF6doaGnyhdHLzlL6qEm0df7WatwjkW9nUj3E +/HLngOTnpEou4N/w9z+WxcIOrvBy71ITzd7aXfH0DYLBUIGXpSuWA1Ka5Ket1R+r +O+S9DnoChxvwqJR4XH9l1hBSp21kAjYS0nwND9hgLjWW7LOcjoVPZ+LlrnfIBBWn +WPr0UaMtDNxubB4AuS4OnRRcZs6ybvs3ELPQs6wEjv4XUrha/4UKzxThHsT21GsX +Ol/hsEqNMpPVb/UVmnroyaPbYgQlQv16vN+/eeQQzan5qtVhCEW8Q2NOvBUiLqjL +av/HpU5U6U1BW8K7mGI9WldUUoQ7QRwG79d5VoxHQv9U/4kGMKfEPmuyEdAJpHyZ +afRoJGJ65R1bVumqWKT9DIB4cxgoidIUlhcaUcIFeLYCIWQ2C6f6Pq4sLHyVJ7LQ +yii2YwBEM93B4wLN/buor95LMTXtlebmrziWknnZT4No0+3NO1etf090Vy+2mkKh +MXeU8I9RKRFIHWwJFV3EqkMtCO2mqQIDAQABAoICAAQ1xeNnOET+PSdiMxRxJD+M +VEbPsKJsgOwS/c+c68uQXM6Dv9amkyOaOe5tVYS/6tmhWbj2H5MofPhdokBDNSZQ +AYYtW9at3/MgZW+esgS1bIoRI+hcJ8CssHeXaM+uWd0mBxbH2MlMENJf7JF/Zny1 +RE1cpVyq5NcMDXDcLoiz2PlFd7ShJDsSW34kO7YcCaQMjnmrDsX9NJ8naDn1lhvF +hs2o/rrX25vSk0wJB1/8LFF2dmdnSFAtoiyAhMozlZwiDqC3kCerLFWrighUVkRJ +xD3mhLB5IaKJgw6QgiuRG5V7W1NoW1P8rtUHQbLw4qryFGTWlUTJx4EAQbA8V0iS +Hb11iPjENcf4Pt2LK/BFyxlAXbrcWYt9K8XckeikqYaBIZPrgaMKs+NBjyhDBeWE +z0MnRqHQAFAkPgYoPb9XbgyFjxD/rBOsiKnX9A5LYMWOOUl5GKGuuLw0KE2zHfW8 +OdXEeEdiONQm7NBp/RBkZCuUQuzxI9Y6RqSweCgg412W1KFwjroHBRNlusbQXycC +dW2yClFv0Pn1A2OPUVJRAiSyHhOVfngKYOKu00J754pycL4tloPqx4XPkoS+pumc +7LYKndlwhk2r2N2JIu7QMAxyjVhiph2CJZQHJNS99pqwtCdbSOKFZNz6MsXL2tyl +/2fB/kdcb1/EoPCjaWrLAoIBAQDk1h5scmT6ykYcJKKk9+KL/HvyE3Llvqegxf2v +CtsOQEFYlE3+O4nXeX8BvoJZ2DAKjsYhHTWweMftPO1uwL90Yg7DPvWqWbzmnuMB +Y76YW7yoOR70XKTLAy+ljbOXSg0KgVUaP0R4Qm3TOoxhjytEV2RHZPqJrHGbYHex +IMoOpPGszr6CkwBHp/YoGAn7vo08QzsSqjmp3vF8ws0+49tfLx7xHzTwcB71CGoM +NcEvSp5ZCGUU9sVOyPQvemVfI9lWoGlowikfkRVhobR4GDjSWGH02m7ZZ/0dWhnk +EMJ6qsZkOXKCnLPYS/IavQ+WU1AjsNGqYzSNpNUpS6ADoTEbAoIBAQDKvHwBnZoI +HPbSrrBrP2hFTBHjW880V9NaH7a2duaqtCeY9UImv6TsTyyImP7K3DQtsH1En1z9 +voKgrtQC6rADVr4t/YKlPUJlmXGGPAnw9C6v9QUXUcpskolgpEsiq/IV2iHXviwi +Ba90Hic6cKsxN/zLgSx7h5S7ZjSjbhp/FHtE0XN8YNZKEK3iEsFWzTpQlit0FSfa +gXr1foSqAmyN2TxjrrgjLoAOU1/Nj8KZm23kRT4qqJ3xY3/FwS3to7VLp/R15iw+ +zvzgAwTbgcKzGg5A1Yxbv9z+GyejTB7hZ8UBN8tHH8fGsOz0oyZUUp5tiIWu+MwA +vzTybfa5dMeLAoIBAHkVBtIREXdV0hUQGXM6qoexmA+11MTVxbKfMKUPFGuM+kaZ +ak9MR5pY8igFGsnZR0o+030wDHmM3xSbeXJx0JwPSopq5Og3RWmtxqW0lmPdnoxQ +dR2Na7DzxaFOwikaCJ53YoVZ1qvfUmdDAoaYj6dAqpHQT3TLZu109MAnfmKTSkFK +v6ktiSdhKzF5zsaCxA6P8FDm+03z5klCdgGB5VCPCUtCXOugF/FFe39sbgTM8c5g +T8Pw8uPGFtaMZ9kYieZ5SG0i10mZpfub6XbmMiKym1pIvgCRMm/2fd6cM5teg00C +zKFpswuO29LkGLxM5wmLhNUoWuVbw2JvXoKtJuMCggEBAMRpyWYzTxiPHx3MOoUd +ACMq6KWxu9QFRnEpCnZKSX2WXkqVSkqKHvkGV6nbN/ZHUpH1S9eg4ZG/8YRE/If6 +4R3K+yNJWTpHWD1gZJjdL/BuUZENO6p1Bj0b1tZ3NYfYuAgttd3zk4Q+p9ZCpFS8 +9U4Q5OwwMG1ZVGIeSd8P+8GkkSyCE3Wrx9Anyp6c9wzmdZm/c0faeyr5iKuwsEyZ +Xpwqm5QjoKgNE+lNIyLfJXR2HggqgWkIxUQo1pA7cQirMyiiBnf20GTlWh6ZLiqP +05Z7JtXvTjVRc4QHwOY3CC/uvfFJIbq9cmnv3RHBwo+tH2oU+xciWVpb5Kr+mCri +lbMCggEAFKtCtPAUML6cRbON45xiQgJrN1196FLwW1H+UKpZm9C8IAlYxh6s5Cij +3lH3gdkmFPBlIVaCmjyPy+C4oEKpbeZZq/GS/N50d6Sco63cNsCiZLDzx9kyR7YS +v5HglyZpdv6Ck2AZzuAJz0I93ejALbmcUwTLvkPvE2isWWE8dW0ZQqoW08W4S5Pm +7lKdvtVjtE94Al46MpaxMnn3AApelosq7jaB0hiPmdcuEoOjZTdMTySU4xV5IO2/ +JpfTjTw6ZQBbJvafRPXeeJ0np1C9TA1+NYBwq+KvvPFlbDiU3i1KhQp1dAJPYFuc +shGs6vHBZzwsCNQgohP2TQFygd9TJA== -----END PRIVATE KEY----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem index 828fbb9c80..846a0102e3 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/ocsp.key.pem @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCXg4XbWIuywlRq -3uIIzrxgk8ZWvw1a6hYyu6ghGiL67RRnCGKv9RjwNLOqAxQWAPbDhc2biFvNf07s -1sws+a+Nr9/FxBm0fjA96FBhYrJWHR7Te2UpHXkN7S6vkeQnHUevw0k1sf92iF1A -2wCR5NYwmYhti1/EDy7UAG7Y0lSvCeQo0KKgHXDyATsU62kTgc2mShq195THIgrF -gXWDv6gb0P5bRZ45KhyCOgauM9323GH8xg+7WNaGRa3DscOc0lVVkL7YhYj1cokH -VU/He6YNf0dRYK6pTI2zwbqjM59Twt9NoC1VvhWLQj9U1O307wWCiDV2LpC8Ie7B -as3mR2WVubpISBb8EdW23zngp/FSLHQWopJrdEPhYnj4Vyl84NDvGQV4h8ST3f1O -9w87C59lsEd9dTQVxWKO7faUVcP0xeJYDENl2/O2ngQlixLHpCZW83X8ayIvAr9S -Rh2HXnjGQSjgZhMwBQpRGTwP2Cu9udwe7SWJaLyPE/I2kyyrUHa4TAkF5qLbAohT -tNLk9epOXp++cTYbOYszKZQr+zQqP9v94MBitFiz6mDXQhXtTNi1qhbVlUTVnDph -7rHDj9kr3/DLIG6vnsCEbG3ohrHRrtwd0Rz3V9HAtcNUI3VNNkevR445JFh7qxww -fwKLP3vXJcFcE0eG7GhFhiWYEY+1WQIDAQABAoICABIhhIqnkWwOUjDJxC2+o49B -D8qAqVX4Tji6+Rcg/A+gAEGGIN0ijN3tyJQvMx+g9OaX4+9ZRXcVZXn1CFDXfjkL -01DksxjEwvwdiUTmHSYt7OrsyMG/S6WtfNk4sZ82o0X2rhOVXdcu4U3qByruQe1l -6gwF0itxj66B8MHUhZq+qcVylgtoCoSDPjE2LIhPj673DjQ5UN31hml1IP1nmXPe -shl0/sajce7ph7Qf889fNwCbKPXH30AJJY6V/q0NBHYtUJEzhZytnJU6kcXy13+k -/AFSewQ6a3iX1cBC5K2O088DvHkWuphEELUTl/goBDZHG3KthtdkjiAqKkKEx7SQ -VO+jog5UGTzW0I+Mqt2jsMD1OzZKD60WR/sqPM8KWkndpGepPd8+fLxCiSChdaoz -qrD50vEC3mVHrtZZWGnn7iVgM9ZZNGzqSq6a33PQ5N/mqls+AtDwjnK9FJR5c8Iy -n+y8N5P+N4pptQHdd5Dxzim7nBvrgymiBBABMeufveFjgkPROQIE3f73jwonUlco -UG7PFSF5HxA01IdopSboRVa/TMfQCJta2+yUZr8ocSK70/+J/4nzNk+cOC+IpIL9 -7SInP4Or4/YiHrqpdCyhcS5k/BK3r0VatcCEFt0/FncwNbfE2wdEKRXLKJK91Sm8 -uUf6sg8j2/7mVBNe0KmBAoIBAQDUSZCUj8lFKgqE2fX+Nsez1QysLA+58EncHQ1d -Uin8kkzinm3vIFmJvu4BBvX8cuOND8HOVxvrxUMffu2gMt9hCEp+7HXSY/0CKQbZ -pg3W3c0vj9BpaKlRkjA4pt2R/uuIWa3Hu1urHRanizRT1qN6nWq9uPsphok9fuHU -o972cMp15nrw9ktxWC3SVWQ1lGwFjZ/2sdlxcbUVJ6sO3CH8s11p3k/Tk0bX75Mn -AE8feSTGEy5s6QjsfsPOaq/SpFcciiWcydO2LcBudzyS7a+HN6i8Csq06aQq0YAX -LAQDg2PLQ6FjwtaHA2FkFqloz/nyDwJ0V4r3EOJ0dbigd9Q5AoIBAQC2tlyTulFt -+Nvc2cKBTbNFzNTrLnkx+rN8Ewt/SP4lX1FwxmnPYdVJ0KR1DG0gErcjbvGC/do9 -6XqtxZ382YaWYqLZJSwZNGMQ6MjCbf4gwr4bPhC0msIVzQosblZtqGXdcl3ZXfnM -kQqMm3lk2dBp32sv98JfjqSStevfELINfgiO3vprHJlMeYznNPbKqsWmZfUrNpko -ZOtBsQdwGp0Io4JtudaHHutmdJ0pIF8niXkxe+mu+W6/wHy7TeQiqIMkcYe/fSKy -euctnCklqnDeai3iHetLLhA8sl0WR2G26ePjaZ7M+qMxTkNJ6jRQM/tNWmuj7jXm -1/U7eGw7rCohAoIBAAY6nl5tladM44AgcSJjcxqovrVymYeIMHKf+5toZMj/dfgU -U/93QIlVK+Cl1qPwrxKdir9GORCC+kQ7UjeoJnvPZXgx8gcZXfwpPgU25SMP4Qxr -ON9O7eDx3C5dXxUAmOKoVvwMWFU+BkMmR4PKQYPAiLhGbEA8rVw7k97MbCdpCdfJ -yoO1hmMuBjIsxUL5Nu42yKHReCLnBjw3rMJD3U9v5+bKWidIJAUEB5pWXPv8bwLM -30jc0aE22wH8iWox3kh9GTtvhKHM19+l6gYZqVPbYz0ZR/dk/6ct/IcxiHCd81is -hFjMB8VwaPQp4hCsQZZDsHu/cdlsCmkGZ0N2IKkCggEBAKnTmPsKvDNek2WU1jB/ -ezlOqT0sBiRJZNjXjuExhGBSV41eLu0+fxRMJQBSm3+rRaRes4bQ0zCmuouYWj+y -JGHVro3s+i83PTlzVV87A3GJ8U+7AaYNDoda/LDNofHtCzmo2sh2i//zdH266Tuv -JQOzUZrVTEqreBaRl3rPtt/JnMTHRrWWcHrfo/MnjJhV4L7Il/ghmHwuSWjW1hYB -9qIX8NxyVo9jUuP5UjbuyuMh6Y7wIQWs/J6omIc0X+9C+BpAmC+JbV291PDU7H4B -DUX+JUW+D3zihN8V3mYd1RpCDbrL6nmWIWdr2ily0ksV9egxOkm12U4Gvv8W8GsK -nGECggEBAIWhbV/KapppoQ2/jeE5cZYV2yztR7AAHrtKfivwqrHti7TMcloU7WwX -9wAw1abQWw5Y/G8wuZWkdRlNsO6NjqKg4LH8MSe2vgZ9vDfl45flr5irvzzySkHb -aDummTm1mbG/j0k25Tz2Oj09aR0OD3U+GmHlmFP4bOG1b8hwRU3D2+VO4QjGkrBR -RbtUAdJmWF/dog8xjdq6skx4rpA8LSgqfF2QA1wiD1+2lHdAEGaSqK0QyzVNsmfh -j138ydtQw+jeM92p5PonKRkTMtfYPmhANJ7tJcZfiqGhhmwaAADiwYGikAGlO4vw -f3YUqeI6nTj9+jlJAdO+BUMKkPd3jz4= +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC/cE/i7DTCwsWo +bfysLqnxsZs6bCguhlHktfmRbb730l2v+dTZkY+Cgd8KkohH1dUk4yhLBkYOQyQd +ba9GL3UE9Wz0E/V14pSuS+AAuCRXPUtoFsU3AW3AzKVfYLyzdMsY42+xqCsRQB0j +hKga9q2RpGk0nW9brPm4pnn6ZqRRORb3bSswMaWiKmdWlAMb4gGXZKkvPtQXzF/O +NVXJycRaZYDM7h1/1bJz3DhQbkPJt/S6iTYwq7w8s2WLNjOaqiTNJgEAtf/JxdbJ +2Z8o9iEKOP1wHKksaU2K9zjoa8JixTjibu/er/MGWQwl9yUX16hhdYQRGUVi7r7/ +C38w3S8RsXINmqsDkHw2PIKDHtSfooOEp0aO1+Yj35K7/bYg7Js7+Un1YGH13+H2 +EfPaUCSYJje5XaOrTL0zbuF//0P6OpVG8oWOK5YWq8t8zxkz2CxaVnNn9530smkS +eOMJ4b4l1xlrPdrlO5k+CuOn7hqCI7rX8HdZkrArvwNU453fmGSmCk4jjUDfzsxp +MsywQmIai+QlUYsAlZLADZjWKXJcN8e3WRx9YYY9BA4m2+hV70X/VNqdN1QC0wvS +DRChlO4sTV2QxPeJMwiJZKm1eoXaQb6sifpbQnw7NFui+9ocT2FZtgr66nq+Pstb +8F17pXmjDFImQhjXG/fRZnVCLF8UTQIDAQABAoICACQ/BxkfgPPZPeRggsU1Bp9I +8euTW95HN002+TxES7KPZYaypk7VZRcgMNNHID99qKAV1GS0GOKNatKZmGSRCrZ4 +I3tpJgH+dwkzO4PXWaYc6GCaYxfBkP6+oJcY8VGHDQc21MiN3y2idoHplYyZZQ6c +0wCPyGxSqWuBNbon4few9/y78j/rPoGgRrWZS6dlWMjJ2dCktDKXUxJvfcE5jxBQ +hJ0IfpRcKTAPo6fy4KnaRx9kaFq5wWe6zcCYcBfaHCKtjeYND5Or/jl0l1KBm4rc +dHvcKVnLzE9B9Mfo00KxNc6Fk6wVo01x4b90dlT30500S1+TadRMAOS4UAo37re2 +ZuDp8O3+7vWn6zUFq5AbDCv4RVOvnWV2ktcJxQRUbZfqLj+AboyzwpfCJqCZlJZo +/7tsciS8u1WKPA3BypMQzZYKJLAJFQEWKVYxGyW+elYM3RlR+Q7VquRrHYkcGp3j +j+7SrmqXKqyJBaFwFwSlsuhdqGsOydah3KO7XTdeOGv6evdIyXIFoMS2KK88l+lN +rXPbhsrveNot/gxAqBxmlmTVr6HYiH2AwgohbLscY6r4hYIz2kvJS3wJ7O6cR0jr +B7tjaEtMlJyi0N+UrXuRajsx+5dvRHRxdYuSC3inqfQh9rvcObySuJxXVLlkN1T/ +XCJk7LBp2bRJ54xw14ofAoIBAQDq+BGqkVvFVoZTgaWlWETSxSYv9Dy41bqJ1ZuQ +xBSaATx/cglA2+YmlQbOeRqwEXulpOq0rkoYSKtf0IDjA4Ki3L+wbZtUgIGlSQjx +4zQkT+d7F6Zxe9djG8ruxVu1AL9/aENK0/AtjXldST2fUvJiAGXao1H47wpvDaMp +h5RlHjAeniGyRt4HKlZV9Wh1Jn1UKznOyR7aV+UwrYkrGfT9Q38Dm5AUdvqPwQgI +DZUolGPn2XaAdsBYCyr2KXLHhxS+Mv2XHfyw5Id4XHzNL7PWxeqxzumPu8S4Ksgx +loUxrl8vzx3Wr7Soj32vVMv/9HFGSmA+GXQTbj/oXP1oT7jXAoIBAQDQktE+51PO +t6EO77OLZux5esgL6Q1Jgr8488ajGc1TtPdHn8q6ZlFdhxUwTijkCihdAK3qNon8 +FFgUeufx5lqT4VxCJpfKOFTj9urv7TSTyd6uRs0l5wK2NGgwHTOCmfn5dAS1jVeT +mxExzac6AUhBZvihDQIT2dZgWHFTvNfag72wC13C5+BQlgySWtN1J+8sLIu4rGU1 +F2W7ypXRGrR6MsfcwuI3/6wPMrRnNuPzFgLIhizoDxny73XNxupISySsj/piBZol +5rVSUmQ/rmzVaUltU3hS3xXR/DQkJGcDEpOeWAyXZXmf3WB3yYz07Ko2pwI/JR/T +tY+k0pSJt0N7AoIBAQCI4Q5ZkOgnI2qJBwOaOLuPFS5TzTH6cveCCB/hy3g85u95 +RtNBJ1kBrNsUONRlMSoYquPXcZjUYLEE1g/fL1JQ0cwRWSidp2bfBJbjYnojlTDC +MlrRzVUB9VTYl7v+y3rDG9fnpWNLBhlnUJ1HTSjKEnVDUtUT8Rzg6M7eCI9YAKgD +jhcPJd19yxoUZSv+4vcrqyq33c3NYFqxasZ3h12ClGlPjrX2VgFM8SRenJsB0sAI +dlRkLcmLAKZ8VFT7CyP4UPgNqnhkDB0m7qn9Vgar3QwFnQXOp5HHv5Rz3r2k3XGy +BjPZtu3FLCIJm5pjduDuE7HROz61ewpbsKAmvhptAoIBAQDB7xHCxINHnbSS18yB +HRVaKxEhCfSB2qGFCh4zf4VMhOK8ZVayFPso1Lad8L7SsqMvPrd3JHkOu7feax2J +7h9gi1YmaA4RSGmegfOXXV7a4AQ+1bRgvrjlxDrwKebAU/17tiW+zgqVQ8UsIsWQ +CKsvrNgXn6nD3XQYp4PQUbH/CynwK9FlrgcDx1EvMGaX86bO0yijcSC1yeidQVQm +Vwdi7B6sJUUEvqU0iHf31LEFUP0LiL7uk0QUgBVwXblvuPcDwOgWBpF7FlaYkeWG +1N97W+ebUNZ7b9SxKCkvRe3GjJpXzBUBHKiHPec52l1HS1tFb+qF3jYGuzYyEl9s +4ctLAoIBAQDciDtVddDDP49gl6cTqgVw8Ec7j0uF7oy1LXhPqwWHcaPEi2ZC1m1a +j3BvF7E/7I9QGWDdzGf6AjL9hwnpXoivv2cIeZvPlunFcHPgI+IalzxDCMaRCW36 +IJiFTM/kyV/5Kjz8EEWs8nttPiMu/+rnMPiBcI2U32x1N0MkrgXgEJigGdKp/0lT +R+Meaz3ycZUj6p/l/K52qks0BQRkI3mrV6kjb+lvoHRatkD1Lrl3fGoHlRU8Jx7c +vtiXCDAR74yQKdzp6ITMCZAJLXtZrS3wXpODu34CrjX1+J5mfdybsGxdWCr8SqPV +x0b9IftIvgRlwOw9qTPa/jmW1p56BAq2 -----END PRIVATE KEY----- diff --git a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem index 437bfcafe7..9075970a60 100644 --- a/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem +++ b/src/common/common-int-test/src/main/resources/META-INF/ca-container/files/home/ca/CA/private/tsa.key.pem @@ -1,52 +1,52 @@ -----BEGIN PRIVATE KEY----- -MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC0u/PxrbK5RxVR -4xvQqykNskqvOLdu8J7IC9rw6xXVGmPTwfeBt+AGE48vLCVCdVUkEnQp9IpsaVUc -WDKzZz/SbhlCOPbR6VDSsKAqVNYwVjjB1kWpqo+So3FfSHQhc1cdG1e+9ICcWf4j -pAU7Vt+Jx6n/pNU1tl8vxM3G7yObF4JiLdFz3BKdgFkz87JfsYLtgWY1IAQF2O1X -3HCMUd6Q2smLehlSjklreqUefPbsgi5aYqMLLtRbYShBAHu/cvV6hDzXkzZpM5cp -SzGksaU8/MBwIUVTYiKZmLF+V9ZfkC3XNKifDzMvRQRkm5kb0Kk6R1gcV9GhSaGq -c7KDrIpQHjD6xOSrR5C7fxKUe4XGd2of0WM6u3WEEhC2ywQFiuh1lCIvg0xZcD/r -vAnG3HS6ZcHi7iTLtzxKnPvkmaRm7Mx2Ish7qbWISbHIdo5vndyvIoiRgv7y6ZPf -alGXC3oQH1Z0eFi5JDHhTxYeFTD81j0XAYB1jDJxFygWMAHJmFVN5xVkk/fhLP4T -yATE0epCBrsvlCdtwr8rbX0H+XLDhckv0ofNesOuZujpzusxjhyV6Bhxb6Ai38aE -8hIhokpnWEQkzGm9g33e/0kCKaD403BS3JKHWGykW0Zd8EesoTHvxzmK2NPbce5b -m6Qg2HGqPVR9MTPOn8StxFeF12aHhQIDAQABAoICAB18XHwdXn8jvbKyXqNYiUYW -xGB53FNZJk50wK91awZtW8P8bSjYms/i+QU1Ko8BHXbZG+KMZtjxBlWtffgO7Dak -h7JqILp2Wh1Fe5vsY1VXe8MD9jGMBghiaeilpWyfqKKzB0m8Eg9wDyo5ZDEeJzIP -RQjUF4S/0B+29+twsFppJ3hlCTrhuJfBjMwRAhTinP2qksYwBvf9QBuJd0MtSCZR -y3fZ36+8TvYd+DpVIOPNCUrttLPqW/Lckvin34iIdMwcLuDsv3/CTvMJtXutD8w3 -YB3rD6he5k4wvyRhqDPHDfOCP9BTZoJbvC+9wujqzfEYGqPlH+o0XQ+1+HXK/HV3 -bLVX3qFcSLmIXc7sTAgKpwtvFw685Abnq2f++LhoSKoKwKUPE7r/fMbnQyXEkLfy -c+oj9XOsjXlZZGhUUPDndC+Pfoknq56+Hyq2E0/lMxYpXCKQ8G8hPqXYruTCjxjS -EEu2kbMz3fi073yROH3z0IkBHSVi14EgqqWnduV9fD/d22/TYkl/9u+di0eQGiRM -hXEXz4FHMdOfjzKOrfRN3UoDJDohCBSwsjKBKM5I8X+DapzUB/qgJJ4SmlS52dUW -34FPTZ4Mt/yXOOKVJGEeCJNhT+tLryESVekln3iiZvO1Zf2NByIl/7fgEJczPzAR -0Bfy5iAxIJr/9FqPbQKxAoIBAQDjRW2zfFa227nPyO9V8P+h1kpx/4+jDHhMvOAr -FqLuyQyPmTgym7jHqG9mWVfN9LDP30x622nLtvDlVxubG1l4Mffs7hfHDSXukZoA -x1rNUvahPdZ5/yqenitHTB/nGgBBlsR/2YnzXC9ARYgc05lJ3mXF/5k0D4Pvv6l7 -VSubJuIkvL/L+JEywM1UxcaARc7u6HU/Qfd6NNl4kFuzjOyMa3lGhWpCdzSzlEvx -Nt1y8zMQ+/nwvJFIXddzypLDY+bW3PsmoJZ+EDcIFYtys+gCUBUC4RMqboRsArYi -F9hK297vZwnoixzpPON/XwPvx/mQrwqdZO2iZfAAtVgwafXHAoIBAQDLlJI50v3S -QuXiciyEzdlZkuvsf5cUg2No8oqewsgCSU2Lgo3Hz+VAG/pGUQULFqzlw0GAzOMR -tOdkYBMzXxMxP9HsWGlKpe6e+5OQ7bnqCbApgmBQFhiCj6HDtb+C5/pip4KaCAA5 -hZ2vOqpy1R/UbVNuf6bOxvxIKuIShKg6Phhi+TbETq/KucogPNwklqYTeMJAMfVP -EwQPe1LGy59VpxPqMiXMsXllA+ZJFPnxN+6998ewk1fu9o8/cW1ADFuFODrRxWKJ -KaBSoON2sAEl8JvakmiyStIJVroDa+upMHjwfayiZ5pOCSbmh8nIPAwEdz42w2hu -E0T7SvcRNWhTAoIBAQCqZ91YLcuK8fdBb+TcaIYT32wUS810MJ5m01u1kxR5vC95 -4CV99Lq4oXddo3GtkGGei0x59dg+kZ3QJ98gDoKoF7dQZDlZ22bsmSmCmfdgamtX -/Ni6wnM/WVMT82UcT6ePhi8xuXexDBa1tyzWiGWwOFvQ+NPzcAq6EdhPDE5U1/PK -HeglVOvxxRRwEpbCiRUelxeKZbjcXZINzxei6fBXXSIimVhSG7VdTL0gUMX8MZPB -kV0XfxvjydEJFgOzE037HtgFX3VXcmsA2b6kM3arfUYz0XUgZJtPrTzJFV3syy0+ -DeElBmGYFDpzv1dhS2y5ajWoTAvNr2cj8NT+AATzAoIBACshrh1cK3SpwcTJRc9Z -QYxtyVhQ6/Rnpd8tS9s5D2EUoL5HCbzkugBsLQlKzxO7WSRQywb74bv1pPSqOkcv -BITxrYsybBRptXWvfWM+Sp5gMReKTNeK5uR6g95QGmQku/K85Lm3qjyFp5PhjQ1J -RDYgd4W4u+GhXP/5Pe6Ido/oaghGHqlWtn3wAPf1jPqfhE4pzpYFP6DiOYECMtZ1 -e6uM+3Yp68JDc6HIQrkHHbFSlV1gKsmpXf798/mQEYJ5W8aM1EFvXWIMFLCM78RM -o+Gi6ZJUZKQpn/hkjIJ/Ee3FnEnvhmzeIF4aKEi9Si4HMtCbZu35Vp3DrWDEUDYw -J4sCggEALWHOnPhBFu28ipZmPyohEvJiFuaFR26E9iGzdIi0maXK94S+pE0CldO8 -b1lXakgI+pAP3WHpn+B5AWNluG8pJ3DRdflcYxMxfk5qhiMnagT3q/F49kYaPtEA -lkMsCJ8lQIPHlq9IhoMA9W8JfpuCFZgO0hEj3yXeXTFnaie+m3EkFmJqI06SvGCH -DPFkGIfEDR8TjHR+RclYqmbtz0dgKRTuEq5s/HnGX5buFbQvC+Ok7xLSMAS3prVM -IRBr4aUwuFN/fPPz9SPu5xeqJzjDm366tB/0nwAC8wZ7GcfCha2cGUfLf/dEFw/Q -VhGnxjg3mjbqt21aRH14tcsxKJmOSA== +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDjTzIKAzID+GFA +YDFXWR/yLMdN3rDnqCTv7eKB86hbX4/29eLLrxX+vI+6N+F9vcsdFnQpIYgjGfOR +NAqyJai5CYLLrbNLxN4XFTh7u2axnYaAZpOeSA2uk5TcWo7C5RXe3gg4CwDouIQZ +7/i9AgvCak2f/fcq34yjJkAX6Z1ZQGqCi1F8EU7qYaV6HosXVKD6OA5lw6DNi5pi +Br2jTXJyKU687hkJ2PJ7pMAEgy4UBm7+LLVkTZRZkX5pzTG++AxIF3TWwOUfo9Qp +3cJNnNGBMnDpqUER2i7LVgD6ZXE1NAYFKLwRD5snBqIdWms+n9i8A/6oJeSl1FFS +FyYCAhF66DDdTrcyt7edTDpLzh24jMrqlO1zZbpdhz96UmnLsHip+dT9cMWefE4g +XRCnKcng8/Czysg9sYh0z+8i9+vcNdURptSdtwkjMArMR8Dj8P90uTufTlCZTYah +l6TeFvlKu2nDghtSsaZkzqGCLki7PjNObvyNbHSoTR8vePfR+ZoJvmvo6hGVAwYa +p7hbqSiW+oXscRHtRigMyNDNWXTo6vuOLwUAzebOnfIyr7fJJUaMZBMKBDJe55V4 +DXUn1f20c0cpBzd31VXbPd+hGLQgUTgEXuICu0H//ybrClE52tcRnPbqGguoSmox +FfGb/ahHkS31iF24nBBRbJJE9xO5wwIDAQABAoICAAm6mQSusFRVLCxqMZJwgRqH +ahxeHKo9mx8dymUPfbQzeeDzEzruin11qp0oySDtn6TmEiC0i7Qc5zzewlpvnDIX +Qx7el1711R+dy+YX1kRh3qDeQxEyOkuvi16HDbcvwOjiDe4AIpDTXOwTRk0oqkIu +9JWVdB/Eo6tT9shPOmnYhPaDagBqaTtE5KU+a2ubNqye+5bFcbt6bygk67bymKRk +OjeB5VZzj6VVHtbSmoVG5TdByJ27aE8RGB0FKEzpJvVq85hBd00MYQdNs4RI4vqp +owWNNfjCouAXFUGiV98UE/HilXIRfe2ErimddhufEdKyRRMDVC740GY4EWtilUbd +wy1pbWtqn4hQEEyWfjRud2dS00yaRkTFK8JcXc/W2RhwPlMXeUdF+ImH3ROYIGHc +NHgvVwSfyuk1OYjn3n0UNh/Y2wqr06xyaIPaTNjWUQJ/ektl05BzW5Buq3h++nFn +J4qD6dut6zWsnQaBIcWQHZlwdXZC10xOfl9dkR6o0DPWOUFLGrW8XODXc2RwW5AH +yPcIUzJubExczWX1v958HqsXY4foWeBP2hmPmE0axqvRqkInRJDXhpgSxGxjmlNm +h1nnjH9Z8EPpvaf9Jfm7u5dH7xEUCnSxymS/gKHN1kc+M10kNaTxwyC2FL+fGAzU +OrqrLx/fM0rFHjdL+kehAoIBAQD3kxRXs9TUvtJC6H0HeGtL7r/FqTxTqDIikTzT +hIFDu5o/arA31ZMzTi5dFS4qBGHc7aM6L0NHi+ty4kXWBrkpPIDcD9OGfkA5S07i +Zttif4f+vSD/C9JScyKWHyGyBWX/lUukRsC4nHXv+Rei4zcBwMtU7fI1a48iXOyL +wLvuYnGWfQYYjokEo5y8uQsePcFEH7PBYlvkvhArTzfMWXXFojSCLyMFTcEgRScX +Jd1RhxvsZlNnZUgFlaWmpPTzI88U11VCawQ0wzEZblUha6D2sdQIW2QuEXoFDESh +vfdvjU/yWFrqjygEh4NfNvI8623KrVbXtwDo/VPSBlanEy4RAoIBAQDrC4/HBdhc +c3W9bAhiLmO8FWjwy508VrS1OEbLFjC4CeGEUP2Q4kk7U8XKcfwhFecUPnFqP1vP +yj/KgE2I5d8sy03OEH3+rhcRrMGt72w0KSXoVBD2YSK1toQBEy61i7mCs+qjHMxn +NN10RQRnaaa+qyMtI/zuyx2RGMtIb73LzNh1l39luhg3dgEJXg7yDByAvE0xz0Jh +EtkDMqlARvZLqqYPKbZeHFLJTCzA1KntI95SEPCEpDFADenS6uziDkg5CmRAVegi +NH34IHXIjvce5ezYRhfsyYI2bDE7o0tSAAGw89yGwXva6mSXSrUVjaxkETGitNvP +oBcHhN2X3eaTAoIBADC0ebMLSNqVs82/6SD4Gru0e3vKYHjgxQQx6HKAReHqXV0O +gx5o4O2d+tcLHKrdc9c/1PXUaHsB1s8iHrUNW432Pi+M2YNDASWEYD+AFrbY+gsu +b/hc/gKEbhB0jW91SmyulVP7K1zmQvlz2qeL5b1tjVLnANhrkZwkBdE0mIQ8T7ZY +YEOifugvu90Q1lQbuBLL3dQ0onlsvseWbRbBnr7Du2rFFTGs60qK8DbIlzK7zs2C +D/RuY23d09nl596Rc+LYvggz/37Vy6oCH7NUdjUyJNGEEUBS5dtqX3ImajBC77Bw +m2o7wZaqhjjMGXnMoyvVUBleAkrT05Kk9pUl29ECggEAK63rWy3/5jZis//mkvBS +AnrsFIuSPctTK7Y4mbcW+KyFZ0RxysHyn/7Sa+vA0hky5zUveHIryrKoJiavwfgO +AFILtHamI3UQvm0fVQaAUjUvYTx2JoMooyI258g7zusXX2219ff9GFTfrqLAzcL5 +hMdi8xmUAIBojzVPWbfCSqRXuYqc1ze9FllsmeQL3PlZNqdHpTECAe4xvAFnKJXH +YYpl771tsZGL5PKuAmvC5FndD90sBUpKCMBNKrATs3K6AzemJ7qPOAQPQNQvb0T6 +MZjC6fIkshFEjH6Qq6eN8MAlkE/RNI2ySZ1zchYlDstUNQho8/auPqhefzw2vekz +1wKCAQEAiXl+8VUi1ZTxX8CFq00rjl8EqTBTcwTw0IaMsp6wl22UThlcwE4iZfmT +v9NGNSrpM1uIsXlI3ZR2BMGfxYWNTFLWslZty4ZpHleOG2HCkXJWY1mTOzB1ESbo +duEVayNLlKOr42x7dM+soJITTz7ISjfmwbV7DfcRo5ouq1iPL4BO6KDMktDpn8uU +Xck1mB6clZOp4U/Weu6/mkfc7TTncbmyBnZ89Ef545K0EmG7hH4TskEnuPfBa3GH +xbZZP4uwbLEPkW86nBsLZTbSOXnYqHdq02+06EwHyWx1OmvxD5hbAbMSnRsEyeDe +tisnYhG39m8vxseoVVxuwHfeGQGM0A== -----END PRIVATE KEY----- diff --git a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java index 1a7210338d..78d5412fc9 100644 --- a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java +++ b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/EmptyGlobalConf.java @@ -38,6 +38,7 @@ import org.niis.xroad.globalconf.impl.FileSystemGlobalConfSource; import org.niis.xroad.globalconf.impl.extension.GlobalConfExtensionFactoryImpl; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -46,6 +47,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; @@ -79,6 +81,16 @@ public List getOcspResponderAddressesForCaCertificate(X509Certificate ca return Collections.emptyList(); } + @Override + public Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert) { + return Collections.emptyMap(); + } + + @Override + public CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl) { + return CostType.UNDEFINED; + } + @Override public List getOcspResponderCertificates() { return Collections.emptyList(); diff --git a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java index 824f636aed..8f338a31ff 100644 --- a/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java +++ b/src/common/common-test/src/main/java/org/niis/xroad/test/globalconf/TestGlobalConfWrapper.java @@ -38,6 +38,7 @@ import org.niis.xroad.globalconf.cert.CertChain; import org.niis.xroad.globalconf.extension.GlobalConfExtensions; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -48,6 +49,7 @@ import java.security.cert.X509Certificate; import java.util.Collection; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; @@ -133,6 +135,16 @@ public ClientId.Conf getSubjectName(SignCertificateProfileInfo.Parameters parame return globalConfProvider.getSubjectName(parameters, cert); } + @Override + public Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert) { + return globalConfProvider.getOcspResponderAddressesAndCostTypes(instanceIdentifier, caCert); + } + + @Override + public CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl) { + return globalConfProvider.getOcspResponderCostType(instanceIdentifier, ocspUrl); + } + @Override public List getOcspResponderAddresses(X509Certificate member) throws CertificateEncodingException, IOException { return globalConfProvider.getOcspResponderAddresses(member); diff --git a/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java b/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java index 2c2f57a239..dfc9ee9198 100644 --- a/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java +++ b/src/lib/globalconf-core/src/main/java/org/niis/xroad/globalconf/GlobalConfProvider.java @@ -36,6 +36,7 @@ import org.niis.xroad.globalconf.cert.CertChain; import org.niis.xroad.globalconf.extension.GlobalConfExtensions; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -47,6 +48,7 @@ import java.util.Collection; import java.util.Collections; import java.util.List; +import java.util.Map; import java.util.Optional; import java.util.OptionalInt; import java.util.Set; @@ -166,6 +168,10 @@ ClientId.Conf getSubjectName( */ List getOcspResponderAddressesForCaCertificate(X509Certificate caCert) throws CertificateEncodingException, IOException; + Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert); + + CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl); + /** * @return a list of known OCSP responder certificates */ diff --git a/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml b/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml index a54228f99e..5dee67d03f 100644 --- a/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml +++ b/src/lib/globalconf-core/src/test/resources/globalconf_good_v6/EE/shared-params.xml @@ -59,6 +59,7 @@ neKQsBCiYuP03CJX5gg5yC37MxlcC2NpwdM60Q+7sp+Riz+eGw4tpVnAEmD8ZwHl vuN63j9maswGt/KrgylIF99T/5WpbFVRWQHibbEH + FREE http://www.example.net/ocsp @@ -81,6 +82,7 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= + PAID ee.ria.xroad.common.certificateprofile.impl.TestCertificateProfileInfoProvider @@ -142,7 +144,7 @@ FREE - http://www.example.net/ocsp + http://www.example.net/ocsp2 MIIDizCCAnOgAwIBAgIIOmOWEyqjUj0wDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UE AwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0Uw HhcNMTIwOTA2MTEzODMwWhcNMTQwOTA2MTEzODMwWjAWMRQwEgYDVQQDDAtPY3Nw @@ -162,7 +164,7 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= - FREE + FREE ee.ria.xroad.common.certificateprofile.impl.TestCertificateProfileInfoProvider @@ -216,7 +218,6 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= - PAID http://www.example.net/ocsp @@ -239,7 +240,6 @@ 3AH22TFUUUnaTGVF+OiHtthE1u7bnwsTqWXX4PI9I3KnSaIEE55mveNq2jHVWu4r Myy2flOZMonYh3dw1gmSp2yWo1YDpN3olM0Li6Lnfvg1TZd71xZ6ZkKf+MoAs+pW 2HaLh8hiYRXpgw3WVSBg6CPTLoU5xFb57BNL3qccVetmbpZgznHMYEBN4b4pyHk= - FREE ee.ria.xroad.common.certificateprofile.impl.TestCertificateProfileInfoProvider diff --git a/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java b/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java index 7a8cdc9cd9..0a878307a9 100644 --- a/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java +++ b/src/lib/globalconf-impl/src/main/java/org/niis/xroad/globalconf/impl/GlobalConfImpl.java @@ -50,6 +50,7 @@ import org.niis.xroad.globalconf.impl.cert.CertChainFactory; import org.niis.xroad.globalconf.impl.extension.GlobalConfExtensionFactoryImpl; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalConfInitException; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; @@ -65,6 +66,7 @@ import java.util.Arrays; import java.util.Collection; import java.util.List; +import java.util.Map; import java.util.Objects; import java.util.Optional; import java.util.OptionalInt; @@ -329,6 +331,32 @@ public List getOcspResponderAddressesForCaCertificate(X509Certificate ca return doGetOcspResponderAddressesForCertificate(caCert, true); } + @Override + public Map getOcspResponderAddressesAndCostTypes(String instanceIdentifier, X509Certificate caCert) { + Map responders = new java.util.HashMap<>(); + SharedParametersCache sharedParametersCache = getSharedParametersCache(instanceIdentifier); + List ocspInfos = sharedParametersCache.getCaCertsAndOcspData().get(caCert); + if (ocspInfos != null) { + ocspInfos.stream() + .filter(ocspInfo -> StringUtils.isNotBlank(ocspInfo.getUrl())) + .forEach(ocspInfo -> responders.put(ocspInfo.getUrl().trim(), ocspInfo.getCostType())); + } + return responders; + } + + @Override + public CostType getOcspResponderCostType(String instanceIdentifier, String ocspUrl) { + SharedParametersCache sharedParametersCache = getSharedParametersCache(instanceIdentifier); + for (List ocspInfos : sharedParametersCache.getCaCertsAndOcspData().values()) { + for (SharedParameters.OcspInfo ocspInfo : ocspInfos) { + if (StringUtils.isNotBlank(ocspInfo.getUrl()) && ocspInfo.getUrl().trim().equals(ocspUrl.trim())) { + return ocspInfo.getCostType(); + } + } + } + return CostType.UNDEFINED; + } + @Override public List getOcspResponderCertificates() { List responderCerts = new ArrayList<>(); @@ -446,7 +474,7 @@ public X509Certificate[] getAuthTrustChain() { public SecurityServerId.Conf getServerId(X509Certificate cert) throws CertificateEncodingException, IOException, OperatorCreationException { for (SharedParametersCache p : getSharedParametersCaches()) { - String b64 = encodeBase64(calculateCertHash(p.getInstanceIdentifier(), cert)); + String b64 = encodeBase64(calculateCertHash(cert)); SharedParameters.SecurityServer server = p.getServerByAuthCert().get(b64); if (server != null) { return SecurityServerId.Conf.create( @@ -459,7 +487,7 @@ public SecurityServerId.Conf getServerId(X509Certificate cert) return null; } - private byte[] calculateCertHash(String instanceIdentifier, X509Certificate cert) + private byte[] calculateCertHash(X509Certificate cert) throws CertificateEncodingException, IOException, OperatorCreationException { Integer version = globalConfSource.getVersion(); if (version != null && version > 2) { @@ -484,7 +512,7 @@ public ClientId getServerOwner(SecurityServerId serverId) { public boolean authCertMatchesMember(X509Certificate cert, ClientId memberId) throws CertificateEncodingException, IOException, OperatorCreationException { for (SharedParametersCache p : getSharedParametersCaches()) { - byte[] inputCertHash = calculateCertHash(p.getInstanceIdentifier(), cert); + byte[] inputCertHash = calculateCertHash(cert); boolean match = Optional.ofNullable(p.getMemberAuthCerts().get(memberId)).stream() .flatMap(Collection::stream) .anyMatch(h -> Arrays.equals(inputCertHash, h)); diff --git a/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfTest.java b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfTest.java index 3ab83dac51..35152ed08b 100644 --- a/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfTest.java +++ b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfTest.java @@ -463,14 +463,14 @@ public void getApprovedCAs() { @Test public void getClientSecurityServers() { - SecurityServerId server1 = SecurityServerId.Conf.create("EE", "BUSINESS", "producer", "producerServerCode"); - SecurityServerId server3 = SecurityServerId.Conf.create("EE", "BUSINESS", "foo", "fooServerCode"); - SecurityServerId server4 = SecurityServerId.Conf.create("EE", "BUSINESS", "foo", "FooBarServerCode"); + SecurityServerId server1 = SecurityServerId.Conf.create("EE", "BUSINESS", "producer", "producerServerCode"); + SecurityServerId server3 = SecurityServerId.Conf.create("EE", "BUSINESS", "foo", "fooServerCode"); + SecurityServerId server4 = SecurityServerId.Conf.create("EE", "BUSINESS", "foo", "FooBarServerCode"); - Set securityServers = globalConfProvider.getClientSecurityServers(newClientId("foo")); + Set securityServers = globalConfProvider.getClientSecurityServers(newClientId("foo")); - assertThat(securityServers).containsExactlyInAnyOrder(server1, server3, server4); - } + assertThat(securityServers).containsExactlyInAnyOrder(server1, server3, server4); + } private static ClientId newClientId(String name) { return ClientId.Conf.create("EE", "BUSINESS", name); diff --git a/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java new file mode 100644 index 0000000000..3cb6ca7c23 --- /dev/null +++ b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java @@ -0,0 +1,125 @@ +/* + * The MIT License + * + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.niis.xroad.globalconf.impl; + +import ee.ria.xroad.common.ExpectedCodedException; +import ee.ria.xroad.common.SystemProperties; +import ee.ria.xroad.common.TestCertUtil; + +import org.apache.commons.io.FileUtils; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.model.CostType; + +import java.io.File; +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import static ee.ria.xroad.common.SystemProperties.getConfigurationPath; +import static org.junit.Assert.assertEquals; + +public class GlobalConfVer6Test { + private static final String GOOD_CONF_DIR = "../globalconf-core/src/test/resources/globalconf_good_v6"; + private static final Path GOOD_CONF_FILES = Paths.get(GOOD_CONF_DIR, "files"); + + @Rule + public ExpectedCodedException thrown = ExpectedCodedException.none(); + + private static GlobalConfProvider globalConfProvider; + + @BeforeClass + public static void setUpBeforeClass() throws Exception { + System.setProperty(SystemProperties.CONFIGURATION_PATH, GOOD_CONF_DIR); + + createConfigurationFiles(); + + globalConfProvider = new GlobalConfImpl(new FileSystemGlobalConfSource(getConfigurationPath())); + + } + + private static void createConfigurationFiles() throws IOException { + List confFiles = new ArrayList<>(); + File files = GOOD_CONF_FILES.toFile(); + + confFiles.add(getConfFileName("bar", "shared-params.xml")); + confFiles.add(getConfFileName("EE", "private-params.xml")); + confFiles.add(getConfFileName("EE", "shared-params.xml")); + confFiles.add(getConfFileName("foo_v2", "private-params.xml")); + confFiles.add(getConfFileName("foo_v2", "shared-params.xml")); + confFiles.add(getConfFileName("baz_v3", "private-params.xml")); + confFiles.add(getConfFileName("baz_v3", "shared-params.xml")); + confFiles.add(getConfFileName("qux_v4", "private-params.xml")); + confFiles.add(getConfFileName("qux_v4", "shared-params.xml")); + confFiles.add(getConfFileName("quux_v5", "private-params.xml")); + confFiles.add(getConfFileName("quux_v5", "shared-params.xml")); + + FileUtils.writeLines(files, StandardCharsets.UTF_8.name(), confFiles); + } + + private static String getConfFileName(String instanceIdentifier, String fileName) { + return Paths.get(GOOD_CONF_DIR, instanceIdentifier, fileName).toAbsolutePath().normalize().toString(); + } + + @AfterClass + public static void cleanUpAfterClass() { + deleteConfigurationFiles(); + } + + private static void deleteConfigurationFiles() { + try { + Files.delete(GlobalConfVer6Test.GOOD_CONF_FILES); + } catch (IOException e) { + // Ignore. + } + } + + @Test + public void getOcspResponderAddressesAndCostTypes() { + + Map addressesAndCostTypes = + globalConfProvider.getOcspResponderAddressesAndCostTypes("EE", TestCertUtil.getCaCert()); + + assertEquals(2, addressesAndCostTypes.size()); + assertEquals(CostType.FREE, addressesAndCostTypes.get("http://127.0.0.1:8082/ocsp")); + assertEquals(CostType.PAID, addressesAndCostTypes.get("http://www.example.net/ocsp")); + } + + @Test + public void getOcspResponderCostType() { + CostType costType = globalConfProvider.getOcspResponderCostType("EE", "http://www.example.net/ocsp2"); + assertEquals(CostType.FREE, costType); + } +} diff --git a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java index d2a2a1bb73..98b986402d 100644 --- a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java +++ b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/ServerConfProvider.java @@ -189,6 +189,8 @@ InternalSSLKey getSSLKey() */ List getTspUrl(); + String getTspCostType(String tspUrl); + /** * @param serviceId the service identifier * @return the type of the service as {@link DescriptionType} diff --git a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java index c585c28602..df5ce1bf60 100644 --- a/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java +++ b/src/lib/serverconf-core/src/main/java/org/niis/xroad/serverconf/model/TimestampingService.java @@ -38,4 +38,5 @@ public class TimestampingService { private Long id; private String name; private String url; + private String costType; } diff --git a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java index b929bd6a0d..a38700c0ff 100644 --- a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java +++ b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java @@ -361,6 +361,20 @@ public List getTspUrl() { .collect(Collectors.toList())); } + @Override + public String getTspCostType(String tspUrl) { + return tx(session -> { + TimestampingService tsp = getConf(session).getTimestampingServices().stream() + .filter(t -> StringUtils.equals(t.getUrl(), tspUrl)) + .findFirst() + .orElse(null); + if (tsp != null) { + return tsp.getCostType(); + } + return null; + }); + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return tx(session -> { diff --git a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java index b82e945efd..d84c9e4d59 100644 --- a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java +++ b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/entity/TimestampingServiceEntity.java @@ -57,4 +57,7 @@ public class TimestampingServiceEntity { @Column(name = "url", nullable = false) private String url; + + @Column(name = "cost_type") + private String costType; } diff --git a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java index 2754137a78..aa322a4992 100644 --- a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java +++ b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/ServerConfTest.java @@ -39,6 +39,7 @@ import org.junit.Rule; import org.junit.Test; import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.serverconf.IsAuthentication; import org.niis.xroad.serverconf.ServerConfProvider; import org.niis.xroad.serverconf.impl.dao.ServiceDAOImpl; @@ -334,6 +335,14 @@ public void getTsps() throws Exception { } } + @Test + public void getTspCostType() { + String costType0 = serverConfProvider.getTspCostType("tspUrl0"); + String costType2 = serverConfProvider.getTspCostType("tspUrl2"); + assertEquals(CostType.UNDEFINED.name(), costType0); + assertEquals(CostType.FREE.name(), costType2); + } + /** * Tests getting services. * diff --git a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java index d8b6c0b82e..f1980de92c 100644 --- a/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java +++ b/src/lib/serverconf-impl/src/test/java/org/niis/xroad/serverconf/impl/TestUtil.java @@ -31,6 +31,7 @@ import ee.ria.xroad.common.identifier.ServiceId; import org.hibernate.Session; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.serverconf.impl.entity.AccessRightEntity; import org.niis.xroad.serverconf.impl.entity.CertificateEntity; import org.niis.xroad.serverconf.impl.entity.ClientEntity; @@ -285,14 +286,20 @@ static ServerConfEntity createTestData(Session session) { client.getLocalGroups().add(localGroup); } + addTimestampingServices(conf); + + return conf; + } + + private static void addTimestampingServices(ServerConfEntity conf) { for (int j = 0; j < NUM_TSPS; j++) { TimestampingServiceEntity tsp = new TimestampingServiceEntity(); tsp.setName("tspName" + j); tsp.setUrl("tspUrl" + j); + tsp.setCostType(CostType.UNDEFINED.name()); conf.getTimestampingServices().add(tsp); } - - return conf; + conf.getTimestampingServices().get(2).setCostType(CostType.FREE.name()); } static ServiceId.Conf createTestServiceId(String memberCode, String serviceCode) { diff --git a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java index dabcf4372c..8b94968d96 100644 --- a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java +++ b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/EmptyServerConf.java @@ -143,6 +143,11 @@ public List getTspUrl() { return emptyList(); } + @Override + public String getTspCostType(String tspUrl) { + return null; + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return null; diff --git a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java index a252e8729b..4f4d699138 100644 --- a/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java +++ b/src/lib/serverconf-impl/src/testFixtures/java/org/niis/xroad/test/serverconf/TestServerConfWrapper.java @@ -160,6 +160,12 @@ public List getTspUrl() { return serverConfProvider.getTspUrl(); } + + @Override + public String getTspCostType(String tspUrl) { + return serverConfProvider.getTspCostType(tspUrl); + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return serverConfProvider.getDescriptionType(serviceId); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java index df21526e74..5a1c97e55e 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java @@ -27,11 +27,15 @@ package org.niis.xroad.securityserver.restapi.converter; import com.google.common.collect.Streams; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.ApprovedCaDto; import org.niis.xroad.securityserver.restapi.openapi.model.CertificateAuthorityDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; +import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDto; import org.springframework.stereotype.Component; import java.util.List; +import java.util.Map; import java.util.Set; import java.util.stream.Collectors; @@ -51,7 +55,7 @@ public class CertificateAuthorityConverter { public CertificateAuthorityDto convert(ApprovedCaDto approvedCaDto) { CertificateAuthorityDto ca = new CertificateAuthorityDto(); ca.setName(approvedCaDto.getName()); - ca.setAuthenticationOnly(Boolean.TRUE.equals(approvedCaDto.isAuthenticationOnly())); + ca.setAuthenticationOnly(approvedCaDto.isAuthenticationOnly()); ca.setNotAfter(approvedCaDto.getNotAfter()); ca.setIssuerDistinguishedName(approvedCaDto.getIssuerDistinguishedName()); ca.setSubjectDistinguishedName(approvedCaDto.getSubjectDistinguishedName()); @@ -65,9 +69,20 @@ public CertificateAuthorityDto convert(ApprovedCaDto approvedCaDto) { .map(ips -> ips.split(",")) .map(List::of) .orElse(null)); + ca.setOcspResponders(convertOcspResponders(approvedCaDto.getOcspUrlsAndCostTypes())); return ca; } + private List convertOcspResponders(Map ocspUrlsAndCostTypes) { + return ocspUrlsAndCostTypes.entrySet().stream() + .map(entry -> new OcspResponderDto(entry.getKey(), convertCostType(entry.getValue()))) + .collect(Collectors.toList()); + } + + private static CostTypeDto convertCostType(CostType costType) { + return costType != null ? CostTypeDto.valueOf(costType.name()) : CostTypeDto.UNDEFINED; + } + /** * convert a group of ApprovedCaDtos into a list of CertificateAuthorities * @param approvedCaDtos diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java index 261f16db5f..d8ef2331d6 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverter.java @@ -29,10 +29,14 @@ import ee.ria.xroad.common.DiagnosticsStatus; import com.google.common.collect.Streams; +import lombok.RequiredArgsConstructor; +import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.OcspResponderDiagnosticsStatus; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.CodeWithDetailsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDto; import org.springframework.stereotype.Component; import java.util.List; @@ -43,27 +47,33 @@ * Converter for certificate authority diagnostics related data between openapi and service domain classes */ @Component +@RequiredArgsConstructor public class OcspResponderDiagnosticConverter { - public OcspResponderDiagnosticsDto convert( + private final GlobalConfProvider globalConfProvider; + + public CaOcspDiagnosticsDto convert( OcspResponderDiagnosticsStatus ocspResponderDiagnosticsStatus) { - OcspResponderDiagnosticsDto ocspResponderDiagnostics = new OcspResponderDiagnosticsDto(); + CaOcspDiagnosticsDto ocspResponderDiagnostics = new CaOcspDiagnosticsDto(); ocspResponderDiagnostics.setDistinguishedName(ocspResponderDiagnosticsStatus.getName()); - List ocspResponders = convertOcspResponders( + List ocspResponders = convertOcspResponders( ocspResponderDiagnosticsStatus.getOcspResponderStatusMap()); ocspResponderDiagnostics.setOcspResponders(ocspResponders); return ocspResponderDiagnostics; } - public Set convert(Iterable statuses) { + public Set convert(Iterable statuses) { return Streams.stream(statuses) .map(this::convert) .collect(Collectors.toSet()); } - private OcspResponderDto convertOcspResponder(DiagnosticsStatus diagnosticsStatus) { - OcspResponderDto ocspResponder = new OcspResponderDto(); + private OcspResponderDiagnosticsDto convertOcspResponder(DiagnosticsStatus diagnosticsStatus) { + OcspResponderDiagnosticsDto ocspResponder = new OcspResponderDiagnosticsDto(); ocspResponder.setUrl(diagnosticsStatus.getDescription()); + CostType ocspResponderCostType = + globalConfProvider.getOcspResponderCostType(globalConfProvider.getInstanceIdentifier(), diagnosticsStatus.getDescription()); + ocspResponder.setCostType(CostTypeDto.fromValue(ocspResponderCostType.name())); if (diagnosticsStatus.getErrorCode() != null) { ocspResponder.setError(new CodeWithDetailsDto(diagnosticsStatus.getErrorCode().code()) .metadata(diagnosticsStatus.getErrorCodeMetadata())); @@ -76,7 +86,7 @@ private OcspResponderDto convertOcspResponder(DiagnosticsStatus diagnosticsStatu return ocspResponder; } - private List convertOcspResponders(Iterable statuses) { + private List convertOcspResponders(Iterable statuses) { return Streams.stream(statuses) .map(this::convertOcspResponder) .collect(Collectors.toList()); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java index 489e5e2419..66124bf3f9 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverter.java @@ -27,6 +27,7 @@ package org.niis.xroad.securityserver.restapi.converter; import com.google.common.collect.Streams; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.serverconf.model.TimestampingService; import org.springframework.stereotype.Component; @@ -43,6 +44,7 @@ public class TimestampingServiceConverter { public TimestampingServiceDto convert(TimestampingService tsp) { TimestampingServiceDto timestampingServiceDto = new TimestampingServiceDto(); timestampingServiceDto.setUrl(tsp.getUrl()); + timestampingServiceDto.setCostType(CostTypeDto.valueOf(tsp.getCostType())); timestampingServiceDto.setName(tsp.getName()); return timestampingServiceDto; } @@ -57,6 +59,7 @@ public TimestampingService convert(TimestampingServiceDto timestampingServiceDto TimestampingService timestampingService = new TimestampingService(); timestampingService.setUrl(timestampingServiceDto.getUrl()); timestampingService.setName(timestampingServiceDto.getName()); + timestampingService.setCostType(timestampingServiceDto.getCostType().name()); return timestampingService; } } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java index 1d11aafde7..7eaf286f5c 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverter.java @@ -29,8 +29,11 @@ import ee.ria.xroad.common.DiagnosticsStatus; import com.google.common.collect.Streams; +import lombok.RequiredArgsConstructor; import org.niis.xroad.securityserver.restapi.openapi.model.CodeWithDetailsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; +import org.niis.xroad.serverconf.ServerConfProvider; import org.springframework.stereotype.Component; import java.util.Set; @@ -40,11 +43,15 @@ * Converter for timestamping service diagnostics related data between openapi and service domain classes */ @Component +@RequiredArgsConstructor public class TimestampingServiceDiagnosticConverter { + private final ServerConfProvider serverConfProvider; + public TimestampingServiceDiagnosticsDto convert(DiagnosticsStatus diagnosticsStatus) { TimestampingServiceDiagnosticsDto timestampingServiceDiagnostics = new TimestampingServiceDiagnosticsDto(); timestampingServiceDiagnostics.setUrl(diagnosticsStatus.getDescription()); + timestampingServiceDiagnostics.setCostType(getCostType(diagnosticsStatus)); timestampingServiceDiagnostics.setStatusClass(DiagnosticStatusClassMapping.map(diagnosticsStatus.getStatus())); if (DiagnosticStatus.ERROR.equals(diagnosticsStatus.getStatus())) { CodeWithDetailsDto codeWithDetails = new CodeWithDetailsDto(diagnosticsStatus.getErrorCode().code()) @@ -58,6 +65,11 @@ public TimestampingServiceDiagnosticsDto convert(DiagnosticsStatus diagnosticsSt return timestampingServiceDiagnostics; } + private CostTypeDto getCostType(DiagnosticsStatus diagnosticsStatus) { + String tspCostType = serverConfProvider.getTspCostType(diagnosticsStatus.getDescription()); + return tspCostType != null ? CostTypeDto.valueOf(tspCostType) : CostTypeDto.UNDEFINED; + } + public Set convert(Iterable statuses) { return Streams.stream(statuses) .map(this::convert) diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java index f5a0c06bc9..37ad40a324 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java @@ -27,9 +27,11 @@ import lombok.Builder; import lombok.Getter; +import org.niis.xroad.globalconf.model.CostType; import java.time.OffsetDateTime; import java.util.List; +import java.util.Map; /** * DTO for approved certificate authority data @@ -50,4 +52,5 @@ public class ApprovedCaDto { private final String certificateProfileInfo; private final boolean acmeCapable; private final String acmeServerIpAddress; + private final Map ocspUrlsAndCostTypes; } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java index 65bc4c0051..020f9f65d1 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java @@ -47,6 +47,7 @@ import org.niis.xroad.securityserver.restapi.openapi.model.CertificateAuthorityDto; import org.niis.xroad.securityserver.restapi.openapi.model.CsrSubjectFieldDescriptionDto; import org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageTypeDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.service.CertificateAuthorityNotFoundException; import org.niis.xroad.securityserver.restapi.service.CertificateAuthorityService; import org.niis.xroad.securityserver.restapi.service.ClientNotFoundException; @@ -108,6 +109,13 @@ public ResponseEntity> getApprovedCertificateAuthor return new ResponseEntity<>(cas, HttpStatus.OK); } + @Override + @PreAuthorize("hasAuthority('VIEW_APPROVED_CERTIFICATE_AUTHORITIES')") + public ResponseEntity getOcspPrioritizationStrategy() { + var strategy = certificateAuthorityService.getOcspPrioritizationStrategy(); + return new ResponseEntity<>(ServicePrioritizationStrategyDto.valueOf(strategy.name()), HttpStatus.OK); + } + @SuppressWarnings("squid:S3655") // see reason below @Override @PreAuthorize("(hasAuthority('GENERATE_AUTH_CERT_REQ') and " diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java index 151af193ed..1446fa7d2a 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiController.java @@ -52,11 +52,11 @@ import org.niis.xroad.securityserver.restapi.dto.OcspResponderDiagnosticsStatus; import org.niis.xroad.securityserver.restapi.openapi.model.AddOnStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.BackupEncryptionStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.ConnectionStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfConnectionStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.MessageLogEncryptionStatusDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.OperationalDataIntervalDto; import org.niis.xroad.securityserver.restapi.openapi.model.ProxyMemoryUsageStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; @@ -122,7 +122,7 @@ public ResponseEntity> getTimestampingSer @Override @PreAuthorize("hasAuthority('DIAGNOSTICS')") - public ResponseEntity> getOcspRespondersDiagnostics() { + public ResponseEntity> getOcspRespondersDiagnostics() { List statuses = diagnosticService.queryOcspResponderStatus(); return new ResponseEntity<>(ocspResponderDiagnosticConverter.convert(statuses), HttpStatus.OK); } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java index 7cf6669886..4bec9ec3aa 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java @@ -55,6 +55,7 @@ import org.niis.xroad.securityserver.restapi.openapi.model.NodeTypeResponseDto; import org.niis.xroad.securityserver.restapi.openapi.model.SecurityServerAddressDto; import org.niis.xroad.securityserver.restapi.openapi.model.SecurityServerAddressStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.openapi.model.VersionInfoDto; import org.niis.xroad.securityserver.restapi.service.GlobalConfService; @@ -146,6 +147,13 @@ public ResponseEntity> getConfiguredTimestampingServ return new ResponseEntity<>(timestampingServiceDtos, HttpStatus.OK); } + @Override + @PreAuthorize("hasAuthority('VIEW_TSPS')") + public ResponseEntity getTimestampingPrioritizationStrategy() { + var strategy = systemService.getTimestampingPrioritizationStrategy(); + return new ResponseEntity<>(ServicePrioritizationStrategyDto.valueOf(strategy.name()), HttpStatus.OK); + } + @Override @PreAuthorize("hasAuthority('ADD_TSP')") @AuditEventMethod(event = RestApiAuditEvent.ADD_TSP) diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java index 2566710c8c..88882a8c93 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfChecker.java @@ -181,7 +181,7 @@ private void updateServerConf() { /** * Matches timestamping services in globalTsps with localTsps by name and checks if the URLs have changed. - * If the change is unambiguous, it's performed on localTsps. Otherwise a warning is logged. + * If the change is unambiguous, it's performed on localTsps. Otherwise, a warning is logged. * * @param globalTsps timestamping services from global configuration * @param localTsps timestamping services from local database diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java index 890ddeacad..9ff761e6b2 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java @@ -25,6 +25,7 @@ */ package org.niis.xroad.securityserver.restapi.service; +import ee.ria.xroad.common.SystemProperties; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfo; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfoProvider; import ee.ria.xroad.common.certificateprofile.GetCertificateProfile; @@ -209,6 +210,8 @@ private ApprovedCaDto buildCertificateAuthorityDto( builder.subjectDnPath(subjectDnPath); builder.topCa(subjectDnPath.size() <= 1 && subjectName.equals(subjectDnPath.getFirst())); + builder.ocspUrlsAndCostTypes(globalConfService.getOcspResponderAddressesAndCostTypes(certificate)); + return builder.build(); } @@ -229,6 +232,10 @@ List buildPath(X509Certificate certificate, return pathElements; } + public SystemProperties.ServicePrioritizationStrategy getOcspPrioritizationStrategy() { + return SystemProperties.getOcspPrioritizationStrategy(); + } + public boolean isAcmeExternalAccountBindingRequired(String caName) throws CertificateAuthorityNotFoundException { final var acmeUrl = getCertificateAuthorityInfo(caName).getAcmeServerDirectoryUrl(); return acmeUrl != null && acmeService.isExternalAccountBindingRequired(acmeUrl); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java index 5c04bef39a..2de61110c6 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/GlobalConfService.java @@ -37,6 +37,7 @@ import org.niis.xroad.common.core.exception.XrdRuntimeException; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; @@ -56,6 +57,7 @@ import java.time.Duration; import java.util.Collection; import java.util.List; +import java.util.Map; import java.util.OptionalInt; import java.util.Set; import java.util.stream.Collectors; @@ -180,6 +182,10 @@ public ApprovedCAInfo getApprovedCAForThisInstance(X509Certificate certificate) return globalConfProvider.getApprovedCA(globalConfProvider.getInstanceIdentifier(), certificate); } + public Map getOcspResponderAddressesAndCostTypes(X509Certificate certificate) { + return globalConfProvider.getOcspResponderAddressesAndCostTypes(globalConfProvider.getInstanceIdentifier(), certificate); + } + /** * @return CA certs for current instance */ @@ -206,6 +212,7 @@ private TimestampingService createTspType(SharedParameters.ApprovedTSA approvedT TimestampingService tsp = new TimestampingService(); tsp.setUrl(approvedTSA.getUrl()); tsp.setName(approvedTSA.getName()); + tsp.setCostType(approvedTSA.getCostType() != null ? approvedTSA.getCostType().name() : CostType.UNDEFINED.name()); return tsp; } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java index c0a84b0fae..49960e52d0 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java @@ -140,6 +140,7 @@ public List getConfiguredTimestampingServices() { private void auditLog(TimestampingService timestampingService) { auditDataHelper.put(RestApiAuditProperty.TSP_NAME, timestampingService.getName()); auditDataHelper.put(RestApiAuditProperty.TSP_URL, timestampingService.getUrl()); + auditDataHelper.put(RestApiAuditProperty.TSP_COST_TYPE, timestampingService.getCostType()); } public void addConfiguredTimestampingService(TimestampingService timestampingServiceToAdd) @@ -483,6 +484,10 @@ public SystemProperties.NodeType getServerNodeType() { return SystemProperties.getServerNodeType(); } + public SystemProperties.ServicePrioritizationStrategy getTimestampingPrioritizationStrategy() { + return SystemProperties.getTimestampingPrioritizationStrategy(); + } + public boolean isManagementServiceProvider() { var managementRequestService = globalConfProvider.getManagementRequestService(); return globalConfService.isSecurityServerClientForThisInstance(managementRequestService); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java index 64067d3104..1c17dfbdf1 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/diagnostic/OscpReponderCollector.java @@ -27,7 +27,7 @@ import lombok.RequiredArgsConstructor; import org.niis.xroad.securityserver.restapi.converter.OcspResponderDiagnosticConverter; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.service.DiagnosticService; import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; @@ -37,7 +37,7 @@ @Component @RequiredArgsConstructor @Order(DiagnosticCollector.ORDER_GROUP3) -public class OscpReponderCollector implements DiagnosticCollector> { +public class OscpReponderCollector implements DiagnosticCollector> { private final DiagnosticService diagnosticService; private final OcspResponderDiagnosticConverter ocspResponderDiagnosticConverter; @@ -47,7 +47,7 @@ public String name() { } @Override - public Set collect() { + public Set collect() { return ocspResponderDiagnosticConverter.convert(diagnosticService.queryOcspResponderStatus()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java index 9867b86963..0c9092dd29 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/OcspResponderDiagnosticConverterTest.java @@ -33,15 +33,20 @@ import org.junit.Before; import org.junit.Test; import org.niis.xroad.common.core.exception.ErrorCode; +import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.OcspResponderDiagnosticsStatus; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DiagnosticStatusClassDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; import java.time.OffsetDateTime; import java.util.Arrays; import java.util.Set; import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; /** * Test CertificateAuthorityDiagnosticConverter @@ -58,7 +63,12 @@ public class OcspResponderDiagnosticConverterTest { @Before public void setup() { - ocspResponderDiagnosticConverter = new OcspResponderDiagnosticConverter(); + GlobalConfProvider globalConfProvider = mock(GlobalConfProvider.class); + when(globalConfProvider.getInstanceIdentifier()).thenReturn("DEV"); + when(globalConfProvider.getOcspResponderCostType("DEV", URL_1)).thenReturn(CostType.FREE); + when(globalConfProvider.getOcspResponderCostType("DEV", URL_2)).thenReturn(CostType.PAID); + + ocspResponderDiagnosticConverter = new OcspResponderDiagnosticConverter(globalConfProvider); } @Test @@ -68,7 +78,7 @@ public void convertSingleCertificateAuthorityDiagnostics() { diagnosticsStatus.setDescription(URL_1); status.setOcspResponderStatusMap(Arrays.asList(diagnosticsStatus)); - OcspResponderDiagnosticsDto caDiagnostics = ocspResponderDiagnosticConverter.convert(status); + CaOcspDiagnosticsDto caDiagnostics = ocspResponderDiagnosticConverter.convert(status); assertEquals(1, caDiagnostics.getOcspResponders().size()); @@ -77,6 +87,7 @@ public void convertSingleCertificateAuthorityDiagnostics() { assertEquals(PREVIOUS_UPDATE_1, caDiagnostics.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_1, caDiagnostics.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(URL_1, caDiagnostics.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.FREE, caDiagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -96,14 +107,14 @@ public void convertMultipleCertificateAuthorityDiagnostics() { diagnosticsStatus3.setDescription(URL_1); status2.setOcspResponderStatusMap(Arrays.asList(diagnosticsStatus2, diagnosticsStatus3)); - Set diagnostics = ocspResponderDiagnosticConverter.convert( + Set diagnostics = ocspResponderDiagnosticConverter.convert( Arrays.asList(status1, status2)); - OcspResponderDiagnosticsDto firstDiagnostic = diagnostics + CaOcspDiagnosticsDto firstDiagnostic = diagnostics .stream() .filter(item -> item.getDistinguishedName().equals(CA_NAME_1)) .findFirst() .orElse(null); - OcspResponderDiagnosticsDto secondDiagnostic = diagnostics + CaOcspDiagnosticsDto secondDiagnostic = diagnostics .stream() .filter(item -> item.getDistinguishedName().equals(CA_NAME_2)) .findFirst() @@ -118,6 +129,7 @@ public void convertMultipleCertificateAuthorityDiagnostics() { assertEquals(PREVIOUS_UPDATE_1, firstDiagnostic.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_1, firstDiagnostic.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(URL_1, firstDiagnostic.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.FREE, firstDiagnostic.getOcspResponders().get(0).getCostType()); assertEquals(CA_NAME_2, secondDiagnostic.getDistinguishedName()); @@ -125,6 +137,7 @@ public void convertMultipleCertificateAuthorityDiagnostics() { assertEquals(null, secondDiagnostic.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_2, secondDiagnostic.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(URL_2, secondDiagnostic.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.PAID, secondDiagnostic.getOcspResponders().get(0).getCostType()); assertEquals(ErrorCode.OCSP_RESPONSE_PARSING_FAILURE.code(), secondDiagnostic.getOcspResponders() .get(1).getError().getCode()); @@ -132,5 +145,6 @@ public void convertMultipleCertificateAuthorityDiagnostics() { assertEquals(PREVIOUS_UPDATE_1, secondDiagnostic.getOcspResponders().get(1).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_1, secondDiagnostic.getOcspResponders().get(1).getNextUpdateAt()); assertEquals(URL_1, secondDiagnostic.getOcspResponders().get(1).getUrl()); + assertEquals(CostTypeDto.FREE, secondDiagnostic.getOcspResponders().get(1).getCostType()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java index 68a12d1d90..b6ce173475 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceConverterTest.java @@ -28,6 +28,8 @@ import org.junit.Before; import org.junit.Test; +import org.niis.xroad.globalconf.model.CostType; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.util.TestUtils; import org.niis.xroad.serverconf.model.TimestampingService; @@ -64,10 +66,11 @@ public void setup() { @Test public void convertSingleTspType() { TimestampingServiceDto timestampingService = timestampingServiceConverter.convert( - TestUtils.createTspType(TSA_1_URL, TSA_1_NAME)); + TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.FREE.name())); assertEquals(TSA_1_URL, timestampingService.getUrl()); assertEquals(TSA_1_NAME, timestampingService.getName()); + assertEquals(CostTypeDto.FREE, timestampingService.getCostType()); } @Test @@ -82,7 +85,7 @@ public void convertEmptyTspTypeList() { @Test public void convertMultipleTspTypes() { List tspTypes = new ArrayList<>(Arrays.asList(TestUtils.createTspType( - TSA_1_URL, TSA_1_NAME), TestUtils.createTspType(TSA_2_URL, TSA_2_NAME))); + TSA_1_URL, TSA_1_NAME, CostType.PAID.name()), TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.FREE.name()))); Set timestampingServices = timestampingServiceConverter.convert(tspTypes); @@ -92,9 +95,10 @@ public void convertMultipleTspTypes() { @Test public void convertSingleTimestampingService() { TimestampingService timestampingService = timestampingServiceConverter.convert(TestUtils - .createTimestampingService(TSA_1_URL, TSA_1_NAME)); + .createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.FREE)); assertEquals(TSA_1_URL, timestampingService.getUrl()); assertEquals(TSA_1_NAME, timestampingService.getName()); + assertEquals(CostTypeDto.FREE.name(), timestampingService.getCostType()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java index a825edfacc..44e3f3bc4f 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/converter/TimestampingServiceDiagnosticConverterTest.java @@ -32,8 +32,10 @@ import org.junit.Before; import org.junit.Test; import org.niis.xroad.common.core.exception.ErrorCode; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DiagnosticStatusClassDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; +import org.niis.xroad.serverconf.ServerConfProvider; import java.time.OffsetDateTime; import java.util.ArrayList; @@ -42,6 +44,8 @@ import java.util.Set; import static org.junit.Assert.assertEquals; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; /** * Test TimestampingServiceDiagnosticConverter @@ -53,7 +57,10 @@ public class TimestampingServiceDiagnosticConverterTest { @Before public void setup() { - timestampingServiceDiagnosticConverter = new TimestampingServiceDiagnosticConverter(); + ServerConfProvider serverConfProvider = mock(ServerConfProvider.class); + when(serverConfProvider.getTspCostType(URL_1)).thenReturn(CostTypeDto.PAID.name()); + when(serverConfProvider.getTspCostType(URL_2)).thenReturn(CostTypeDto.FREE.name()); + timestampingServiceDiagnosticConverter = new TimestampingServiceDiagnosticConverter(serverConfProvider); } @Test @@ -67,6 +74,8 @@ public void convertSingleTimestampingServiceDiagnostics() { assertEquals(DiagnosticStatusClassDto.OK, timestampingServiceDiagnostics.getStatusClass()); assertEquals(now, timestampingServiceDiagnostics.getPrevUpdateAt()); + assertEquals(URL_1, timestampingServiceDiagnostics.getUrl()); + assertEquals(CostTypeDto.PAID, timestampingServiceDiagnostics.getCostType()); } @Test @@ -95,8 +104,12 @@ public void convertMultipleTimestampingServiceDiagnostics() { assertEquals(ErrorCode.TIMESTAMP_TOKEN_SIGNER_INFO_NOT_FOUND.code(), firstDiagnostic.getError().getCode()); assertEquals(DiagnosticStatusClassDto.FAIL, firstDiagnostic.getStatusClass()); assertEquals(prevUpdate, firstDiagnostic.getPrevUpdateAt()); + assertEquals(URL_1, firstDiagnostic.getUrl()); + assertEquals(CostTypeDto.PAID, firstDiagnostic.getCostType()); assertEquals(DiagnosticStatusClassDto.WAITING, secondDiagnostic.getStatusClass()); assertEquals(prevUpdate2, secondDiagnostic.getPrevUpdateAt()); + assertEquals(URL_2, secondDiagnostic.getUrl()); + assertEquals(CostTypeDto.FREE, secondDiagnostic.getCostType()); } } diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java index ff8eebca40..ef6c563607 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java @@ -26,6 +26,7 @@ */ package org.niis.xroad.securityserver.restapi.openapi; +import ee.ria.xroad.common.SystemProperties; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfo; import ee.ria.xroad.common.certificateprofile.DnFieldDescription; import ee.ria.xroad.common.certificateprofile.DnFieldValue; @@ -36,6 +37,7 @@ import org.niis.xroad.securityserver.restapi.openapi.model.AcmeOrderDto; import org.niis.xroad.securityserver.restapi.openapi.model.CertificateAuthorityDto; import org.niis.xroad.securityserver.restapi.openapi.model.KeyUsageTypeDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.service.KeyNotFoundException; import org.niis.xroad.securityserver.restapi.util.TokenTestUtils; import org.niis.xroad.signer.api.dto.KeyInfo; @@ -159,6 +161,17 @@ public void getApprovedCertificateAuthoritiesAuthWithSignPermission() throws Exc } } + @Test + @WithMockUser(authorities = {"VIEW_APPROVED_CERTIFICATE_AUTHORITIES"}) + public void getOcspPrioritizationStrategy() { + when(certificateAuthorityService.getOcspPrioritizationStrategy()) + .thenReturn(SystemProperties.ServicePrioritizationStrategy.ONLY_PAID); + + ResponseEntity response = caController.getOcspPrioritizationStrategy(); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertEquals(ServicePrioritizationStrategyDto.ONLY_PAID, response.getBody()); + } + @Test @WithMockUser(authorities = {"GENERATE_AUTH_CERT_REQ"}) public void getSubjectFieldDescriptionsAuthWithAuthPermission() throws Exception { diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java index ef9a42f296..2d00923d12 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/DiagnosticsApiControllerTest.java @@ -36,18 +36,20 @@ import org.junit.BeforeClass; import org.junit.Test; import org.niis.xroad.common.core.exception.ErrorCode; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.opmonitor.api.OperationalDataInterval; import org.niis.xroad.opmonitor.api.OperationalDataIntervalProto; import org.niis.xroad.restapi.exceptions.DeviationAwareRuntimeException; import org.niis.xroad.restapi.exceptions.DeviationCodes; import org.niis.xroad.securityserver.restapi.openapi.model.AddOnStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.BackupEncryptionStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CaOcspDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.ConnectionStatusDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DiagnosticStatusClassDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfConnectionStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.GlobalConfDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.MessageLogEncryptionStatusDto; -import org.niis.xroad.securityserver.restapi.openapi.model.OcspResponderDiagnosticsDto; import org.niis.xroad.securityserver.restapi.openapi.model.OperationalDataIntervalDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDiagnosticsDto; import org.niis.xroad.securityserver.restapi.service.diagnostic.DiagnosticReportService; @@ -337,20 +339,22 @@ public void getOcspResponderDiagnosticsSuccess() { + DiagnosticStatus.OK + "\",\"url\":\"" + OCSP_URL_1 + "\",\"prevUpdate\":\"" + PREVIOUS_UPDATE + "\",\"nextUpdate\":\"" + NEXT_UPDATE + "\"}}}}}"); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.PAID); - ResponseEntity> response = + ResponseEntity> response = diagnosticsApiController.getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); + CaOcspDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); assertEquals(1, diagnostics.getOcspResponders().size()); assertEquals(CA_NAME_1, diagnostics.getDistinguishedName()); assertEquals(DiagnosticStatusClassDto.OK, diagnostics.getOcspResponders().get(0).getStatusClass()); assertEquals(PREVIOUS_UPDATE, diagnostics.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE, diagnostics.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(OCSP_URL_1, diagnostics.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.PAID, diagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -360,20 +364,22 @@ public void getOcspResponderDiagnosticsWaiting() { + "\"ocspResponderStatusMap\":{\"" + OCSP_URL_2 + "\":{\"diagnosticStatus\":\"" + DiagnosticStatus.UNINITIALIZED + "\",\"url\":\"" + OCSP_URL_2 + "\",\"nextUpdate\":\"" + NEXT_UPDATE + "\"}}}}}"); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.FREE); - ResponseEntity> response = + ResponseEntity> response = diagnosticsApiController.getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); + CaOcspDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); assertEquals(1, diagnostics.getOcspResponders().size()); assertEquals(CA_NAME_2, diagnostics.getDistinguishedName()); assertEquals(DiagnosticStatusClassDto.WAITING, diagnostics.getOcspResponders().get(0).getStatusClass()); assertNull(diagnostics.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE, diagnostics.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(OCSP_URL_2, diagnostics.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.FREE, diagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -383,14 +389,15 @@ public void getOcspResponderDiagnosticsFailNextUpdateTomorrow() { + "\",\"ocspResponderStatusMap\":{\"" + OCSP_URL_1 + "\":{\"diagnosticStatus\":\"" + DiagnosticStatus.ERROR + "\",\"errorCode\":\"" + ErrorCode.OCSP_RESPONSE_PARSING_FAILURE + "\",\"url\":\"" + OCSP_URL_1 + "\",\"nextUpdate\":\"" + NEXT_UPDATE_MIDNIGHT + "\"}}}}}"); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.PAID); - ResponseEntity> response = diagnosticsApiController + ResponseEntity> response = diagnosticsApiController .getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); + CaOcspDiagnosticsDto diagnostics = diagnosticsSet.stream().findFirst().orElse(null); assertEquals(1, diagnostics.getOcspResponders().size()); assertEquals(CA_NAME_1, diagnostics.getDistinguishedName()); assertEquals(ErrorCode.OCSP_RESPONSE_PARSING_FAILURE.code(), diagnostics.getOcspResponders() @@ -399,6 +406,7 @@ public void getOcspResponderDiagnosticsFailNextUpdateTomorrow() { assertNull(diagnostics.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_MIDNIGHT, diagnostics.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(OCSP_URL_1, diagnostics.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.PAID, diagnostics.getOcspResponders().get(0).getCostType()); } @Test @@ -408,14 +416,15 @@ public void getOcspResponderDiagnosticsFailPreviousUpdateYesterday() { + "\",\"ocspResponderStatusMap\":{\"" + OCSP_URL_2 + "\":{\"diagnosticStatus\":\"" + DiagnosticStatus.UNKNOWN + "\",\"url\":\"" + OCSP_URL_2 + "\",\"prevUpdate\":\"" + PREVIOUS_UPDATE_MIDNIGHT + "\",\"nextUpdate\":\"" + NEXT_UPDATE_MIDNIGHT + "\"}}}}}"); + when(globalConfProvider.getOcspResponderCostType(any(), any())).thenReturn(CostType.FREE); - ResponseEntity> response = diagnosticsApiController + ResponseEntity> response = diagnosticsApiController .getOcspRespondersDiagnostics(); assertEquals(HttpStatus.OK, response.getStatusCode()); - Set diagnosticsSet = response.getBody(); + Set diagnosticsSet = response.getBody(); assertEquals(1, diagnosticsSet.size()); - OcspResponderDiagnosticsDto diagnostics = diagnosticsSet + CaOcspDiagnosticsDto diagnostics = diagnosticsSet .stream() .findFirst() .orElse(null); @@ -425,6 +434,7 @@ public void getOcspResponderDiagnosticsFailPreviousUpdateYesterday() { assertEquals(PREVIOUS_UPDATE_MIDNIGHT, diagnostics.getOcspResponders().get(0).getPrevUpdateAt()); assertEquals(NEXT_UPDATE_MIDNIGHT, diagnostics.getOcspResponders().get(0).getNextUpdateAt()); assertEquals(OCSP_URL_2, diagnostics.getOcspResponders().get(0).getUrl()); + assertEquals(CostTypeDto.FREE, diagnostics.getOcspResponders().get(0).getCostType()); } @Test diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java index 57a9902209..16e48d9832 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java @@ -35,16 +35,19 @@ import org.niis.xroad.common.exception.BadRequestException; import org.niis.xroad.common.exception.ConflictException; import org.niis.xroad.common.exception.InternalServerErrorException; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.AnchorFile; import org.niis.xroad.securityserver.restapi.dto.MaintenanceMode; import org.niis.xroad.securityserver.restapi.dto.VersionInfo; import org.niis.xroad.securityserver.restapi.openapi.model.AnchorDto; import org.niis.xroad.securityserver.restapi.openapi.model.CertificateDetailsDto; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.DistinguishedNameDto; import org.niis.xroad.securityserver.restapi.openapi.model.MaintenanceModeMessageDto; import org.niis.xroad.securityserver.restapi.openapi.model.MaintenanceModeStatusDto; import org.niis.xroad.securityserver.restapi.openapi.model.NodeTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.NodeTypeResponseDto; +import org.niis.xroad.securityserver.restapi.openapi.model.ServicePrioritizationStrategyDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.openapi.model.VersionInfoDto; import org.niis.xroad.securityserver.restapi.service.AnchorFileNotFoundException; @@ -173,8 +176,8 @@ private void getSystemCertificate() throws IOException { @WithMockUser(authorities = {"VIEW_TSPS"}) public void getConfiguredTimestampingServices() { when(systemService.getConfiguredTimestampingServices()).thenReturn(new ArrayList<>( - Arrays.asList(TestUtils.createTspType(TSA_1_URL, TSA_1_NAME), - TestUtils.createTspType(TSA_2_URL, TSA_2_NAME)))); + Arrays.asList(TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.FREE.name()), + TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.PAID.name())))); ResponseEntity> response = systemApiController.getConfiguredTimestampingServices(); @@ -199,10 +202,21 @@ public void getConfiguredTimestampingServicesEmptyList() { assertEquals(0, timestampingServices.size()); } + @Test + @WithMockUser(authorities = {"VIEW_TSPS"}) + public void getTimestampingPrioritizationStrategy() { + when(systemService.getTimestampingPrioritizationStrategy()) + .thenReturn(SystemProperties.ServicePrioritizationStrategy.FREE_FIRST); + + ResponseEntity response = systemApiController.getTimestampingPrioritizationStrategy(); + assertEquals(HttpStatus.OK, response.getStatusCode()); + assertEquals(ServicePrioritizationStrategyDto.FREE_FIRST, response.getBody()); + } + @Test @WithMockUser(authorities = {"ADD_TSP"}) public void addConfiguredTimestampingService() { - TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_2_URL, TSA_2_NAME); + TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_2_URL, TSA_2_NAME, CostTypeDto.UNDEFINED); ResponseEntity response = systemApiController .addConfiguredTimestampingService(timestampingService); @@ -210,13 +224,14 @@ public void addConfiguredTimestampingService() { assertEquals(HttpStatus.CREATED, response.getStatusCode()); assertEquals(TSA_2_NAME, response.getBody().getName()); assertEquals(TSA_2_URL, response.getBody().getUrl()); + assertEquals(CostTypeDto.UNDEFINED, response.getBody().getCostType()); } @Test @WithMockUser(authorities = {"ADD_TSP"}) public void addDuplicateConfiguredTimestampingService() throws SystemService.DuplicateConfiguredTimestampingServiceException, TimestampingServiceNotFoundException { - TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME); + TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.FREE); Mockito.doThrow(new SystemService.DuplicateConfiguredTimestampingServiceException("")).when(systemService) .addConfiguredTimestampingService(any()); @@ -236,7 +251,7 @@ public void addNonExistingConfiguredTimestampingService() throws SystemService.DuplicateConfiguredTimestampingServiceException, TimestampingServiceNotFoundException { TimestampingServiceDto timestampingService = TestUtils - .createTimestampingService("http://dummy.com", "Dummy"); + .createTimestampingService("http://dummy.com", "Dummy", CostTypeDto.UNDEFINED); Mockito.doThrow(new TimestampingServiceNotFoundException("")).when(systemService) .addConfiguredTimestampingService(any()); @@ -253,14 +268,14 @@ public void addNonExistingConfiguredTimestampingService() throws @WithMockUser(authorities = {"DELETE_TSP"}) public void deleteConfiguredTimestampingService() { ResponseEntity response = systemApiController - .deleteConfiguredTimestampingService(TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME)); + .deleteConfiguredTimestampingService(TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.UNDEFINED)); assertEquals(HttpStatus.NO_CONTENT, response.getStatusCode()); } @Test @WithMockUser(authorities = {"DELETE_TSP"}) public void deleteNonExistingConfiguredTimestampingService() throws TimestampingServiceNotFoundException { - TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME); + TimestampingServiceDto timestampingService = TestUtils.createTimestampingService(TSA_1_URL, TSA_1_NAME, CostTypeDto.UNDEFINED); Mockito.doThrow(new TimestampingServiceNotFoundException("")).when(systemService) .deleteConfiguredTimestampingService(any()); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java index 79356e5462..23975e292c 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/TimestampingServiceApiControllerTest.java @@ -27,6 +27,7 @@ import org.junit.Before; import org.junit.Test; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.securityserver.restapi.util.TestUtils; import org.niis.xroad.serverconf.model.TimestampingService; @@ -65,8 +66,8 @@ public class TimestampingServiceApiControllerTest extends AbstractApiControllerT @Before public void setup() { - TimestampingService tsa1 = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME); - TimestampingService tsa2 = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME); + TimestampingService tsa1 = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.FREE.name()); + TimestampingService tsa2 = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.PAID.name()); APPROVED_TIMESTAMPING_SERVICES.put(tsa1.getName(), tsa1); APPROVED_TIMESTAMPING_SERVICES.put(tsa2.getName(), tsa2); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java index b4ae861c3b..ddc1ada97e 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/scheduling/GlobalConfCheckerTest.java @@ -34,6 +34,7 @@ import org.junit.After; import org.junit.Before; import org.junit.Test; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; import org.niis.xroad.securityserver.restapi.config.AbstractFacadeMockingTestContext; @@ -324,54 +325,60 @@ public void testUpdateTimestampServiceUrls() { // test with single matching items List approvedTSATypes = - Collections.singletonList(TestUtils.createApprovedTsaType("http://example.com:8121", "Foo")); + Collections.singletonList(TestUtils.createApprovedTsaType("http://example.com:8121", "Foo", CostType.FREE)); List timestampingServices = - Collections.singletonList(TestUtils.createTspType("http://example.com:8121", "Foo")); + Collections.singletonList(TestUtils.createTspType("http://example.com:8121", "Foo", CostType.FREE.name())); globalConfChecker.updateTimestampServiceUrls(approvedTSATypes, timestampingServices); assertEquals(1, approvedTSATypes.size()); assertEquals(1, timestampingServices.size()); assertEquals(approvedTSATypes.get(0).getName(), timestampingServices.get(0).getName()); assertEquals(approvedTSATypes.get(0).getUrl(), timestampingServices.get(0).getUrl()); + assertEquals(approvedTSATypes.get(0).getCostType().name(), timestampingServices.get(0).getCostType()); // test the normal update case // the change in approvedTSAType1 URL should be reflected to tspType1 URL List approvedTSATypes1 = Arrays.asList( - TestUtils.createApprovedTsaType("http://example.com:9999", "Foo"), - TestUtils.createApprovedTsaType("http://example.net", "Bar") + TestUtils.createApprovedTsaType("http://example.com:9999", "Foo", CostType.FREE), + TestUtils.createApprovedTsaType("http://example.net", "Bar", CostType.PAID) ); List tspTypes1 = Arrays.asList( - TestUtils.createTspType("http://example.com:8121", "Foo"), - TestUtils.createTspType("http://example.net", "Bar") + TestUtils.createTspType("http://example.com:8121", "Foo", CostType.FREE.name()), + TestUtils.createTspType("http://example.net", "Bar", CostType.PAID.name()) ); globalConfChecker.updateTimestampServiceUrls(approvedTSATypes1, tspTypes1); assertEquals(2, approvedTSATypes1.size()); assertEquals(2, tspTypes1.size()); assertEquals(approvedTSATypes1.get(0).getName(), tspTypes1.get(0).getName()); assertEquals(approvedTSATypes1.get(0).getUrl(), tspTypes1.get(0).getUrl()); + assertEquals(approvedTSATypes1.get(0).getCostType().name(), tspTypes1.get(0).getCostType()); assertEquals(approvedTSATypes1.get(1).getName(), tspTypes1.get(1).getName()); assertEquals(approvedTSATypes1.get(1).getUrl(), tspTypes1.get(1).getUrl()); + assertEquals(approvedTSATypes1.get(1).getCostType().name(), tspTypes1.get(1).getCostType()); // test the conflicting update case // the change in approvedTSAType3 URL should not be reflected to tspType3 URL because of ambiguous names List approvedTSATypes2 = Arrays.asList( - TestUtils.createApprovedTsaType("http://example.com:9898", "Foo"), - TestUtils.createApprovedTsaType("http://example.net", "Foo"), - TestUtils.createApprovedTsaType("http://example.org:8080", "Zzz") + TestUtils.createApprovedTsaType("http://example.com:9898", "Foo", CostType.FREE), + TestUtils.createApprovedTsaType("http://example.net", "Foo", CostType.PAID), + TestUtils.createApprovedTsaType("http://example.org:8080", "Zzz", CostType.UNDEFINED) ); List tspTypes2 = Arrays.asList( - TestUtils.createTspType("http://example.com:8121", "Foo"), - TestUtils.createTspType("http://example.net", "Foo"), - TestUtils.createTspType("http://example.org:8080", "Zzz") + TestUtils.createTspType("http://example.com:8121", "Foo", CostType.FREE.name()), + TestUtils.createTspType("http://example.net", "Foo", CostType.PAID.name()), + TestUtils.createTspType("http://example.org:8080", "Zzz", CostType.UNDEFINED.name()) ); globalConfChecker.updateTimestampServiceUrls(approvedTSATypes2, tspTypes2); assertEquals(3, approvedTSATypes2.size()); assertEquals(3, tspTypes2.size()); assertEquals(approvedTSATypes2.get(0).getName(), tspTypes2.get(0).getName()); assertNotEquals(approvedTSATypes2.get(0).getUrl(), tspTypes2.get(0).getUrl()); + assertEquals(approvedTSATypes2.get(0).getCostType().name(), tspTypes2.get(0).getCostType()); assertEquals(approvedTSATypes2.get(1).getName(), tspTypes2.get(1).getName()); assertEquals(approvedTSATypes2.get(1).getUrl(), tspTypes2.get(1).getUrl()); + assertEquals(approvedTSATypes2.get(1).getCostType().name(), tspTypes2.get(1).getCostType()); assertEquals(approvedTSATypes2.get(2).getName(), tspTypes2.get(2).getName()); assertEquals(approvedTSATypes2.get(2).getUrl(), tspTypes2.get(2).getUrl()); + assertEquals(approvedTSATypes2.get(2).getCostType().name(), tspTypes2.get(2).getCostType()); } @Test diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java index 6c5d0bd1d7..db8108b3b3 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityServiceTest.java @@ -36,6 +36,7 @@ import org.junit.Before; import org.junit.Test; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.dto.ApprovedCaDto; import org.niis.xroad.securityserver.restapi.util.CertificateTestUtils; import org.niis.xroad.serverconf.impl.entity.ClientEntity; @@ -82,6 +83,7 @@ public class CertificateAuthorityServiceTest extends AbstractServiceTestContext "CN=X-Road Test CA CN, OU=X-Road Test CA OU, O=X-Road Test, C=FI"; public static final String MOCK_INTERMEDIATE_CA_SUBJECT_DN = "CN=int-cn, O=X-Road Test int"; + public static final String MOCK_OCSP_RESPONDER_ADDRESS = "http://ocsp-responder.example.com"; @Before public void setup() throws Exception { @@ -99,6 +101,8 @@ public void setup() throws Exception { approvedCAInfos.add(new ApprovedCAInfo("mock-intermediate-ca", false, "ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider", null, null, null, null)); when(globalConfProvider.getApprovedCAs(any())).thenReturn(approvedCAInfos); + when(globalConfProvider.getOcspResponderAddressesAndCostTypes(any(), any())).thenReturn(Map.of(MOCK_OCSP_RESPONDER_ADDRESS, + CostType.FREE)); List caCerts = new ArrayList<>(); caCerts.add(CertificateTestUtils.getMockCertificate()); @@ -262,6 +266,7 @@ public void getCertificateAuthorities() throws Exception { assertEquals(Collections.singletonList("CN=N/A"), ca.getSubjectDnPath()); assertTrue(ca.isTopCa()); assertEquals("good", ca.getOcspResponse()); + assertEquals(CostType.FREE, ca.getOcspUrlsAndCostTypes().get(MOCK_OCSP_RESPONDER_ADDRESS)); assertEquals(OffsetDateTime.parse("2038-01-01T00:00Z"), ca.getNotAfter()); assertTrue(ca.isAcmeCapable()); @@ -275,6 +280,7 @@ public void getCertificateAuthorities() throws Exception { assertEquals(Collections.singletonList(MOCK_AUTH_CERT_SUBJECT), ca2.getSubjectDnPath()); assertTrue(ca2.isTopCa()); assertEquals("not available", ca2.getOcspResponse()); + assertEquals(CostType.FREE, ca.getOcspUrlsAndCostTypes().get(MOCK_OCSP_RESPONDER_ADDRESS)); assertEquals(OffsetDateTime.parse("2039-11-23T09:20:27Z"), ca2.getNotAfter()); assertFalse(ca2.isAcmeCapable()); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java index 80bb7e9112..dc93792a80 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/ServerConfServiceTest.java @@ -30,6 +30,7 @@ import ee.ria.xroad.common.identifier.SecurityServerId; import org.junit.Test; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.securityserver.restapi.util.TestUtils; import org.niis.xroad.serverconf.impl.entity.ClientIdEntity; import org.niis.xroad.serverconf.impl.entity.TimestampingServiceEntity; @@ -64,9 +65,9 @@ public void getSecurityServerOwnerId() { @Test public void getConfiguredTimestampingServices() { List configuredTimestampingServices = new ArrayList<>(); - configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa3.com", "TSA 3")); - configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa2.com", "TSA 2")); - configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa1.com", "TSA 1")); + configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa3.com", "TSA 3", CostType.UNDEFINED.name())); + configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa2.com", "TSA 2", CostType.FREE.name())); + configuredTimestampingServices.add(TestUtils.createTspTypeEntity("https://tsa1.com", "TSA 1", CostType.PAID.name())); when(serverConfRepository.getServerConf()).thenReturn(serverConfEntity); when(serverConfEntity.getTimestampingServices()).thenReturn(configuredTimestampingServices); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java index 3fad622dbd..cba29f2cd1 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java @@ -43,6 +43,7 @@ import org.niis.xroad.common.exception.InternalServerErrorException; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ConfigurationAnchor; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.SharedParameters; import org.niis.xroad.restapi.config.audit.AuditDataHelper; import org.niis.xroad.restapi.config.audit.RestApiAuditProperty; @@ -110,8 +111,8 @@ public class SystemServiceTest { @Before public void setup() throws Exception { - TimestampingServiceEntity tsa1 = TestUtils.createTspTypeEntity(TSA_1_URL, TSA_1_NAME); - TimestampingServiceEntity tsa2 = TestUtils.createTspTypeEntity(TSA_2_URL, TSA_2_NAME); + TimestampingServiceEntity tsa1 = TestUtils.createTspTypeEntity(TSA_1_URL, TSA_1_NAME, CostType.UNDEFINED.name()); + TimestampingServiceEntity tsa2 = TestUtils.createTspTypeEntity(TSA_2_URL, TSA_2_NAME, CostType.PAID.name()); when(globalConfService.getApprovedTspsForThisInstance()).thenReturn(TimestampingServiceMapper.get().toTargets(List.of(tsa1, tsa2))); ClientId.Conf ownerId = ClientId.Conf.create("CS", "GOV", "1111"); @@ -140,7 +141,7 @@ public void generateInternalCsrFail() throws Exception { @Test public void addConfiguredTimestampingService() throws SystemService.DuplicateConfiguredTimestampingServiceException, TimestampingServiceNotFoundException { - TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.FREE.name()); assertEquals(1, serverConfService.getConfiguredTimestampingServiceEntities().size()); @@ -149,19 +150,20 @@ public void addConfiguredTimestampingService() assertEquals(2, serverConfService.getConfiguredTimestampingServiceEntities().size()); assertEquals(TSA_2_NAME, serverConfService.getConfiguredTimestampingServiceEntities().get(1).getName()); assertEquals(TSA_2_URL, serverConfService.getConfiguredTimestampingServiceEntities().get(1).getUrl()); + assertEquals(CostType.FREE.name(), serverConfService.getConfiguredTimestampingServiceEntities().get(1).getCostType()); } @Test public void addConfiguredTimestampingServiceNonApproved() throws SystemService.DuplicateConfiguredTimestampingServiceException { - TimestampingService timestampingService = TestUtils.createTspType("http://test.com", "TSA 3"); + TimestampingService timestampingService = TestUtils.createTspType("http://test.com", "TSA 3", CostType.FREE.name()); assertThrows(TimestampingServiceNotFoundException.class, () -> systemService.addConfiguredTimestampingService(timestampingService)); } @Test public void addConfiguredTimestampingServiceDuplicate() throws TimestampingServiceNotFoundException { - TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.UNDEFINED.name()); assertThrows(SystemService.DuplicateConfiguredTimestampingServiceException.class, () -> systemService.addConfiguredTimestampingService(timestampingService)); @@ -169,7 +171,7 @@ public void addConfiguredTimestampingServiceDuplicate() throws TimestampingServi @Test public void deleteConfiguredTimestampingService() throws TimestampingServiceNotFoundException { - TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_1_URL, TSA_1_NAME, CostType.PAID.name()); assertEquals(1, serverConfService.getConfiguredTimestampingServiceEntities().size()); @@ -180,7 +182,7 @@ public void deleteConfiguredTimestampingService() throws TimestampingServiceNotF @Test public void deleteConfiguredTimestampingServiceNonExisting() { - TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME); + TimestampingService timestampingService = TestUtils.createTspType(TSA_2_URL, TSA_2_NAME, CostType.FREE.name()); assertThrows(TimestampingServiceNotFoundException.class, () -> systemService.deleteConfiguredTimestampingService(timestampingService)); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java index 594b2ea5aa..17ebe87a59 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/util/TestUtils.java @@ -32,10 +32,12 @@ import com.google.common.collect.Ordering; import org.niis.xroad.common.core.exception.WarningDeviation; +import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.GlobalGroupInfo; import org.niis.xroad.globalconf.model.MemberInfo; import org.niis.xroad.globalconf.model.SharedParameters; import org.niis.xroad.restapi.converter.ClientIdConverter; +import org.niis.xroad.securityserver.restapi.openapi.model.CostTypeDto; import org.niis.xroad.securityserver.restapi.openapi.model.TimestampingServiceDto; import org.niis.xroad.serverconf.impl.entity.ClientIdEntity; import org.niis.xroad.serverconf.impl.entity.TimestampingServiceEntity; @@ -295,17 +297,19 @@ public static void addApiKeyAuthorizationHeader(TestRestTemplate testRestTemplat * @param name * @return */ - public static TimestampingService createTspType(String url, String name) { + public static TimestampingService createTspType(String url, String name, String costType) { TimestampingService tsp = new TimestampingService(); tsp.setUrl(url); tsp.setName(name); + tsp.setCostType(costType); return tsp; } - public static TimestampingServiceEntity createTspTypeEntity(String url, String name) { + public static TimestampingServiceEntity createTspTypeEntity(String url, String name, String costType) { TimestampingServiceEntity tsp = new TimestampingServiceEntity(); tsp.setUrl(url); tsp.setName(name); + tsp.setCostType(costType); return tsp; } @@ -315,10 +319,11 @@ public static TimestampingServiceEntity createTspTypeEntity(String url, String n * @param name * @return */ - public static SharedParameters.ApprovedTSA createApprovedTsaType(String url, String name) { + public static SharedParameters.ApprovedTSA createApprovedTsaType(String url, String name, CostType costType) { SharedParameters.ApprovedTSA approvedTSA = new SharedParameters.ApprovedTSA(); approvedTSA.setUrl(url); approvedTSA.setName(name); + approvedTSA.setCostType(costType); return approvedTSA; } @@ -328,10 +333,11 @@ public static SharedParameters.ApprovedTSA createApprovedTsaType(String url, Str * @param name * @return */ - public static TimestampingServiceDto createTimestampingService(String url, String name) { + public static TimestampingServiceDto createTimestampingService(String url, String name, CostTypeDto costType) { TimestampingServiceDto timestampingService = new TimestampingServiceDto(); timestampingService.setUrl(url); timestampingService.setName(name); + timestampingService.costType(costType); return timestampingService; } diff --git a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml index 3216e2a6a4..c0e0de8cab 100644 --- a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml +++ b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf-changelog.xml @@ -9,6 +9,7 @@ + diff --git a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/004-add-tps-cost.xml b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/004-add-tps-cost.xml new file mode 100644 index 0000000000..fd22351fd0 --- /dev/null +++ b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/004-add-tps-cost.xml @@ -0,0 +1,15 @@ + + + + + + + + + + + diff --git a/src/security-server/admin-service/ui/src/locales/en.json b/src/security-server/admin-service/ui/src/locales/en.json index 5699cbb76c..12864527ca 100644 --- a/src/security-server/admin-service/ui/src/locales/en.json +++ b/src/security-server/admin-service/ui/src/locales/en.json @@ -178,6 +178,7 @@ "addOnStatus": { "messageLogDisabled": "Disabled by configuration" }, + "costType": "Cost Type", "downloadReport": "Download Diagnostic Report", "encryption": { "backup": { @@ -935,7 +936,9 @@ "acmeIpAddresses": "ACME Server IP", "distinguishedName": "Distinguished Name", "expires": "Expires", - "ocspResponse": "OCSP Response" + "ocspCostType": "OCSP Cost Type", + "ocspResponse": "OCSP Response", + "ocspUrl": "OCSP URL" }, "notAvailable": "N/A", "ocspResponse": { @@ -973,6 +976,11 @@ }, "title": "Configuration Anchor" }, + "costType": { + "FREE": "Free", + "PAID": "Paid", + "UNDEFINED": "Undefined" + }, "securityServer": { "addressChangeInProgress": "CHANGE IN PROGRESS", "editDialog": { @@ -982,6 +990,24 @@ "serverAddress": "Server address", "updateSubmitted": "Security Server address change successfully submitted" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Timestamping prioritization strategy: ", + "ONLY_FREE": "use only free timestamping services", + "ONLY_PAID": "use only paid timestamping services", + "FREE_FIRST": "use free timestamping services first, if all of them fail or none are available then use paid ones", + "PAID_FIRST": "use paid timestamping services first, if all of them fail or none are available then use free ones", + "NONE": "use all timestamping services without prioritization" + }, + "ocsp": { + "label": "OCSP prioritization strategy: ", + "ONLY_FREE": "use only free OCSP services", + "ONLY_PAID": "use only paid OCSP services", + "FREE_FIRST": "use free OCSP services first, if all of them fail or none are available then use paid ones", + "PAID_FIRST": "use paid OCSP services first, if all of them fail or none are available then use free ones", + "NONE": "use all OCSP services without prioritization" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/es.json b/src/security-server/admin-service/ui/src/locales/es.json index 742b936ebe..e6c4208739 100644 --- a/src/security-server/admin-service/ui/src/locales/es.json +++ b/src/security-server/admin-service/ui/src/locales/es.json @@ -167,6 +167,7 @@ "addOnStatus": { "messageLogDisabled": "Deshabilitado por configuración" }, + "costType": "Tipo de costo", "encryption": { "backup": { "configuredKeyId": "Clave de ID configurada", @@ -827,6 +828,7 @@ "acmeIpAddresses": "IP del servidor ACME", "distinguishedName": "Nombre distinguido", "expires": "Expira", + "ocspCostType": "Tipo de coste OCSP", "ocspResponse": "Respuesta OCSP" }, "notAvailable": "No disponible", @@ -865,6 +867,11 @@ }, "title": "Ancla de configuración" }, + "costType": { + "FREE": "Gratis", + "PAID": "De pago", + "UNDEFINED": "Indefinido" + }, "securityServer": { "addressChangeInProgress": "Cambio en proceso", "editDialog": { @@ -874,6 +881,24 @@ "serverAddress": "Dirección del servidor", "updateSubmitted": "Cambio de dirección del servidor de seguridad enviado correctamente" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Estrategia de priorización de sellado de tiempo: ", + "ONLY_FREE": "usar solo servicios de sellado de tiempo gratuitos", + "ONLY_PAID": "usar solo servicios de sellado de tiempo de pago", + "FREE_FIRST": "usar primero los servicios gratuitos de sellado de tiempo, si todos fallan o no hay disponibles, usar los de pago", + "PAID_FIRST": "usar primero los servicios de pago de sellado de tiempo, si todos fallan o no hay disponibles, usar los gratuitos", + "NONE": "usar todos los servicios de sellado de tiempo sin priorización" + }, + "ocsp": { + "label": "Estrategia de priorización OCSP: ", + "ONLY_FREE": "usar solo servicios OCSP gratuitos", + "ONLY_PAID": "usar solo servicios OCSP de pago", + "FREE_FIRST": "usar primero los servicios OCSP gratuitos, si todos fallan o no hay disponibles, usar los de pago", + "PAID_FIRST": "usar primero los servicios OCSP de pago, si todos fallan o no hay disponibles, usar los gratuitos", + "NONE": "usar todos los servicios OCSP sin priorización" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/et.json b/src/security-server/admin-service/ui/src/locales/et.json index 1269330aae..b86e3d519f 100644 --- a/src/security-server/admin-service/ui/src/locales/et.json +++ b/src/security-server/admin-service/ui/src/locales/et.json @@ -178,6 +178,7 @@ "addOnStatus": { "messageLogDisabled": "Konfiguratsiooniga blokeeritud" }, + "costType": "Hinna tüüp", "downloadReport": "Salvesta Diagnostika Raport", "encryption": { "backup": { @@ -883,6 +884,7 @@ "acmeIpAddresses": "ACME serveri IP", "distinguishedName": "Eristusnimi", "expires": "Aegub", + "ocspCostType": "OCSP hinna tüüp", "ocspResponse": "OCSP vastus" }, "notAvailable": "Ei kohaldata", @@ -921,6 +923,11 @@ }, "title": "Konfiguratsiooniankur" }, + "costType": { + "FREE": "Tasuta", + "PAID": "Tasuline", + "UNDEFINED": "Määramata" + }, "securityServer": { "addressChangeInProgress": "MUUTUS ON POOLELI", "editDialog": { @@ -930,6 +937,24 @@ "serverAddress": "Serveri aadress", "updateSubmitted": "Turvaserveri aadressi muutus edukalt esitatud" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Ajatemplite eelistamise strateegia: ", + "ONLY_FREE": "kasuta ainult tasuta ajatempliteenuseid", + "ONLY_PAID": "kasuta ainult tasulisi ajatempliteenuseid", + "FREE_FIRST": "kasuta esmalt tasuta ajatempliteenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasulisi", + "PAID_FIRST": "kasuta esmalt tasulisi ajatempliteenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasuta", + "NONE": "kasuta kõiki ajatempliteenuseid ilma eelistuseta" + }, + "ocsp": { + "label": "OCSP eelistamise strateegia: ", + "ONLY_FREE": "kasuta ainult tasuta OCSP teenuseid", + "ONLY_PAID": "kasuta ainult tasulisi OCSP teenuseid", + "FREE_FIRST": "kasuta esmalt tasuta OCSP teenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasulisi", + "PAID_FIRST": "kasuta esmalt tasulisi OCSP teenuseid, kui need ebaõnnestuvad või pole saadaval, kasuta tasuta", + "NONE": "kasuta kõiki OCSP teenuseid ilma eelistuseta" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/pt-BR.json b/src/security-server/admin-service/ui/src/locales/pt-BR.json index 96ec7aaf7a..4e71557ce0 100644 --- a/src/security-server/admin-service/ui/src/locales/pt-BR.json +++ b/src/security-server/admin-service/ui/src/locales/pt-BR.json @@ -178,6 +178,7 @@ "addOnStatus": { "messageLogDisabled": "Desativado por configuração" }, + "costType": "Tipo de custo", "downloadReport": "Baixar relatório de diagnóstico", "encryption": { "backup": { @@ -883,6 +884,7 @@ "acmeIpAddresses": "IP do Servidor ACME", "distinguishedName": "Titular do Certificado (DN)", "expires": "Expira em", + "ocspCostType": "Tipo de custo OCSP", "ocspResponse": "Resposta OCSP" }, "notAvailable": "N/D", @@ -921,6 +923,11 @@ }, "title": "Âncora de Configuração" }, + "costType": { + "FREE": "Grátis", + "PAID": "Pago", + "UNDEFINED": "Indefinido" + }, "securityServer": { "addressChangeInProgress": "MUDANÇA EM ANDAMENTO", "editDialog": { @@ -930,6 +937,24 @@ "serverAddress": "Endereço do servidor", "updateSubmitted": "Alteração de endereço do Servidor Seguro enviada com sucesso" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Estratégia de priorização de carimbo de tempo: ", + "ONLY_FREE": "usar apenas serviços de carimbo de tempo gratuitos", + "ONLY_PAID": "usar apenas serviços de carimbo de tempo pagos", + "FREE_FIRST": "usar primeiro os serviços gratuitos de carimbo de tempo, se todos falharem ou não estiverem disponíveis, usar os pagos", + "PAID_FIRST": "usar primeiro os serviços pagos de carimbo de tempo, se todos falharem ou não estiverem disponíveis, usar os gratuitos", + "NONE": "usar todos os serviços de carimbo de tempo sem priorização" + }, + "ocsp": { + "label": "Estratégia de priorização OCSP: ", + "ONLY_FREE": "usar apenas serviços OCSP gratuitos", + "ONLY_PAID": "usar apenas serviços OCSP pagos", + "FREE_FIRST": "usar primeiro os serviços OCSP gratuitos, se todos falharem ou não estiverem disponíveis, usar os pagos", + "PAID_FIRST": "usar primeiro os serviços OCSP pagos, se todos falharem ou não estiverem disponíveis, usar os gratuitos", + "NONE": "usar todos os serviços OCSP sem priorização" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/ru.json b/src/security-server/admin-service/ui/src/locales/ru.json index e6e1ccd10c..1c9c821c1d 100644 --- a/src/security-server/admin-service/ui/src/locales/ru.json +++ b/src/security-server/admin-service/ui/src/locales/ru.json @@ -161,6 +161,7 @@ "addOnStatus": { "messageLogDisabled": "Отключено конфигурацией" }, + "costType": "Тип стоимости", "encryption": { "backup": { "configuredKeyId": "Настроенный идентификатор ключа", @@ -802,6 +803,7 @@ "acmeIpAddresses": "IP-адрес сервера ACME", "distinguishedName": "Отличительное имя", "expires": "Истекает", + "ocspCostType": "Тип стоимости OCSP", "ocspResponse": "Ответ OCSP" }, "notAvailable": "Не доступно", @@ -840,6 +842,11 @@ }, "title": "Якорь конфигурации" }, + "costType": { + "FREE": "Бесплатно", + "PAID": "Платно", + "UNDEFINED": "Не определено" + }, "securityServer": { "addressChangeInProgress": "ИЗМЕНЕНИЕ В ПРОЦЕССЕ", "editDialog": { @@ -849,6 +856,24 @@ "serverAddress": "Адрес сервера", "updateSubmitted": "Изменение адреса сервера безопасности успешно отправлено" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Стратегия приоритизации сервисов временных меток: ", + "ONLY_FREE": "использовать только бесплатные сервисы временных меток", + "ONLY_PAID": "использовать только платные сервисы временных меток", + "FREE_FIRST": "использовать сначала бесплатные сервисы временных меток, если все они недоступны или не работают, использовать платные", + "PAID_FIRST": "использовать сначала платные сервисы временных меток, если все они недоступны или не работают, использовать бесплатные", + "NONE": "использовать все сервисы временных меток без приоритизации" + }, + "ocsp": { + "label": "Стратегия приоритизации OCSP: ", + "ONLY_FREE": "использовать только бесплатные OCSP сервисы", + "ONLY_PAID": "использовать только платные OCSP сервисы", + "FREE_FIRST": "использовать сначала бесплатные OCSP сервисы, если все они недоступны или не работают, использовать платные", + "PAID_FIRST": "использовать сначала платные OCSP сервисы, если все они недоступны или не работают, использовать бесплатные", + "NONE": "использовать все OCSP сервисы без приоритизации" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/locales/tk.json b/src/security-server/admin-service/ui/src/locales/tk.json index dbfecc1532..7d09357d08 100644 --- a/src/security-server/admin-service/ui/src/locales/tk.json +++ b/src/security-server/admin-service/ui/src/locales/tk.json @@ -161,6 +161,7 @@ "addOnStatus": { "messageLogDisabled": "Konfigurasiýa tarapyndan öçürilendir" }, + "costType": "Gurluş görnüşi", "encryption": { "backup": { "configuredKeyId": "Açaryň sazlanan Id-si", @@ -803,6 +804,7 @@ "acmeIpAddresses": "ACME Serweriň IP-si", "distinguishedName": "Tapawutlanan at", "expires": "Möhleti gutarýar", + "ocspCostType": "OCSP çykdajy görnüşi", "ocspResponse": "OCSP jogap" }, "notAvailable": "Maglumat ýok", @@ -841,6 +843,11 @@ }, "title": "Konfigurasiýanyň labyry" }, + "costType": { + "FREE": "Mugt", + "PAID": "Tölegli", + "UNDEFINED": "Kesgitlenmedik" + }, "securityServer": { "addressChangeInProgress": "ÜÝTGETME DOWAM EDIP DUR", "editDialog": { @@ -850,6 +857,24 @@ "serverAddress": "Seweriň salgysy", "updateSubmitted": "Howpsuzlyk Serweriniň salgysynyň üýtgemegi üstünlikli iberildi" }, + "servicePrioritizationStrategy": { + "timestamping": { + "label": "Wagty bellige alyş hyzmatlarynyň ileri tutulma strategiýasy: ", + "ONLY_FREE": "diňe mugt wagty bellige alyş hyzmatlaryny ulanyň", + "ONLY_PAID": "diňe tölegli wagty bellige alyş hyzmatlaryny ulanyň", + "FREE_FIRST": "ilki mugt wagty bellige alyş hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, tölegli hyzmatlary ulanyň", + "PAID_FIRST": "ilki tölegli wagty bellige alyş hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, mugt hyzmatlary ulanyň", + "NONE": "prioritetleşdirilmezden ähli wagty bellige alyş hyzmatlaryny ulanyň" + }, + "ocsp": { + "label": "OCSP ileri tutulma strategiýasy: ", + "ONLY_FREE": "diňe mugt OCSP hyzmatlaryny ulanyň", + "ONLY_PAID": "diňe tölegli OCSP hyzmatlaryny ulanyň", + "FREE_FIRST": "ilki mugt OCSP hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, tölegli hyzmatlary ulanyň", + "PAID_FIRST": "ilki tölegli OCSP hyzmatlaryny ulanyň, hemmesi işlemeýän bolsa ýa-da elýeterli däl bolsa, mugt hyzmatlary ulanyň", + "NONE": "prioritetleşdirilmezden ähli OCSP hyzmatlaryny ulanyň" + } + }, "timestampingServices": { "action": { "add": { diff --git a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue index 1a7c256d01..ba66b28d8f 100644 --- a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue +++ b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsOcspRespondersCard.vue @@ -54,6 +54,7 @@ {{ $t('diagnostics.serviceUrl') }} + {{ $t('diagnostics.costType') }} {{ $t('diagnostics.message') }} {{ $t('diagnostics.previousUpdate') }} @@ -71,10 +72,11 @@ {{ ocsp.url }} + + {{ $t('systemParameters.costType.' + ocsp.cost_type) }} + - {{ - statusMessage(ocsp) - }} + {{ statusMessage(ocsp) }} {{ $filters.formatHoursMins(ocsp.prev_update_at ?? '') }} diff --git a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue index 59fe4fab51..777947ba80 100644 --- a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue +++ b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue @@ -46,6 +46,7 @@ {{ $t('diagnostics.status') }} {{ $t('diagnostics.serviceUrl') }} + {{ $t('diagnostics.costType') }} {{ $t('diagnostics.message') }} {{ $t('diagnostics.previousUpdate') }} @@ -70,6 +71,13 @@ > {{ timestampingService.url }} + + {{ $t('systemParameters.costType.' + timestampingService.cost_type) }} + + + {{ $t('systemParameters.costType.' + timestampingService.cost_type) }} + diff --git a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue index 3cc5415a21..ccb80fcd86 100644 --- a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue +++ b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue @@ -191,6 +191,22 @@ + + {{ + $t( + 'systemParameters.servicePrioritizationStrategy.timestamping.label', + ) + }} + {{ + timestampingPrioritizationStrategy + }} + {{ ' - ' }} + {{ + $t( + `systemParameters.servicePrioritizationStrategy.timestamping.${timestampingPrioritizationStrategy}`, + ) + }} + @@ -208,6 +224,13 @@ ) }} + @@ -241,7 +264,7 @@ hasPermission(permissions.VIEW_APPROVED_CERTIFICATE_AUTHORITIES) " no-gutters - class="px-4" + class="px-4 pb-4" >

@@ -256,6 +279,18 @@ no-gutters > + + {{ + $t('systemParameters.servicePrioritizationStrategy.ocsp.label') + }} + {{ ocspPrioritizationStrategy }} + {{ ' - ' }} + {{ + $t( + `systemParameters.servicePrioritizationStrategy.ocsp.${ocspPrioritizationStrategy}`, + ) + }} +

+ {{ + $t( + 'systemParameters.timestampingServices.table.header.costType', + ) + }} +  
@@ -276,77 +311,127 @@ - - - - - - - - + - - + + +
{{ $t( - 'systemParameters.approvedCertificateAuthorities.table.header.ocspResponse', + 'systemParameters.approvedCertificateAuthorities.table.header.ocspUrl', ) }} {{ $t( - 'systemParameters.approvedCertificateAuthorities.table.header.expires', + 'systemParameters.approvedCertificateAuthorities.table.header.ocspCostType', ) }}
- {{ approvedCA.subject_distinguished_name }} - -

- {{ ipAddress }} -

- 		- {{ - $t( - 'systemParameters.approvedCertificateAuthorities.table.notAvailable', - ) - }} - + {{ $t( - 'systemParameters.approvedCertificateAuthorities.table.ocspResponse.NOT_AVAILABLE', + 'systemParameters.approvedCertificateAuthorities.table.header.ocspResponse', ) }} - - + + {{ $t( - `systemParameters.approvedCertificateAuthorities.table.ocspResponse.${approvedCA.ocsp_response}`, + 'systemParameters.approvedCertificateAuthorities.table.header.expires', ) }} - - - {{ $filters.formatDate(approvedCA.not_after) }} -
@@ -401,7 +486,13 @@ export default defineComponent({ configurationAnchor: undefined as Anchor | undefined, downloadingAnchor: false, configuredTimestampingServices: [] as TimestampingService[], + timestampingPrioritizationStrategy: undefined as + | ServicePrioritizationStrategy + | undefined, certificateAuthorities: [] as CertificateAuthority[], + ocspPrioritizationStrategy: undefined as + | ServicePrioritizationStrategy + | undefined, permissions: Permissions, loadingTimestampingservices: false, loadingAnchor: false, @@ -431,10 +522,12 @@ export default defineComponent({ if (this.hasPermission(Permissions.VIEW_TSPS)) { this.fetchMessageLogEnabled(); this.fetchConfiguredTimestampingServiced(); + this.fetchTimestampingPrioritizationStrategy(); } if (this.hasPermission(Permissions.VIEW_APPROVED_CERTIFICATE_AUTHORITIES)) { this.fetchApprovedCertificateAuthorities(); + this.fetchOcspPrioritizationStrategy(); } if (this.hasPermission(Permissions.CHANGE_SS_ADDRESS)) { this.fetchServerAddress(); @@ -472,6 +565,14 @@ export default defineComponent({ .catch((error) => this.showError(error)) .finally(() => (this.loadingTimestampingservices = false)); }, + async fetchTimestampingPrioritizationStrategy() { + return api + .get( + '/system/timestamping-services/prioritization-strategy', + ) + .then((resp) => (this.timestampingPrioritizationStrategy = resp.data)) + .catch((error) => this.showError(error)); + }, async fetchApprovedCertificateAuthorities() { this.loadingCAs = true; return api @@ -482,6 +583,14 @@ export default defineComponent({ .catch((error) => this.showError(error)) .finally(() => (this.loadingCAs = false)); }, + async fetchOcspPrioritizationStrategy() { + return api + .get( + '/certificate-authorities/ocsp-prioritization-strategy', + ) + .then((resp) => (this.ocspPrioritizationStrategy = resp.data)) + .catch((error) => this.showError(error)); + }, downloadAnchor(): void { this.downloadingAnchor = true; api @@ -578,4 +687,8 @@ tr td:last-child { color: colors.$WarmGrey100; margin-left: 2px; } + +.vertical-align-top { + vertical-align: top; +} diff --git a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue index 9eea68c782..1ff4e96ad5 100644 --- a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue +++ b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/TimestampingServiceRow.vue @@ -31,6 +31,9 @@ {{ timestampingService.url }} + + {{ $t('systemParameters.costType.' + timestampingService.cost_type) }} + Administrator views the timestamping prioritization strategy. + responses: + '200': + description: Timestamping prioritization strategy + content: + application/json: + schema: + $ref: '#/components/schemas/ServicePrioritizationStrategy' + '400': + description: request was invalid + '401': + description: authentication credentials are missing + '403': + description: request has been refused + '500': + description: internal server error /system/node-type: get: tags: @@ -5218,6 +5240,28 @@ paths: description: an existing item already exists, outdated global conf or token not logged in '500': description: internal server error + /certificate-authorities/ocsp-prioritization-strategy: + get: + tags: + - certificate-authorities + summary: get OCSP responders prioritization strategy + operationId: getOcspPrioritizationStrategy + description:

Administrator views the OCSP prioritization strategy.

+ responses: + '200': + description: OCSP prioritization strategy + content: + application/json: + schema: + $ref: '#/components/schemas/ServicePrioritizationStrategy' + '400': + description: request was invalid + '401': + description: authentication credentials are missing + '403': + description: request has been refused + '500': + description: internal server error /mail/mail-notification-status: get: tags: @@ -6297,7 +6341,7 @@ components: $ref: '#/components/schemas/CertificateStatus' possible_actions: $ref: '#/components/schemas/PossibleActions' - OcspResponderDiagnostics: + CaOcspDiagnostics: type: object description: Ocsp responder diagnostics required: @@ -6316,7 +6360,7 @@ components: type: array readOnly: true items: - $ref: '#/components/schemas/OcspResponder' + $ref: '#/components/schemas/OcspResponderDiagnostics' CertificateDetails: type: object description: certificate details for any kind of certificate (TLS, auth, sign) @@ -6532,6 +6576,11 @@ components: items: type: string format: text + ocsp_responders: + type: array + description: list of ocsp responders for this CA + items: + $ref: '#/components/schemas/OcspResponder' CertificateStatus: type: string format: enum @@ -7314,6 +7363,23 @@ components: node_type: $ref: '#/components/schemas/NodeType' OcspResponder: + type: object + description: OCSP responder + required: + - url + - cost_type + properties: + url: + type: string + format: url + description: url of the OCSP responder + example: http://dev.xroad.rocks:123 + minLength: 1 + maxLength: 255 + readOnly: true + cost_type: + $ref: '#/components/schemas/CostType' + OcspResponderDiagnostics: type: object description: OCSP responder diagnostics required: @@ -7329,6 +7395,8 @@ components: minLength: 1 maxLength: 255 readOnly: true + cost_type: + $ref: '#/components/schemas/CostType' status_class: $ref: '#/components/schemas/DiagnosticStatusClass' prev_update_at: @@ -7810,6 +7878,17 @@ components: default: false type: $ref: '#/components/schemas/ServiceType' + ServicePrioritizationStrategy: + type: string + format: enum + description: service prioritization strategy + example: FREE_FIRST + enum: + - ONLY_FREE + - ONLY_PAID + - FREE_FIRST + - PAID_FIRST + - NONE ServiceType: type: string format: text @@ -7835,6 +7914,7 @@ components: required: - name - url + - cost_type properties: name: type: string @@ -7850,6 +7930,8 @@ components: example: http://dev.xroad.rocks:123 minLength: 1 maxLength: 255 + cost_type: + $ref: '#/components/schemas/CostType' TimestampingServiceDiagnostics: type: object description: timestamping service diagnostics @@ -7866,6 +7948,8 @@ components: minLength: 1 maxLength: 255 readOnly: true + cost_type: + $ref: '#/components/schemas/CostType' status_class: $ref: '#/components/schemas/DiagnosticStatusClass' prev_update_at: @@ -7878,6 +7962,15 @@ components: readOnly: true error: $ref: '#/components/schemas/CodeWithDetails' + CostType: + description: cost type for services like TSP-s and OCSP responders + enum: + - FREE + - PAID + - UNDEFINED + example: FREE + format: enum + type: string Token: type: object description: Token. Also includes the possible actions that can be done to this object, diff --git a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java index beb32325b0..0f3bd75706 100644 --- a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java +++ b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/glue/SystemParametersStepDefs.java @@ -33,6 +33,7 @@ import static com.codeborne.selenide.Condition.disabled; import static com.codeborne.selenide.Condition.enabled; +import static com.codeborne.selenide.Condition.text; import static com.codeborne.selenide.Condition.visible; import static org.niis.xroad.common.test.ui.utils.VuetifyHelper.vSwitch; import static org.niis.xroad.common.test.ui.utils.VuetifyHelper.vTextField; @@ -72,10 +73,16 @@ public void validateTimestampingTable(int size) { systemParametersPageObj.tableTimestampingServicesRows().shouldBe(CollectionCondition.size(size)); } - @Step("Timestamping services table row {} has service {string} and url {string}") - public void validateTimestampingRow(int row, String service, String url) { + @Step("Timestamping services table row {} has service {string} and url {string} and cost type {string}") + public void validateTimestampingRow(int row, String service, String url, String costType) { systemParametersPageObj.tableTimestampingServiceNameByRow(row, service).shouldBe(visible); systemParametersPageObj.tableTimestampingServiceUrlByRow(row, url).shouldBe(visible); + systemParametersPageObj.tableTimestampingServiceCostTypeByRow(row, costType).shouldBe(visible); + } + + @Step("Timestamping prioritization strategy is {string}") + public void timestampingPrioritizationStrategy(String strategy) { + systemParametersPageObj.timestampingPrioritizationStrategy().should(text(strategy)); } @Step("Timestamping service on row {} is deleted") @@ -84,6 +91,18 @@ public void deleteTimestampingRow(int index) { commonPageObj.dialog.btnSave().click(); } + @Step("Approved CAs table row {} has distinguished name {string} and ocsp url {string} and ocsp cost type {string}") + public void validateApprovedCaRow(int row, String distinguishedName, String ocspUrl, String ocspCostType) { + systemParametersPageObj.tableApprovedCasNameByRow(row, distinguishedName).shouldBe(visible); + systemParametersPageObj.tableApprovedCasOcspUrlByRow(row, ocspUrl).shouldBe(visible); + systemParametersPageObj.tableApprovedCasOcspCostTypeByRow(row, ocspCostType).shouldBe(visible); + } + + @Step("Ocsp prioritization strategy is {string}") + public void ocspPrioritizationStrategy(String strategy) { + systemParametersPageObj.ocspPrioritizationStrategy().should(text(strategy)); + } + @Step("Security Server address is displayed") public void securityServerAddressIsDisplayed() { systemParametersPageObj.tableServerAddress().shouldBe(visible); diff --git a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java index 6b0c7da443..f5c1b00394 100644 --- a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java +++ b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java @@ -66,15 +66,43 @@ public SelenideElement tableTimestampingServiceUrlByRow(int index, String url) { return tableTimestampingServicesRows().get(index).$x(format("./td[2][text() = '%s']", url)); } + public SelenideElement tableTimestampingServiceCostTypeByRow(int index, String costType) { + return tableTimestampingServicesRows().get(index).$x(format("./td[3][text() = '%s']", costType)); + } + public SelenideElement btnDeleteTimestampingServicesByRow(int index) { return $$x("//tr[@data-test='system-parameters-timestamping-service-row']") .get(index).$x(".//button[@data-test='system-parameters-timestamping-service-delete-button']"); } + public SelenideElement timestampingPrioritizationStrategy() { + return $x("//strong[@data-test='timestamping-prioritization-strategy']"); + } + public SelenideElement toggleMaintenanceMode() { return $x("//div[@data-test='maintenance-mode-switch']"); } + public ElementsCollection tableApprovedCasRows() { + return $$x("//tr[@data-test='system-parameters-approved-ca-row']"); + } + + public SelenideElement tableApprovedCasNameByRow(int index, String name) { + return tableApprovedCasRows().get(index).$x(format("./td[1][text() = '%s']", name)); + } + + public SelenideElement tableApprovedCasOcspUrlByRow(int index, String url) { + return tableApprovedCasRows().get(index).$x(format("./td[3][text() = '%s']", url)); + } + + public SelenideElement tableApprovedCasOcspCostTypeByRow(int index, String costType) { + return tableApprovedCasRows().get(index).$x(format("./td[4][text() = '%s']", costType)); + } + + public SelenideElement ocspPrioritizationStrategy() { + return $x("//strong[@data-test='ocsp-prioritization-strategy']"); + } + public static class DialogEditServerAddress { public SelenideElement addressField() { return $x("//div[@data-test='security-server-address-edit-field']"); diff --git a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature index 19607bed43..a09927abf3 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0400-ss-system-parameters.feature @@ -26,13 +26,18 @@ Feature: 0400 - SS: System Parameters Then Timestamping services table has 0 entries Scenario: Timestamping service is selected - And Timestamping services table has 0 entries + Given Timestamping services table has 0 entries When Add Timestamping services dialog is opened And Add Timestamping services dialog is closed And Add Timestamping services dialog is opened And First timestamping option is selected Then Timestamping services table has 1 entries - And Timestamping services table row 0 has service "Test TSA" and url "http://testca:8899" + And Timestamping services table row 0 has service "Test TSA" and url "http://testca:8899" and cost type "Free" + And Timestamping prioritization strategy is "PAID_FIRST" + + Scenario: Approved CA component has correct values + Then Approved CAs table row 0 has distinguished name "CN=Test CA, O=Test" and ocsp url "http://testca:8888" and ocsp cost type "Free" + And Ocsp prioritization strategy is "ONLY_FREE" Scenario: Administrator cannot turn on maintenance mode for management services provider Then maintenance mode toggle is off diff --git a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature index 39fb2afef7..31620dc85f 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/01-ui/0520-ss-client-details.feature @@ -15,7 +15,7 @@ Feature: 0520 - SS: Client Details Then Certificate fields as follows: | Version | 3 | | Signature Algorithm | SHA256withRSA | - | Issuer Distinguished Name | CN=Test CA, O=X-Road Test CA | + | Issuer Distinguished Name | CN=Test CA, O=Test | | Subject Distinguished Name | SERIALNUMBER=DEV/SS0/COM, CN=1234, O=ui-test, C=FI | And Certificate is closed diff --git a/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature b/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature index 54edc8a6a7..f29313bf77 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature @@ -3,6 +3,6 @@ Feature: 3000 - SS: Global Conf Scenario: Global conf sign keys rotation - Given Security Server's global conf expiration date is equal to 2035-03-01T14:39:11Z + Given Security Server's global conf expiration date is equal to 2035-11-07T04:51:26Z When Central Server's global conf is updated by a new active signing key - Then Security Server's global conf expiration date is equal to 2035-03-01T14:38:31Z + Then Security Server's global conf expiration date is equal to 2035-11-07T04:50:26Z diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.ini b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.ini index 8fc936ae93..c086760811 100644 --- a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.ini +++ b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/conf.d/local.ini @@ -11,6 +11,8 @@ backup-encryption-keyids = "backup.key1@example.org, backup.key2@example.org, ba ssl-enabled=false # Can be removed once UI system tests configure a functional AUTH certificate health-check-port=5588 server-conf-cache-period=0 +timestamping_prioritization_strategy=PAID_FIRST +ocsp_prioritization_strategy=ONLY_FREE [configuration-client] update-interval = 3 global-conf-tls-cert-verification = false diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/private-params.xml b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/private-params.xml new file mode 100644 index 0000000000..2245edb7e0 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/private-params.xml @@ -0,0 +1,15 @@ + + + DEV + + https://cs:4001/managementservice/ + MIIDJTCCAg2gAwIBAgIUMZw/qaccO23KFoyyBhDsT1vVk9IwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEwNTIyMDc1MFoXDTQ1MTAzMTIyMDc1MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4MJ/UgVWdjH1/gwsO0YPv85aWAGbiiEpb7HgKqaSoUZNJvKlZsgp5WsgkygSzc+8oXgxw4FQmJtrvU9a0H7VNO0vW8J8p/Oo2Usurqwvsbt46jaS/VKvFtOM7/+RfdiHiVV8gm405SZQfraWrhFp3/QDxvcPttmVTOoFX2M9G4G+6nkptcw7HlK3nNOFtM/Hl2439z+iETTuTDhuKEpwiZy6jqoAer+17EHnPMprHwIZKE0KHPP804uChj9cOGDxETQfN0Xv+0JECF2bMIdt8YeISlnafRVR+83Obtcj69y0tRSzAtvSAOreg/599IjY6Tb+rjHjAO4pWFjpMDztwIDAQABo28wbTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DArBgNVHREEJDAihwQKAAECgglsb2NhbGhvc3SCD2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUFtBl5Xaw1sAu5dUBaDYTpWpMM5kwDQYJKoZIhvcNAQELBQADggEBAHdUYK4yRGQlTitKBltwviWazFeqkBsamV66dQzpnUmdW+FrOujN+cRXGWiRn6+MJ4qRCZGektQUdYxthV3lb1T4YaPcl80eeKZBghl1Jfe1+1Ucjiv4/Ln8+Fz3QoG97wOs+asRqwm7huP5YJZq/nL0f3Ih32TKrlv6PKyMA4RHjwHiMQQTrhjzoBzpDY1rnYoVV429iJICv/7RM0Ndd+T2aFC+p8H1qtnNMd7zzT4sqSS1h5Zj1dOrAweNv2q4bXsQjqaUJZEoNq3nMvzUcpG9LH57ejhHpMlHDtLvnUOOTxaBquLh5Mw12QLkrXlb803S0OQYGe17yrhRtwWHtyo= + + DEV + COM + 1234 + MANAGEMENT + + + 60 + diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/shared-params.xml b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/shared-params.xml new file mode 100644 index 0000000000..6f0a16a889 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/shared-params.xml @@ -0,0 +1,115 @@ + + + DEV + +
cs
+ MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmxPFSE0oUbKCa1xYSArCtSseHX3GioLMqTDMjd3HYjJ1dShJWklrVRZAcKx6+mOk5/LPYXS2WBphxS+4iWjWIkPy9tDbwVRNs3ep51e9iIfMpRRXHC6E2hIASzaFYh8Qt/ljVfaYf4xxBkG8czvq7Dc5rKlzYhGXlLp8Yx8BkRmRjtqc1h6y3Afc+YVwhSf35MrsTwVhTkjnecnntr9q67eIJ5wCbO65BZhL8SompeyxB6srp3VsQVz8qsT5SJp8FYDDUGAdyBYBPGGNR4ZsLgIZRwSeftwhMHQuauOenDPMGDLMPJGsVJg5t3BFS94+EoGfSQLmmi+A28XSJacf3AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB9oKNXNgfeJAJnG6NPhS3gS0VigT2fCquUl38Rzv6tqc1uEKHkJqJ6jS2AO0wC7ykmCqU5Ex7mLFo1l70oaA85GdMuUlETxRLyhYw/XImeRHMLYxvML3e11DpyIb5GcnBr80iLlRs3eCGNLts/8b9F4akR21HZPCY0lZra6OcxTpnARGIxLqC5fD7O12Nf1Zu3sitKWgMBj4FswIS9fWSoI4vONY11KSmP8/aaKPpOOGDs99CNR4ay7ug/ch9/kePlmIu9Vidn9mkrMTseM/x7O0hr+iO3GG0wab1daXRZpUSvbP3ZqPXLIwePcvUUjlxHvB7GlT89C3dE0NVMDAuK + + + Test CA + false + + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQXh1Z0F3SUJBZ0lVUmZCZHV4MVhtWFMwcHYveU1ydVExWHBQc2VRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURU5NQXNHQTFVRUNnd0VWR1Z6ZERFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEV4TURVeQpNakE1TkRCYUZ3MDBOVEV3TXpFeU1qQTVOREJhTUNFeERUQUxCZ05WQkFvTUJGUmxjM1F4RURBT0JnTlZCQU1NCkIxUmxjM1FnUTBFd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUMxT1hBWkVsdFcKbUlnaU1WZ2hxb2ZPLzdmanZ3REdtaFFiT1pIM2pEZVJ1VVlDODdOa3REY3VZcDlYdTJOTnJBZFNnalFDVS82SQp0a3BMbVRNRHNUV2tPQ0grK0xBNHlON0tyQnM5Kzd4T1F2YVZGeDJYN2R2OUREYmN3TUxsQ2tPdGwwa3gyQk95CmRlT29XcDdNb0doRWo4UG85SnFUMTVBQmZzZG5tUDVpRjZkb2FHbnloZEhMemxMNnFFbTBkZjdXYXR3amtXOW4KVWozRS9ITG5nT1RucEVvdTROL3c5eitXeGNJT3J2Qnk3MUlUemQ3YVhmSDBEWUxCVUlHWHBTdVdBMUthNUtldAoxUityTytTOURub0NoeHZ3cUpSNFhIOWwxaEJTcDIxa0FqWVMwbndORDloZ0xqV1c3TE9jam9WUForTGxybmZJCkJCV25XUHIwVWFNdEROeHViQjRBdVM0T25SUmNaczZ5YnZzM0VMUFFzNndFanY0WFVyaGEvNFVLenhUaEhzVDIKMUdzWE9sL2hzRXFOTXBQVmIvVVZtbnJveWFQYllnUWxRdjE2dk4rL2VlUVF6YW41cXRWaENFVzhRMk5PdkJVaQpMcWpMYXYvSHBVNVU2VTFCVzhLN21HSTlXbGRVVW9RN1FSd0c3OWQ1Vm94SFF2OVUvNGtHTUtmRVBtdXlFZEFKCnBIeVphZlJvSkdKNjVSMWJWdW1xV0tUOURJQjRjeGdvaWRJVWxoY2FVY0lGZUxZQ0lXUTJDNmY2UHE0c0xIeVYKSjdMUXlpaTJZd0JFTTkzQjR3TE4vYnVvcjk1TE1UWHRsZWJtcnppV2tublpUNE5vMCszTk8xZXRmMDkwVnkrMgpta0toTVhlVThJOVJLUkZJSFd3SkZWM0Vxa010Q08ybXFRSURBUUFCbzJNd1lUQWRCZ05WSFE0RUZnUVVVUVltCkhyd0x5d212Nm52TUk1WVZoeElhamljd0h3WURWUjBqQkJnd0ZvQVVVUVltSHJ3THl3bXY2bnZNSTVZVmh4SWEKamljd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFKSnpUQlpJLzlTajNYYURreHJVbDhOYjl2MW9kWFl4VzNnOFErU2EvTHBEd0tiNTVEVHRwR29ZClM2RDlkMGdXRU5XY2VDNHlUN2NVSlQ5TzU2dzFHVDFJM0IzQ2ZXVk5vNzNtOEw1TWwyVEJXSVZhckY0a0pKb0oKNU1VR3Z0WEJaRThzNkpqc1pjZ3BSdGlnMjI5ZlB6dHhjcG44UjUyYnZNUDNtSHpSa2hOaCtxcGhqbkZyK2lxbQpuTVcyNHM3WkY3cTAyOWUya0R5M0RxT1dUeEZTbVNZaHg5cXJ0NElTQzVVaG9XTFpmb0lPU2hJbmx0RnVmM25BCklnK1hVZDNLM1R3UGlrRHdXZjBFMVVwd005YzFwZFhZM1N0SkQrS0VWSXdjakYyK0lHamRpR09aNHR3UWpvRzAKaThoMmd6UzRlL3NtTGtoR0tMNDlkaFZkUkZ0SmswS3hveWpKaWRFSlkwcnVJaGE1cmR2OVdhakhDa2RuYXlKLwpTN0N1Y2pmZ1dhMmZNVGhxeHUrUTg5SFFmNHpoU1Y2R0g0SUlMRFpvRWV3LzA3QXFoS1l6OWFMVzEvc0NkMnVuCk5FbURoclVmWEo1bFp2UVF6TzVUVmg4SWZPU1Z4NkRrSTBza0lxNUE4Vlp1S3NNR0oyQnVKcnQ3OUtVVExIbC8KU280KzJOQXp4dEZWVm5jVG13NHpObWNBaGE3K0VsWWQ0ajhQTm5NL3FkWXkrWjMxekE4ZVpFNDB1WlZBZGw0NApjdTJjZmFrMnVMdFBSUnQ1VGR4Y3djbGRDQWpOY04rVTdkK1ZBeHZmWEw4WnBBeDdEUmhnNlh2ZUoyTW9xOU1SCnYyK1c0RHM4ckJNeGE1bzRZQ3dNMHFoZlpsSkU3VGpwRkx0Y1AyY05PRTlHeEtIRW9IZkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + + http://testca:8888 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZORENDQXh5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBNMW9YRFRRMU1UQXpNVEl5TURrMApNMW93SXpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVTTUJBR0ExVUVBd3dKVkdWemRDQlBRMU5RTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdjNCUDR1dzB3c0xGcUczOHJDNnA4YkdiT213b0xvWlIKNUxYNWtXMis5OUpkci9uVTJaR1Bnb0hmQ3BLSVI5WFZKT01vU3daR0RrTWtIVzJ2Umk5MUJQVnM5QlAxZGVLVQpya3ZnQUxna1Z6MUxhQmJGTndGdHdNeWxYMkM4czNUTEdPTnZzYWdyRVVBZEk0U29HdmF0a2FScE5KMXZXNno1CnVLWjUrbWFrVVRrVzkyMHJNREdsb2lwblZwUURHK0lCbDJTcEx6N1VGOHhmempWVnljbkVXbVdBek80ZGY5V3kKYzl3NFVHNUR5YmYwdW9rMk1LdThQTE5saXpZem1xb2t6U1lCQUxYL3ljWFd5ZG1mS1BZaENqajljQnlwTEdsTgppdmM0Nkd2Q1lzVTQ0bTd2M3EvekJsa01KZmNsRjllb1lYV0VFUmxGWXU2Ky93dC9NTjB2RWJGeURacXJBNUI4Ck5qeUNneDdVbjZLRGhLZEdqdGZtSTkrU3UvMjJJT3liTy9sSjlXQmg5ZC9oOWhIejJsQWttQ1kzdVYyanEweTkKTTI3aGYvOUQranFWUnZLRmppdVdGcXZMZk04Wk05Z3NXbFp6Wi9lZDlMSnBFbmpqQ2VHK0pkY1phejNhNVR1WgpQZ3JqcCs0YWdpTzYxL0IzV1pLd0s3OERWT09kMzVoa3BncE9JNDFBMzg3TWFUTE1zRUppR292a0pWR0xBSldTCndBMlkxaWx5WERmSHQxa2NmV0dHUFFRT0p0dm9WZTlGLzFUYW5UZFVBdE1MMGcwUW9aVHVMRTFka01UM2lUTUkKaVdTcHRYcUYya0crckluNlcwSjhPelJib3Z2YUhFOWhXYllLK3VwNnZqN0xXL0JkZTZWNW93eFNKa0lZMXh2MwowV1oxUWl4ZkZFMENBd0VBQWFOMU1ITXdDUVlEVlIwVEJBSXdBREFkQmdOVkhRNEVGZ1FVRXh0cWorZi9MNnNPClV6dGNYSmphV1ViY0Zad3dId1lEVlIwakJCZ3dGb0FVVVFZbUhyd0x5d212Nm52TUk1WVZoeElhamljd0RnWUQKVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUZCd01KTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQ0FRQXV4VFFmUy9jeHcwMUgyN1pTUDB2blo3T28xOEgwemxoM09BMDE4cG9wRnRKbWhFcW5WejVFCnpXZS91eVZQMi9CQ05KUjJqQ0Z1UURBZ3RXSCtDa0R0SldNQzUvRHYxTm5tTUxWMWV5UE1ORzRYejkyaGk0LzIKK0lVSzJZZWZMQnRHUEVmV1RXUnB2VDc0SUw2ZFdMZ2pESFkrUFFHb3hjRzhzTDlTUlRORDFjT1lkMkRER3AwcgppYTMwektjYjJNbFdXMW1RTmNlaCt2VDZDWEVpTGFvOWZUb2Q1Y2RFQU5RU3NpTFAwMnREUUZLdjlMQWJSVE5IClV1OHFuYVpQajNxcGVXcnFmVXhieEcxV0dOYStSVXRQamhNZXdxTW1Ic1JRY1NBRVZzbmpSZ09jRTFUajEyR1gKWDhUeEgyOUF3SUpOK1JkTDhsUlkvdU4zSW44N2Z0akZaN25DeGU4bVVrK1dRU1ljZStqVTBxdDZPY0U4YmE5bQpUT1FpekVIbkh4cVJmY1RobnVYcVJ6VUdnUTJ4SC92aFcwYlJ2QTVTSVg1dzN4QS9ITWcvdXlhYVRDSXBBeU9LCkRxNnZZaU9qblV6dnRwdmJDR01oVHk2ZjlvOEpvZlQ2S0ticXVoYWp3aERDc096S0lpTFZYa3NTZGs5VThUYzMKeHpoa0o1ZEdjanQva2crOG1adGZKU0FzdHJWSmZ3Unh0ZnR5M3V5Yjd0a29MM3lOMGFKQTdHUVNpNEtrc2o3bwpkRkVUUGtUd1U5SXR3Skx4RUExQVRBZ0xvRTV2Y1M2Q2puVFpBZm1VbmcxOXRXaHZ6Y040cnBUYVMvOGZCS0EwCnZJSElYbDNWcmJtY2kyZkREK3RXckJ3bzQ1aVN2alR6MVk1Q21EU0dTNnFvK3RnemVaSVpwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + FREE + + + ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider + PEM + + http://testca:8887 + + + + Test TSA + http://testca:8899 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBOVm9YRFRRMU1UQXpNVEl5TURrMApOVm93SWpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVSTUE4R0ExVUVBd3dJVkdWemRDQlVVMEV3Z2dJaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURqVHpJS0F6SUQrR0ZBWURGWFdSL3lMTWROM3JEbnFDVHYKN2VLQjg2aGJYNC8yOWVMTHJ4WCt2SSs2TitGOXZjc2RGblFwSVlnakdmT1JOQXF5SmFpNUNZTExyYk5MeE40WApGVGg3dTJheG5ZYUFacE9lU0EydWs1VGNXbzdDNVJYZTNnZzRDd0RvdUlRWjcvaTlBZ3ZDYWsyZi9mY3EzNHlqCkprQVg2WjFaUUdxQ2kxRjhFVTdxWWFWNkhvc1hWS0Q2T0E1bHc2RE5pNXBpQnIyalRYSnlLVTY4N2hrSjJQSjcKcE1BRWd5NFVCbTcrTExWa1RaUlprWDVwelRHKytBeElGM1RXd09VZm85UXAzY0pObk5HQk1uRHBxVUVSMmk3TApWZ0Q2WlhFMU5BWUZLTHdSRDVzbkJxSWRXbXMrbjlpOEEvNm9KZVNsMUZGU0Z5WUNBaEY2NkREZFRyY3l0N2VkClREcEx6aDI0ak1ycWxPMXpaYnBkaHo5NlVtbkxzSGlwK2RUOWNNV2VmRTRnWFJDbktjbmc4L0N6eXNnOXNZaDAKeis4aTkrdmNOZFVScHRTZHR3a2pNQXJNUjhEajhQOTB1VHVmVGxDWlRZYWhsNlRlRnZsS3UybkRnaHRTc2Faawp6cUdDTGtpN1BqTk9idnlOYkhTb1RSOHZlUGZSK1pvSnZtdm82aEdWQXdZYXA3aGJxU2lXK29Yc2NSSHRSaWdNCnlORE5XWFRvNnZ1T0x3VUF6ZWJPbmZJeXI3ZkpKVWFNWkJNS0JESmU1NVY0RFhVbjFmMjBjMGNwQnpkMzFWWGIKUGQraEdMUWdVVGdFWHVJQ3UwSC8veWJyQ2xFNTJ0Y1JuUGJxR2d1b1Ntb3hGZkdiL2FoSGtTMzFpRjI0bkJCUgpiSkpFOXhPNXd3SURBUUFCbzJvd2FEQVdCZ05WSFNVQkFmOEVEREFLQmdnckJnRUZCUWNEQ0RBT0JnTlZIUThCCkFmOEVCQU1DQmtBd0hRWURWUjBPQkJZRUZHcno0SjluT3JZT21vSi83bjFDR3hYakQ0eGVNQjhHQTFVZEl3UVkKTUJhQUZGRUdKaDY4QzhzSnIrcDd6Q09XRlljU0dvNG5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNPSjhHTgpYaTFRd0ZIMDVJMWU1QnZRc1o5M0dOb1hiVit1Tkt5U3FTRndhYXY4WVM4bjd2emszeTE5Y3NleE9jOGNZQjlYCkRXMDRUeDdpRmhCY09RdHU3bTVoeTR5Z2YwNWJpdzAwS3BVSFQ2dUdCWDVnTEhlM2U3cTlyZ3lXRkJEaDFBMHYKVys1V3RVT0NzSmhtQjk4bmZ6VTBMVVZ2ZkVsZ3BlT0NHMS9mTit2YVJXa0NXKzh5eUhTbWE4emtsR3NSbTAyRAoxenUwVFNBZlBaUkV2aG4wZTQvYUJRdWlXQmh5YVNkMERFQUMvT3RPbnQwS2NhZVJ5OUFEV0svNHArNzBiNzB0CkRMWXJ1MHhQekRtVkI1eTByazg5T2ZWeDNKMjhrRHVoUlZtZTFiMW1pQTVGcGZuVTdGRXg4b3MwYWN6YXo4aEkKTUNvbzRtS3ZZVXBjbWJyTEhETldETnFpeTM0NHN3bnZsTUhjV0YrQ2JLd29QcFdWL1NGczgwOElRNGRIQlQxcAptNTVpeGtISG93eFF4eEI3d1VUT0JUMzR6SWRhZm42dlNnMCtmRzl2ZXFCNEpIUVl5T3dkV09TT0krZU8wb0V3CmNPeDlWK0JoZmtKNTdoeEtENy9SbmxucDFYalRNdEhWSmJDdWJvaDltWklBVHM0eUUvQVBFcjN3T05Cd3B4MU4KWHNmWXp3T2VFRXh6RHloUFROODZ2VlB4QXkxV0I3bUhOdkYwb2JObXVubHVqM1pSR1VldmJNSW1zNVdKTFVGOQpRRmdGek9LVFZzM2RPSGRuQnlqRG5jRWhYcjBTdDJXbCtvWFd0MlRwbHZVRmRMMFJpWm9SbGNPYWI2NTVaSjhxClA3K2tGdlI4ME5KWWFWdmIyV3lGTUpHdGpzU2kxMElwanUrZnl3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + FREE + + + + COM + Commercial + + 1234 + Test member + + MANAGEMENT + Management services + + + TestService + Test service + + + TestSaved + Test saved + + + test-consumer + Test consumer + + + + + COM + Commercial + + 4321 + Test client + + TestClient + Test client subsystem + + + + id0 + SS0 +
ss0
+ 7Meh1uzLrM0z4DWhf30PPzICihqTHGgRSmWczyAIWB8= + id1 + id2 + id3 + id6 + + + id5 + SS1 +
ss1
+ ZW/oMvScXIzXpjWL68Dkd5ybl2ClA14qACkLJTWN8wk= + id6 + id4 + + + security-server-owners + Security server owners + + DEV + COM + 1234 + + + DEV + COM + 4321 + + + + + COM + Commercial + + + GOV + Governmental organisations + + + ORG + Non-profit organisations + + 3600 + + diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf new file mode 100644 index 0000000000..e609181ba5 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf @@ -0,0 +1,27 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=1ph2KgtUKKLG7qFGQ0J4 + +--1ph2KgtUKKLG7qFGQ0J4 +Content-Type: multipart/mixed; charset=UTF-8; boundary=AhiuXNE9wI1JbQZBc4Em + +--AhiuXNE9wI1JbQZBc4Em +Expire-date: 2035-11-07T04:50:26Z +Version: 6 + +--AhiuXNE9wI1JbQZBc4Em +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251106184246391905000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--AhiuXNE9wI1JbQZBc4Em-- + +--1ph2KgtUKKLG7qFGQ0J4 +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +nkOcd0woS3CRwBoPt/zxt6MnTJCUppLpxkGupBln9dQDUSvoMlHwMtu2GqtjMJlk5Imb8Q0egqRyAvzWs+O6E7l3Y1QqbecHObK8M2D6+9cCcW6XfaoM21gYM9loiHrTSfQ0p5u+8OAXIWbXJtXy2v4TcCfl5VnSqk63WRivQIogCbbcstCI5ARwShC+u7rs1eJHtI7AeEOzOSaccBZok0O/LTX1UyFitANP0XUSFyr1Hw+rpa5cyvSEE1SeYX1cY1mGJyUaflA0X4N2bZaMMrDZcMwcK9aM8+Bi15tJM9/gKeBwUKQbf+P7r6ShB1zUw66A9d/SopxOiA8Bpa4tLQ== +--1ph2KgtUKKLG7qFGQ0J4-- diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf new file mode 100644 index 0000000000..f8314cb98e --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf @@ -0,0 +1,35 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=IT4sGeIfC5LUhlYojTkx + +--IT4sGeIfC5LUhlYojTkx +Content-Type: multipart/mixed; charset=UTF-8; boundary=FLCFdHDKU2MjjOziBVOg + +--FLCFdHDKU2MjjOziBVOg +Expire-date: 2035-11-07T04:50:26Z +Version: 6 + +--FLCFdHDKU2MjjOziBVOg +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251106184246391905000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--FLCFdHDKU2MjjOziBVOg +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: PRIVATE-PARAMETERS; instance='DEV' +Content-location: /V6/20251106184246391905000/private-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== +--FLCFdHDKU2MjjOziBVOg-- + +--IT4sGeIfC5LUhlYojTkx +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +doXVMlleOahRB6TCBXBu1+6UNfATR07ePE5Penc3X4VNfGsLIg3P3oZ7giSO5KNGXkN+ilMDALkj+JJ2zP3s2Hk84xSnnwI3ek2crTJc8swI+Y1a2oAEX4Lm2j/viMtVPaB6wrnIMMLacrHedIC7KFqqiYGgHN1YqRAtDQqHiI2tuxZpewHYqIzFFn6Y8HWa4VXvn624o0AP43CK8/0JUaewP/L9pwcjBbiQcgHDkHHj3NXTm9IAtjCq6SVetkdIdnRlCgepyqKi+jHPsLUyaDBmIQvv87Y0fVeADRJb94fAYubcd6PeVpExy31nqjuGDEvCL8hXPl6FZsDRB2hnfQ== +--IT4sGeIfC5LUhlYojTkx-- diff --git a/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml b/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml index 4dfa5cb50a..5c64a99779 100644 --- a/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml +++ b/src/security-server/system-test/src/intTest/resources/files/trusted-anchor/configuration_anchor_CS_internal.xml @@ -1,13 +1,13 @@ - 2025-02-27T13:07:14.441Z + 2025-11-05T22:10:45.770Z DEV http://cs/internalconf - MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvZwWBRJABPy8I4KXdFC2O2GdUzqkiu2d5q3NWja/upfd1oVqxZH7DG7zfHVmEsWjQO/GFVPDJDn2sJCux/+4PTJt+mJ1kmErJ84rhw2PsoJVmBDZRswR9VDoNRTCsFa7qUYdzie9ksOO573kEjQR6hqpSQxlnl0/W2vkyLbMtpym1zkspRpttPjDRZ4n6g0vscsL/JiTR6M7Mrx+1JFMsCEXsrcX14cWHHq/C7nQapaVtrkTBWKRw0JsuAJjyA7ofUNfJDRyT/4DRH9glPHb93HRkTTEZtzGNLwm2VGlQZaHEB0ZLAE6Er2iuzGQWZAYcnvnWgA5eMpTrlO/L8FbAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAZ2W5AOAT0MlePq30HFiQZIghV2aCQFUi5QdZ0f32HFvkMUef/yqKPf1Z9A2c16qG4BMe3sdwoErS2V+Alac80ySTZgpsMXTohop4OQ/UMJeserQFWVVVhLLj2izOKqjoAooBh99IiwOKGvBQwjiIjoKXnHCAcL4lfLVEUD1Gud7qT1HnjGs1AEztxC4V2YxfcM2WasiYlAZ5iKcWfc8XDZ4+nxDQyPuPXKvDRWQtK9cnt9QWVUqCUG87u2FTHqax0qW4kggzG68g7Rz2mzbcwBTpW6gCmFJVkkk7Tk5ptrPsgOLElXqH/xNH54d2DX9s9AwZYImbZFXEoc97dorM1 + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O https://cs/internalconf - MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvZwWBRJABPy8I4KXdFC2O2GdUzqkiu2d5q3NWja/upfd1oVqxZH7DG7zfHVmEsWjQO/GFVPDJDn2sJCux/+4PTJt+mJ1kmErJ84rhw2PsoJVmBDZRswR9VDoNRTCsFa7qUYdzie9ksOO573kEjQR6hqpSQxlnl0/W2vkyLbMtpym1zkspRpttPjDRZ4n6g0vscsL/JiTR6M7Mrx+1JFMsCEXsrcX14cWHHq/C7nQapaVtrkTBWKRw0JsuAJjyA7ofUNfJDRyT/4DRH9glPHb93HRkTTEZtzGNLwm2VGlQZaHEB0ZLAE6Er2iuzGQWZAYcnvnWgA5eMpTrlO/L8FbAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAZ2W5AOAT0MlePq30HFiQZIghV2aCQFUi5QdZ0f32HFvkMUef/yqKPf1Z9A2c16qG4BMe3sdwoErS2V+Alac80ySTZgpsMXTohop4OQ/UMJeserQFWVVVhLLj2izOKqjoAooBh99IiwOKGvBQwjiIjoKXnHCAcL4lfLVEUD1Gud7qT1HnjGs1AEztxC4V2YxfcM2WasiYlAZ5iKcWfc8XDZ4+nxDQyPuPXKvDRWQtK9cnt9QWVUqCUG87u2FTHqax0qW4kggzG68g7Rz2mzbcwBTpW6gCmFJVkkk7Tk5ptrPsgOLElXqH/xNH54d2DX9s9AwZYImbZFXEoc97dorM1 + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/private-params.xml b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/private-params.xml new file mode 100644 index 0000000000..2245edb7e0 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/private-params.xml @@ -0,0 +1,15 @@ + + + DEV + + https://cs:4001/managementservice/ + MIIDJTCCAg2gAwIBAgIUMZw/qaccO23KFoyyBhDsT1vVk9IwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEwNTIyMDc1MFoXDTQ1MTAzMTIyMDc1MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4MJ/UgVWdjH1/gwsO0YPv85aWAGbiiEpb7HgKqaSoUZNJvKlZsgp5WsgkygSzc+8oXgxw4FQmJtrvU9a0H7VNO0vW8J8p/Oo2Usurqwvsbt46jaS/VKvFtOM7/+RfdiHiVV8gm405SZQfraWrhFp3/QDxvcPttmVTOoFX2M9G4G+6nkptcw7HlK3nNOFtM/Hl2439z+iETTuTDhuKEpwiZy6jqoAer+17EHnPMprHwIZKE0KHPP804uChj9cOGDxETQfN0Xv+0JECF2bMIdt8YeISlnafRVR+83Obtcj69y0tRSzAtvSAOreg/599IjY6Tb+rjHjAO4pWFjpMDztwIDAQABo28wbTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DArBgNVHREEJDAihwQKAAECgglsb2NhbGhvc3SCD2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUFtBl5Xaw1sAu5dUBaDYTpWpMM5kwDQYJKoZIhvcNAQELBQADggEBAHdUYK4yRGQlTitKBltwviWazFeqkBsamV66dQzpnUmdW+FrOujN+cRXGWiRn6+MJ4qRCZGektQUdYxthV3lb1T4YaPcl80eeKZBghl1Jfe1+1Ucjiv4/Ln8+Fz3QoG97wOs+asRqwm7huP5YJZq/nL0f3Ih32TKrlv6PKyMA4RHjwHiMQQTrhjzoBzpDY1rnYoVV429iJICv/7RM0Ndd+T2aFC+p8H1qtnNMd7zzT4sqSS1h5Zj1dOrAweNv2q4bXsQjqaUJZEoNq3nMvzUcpG9LH57ejhHpMlHDtLvnUOOTxaBquLh5Mw12QLkrXlb803S0OQYGe17yrhRtwWHtyo= + + DEV + COM + 1234 + MANAGEMENT + + + 60 + diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/shared-params.xml b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/shared-params.xml new file mode 100644 index 0000000000..6f0a16a889 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/shared-params.xml @@ -0,0 +1,115 @@ + + + DEV + +
cs
+ MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmxPFSE0oUbKCa1xYSArCtSseHX3GioLMqTDMjd3HYjJ1dShJWklrVRZAcKx6+mOk5/LPYXS2WBphxS+4iWjWIkPy9tDbwVRNs3ep51e9iIfMpRRXHC6E2hIASzaFYh8Qt/ljVfaYf4xxBkG8czvq7Dc5rKlzYhGXlLp8Yx8BkRmRjtqc1h6y3Afc+YVwhSf35MrsTwVhTkjnecnntr9q67eIJ5wCbO65BZhL8SompeyxB6srp3VsQVz8qsT5SJp8FYDDUGAdyBYBPGGNR4ZsLgIZRwSeftwhMHQuauOenDPMGDLMPJGsVJg5t3BFS94+EoGfSQLmmi+A28XSJacf3AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB9oKNXNgfeJAJnG6NPhS3gS0VigT2fCquUl38Rzv6tqc1uEKHkJqJ6jS2AO0wC7ykmCqU5Ex7mLFo1l70oaA85GdMuUlETxRLyhYw/XImeRHMLYxvML3e11DpyIb5GcnBr80iLlRs3eCGNLts/8b9F4akR21HZPCY0lZra6OcxTpnARGIxLqC5fD7O12Nf1Zu3sitKWgMBj4FswIS9fWSoI4vONY11KSmP8/aaKPpOOGDs99CNR4ay7ug/ch9/kePlmIu9Vidn9mkrMTseM/x7O0hr+iO3GG0wab1daXRZpUSvbP3ZqPXLIwePcvUUjlxHvB7GlT89C3dE0NVMDAuK + + + Test CA + false + + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQXh1Z0F3SUJBZ0lVUmZCZHV4MVhtWFMwcHYveU1ydVExWHBQc2VRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURU5NQXNHQTFVRUNnd0VWR1Z6ZERFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEV4TURVeQpNakE1TkRCYUZ3MDBOVEV3TXpFeU1qQTVOREJhTUNFeERUQUxCZ05WQkFvTUJGUmxjM1F4RURBT0JnTlZCQU1NCkIxUmxjM1FnUTBFd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUMxT1hBWkVsdFcKbUlnaU1WZ2hxb2ZPLzdmanZ3REdtaFFiT1pIM2pEZVJ1VVlDODdOa3REY3VZcDlYdTJOTnJBZFNnalFDVS82SQp0a3BMbVRNRHNUV2tPQ0grK0xBNHlON0tyQnM5Kzd4T1F2YVZGeDJYN2R2OUREYmN3TUxsQ2tPdGwwa3gyQk95CmRlT29XcDdNb0doRWo4UG85SnFUMTVBQmZzZG5tUDVpRjZkb2FHbnloZEhMemxMNnFFbTBkZjdXYXR3amtXOW4KVWozRS9ITG5nT1RucEVvdTROL3c5eitXeGNJT3J2Qnk3MUlUemQ3YVhmSDBEWUxCVUlHWHBTdVdBMUthNUtldAoxUityTytTOURub0NoeHZ3cUpSNFhIOWwxaEJTcDIxa0FqWVMwbndORDloZ0xqV1c3TE9jam9WUForTGxybmZJCkJCV25XUHIwVWFNdEROeHViQjRBdVM0T25SUmNaczZ5YnZzM0VMUFFzNndFanY0WFVyaGEvNFVLenhUaEhzVDIKMUdzWE9sL2hzRXFOTXBQVmIvVVZtbnJveWFQYllnUWxRdjE2dk4rL2VlUVF6YW41cXRWaENFVzhRMk5PdkJVaQpMcWpMYXYvSHBVNVU2VTFCVzhLN21HSTlXbGRVVW9RN1FSd0c3OWQ1Vm94SFF2OVUvNGtHTUtmRVBtdXlFZEFKCnBIeVphZlJvSkdKNjVSMWJWdW1xV0tUOURJQjRjeGdvaWRJVWxoY2FVY0lGZUxZQ0lXUTJDNmY2UHE0c0xIeVYKSjdMUXlpaTJZd0JFTTkzQjR3TE4vYnVvcjk1TE1UWHRsZWJtcnppV2tublpUNE5vMCszTk8xZXRmMDkwVnkrMgpta0toTVhlVThJOVJLUkZJSFd3SkZWM0Vxa010Q08ybXFRSURBUUFCbzJNd1lUQWRCZ05WSFE0RUZnUVVVUVltCkhyd0x5d212Nm52TUk1WVZoeElhamljd0h3WURWUjBqQkJnd0ZvQVVVUVltSHJ3THl3bXY2bnZNSTVZVmh4SWEKamljd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFKSnpUQlpJLzlTajNYYURreHJVbDhOYjl2MW9kWFl4VzNnOFErU2EvTHBEd0tiNTVEVHRwR29ZClM2RDlkMGdXRU5XY2VDNHlUN2NVSlQ5TzU2dzFHVDFJM0IzQ2ZXVk5vNzNtOEw1TWwyVEJXSVZhckY0a0pKb0oKNU1VR3Z0WEJaRThzNkpqc1pjZ3BSdGlnMjI5ZlB6dHhjcG44UjUyYnZNUDNtSHpSa2hOaCtxcGhqbkZyK2lxbQpuTVcyNHM3WkY3cTAyOWUya0R5M0RxT1dUeEZTbVNZaHg5cXJ0NElTQzVVaG9XTFpmb0lPU2hJbmx0RnVmM25BCklnK1hVZDNLM1R3UGlrRHdXZjBFMVVwd005YzFwZFhZM1N0SkQrS0VWSXdjakYyK0lHamRpR09aNHR3UWpvRzAKaThoMmd6UzRlL3NtTGtoR0tMNDlkaFZkUkZ0SmswS3hveWpKaWRFSlkwcnVJaGE1cmR2OVdhakhDa2RuYXlKLwpTN0N1Y2pmZ1dhMmZNVGhxeHUrUTg5SFFmNHpoU1Y2R0g0SUlMRFpvRWV3LzA3QXFoS1l6OWFMVzEvc0NkMnVuCk5FbURoclVmWEo1bFp2UVF6TzVUVmg4SWZPU1Z4NkRrSTBza0lxNUE4Vlp1S3NNR0oyQnVKcnQ3OUtVVExIbC8KU280KzJOQXp4dEZWVm5jVG13NHpObWNBaGE3K0VsWWQ0ajhQTm5NL3FkWXkrWjMxekE4ZVpFNDB1WlZBZGw0NApjdTJjZmFrMnVMdFBSUnQ1VGR4Y3djbGRDQWpOY04rVTdkK1ZBeHZmWEw4WnBBeDdEUmhnNlh2ZUoyTW9xOU1SCnYyK1c0RHM4ckJNeGE1bzRZQ3dNMHFoZlpsSkU3VGpwRkx0Y1AyY05PRTlHeEtIRW9IZkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + + http://testca:8888 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZORENDQXh5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBNMW9YRFRRMU1UQXpNVEl5TURrMApNMW93SXpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVTTUJBR0ExVUVBd3dKVkdWemRDQlBRMU5RTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdjNCUDR1dzB3c0xGcUczOHJDNnA4YkdiT213b0xvWlIKNUxYNWtXMis5OUpkci9uVTJaR1Bnb0hmQ3BLSVI5WFZKT01vU3daR0RrTWtIVzJ2Umk5MUJQVnM5QlAxZGVLVQpya3ZnQUxna1Z6MUxhQmJGTndGdHdNeWxYMkM4czNUTEdPTnZzYWdyRVVBZEk0U29HdmF0a2FScE5KMXZXNno1CnVLWjUrbWFrVVRrVzkyMHJNREdsb2lwblZwUURHK0lCbDJTcEx6N1VGOHhmempWVnljbkVXbVdBek80ZGY5V3kKYzl3NFVHNUR5YmYwdW9rMk1LdThQTE5saXpZem1xb2t6U1lCQUxYL3ljWFd5ZG1mS1BZaENqajljQnlwTEdsTgppdmM0Nkd2Q1lzVTQ0bTd2M3EvekJsa01KZmNsRjllb1lYV0VFUmxGWXU2Ky93dC9NTjB2RWJGeURacXJBNUI4Ck5qeUNneDdVbjZLRGhLZEdqdGZtSTkrU3UvMjJJT3liTy9sSjlXQmg5ZC9oOWhIejJsQWttQ1kzdVYyanEweTkKTTI3aGYvOUQranFWUnZLRmppdVdGcXZMZk04Wk05Z3NXbFp6Wi9lZDlMSnBFbmpqQ2VHK0pkY1phejNhNVR1WgpQZ3JqcCs0YWdpTzYxL0IzV1pLd0s3OERWT09kMzVoa3BncE9JNDFBMzg3TWFUTE1zRUppR292a0pWR0xBSldTCndBMlkxaWx5WERmSHQxa2NmV0dHUFFRT0p0dm9WZTlGLzFUYW5UZFVBdE1MMGcwUW9aVHVMRTFka01UM2lUTUkKaVdTcHRYcUYya0crckluNlcwSjhPelJib3Z2YUhFOWhXYllLK3VwNnZqN0xXL0JkZTZWNW93eFNKa0lZMXh2MwowV1oxUWl4ZkZFMENBd0VBQWFOMU1ITXdDUVlEVlIwVEJBSXdBREFkQmdOVkhRNEVGZ1FVRXh0cWorZi9MNnNPClV6dGNYSmphV1ViY0Zad3dId1lEVlIwakJCZ3dGb0FVVVFZbUhyd0x5d212Nm52TUk1WVZoeElhamljd0RnWUQKVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUZCd01KTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQ0FRQXV4VFFmUy9jeHcwMUgyN1pTUDB2blo3T28xOEgwemxoM09BMDE4cG9wRnRKbWhFcW5WejVFCnpXZS91eVZQMi9CQ05KUjJqQ0Z1UURBZ3RXSCtDa0R0SldNQzUvRHYxTm5tTUxWMWV5UE1ORzRYejkyaGk0LzIKK0lVSzJZZWZMQnRHUEVmV1RXUnB2VDc0SUw2ZFdMZ2pESFkrUFFHb3hjRzhzTDlTUlRORDFjT1lkMkRER3AwcgppYTMwektjYjJNbFdXMW1RTmNlaCt2VDZDWEVpTGFvOWZUb2Q1Y2RFQU5RU3NpTFAwMnREUUZLdjlMQWJSVE5IClV1OHFuYVpQajNxcGVXcnFmVXhieEcxV0dOYStSVXRQamhNZXdxTW1Ic1JRY1NBRVZzbmpSZ09jRTFUajEyR1gKWDhUeEgyOUF3SUpOK1JkTDhsUlkvdU4zSW44N2Z0akZaN25DeGU4bVVrK1dRU1ljZStqVTBxdDZPY0U4YmE5bQpUT1FpekVIbkh4cVJmY1RobnVYcVJ6VUdnUTJ4SC92aFcwYlJ2QTVTSVg1dzN4QS9ITWcvdXlhYVRDSXBBeU9LCkRxNnZZaU9qblV6dnRwdmJDR01oVHk2ZjlvOEpvZlQ2S0ticXVoYWp3aERDc096S0lpTFZYa3NTZGs5VThUYzMKeHpoa0o1ZEdjanQva2crOG1adGZKU0FzdHJWSmZ3Unh0ZnR5M3V5Yjd0a29MM3lOMGFKQTdHUVNpNEtrc2o3bwpkRkVUUGtUd1U5SXR3Skx4RUExQVRBZ0xvRTV2Y1M2Q2puVFpBZm1VbmcxOXRXaHZ6Y040cnBUYVMvOGZCS0EwCnZJSElYbDNWcmJtY2kyZkREK3RXckJ3bzQ1aVN2alR6MVk1Q21EU0dTNnFvK3RnemVaSVpwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + FREE + + + ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider + PEM + + http://testca:8887 + + + + Test TSA + http://testca:8899 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBOVm9YRFRRMU1UQXpNVEl5TURrMApOVm93SWpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVSTUE4R0ExVUVBd3dJVkdWemRDQlVVMEV3Z2dJaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURqVHpJS0F6SUQrR0ZBWURGWFdSL3lMTWROM3JEbnFDVHYKN2VLQjg2aGJYNC8yOWVMTHJ4WCt2SSs2TitGOXZjc2RGblFwSVlnakdmT1JOQXF5SmFpNUNZTExyYk5MeE40WApGVGg3dTJheG5ZYUFacE9lU0EydWs1VGNXbzdDNVJYZTNnZzRDd0RvdUlRWjcvaTlBZ3ZDYWsyZi9mY3EzNHlqCkprQVg2WjFaUUdxQ2kxRjhFVTdxWWFWNkhvc1hWS0Q2T0E1bHc2RE5pNXBpQnIyalRYSnlLVTY4N2hrSjJQSjcKcE1BRWd5NFVCbTcrTExWa1RaUlprWDVwelRHKytBeElGM1RXd09VZm85UXAzY0pObk5HQk1uRHBxVUVSMmk3TApWZ0Q2WlhFMU5BWUZLTHdSRDVzbkJxSWRXbXMrbjlpOEEvNm9KZVNsMUZGU0Z5WUNBaEY2NkREZFRyY3l0N2VkClREcEx6aDI0ak1ycWxPMXpaYnBkaHo5NlVtbkxzSGlwK2RUOWNNV2VmRTRnWFJDbktjbmc4L0N6eXNnOXNZaDAKeis4aTkrdmNOZFVScHRTZHR3a2pNQXJNUjhEajhQOTB1VHVmVGxDWlRZYWhsNlRlRnZsS3UybkRnaHRTc2Faawp6cUdDTGtpN1BqTk9idnlOYkhTb1RSOHZlUGZSK1pvSnZtdm82aEdWQXdZYXA3aGJxU2lXK29Yc2NSSHRSaWdNCnlORE5XWFRvNnZ1T0x3VUF6ZWJPbmZJeXI3ZkpKVWFNWkJNS0JESmU1NVY0RFhVbjFmMjBjMGNwQnpkMzFWWGIKUGQraEdMUWdVVGdFWHVJQ3UwSC8veWJyQ2xFNTJ0Y1JuUGJxR2d1b1Ntb3hGZkdiL2FoSGtTMzFpRjI0bkJCUgpiSkpFOXhPNXd3SURBUUFCbzJvd2FEQVdCZ05WSFNVQkFmOEVEREFLQmdnckJnRUZCUWNEQ0RBT0JnTlZIUThCCkFmOEVCQU1DQmtBd0hRWURWUjBPQkJZRUZHcno0SjluT3JZT21vSi83bjFDR3hYakQ0eGVNQjhHQTFVZEl3UVkKTUJhQUZGRUdKaDY4QzhzSnIrcDd6Q09XRlljU0dvNG5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNPSjhHTgpYaTFRd0ZIMDVJMWU1QnZRc1o5M0dOb1hiVit1Tkt5U3FTRndhYXY4WVM4bjd2emszeTE5Y3NleE9jOGNZQjlYCkRXMDRUeDdpRmhCY09RdHU3bTVoeTR5Z2YwNWJpdzAwS3BVSFQ2dUdCWDVnTEhlM2U3cTlyZ3lXRkJEaDFBMHYKVys1V3RVT0NzSmhtQjk4bmZ6VTBMVVZ2ZkVsZ3BlT0NHMS9mTit2YVJXa0NXKzh5eUhTbWE4emtsR3NSbTAyRAoxenUwVFNBZlBaUkV2aG4wZTQvYUJRdWlXQmh5YVNkMERFQUMvT3RPbnQwS2NhZVJ5OUFEV0svNHArNzBiNzB0CkRMWXJ1MHhQekRtVkI1eTByazg5T2ZWeDNKMjhrRHVoUlZtZTFiMW1pQTVGcGZuVTdGRXg4b3MwYWN6YXo4aEkKTUNvbzRtS3ZZVXBjbWJyTEhETldETnFpeTM0NHN3bnZsTUhjV0YrQ2JLd29QcFdWL1NGczgwOElRNGRIQlQxcAptNTVpeGtISG93eFF4eEI3d1VUT0JUMzR6SWRhZm42dlNnMCtmRzl2ZXFCNEpIUVl5T3dkV09TT0krZU8wb0V3CmNPeDlWK0JoZmtKNTdoeEtENy9SbmxucDFYalRNdEhWSmJDdWJvaDltWklBVHM0eUUvQVBFcjN3T05Cd3B4MU4KWHNmWXp3T2VFRXh6RHloUFROODZ2VlB4QXkxV0I3bUhOdkYwb2JObXVubHVqM1pSR1VldmJNSW1zNVdKTFVGOQpRRmdGek9LVFZzM2RPSGRuQnlqRG5jRWhYcjBTdDJXbCtvWFd0MlRwbHZVRmRMMFJpWm9SbGNPYWI2NTVaSjhxClA3K2tGdlI4ME5KWWFWdmIyV3lGTUpHdGpzU2kxMElwanUrZnl3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + FREE + + + + COM + Commercial + + 1234 + Test member + + MANAGEMENT + Management services + + + TestService + Test service + + + TestSaved + Test saved + + + test-consumer + Test consumer + + + + + COM + Commercial + + 4321 + Test client + + TestClient + Test client subsystem + + + + id0 + SS0 +
ss0
+ 7Meh1uzLrM0z4DWhf30PPzICihqTHGgRSmWczyAIWB8= + id1 + id2 + id3 + id6 + + + id5 + SS1 +
ss1
+ ZW/oMvScXIzXpjWL68Dkd5ybl2ClA14qACkLJTWN8wk= + id6 + id4 + + + security-server-owners + Security server owners + + DEV + COM + 1234 + + + DEV + COM + 4321 + + + + + COM + Commercial + + + GOV + Governmental organisations + + + ORG + Non-profit organisations + + 3600 + + diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf new file mode 100644 index 0000000000..2dc4400e5e --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf @@ -0,0 +1,27 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=53ym6pJxOQXWdyO2ZzeI + +--53ym6pJxOQXWdyO2ZzeI +Content-Type: multipart/mixed; charset=UTF-8; boundary=t1hY0NEh7SDQcxvdWBHh + +--t1hY0NEh7SDQcxvdWBHh +Expire-date: 2035-11-07T04:51:26Z +Version: 6 + +--t1hY0NEh7SDQcxvdWBHh +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251106184346396745000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--t1hY0NEh7SDQcxvdWBHh-- + +--53ym6pJxOQXWdyO2ZzeI +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +A4AB6u5V+XdZyy0f9FbRbd097a2RHtCo3IrKxTRck9pRvLk41Lq1CcJfWB9XzP1xi6VcsKXwEQtvwVtyBO2Bxzwm3Yy2G6zBrY72BlQNE6i6A6TN690p4CvLfjg6OEsajuQBWYzHBPhx3kL7NYwz8gA8nCAuIgb8bycR4/HuuxOjitax6NWPN9n1xM3+p0zkuT9MGjT/JgPmWOF94P7eLGFrKqmW0J7K8X0cuywkcu/7bkVZr1ODAdTK+FZEYBJZJK1FfPS/gZ4EeYtREhFWQcEhARgU6C7+dhB5sLOUh/RSVTHgfdoltFQ/yP8fX+yp9W5L19IwyQ7cdI51s+u3xg== +--53ym6pJxOQXWdyO2ZzeI-- diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf new file mode 100644 index 0000000000..70c7605198 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf @@ -0,0 +1,35 @@ +Content-Type: multipart/related; charset=UTF-8; boundary=IwNKAxJX0LYa1QzMOPSC + +--IwNKAxJX0LYa1QzMOPSC +Content-Type: multipart/mixed; charset=UTF-8; boundary=yR1dYPFb1AAbffPvsejQ + +--yR1dYPFb1AAbffPvsejQ +Expire-date: 2035-11-07T04:51:26Z +Version: 6 + +--yR1dYPFb1AAbffPvsejQ +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251106184346396745000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--yR1dYPFb1AAbffPvsejQ +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: PRIVATE-PARAMETERS; instance='DEV' +Content-location: /V6/20251106184346396745000/private-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== +--yR1dYPFb1AAbffPvsejQ-- + +--IwNKAxJX0LYa1QzMOPSC +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +kihg0PX79wY2ZQ9XYScaypaxrK3PyiyUkr58ywAi8RGYziTG8jGuW+zVuL6g8nxO9D9I1iQSkhEZK4/rV6j+Q6tAyaTNNwH6L1uDnTw1wK1/N763RnqxKmid9+ev30dlryz9+yAJfZxxCVMI43wuMcqfUWn39QpmHikYcSM1l5k17UYCnA/R1pcYdv5CeYUEE91dBoVs+iPLLfM7IOMLA+SNjCD32kCe9UuBEERIPr8QIVd5Bgh5LkIpKKi3g+q8lDChm8PC74EYCjBE4SXiLxirdivzd6Isaj4lMpQKsEVz278VX6AFcQGU+hFGm8oN117xelLZ89oP2x00eU+Asg== +--IwNKAxJX0LYa1QzMOPSC-- diff --git a/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java b/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java index 9344782f8c..9f883c62ed 100644 --- a/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java +++ b/src/service/monitor/monitor-core/src/test/java/org/niis/xroad/monitor/core/EmptyServerConf.java @@ -115,6 +115,11 @@ public List getTspUrl() { return emptyList(); } + @Override + public String getTspCostType(String tspUrl) { + return null; + } + @Override public DescriptionType getDescriptionType(ServiceId serviceId) { return null; diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml index 56f950c299..2245edb7e0 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml @@ -3,7 +3,7 @@ DEV https://cs:4001/managementservice/ - MIIDCzCCAfOgAwIBAgIUcu57YpCg67bCvmY3941+9huLEoYwDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAwwGeHJkLWNzMB4XDTI1MDIyNzA4Mzc0NloXDTQ1MDIyMjA4Mzc0NlowETEPMA0GA1UEAwwGeHJkLWNzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/ROzD2VYRCBPXFmFB7CgRK0LYPGxAr03awfxR+0chkEuNw1upF28mq5c2tfMNljPa5ct6tNSqsNsUjtdxcMcCMkEJV2XcNNfro41EPpvTWqrYepQ2IlyBokMl8sZq1CuQIhZRYsk/ahLC7RN+zc2f7sOnZ+X+dExtddUHFDb5+ehhaisrbma2fmWrc3GPBCeq600Yidw8DR0DaLxSmfc/SyTfvlM12qHZoxsexlSc6q7TqiO3depj1JGtKR7v6SFNBNxiOl5r1xiK1a9Iz5N/jm37q5Bz2CPhiYYbo0II3dj/Jg7vSm5T4h2ZhjBrjnmaQ9TgukQhPKMcXk/oEvDwIDAQABo1swWTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DAXBgNVHREEEDAOhwQKCgqPggZ4cmQtY3MwHQYDVR0OBBYEFBplw655gAtSR1F109j+TK7QvjRIMA0GCSqGSIb3DQEBCwUAA4IBAQCcIxF4w73bpbZSTMBowNR2RyssunS2qELwOTxMKNQu8S4MOWgPUy4wrXmCQMZApl2Sw7nsFkIbchbPA4oyOBwpltvzbBcpnoorYAocTW71iTr6fiHMZvX8jICzUsMXlhe8dd2Jnvegt9xqczk5znG+hQI6+rX/TTjQTpN6CJp8tWRAGP3q4b5mzMmBuavmeP8hU0/H/d3iBo/iwuE1NWD1B7/+1WsfZm25xbCFwFO056Jyv3Dmcua+jPFPyc0K7gmIord2WUqAQdL5KBaMJ8TzO1ECDmKMoNtH46xsQ6ScJ1ffLW2ilZcoC6lnwG0qz4ZdWY8j9EMPeaZC+AL3e+Vb + MIIDJTCCAg2gAwIBAgIUMZw/qaccO23KFoyyBhDsT1vVk9IwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI1MTEwNTIyMDc1MFoXDTQ1MTAzMTIyMDc1MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4MJ/UgVWdjH1/gwsO0YPv85aWAGbiiEpb7HgKqaSoUZNJvKlZsgp5WsgkygSzc+8oXgxw4FQmJtrvU9a0H7VNO0vW8J8p/Oo2Usurqwvsbt46jaS/VKvFtOM7/+RfdiHiVV8gm405SZQfraWrhFp3/QDxvcPttmVTOoFX2M9G4G+6nkptcw7HlK3nNOFtM/Hl2439z+iETTuTDhuKEpwiZy6jqoAer+17EHnPMprHwIZKE0KHPP804uChj9cOGDxETQfN0Xv+0JECF2bMIdt8YeISlnafRVR+83Obtcj69y0tRSzAtvSAOreg/599IjY6Tb+rjHjAO4pWFjpMDztwIDAQABo28wbTASBgNVHRMBAf8ECDAGAQH/AgEAMAsGA1UdDwQEAwIC5DArBgNVHREEJDAihwQKAAECgglsb2NhbGhvc3SCD2J1aWxka2l0c2FuZGJveDAdBgNVHQ4EFgQUFtBl5Xaw1sAu5dUBaDYTpWpMM5kwDQYJKoZIhvcNAQELBQADggEBAHdUYK4yRGQlTitKBltwviWazFeqkBsamV66dQzpnUmdW+FrOujN+cRXGWiRn6+MJ4qRCZGektQUdYxthV3lb1T4YaPcl80eeKZBghl1Jfe1+1Ucjiv4/Ln8+Fz3QoG97wOs+asRqwm7huP5YJZq/nL0f3Ih32TKrlv6PKyMA4RHjwHiMQQTrhjzoBzpDY1rnYoVV429iJICv/7RM0Ndd+T2aFC+p8H1qtnNMd7zzT4sqSS1h5Zj1dOrAweNv2q4bXsQjqaUJZEoNq3nMvzUcpG9LH57ejhHpMlHDtLvnUOOTxaBquLh5Mw12QLkrXlb803S0OQYGe17yrhRtwWHtyo= DEV COM diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata index 51304c9d13..ffa7dd8693 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/private-params.xml.metadata @@ -1 +1 @@ -{"contentIdentifier":"PRIVATE-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-03-01T14:39:11Z","contentLocation":"/V5/20250303143911136407000/private-params.xml","configurationVersion":"5"} +{"contentIdentifier":"PRIVATE-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-11-07T04:52:26Z","contentLocation":"/V6/20251106184446407787000/private-params.xml","configurationVersion":"6"} diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml index ba2779a9df..6f0a16a889 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml @@ -3,20 +3,22 @@ DEV
cs
- MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvZwWBRJABPy8I4KXdFC2O2GdUzqkiu2d5q3NWja/upfd1oVqxZH7DG7zfHVmEsWjQO/GFVPDJDn2sJCux/+4PTJt+mJ1kmErJ84rhw2PsoJVmBDZRswR9VDoNRTCsFa7qUYdzie9ksOO573kEjQR6hqpSQxlnl0/W2vkyLbMtpym1zkspRpttPjDRZ4n6g0vscsL/JiTR6M7Mrx+1JFMsCEXsrcX14cWHHq/C7nQapaVtrkTBWKRw0JsuAJjyA7ofUNfJDRyT/4DRH9glPHb93HRkTTEZtzGNLwm2VGlQZaHEB0ZLAE6Er2iuzGQWZAYcnvnWgA5eMpTrlO/L8FbAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAZ2W5AOAT0MlePq30HFiQZIghV2aCQFUi5QdZ0f32HFvkMUef/yqKPf1Z9A2c16qG4BMe3sdwoErS2V+Alac80ySTZgpsMXTohop4OQ/UMJeserQFWVVVhLLj2izOKqjoAooBh99IiwOKGvBQwjiIjoKXnHCAcL4lfLVEUD1Gud7qT1HnjGs1AEztxC4V2YxfcM2WasiYlAZ5iKcWfc8XDZ4+nxDQyPuPXKvDRWQtK9cnt9QWVUqCUG87u2FTHqax0qW4kggzG68g7Rz2mzbcwBTpW6gCmFJVkkk7Tk5ptrPsgOLElXqH/xNH54d2DX9s9AwZYImbZFXEoc97dorM1 - MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjuLv07I6FywICvewmVZu+Q5Pxo9U3kgSr9H/fdv6oAdvtf5xQakvo/HjGDiYL/MnRc8x1cr8HRoIR72dgqrggDSfQAliPt10OgvTxBe60jsLXhx31UDkvT/QlgRsS4qlp/CR/0jlqP76t2S8u6TB24BZOSFAtJvREM2T46nbkQ4DmvsLkG0xUArD6TtVh05YidQkLktyrqs7fYwL/H0bYm/KZsy3FjGN5uBkr91ZNP6KTBCQSNqucz2ykbGc/uf8iYlKdsfIz4EXsrbiq0GqmrddPdAOCiBPka+doN+fC3hV43k9DoEUrNhM8wNr0iMal0NUOmp8apaqX0wUcaE9pAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAy8o5Es7nbjNkKZx4HGdQ7Y9qFuf4Fd9/IjEcbpZua5VtyxGq0H4U1dDJdOFP+YVhDi6oIOdCYtYWHdEc2K78IPAhLWw/VmtptkKD2EqJxKZgxI2ypazAwstBGnCe0rAu6OAdgh+FvgGHWRwUNs2tTNuvfcOHW5iuf9ake3Q6J1WYU4/y57BsceJVgFGMFU4TpNKciEHweogzCCXAPmvXYYKRDvrkXC1vjbX/K50XPhZH5+Kpw/u9pmyr1HUKvCJ/hDb5aqVMaHCcUxSikF+qfgpU218fJVbCAnJcNIOPaBuo1sYJpbRQFXjJpOULkLwWjl5Wdnpua6ZdHoWFEczY8 + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3eVWfwX9ngaObt6CfRymym1jxBdCbCLTz4I/MZJU1VbFOaOxvgeDfNByYLp1OBFQZDMtEsiRJYRmneZktEXTefFTHeW7jAk2OFKHMJUAgRgF4pNb1GtSEVsb7N/Kyxwr+G3MD44cZ51UJjejWARul8aPCHP/85MRXb5tgvhJLMO+4f/Cg50nTwdQcBB2hma3D7iVGKhFEid9lEYuNr19Pd5MLMyWUqPk6030/QgbMvh02d1F2vjHksWZKr+bsz9o87n8mB5rVGQwFrtvgHD9Ky5G+f+TH3KipniLPlwlbiXuRoDU19bHSQCcqoVbyBaXpvvuXlE7mDXgL7ALfpglvAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQABdC+/Z7KhMxEJnm5sYcQThlAl67R8clVHOL/IgTMIM+XahmqkexQijri5OxeigRXSe9mxsjDzUz+r451z9W456wKmbaEL6Zp1j6dDuAsqoEPZs/EyHn+fGMEM1ZnwRmopkL4upS+oSO3B2oLNV00+DvDbkIRTc8EsXRROBnEJcGyha6x34JLMp1ANamjCWf2aXFn+QDd6xTh4TJG9ea/RfxjeTjfgRi8tInQV203cbDQyx/xyFX5FIT0s7ynN/NpDerxlj086/9TBE/6aReGqrIZ66e2xH//haRkYxviQV4cORtTDNxJAxo7G2SkeL1HJlAPpd8nQxtLJ6rb5qb5O + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmxPFSE0oUbKCa1xYSArCtSseHX3GioLMqTDMjd3HYjJ1dShJWklrVRZAcKx6+mOk5/LPYXS2WBphxS+4iWjWIkPy9tDbwVRNs3ep51e9iIfMpRRXHC6E2hIASzaFYh8Qt/ljVfaYf4xxBkG8czvq7Dc5rKlzYhGXlLp8Yx8BkRmRjtqc1h6y3Afc+YVwhSf35MrsTwVhTkjnecnntr9q67eIJ5wCbO65BZhL8SompeyxB6srp3VsQVz8qsT5SJp8FYDDUGAdyBYBPGGNR4ZsLgIZRwSeftwhMHQuauOenDPMGDLMPJGsVJg5t3BFS94+EoGfSQLmmi+A28XSJacf3AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQB9oKNXNgfeJAJnG6NPhS3gS0VigT2fCquUl38Rzv6tqc1uEKHkJqJ6jS2AO0wC7ykmCqU5Ex7mLFo1l70oaA85GdMuUlETxRLyhYw/XImeRHMLYxvML3e11DpyIb5GcnBr80iLlRs3eCGNLts/8b9F4akR21HZPCY0lZra6OcxTpnARGIxLqC5fD7O12Nf1Zu3sitKWgMBj4FswIS9fWSoI4vONY11KSmP8/aaKPpOOGDs99CNR4ay7ug/ch9/kePlmIu9Vidn9mkrMTseM/x7O0hr+iO3GG0wab1daXRZpUSvbP3ZqPXLIwePcvUUjlxHvB7GlT89C3dE0NVMDAuK Test CA false - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZSekNDQXkrZ0F3SUJBZ0lVSjl6Y200VHFtNUpIQUVPenduaUNSdXdCYnZrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0t6RVhNQlVHQTFVRUNnd09XQzFTYjJGa0lGUmxjM1FnUTBFeEVEQU9CZ05WQkFNTUIxUmxjM1FnUTBFdwpIaGNOTWpVd01qSTNNRGd6T0RReldoY05ORFV3TWpJeU1EZ3pPRFF6V2pBck1SY3dGUVlEVlFRS0RBNVlMVkp2CllXUWdWR1Z6ZENCRFFURVFNQTRHQTFVRUF3d0hWR1Z6ZENCRFFUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQUQKZ2dJUEFEQ0NBZ29DZ2dJQkFMbDM3ckNQWVdHQVBxbkxLS2g1ZXc2Zi9sLzRoVTFQMlZ5dE9CdG0yeFM4NjZPdgpWWHNIb1hwUG4yZjhNeUJ5UmRQdGZQSUdTaS84Q3hROW9WcTlkQUdFdHdFQ3hoMnJ0dWh2S1RnRWJUb3F0ZXB2Cit4TWJIMm9FQ25YTTkrRkJmYUVNVWVNY0FaVmxPSGVaUytWWlVMWUJVdUwvbXllZ3owK2FydldHbnMrciswMFgKOUtKRHIyUTcxclkzcnlpQTByZlJMWWJGdVY2elJuNGZJN25MeGNOckFheGlQZEQ1bXVBQ1p2VC9sTlVyR2NNawpoVGk0R09XSUQ1UWVZY3pnMzJ4Zzl0UWJ2cHFUd3RiTFl6MXgzR0xtc2NKeW9oSlUrUE9ISDExQkJzZW9CK0daCkpVU1grQ21yNkpVUEpUei82QndnTVdISDFQZ0MwYWNLK2t5ZGFWRWFNc01MSnVFK1VMR1RjU0xiM0F2U3kwcFAKRFRKVXIvSDMwWlhDT3ByS1IzRUFkKyt5ZkhxV1ZmUjNXc3NGOGZMSVZXMnlrbzFnMDZ5dU5lL2o4Z3liQzVxNQpUL2NvOW1pcFczbW5Cd0hsZjQ1Z0RMZmFkR3ZFeVNqVkRRd3RETzVCNWx1VWxVSDRGQXNyK2hPNnNDaDRYSjVXClhSMkQ0c3NJRVdTOWd2cks2Y1pyc2NzS3dIZlNHWmNJYVdjZTdyMDlNMGN3ZXNmR01hMklUSThVM3RyUlVVdHcKODBwcG0yNE5aYVpDdncybkxzRjJQeW1qVTllVG1MSXNwek52cHNSSS91RVFZdStXY09PTFgwak4wUzk4bjVPYwpqMURteHNiK0QwN2F4MElNcVBmTUljazR5NkgxVmY3bnZ0NzdIdWgwL1JmVFYxK2Exd2R1cDFFQWR0VU5BZ01CCkFBR2pZekJoTUIwR0ExVWREZ1FXQkJSamFWTTRhaVcwYTFYKzNoV0JHcythaTVXL09EQWZCZ05WSFNNRUdEQVcKZ0JSamFWTTRhaVcwYTFYKzNoV0JHcythaTVXL09EQVBCZ05WSFJNQkFmOEVCVEFEQVFIL01BNEdBMVVkRHdFQgovd1FFQXdJQmhqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFMejFiQVd1a3NvWWliZEVMWUJoVlZiZ1U3cWxlCjFUdFJMdXgzOHF1SVJVR2R0NzR1N0FHNGlNRXB5Z0R3Y1NEbGJjUEdac2xxcnBiNUxUMGg5SnlSWURjcS93MTIKUEdYODZHS0laNTNYR0F2NTA5QXVSTDZUOEVQRENmT28yWE1VZENFbzJlbVZyVmhieG12dU9jdWF5cUtZN1ZVQQpUU3FybUhWZWFGU2pvTkNYRVE5VlE2dS9nV3VEWWdGTnBPZXlCc09LUGx2c3ZieU0vNnpFVGpwMnBSWkJpdUpOCkNSRDB0eDlsT1ZsYUtVN3JyazVMYjBOWjMrL1lXWTZuZXNTVWZGOGFIdkg1cWkycFEyb3dRNmZGOEFWbTJRcjEKaHROdG5BVWp2c3FhUEV3Rk1NOTluRFU5cWNKcDZhNVNBUUluVFFZUlhFcEZkRUdWbFNySldWTVRjVnZBZG43dwpKdHR0cXgzVlM5ZGZEa1lwMm1mczB5cjd6Tm9HZzI2eVdrSlhNbEo4cjdxeWpOa2NsNGM4Y21YTWNKbjByY2phCnBoT0xVbjV2a3BKeStDRmkrQjVhSEdvRWVTUVNHT3JtbUNTbVVNS1RURjBLVDE3cGY1NUdrKzFZdDJjZzZTWlMKazVUYnRLSXgrUElEMDNtOGlxeVkxek9aNFRwR0NJQWJOOXg2YmIwc3NsME9DUWV2VlQxd3lSWW4rTzdpZTQ3Kwo1U3Z5L1V4Y0pOL29OeFVQbDhvV2lvTXRmdnFkS3hod3NhZ2J4NDVNZ3ptUlJjWWtPaWYzKzJZby9nT1JBcVZUCkd3eU4zWjNTZWFpUHRCYWg5T3lkelNUS2laMWo4dGcvbzdOWkt4eC95RmFLRitsMTBCRG83Wk1OcFFUb2VkRnIKeUs2RWVCY1FmcjV5YlhZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQXh1Z0F3SUJBZ0lVUmZCZHV4MVhtWFMwcHYveU1ydVExWHBQc2VRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURU5NQXNHQTFVRUNnd0VWR1Z6ZERFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEV4TURVeQpNakE1TkRCYUZ3MDBOVEV3TXpFeU1qQTVOREJhTUNFeERUQUxCZ05WQkFvTUJGUmxjM1F4RURBT0JnTlZCQU1NCkIxUmxjM1FnUTBFd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUMxT1hBWkVsdFcKbUlnaU1WZ2hxb2ZPLzdmanZ3REdtaFFiT1pIM2pEZVJ1VVlDODdOa3REY3VZcDlYdTJOTnJBZFNnalFDVS82SQp0a3BMbVRNRHNUV2tPQ0grK0xBNHlON0tyQnM5Kzd4T1F2YVZGeDJYN2R2OUREYmN3TUxsQ2tPdGwwa3gyQk95CmRlT29XcDdNb0doRWo4UG85SnFUMTVBQmZzZG5tUDVpRjZkb2FHbnloZEhMemxMNnFFbTBkZjdXYXR3amtXOW4KVWozRS9ITG5nT1RucEVvdTROL3c5eitXeGNJT3J2Qnk3MUlUemQ3YVhmSDBEWUxCVUlHWHBTdVdBMUthNUtldAoxUityTytTOURub0NoeHZ3cUpSNFhIOWwxaEJTcDIxa0FqWVMwbndORDloZ0xqV1c3TE9jam9WUForTGxybmZJCkJCV25XUHIwVWFNdEROeHViQjRBdVM0T25SUmNaczZ5YnZzM0VMUFFzNndFanY0WFVyaGEvNFVLenhUaEhzVDIKMUdzWE9sL2hzRXFOTXBQVmIvVVZtbnJveWFQYllnUWxRdjE2dk4rL2VlUVF6YW41cXRWaENFVzhRMk5PdkJVaQpMcWpMYXYvSHBVNVU2VTFCVzhLN21HSTlXbGRVVW9RN1FSd0c3OWQ1Vm94SFF2OVUvNGtHTUtmRVBtdXlFZEFKCnBIeVphZlJvSkdKNjVSMWJWdW1xV0tUOURJQjRjeGdvaWRJVWxoY2FVY0lGZUxZQ0lXUTJDNmY2UHE0c0xIeVYKSjdMUXlpaTJZd0JFTTkzQjR3TE4vYnVvcjk1TE1UWHRsZWJtcnppV2tublpUNE5vMCszTk8xZXRmMDkwVnkrMgpta0toTVhlVThJOVJLUkZJSFd3SkZWM0Vxa010Q08ybXFRSURBUUFCbzJNd1lUQWRCZ05WSFE0RUZnUVVVUVltCkhyd0x5d212Nm52TUk1WVZoeElhamljd0h3WURWUjBqQkJnd0ZvQVVVUVltSHJ3THl3bXY2bnZNSTVZVmh4SWEKamljd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFKSnpUQlpJLzlTajNYYURreHJVbDhOYjl2MW9kWFl4VzNnOFErU2EvTHBEd0tiNTVEVHRwR29ZClM2RDlkMGdXRU5XY2VDNHlUN2NVSlQ5TzU2dzFHVDFJM0IzQ2ZXVk5vNzNtOEw1TWwyVEJXSVZhckY0a0pKb0oKNU1VR3Z0WEJaRThzNkpqc1pjZ3BSdGlnMjI5ZlB6dHhjcG44UjUyYnZNUDNtSHpSa2hOaCtxcGhqbkZyK2lxbQpuTVcyNHM3WkY3cTAyOWUya0R5M0RxT1dUeEZTbVNZaHg5cXJ0NElTQzVVaG9XTFpmb0lPU2hJbmx0RnVmM25BCklnK1hVZDNLM1R3UGlrRHdXZjBFMVVwd005YzFwZFhZM1N0SkQrS0VWSXdjakYyK0lHamRpR09aNHR3UWpvRzAKaThoMmd6UzRlL3NtTGtoR0tMNDlkaFZkUkZ0SmswS3hveWpKaWRFSlkwcnVJaGE1cmR2OVdhakhDa2RuYXlKLwpTN0N1Y2pmZ1dhMmZNVGhxeHUrUTg5SFFmNHpoU1Y2R0g0SUlMRFpvRWV3LzA3QXFoS1l6OWFMVzEvc0NkMnVuCk5FbURoclVmWEo1bFp2UVF6TzVUVmg4SWZPU1Z4NkRrSTBza0lxNUE4Vlp1S3NNR0oyQnVKcnQ3OUtVVExIbC8KU280KzJOQXp4dEZWVm5jVG13NHpObWNBaGE3K0VsWWQ0ajhQTm5NL3FkWXkrWjMxekE4ZVpFNDB1WlZBZGw0NApjdTJjZmFrMnVMdFBSUnQ1VGR4Y3djbGRDQWpOY04rVTdkK1ZBeHZmWEw4WnBBeDdEUmhnNlh2ZUoyTW9xOU1SCnYyK1c0RHM4ckJNeGE1bzRZQ3dNMHFoZlpsSkU3VGpwRkx0Y1AyY05PRTlHeEtIRW9IZkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= http://testca:8888 - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZTRENDQXpDZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFyTVJjd0ZRWURWUVFLREE1WUxWSnYKWVdRZ1ZHVnpkQ0JEUVRFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEF5TWpjd09ETTRORFJhRncwMApOVEF5TWpJd09ETTRORFJhTUMweEZ6QVZCZ05WQkFvTURsZ3RVbTloWkNCVVpYTjBJRU5CTVJJd0VBWURWUVFECkRBbFVaWE4wSUU5RFUxQXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDRHdBd2dnSUtBb0lDQVFDWGc0WGIKV0l1eXdsUnEzdUlJenJ4Z2s4Wld2dzFhNmhZeXU2Z2hHaUw2N1JSbkNHS3Y5Ump3TkxPcUF4UVdBUGJEaGMyYgppRnZOZjA3czFzd3MrYStOcjkvRnhCbTBmakE5NkZCaFlySldIUjdUZTJVcEhYa043UzZ2a2VRbkhVZXZ3MGsxCnNmOTJpRjFBMndDUjVOWXdtWWh0aTEvRUR5N1VBRzdZMGxTdkNlUW8wS0tnSFhEeUFUc1U2MmtUZ2MybVNocTEKOTVUSElnckZnWFdEdjZnYjBQNWJSWjQ1S2h5Q09nYXVNOTMyM0dIOHhnKzdXTmFHUmEzRHNjT2MwbFZWa0w3WQpoWWoxY29rSFZVL0hlNllOZjBkUllLNnBUSTJ6d2Jxak01OVR3dDlOb0MxVnZoV0xRajlVMU8zMDd3V0NpRFYyCkxwQzhJZTdCYXMzbVIyV1Z1YnBJU0JiOEVkVzIzem5ncC9GU0xIUVdvcEpyZEVQaFluajRWeWw4NE5EdkdRVjQKaDhTVDNmMU85dzg3QzU5bHNFZDlkVFFWeFdLTzdmYVVWY1AweGVKWURFTmwyL08ybmdRbGl4TEhwQ1pXODNYOApheUl2QXI5U1JoMkhYbmpHUVNqZ1poTXdCUXBSR1R3UDJDdTl1ZHdlN1NXSmFMeVBFL0kya3l5clVIYTRUQWtGCjVxTGJBb2hUdE5MazllcE9YcCsrY1RZYk9Zc3pLWlFyK3pRcVA5djk0TUJpdEZpejZtRFhRaFh0VE5pMXFoYlYKbFVUVm5EcGg3ckhEajlrcjMvRExJRzZ2bnNDRWJHM29ockhScnR3ZDBSejNWOUhBdGNOVUkzVk5Oa2V2UjQ0NQpKRmg3cXh3d2Z3S0xQM3ZYSmNGY0UwZUc3R2hGaGlXWUVZKzFXUUlEQVFBQm8zVXdjekFKQmdOVkhSTUVBakFBCk1CMEdBMVVkRGdRV0JCUXEraUpXekl4eXNPYWdCckM0cithVVJRMkFvakFmQmdOVkhTTUVHREFXZ0JSamFWTTQKYWlXMGExWCszaFdCR3MrYWk1Vy9PREFPQmdOVkhROEJBZjhFQkFNQ0I0QXdGZ1lEVlIwbEFRSC9CQXd3Q2dZSQpLd1lCQlFVSEF3a3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBSGQxckZWSzNJNTg5ak1xNERvNXlvWG0wL3htCkN5YktzQjEvZ0h1enFhbDYvZjlNQy9JaG91bHNzZitBYk5hWWZJOVBKa3Nja1dkU01FcGgzanN6OFE3T3lIOHoKaE5kQWVDUm03Sm1ETlp2NSszdW4yY2NDK2E2SnlKN1A0bnh1M09Va2xyVVhHOFZsck5DY0wrSlovQ3IxMVB2SgpzRHM0RVlHSzBEL3RsS2owSTNOcW41c1YvNnd0U2Z3Q0RSanBLSjNPbGR0ZVY5S0Z4RmpkVllUc0trZzUwWXpjCnBWVG94UzFzZXNjcENTMXJocnRUMlBFTStlVHhiRSt4aHhBWWhtOWFuOTU1d0M0aFk5VVdYUHdJWElkZW42WHcKMUhRdVlDa0hOci9zNmdGdC9Uem01dVI2eGgwVUZ1ckE2bk5sVkp1bEhwektzanZCcWZJL1hCb0JlbTdJMFhYcgpxWHFsSlRiVnFXOUZrc2kwSFpSQWVoYThSSUowTGZhd2QyYXkzNGl0VGRINjQrSDFLdFgzbDlINWEyNGF3RGx6CjZzRVhNOEhZc2dQMDBVSHMwRlo1SlZ3QWczU1J0M3RiaHRvNWhNR0txM3lGZE9GNVA4QllwNEZ6ajQvWksxbDUKZTNUWGlMRUZZS2JuVW12bDFIYWlvQUVKcExvbDYrSkJkQnNrOG5SUm1hc04vTnVQUVI0ck5qQzRvS2pidG92RgpiTGxGNTEyV211L0R2L1V6YWFTMmwvVGtZalZieVhRMDYrK3Z5Zkt0dWU3YnhFSHBjMkJXR1RCNmZrVVNVOTZpCkl2cGNnZ1pJVWlRZjlvdU9IdEV5c3R5MWtuc2liRHRoWHF5KytiYWlHcm16TVIrVjF4MEJWd0dPSVJoaTRmTDgKV0ZIR0tKU0hibDM4SVVpeQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZORENDQXh5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBNMW9YRFRRMU1UQXpNVEl5TURrMApNMW93SXpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVTTUJBR0ExVUVBd3dKVkdWemRDQlBRMU5RTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBdjNCUDR1dzB3c0xGcUczOHJDNnA4YkdiT213b0xvWlIKNUxYNWtXMis5OUpkci9uVTJaR1Bnb0hmQ3BLSVI5WFZKT01vU3daR0RrTWtIVzJ2Umk5MUJQVnM5QlAxZGVLVQpya3ZnQUxna1Z6MUxhQmJGTndGdHdNeWxYMkM4czNUTEdPTnZzYWdyRVVBZEk0U29HdmF0a2FScE5KMXZXNno1CnVLWjUrbWFrVVRrVzkyMHJNREdsb2lwblZwUURHK0lCbDJTcEx6N1VGOHhmempWVnljbkVXbVdBek80ZGY5V3kKYzl3NFVHNUR5YmYwdW9rMk1LdThQTE5saXpZem1xb2t6U1lCQUxYL3ljWFd5ZG1mS1BZaENqajljQnlwTEdsTgppdmM0Nkd2Q1lzVTQ0bTd2M3EvekJsa01KZmNsRjllb1lYV0VFUmxGWXU2Ky93dC9NTjB2RWJGeURacXJBNUI4Ck5qeUNneDdVbjZLRGhLZEdqdGZtSTkrU3UvMjJJT3liTy9sSjlXQmg5ZC9oOWhIejJsQWttQ1kzdVYyanEweTkKTTI3aGYvOUQranFWUnZLRmppdVdGcXZMZk04Wk05Z3NXbFp6Wi9lZDlMSnBFbmpqQ2VHK0pkY1phejNhNVR1WgpQZ3JqcCs0YWdpTzYxL0IzV1pLd0s3OERWT09kMzVoa3BncE9JNDFBMzg3TWFUTE1zRUppR292a0pWR0xBSldTCndBMlkxaWx5WERmSHQxa2NmV0dHUFFRT0p0dm9WZTlGLzFUYW5UZFVBdE1MMGcwUW9aVHVMRTFka01UM2lUTUkKaVdTcHRYcUYya0crckluNlcwSjhPelJib3Z2YUhFOWhXYllLK3VwNnZqN0xXL0JkZTZWNW93eFNKa0lZMXh2MwowV1oxUWl4ZkZFMENBd0VBQWFOMU1ITXdDUVlEVlIwVEJBSXdBREFkQmdOVkhRNEVGZ1FVRXh0cWorZi9MNnNPClV6dGNYSmphV1ViY0Zad3dId1lEVlIwakJCZ3dGb0FVVVFZbUhyd0x5d212Nm52TUk1WVZoeElhamljd0RnWUQKVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUZCd01KTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQ0FRQXV4VFFmUy9jeHcwMUgyN1pTUDB2blo3T28xOEgwemxoM09BMDE4cG9wRnRKbWhFcW5WejVFCnpXZS91eVZQMi9CQ05KUjJqQ0Z1UURBZ3RXSCtDa0R0SldNQzUvRHYxTm5tTUxWMWV5UE1ORzRYejkyaGk0LzIKK0lVSzJZZWZMQnRHUEVmV1RXUnB2VDc0SUw2ZFdMZ2pESFkrUFFHb3hjRzhzTDlTUlRORDFjT1lkMkRER3AwcgppYTMwektjYjJNbFdXMW1RTmNlaCt2VDZDWEVpTGFvOWZUb2Q1Y2RFQU5RU3NpTFAwMnREUUZLdjlMQWJSVE5IClV1OHFuYVpQajNxcGVXcnFmVXhieEcxV0dOYStSVXRQamhNZXdxTW1Ic1JRY1NBRVZzbmpSZ09jRTFUajEyR1gKWDhUeEgyOUF3SUpOK1JkTDhsUlkvdU4zSW44N2Z0akZaN25DeGU4bVVrK1dRU1ljZStqVTBxdDZPY0U4YmE5bQpUT1FpekVIbkh4cVJmY1RobnVYcVJ6VUdnUTJ4SC92aFcwYlJ2QTVTSVg1dzN4QS9ITWcvdXlhYVRDSXBBeU9LCkRxNnZZaU9qblV6dnRwdmJDR01oVHk2ZjlvOEpvZlQ2S0ticXVoYWp3aERDc096S0lpTFZYa3NTZGs5VThUYzMKeHpoa0o1ZEdjanQva2crOG1adGZKU0FzdHJWSmZ3Unh0ZnR5M3V5Yjd0a29MM3lOMGFKQTdHUVNpNEtrc2o3bwpkRkVUUGtUd1U5SXR3Skx4RUExQVRBZ0xvRTV2Y1M2Q2puVFpBZm1VbmcxOXRXaHZ6Y040cnBUYVMvOGZCS0EwCnZJSElYbDNWcmJtY2kyZkREK3RXckJ3bzQ1aVN2alR6MVk1Q21EU0dTNnFvK3RnemVaSVpwdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + FREE ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider + PEM http://testca:8887 @@ -24,7 +26,8 @@ Test TSA http://testca:8899 - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZQRENDQXlTZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFyTVJjd0ZRWURWUVFLREE1WUxWSnYKWVdRZ1ZHVnpkQ0JEUVRFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOVEF5TWpjd09ETTRORFJhRncwMApOVEF5TWpJd09ETTRORFJhTUN3eEZ6QVZCZ05WQkFvTURsZ3RVbTloWkNCVVpYTjBJRU5CTVJFd0R3WURWUVFECkRBaFVaWE4wSUZSVFFUQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQUxTNzgvR3QKc3JsSEZWSGpHOUNyS1EyeVNxODR0Mjd3bnNnTDJ2RHJGZFVhWTlQQjk0RzM0QVlUank4c0pVSjFWU1FTZENuMAppbXhwVlJ4WU1yTm5QOUp1R1VJNDl0SHBVTkt3b0NwVTFqQldPTUhXUmFtcWo1S2pjVjlJZENGelZ4MGJWNzcwCmdKeFovaU9rQlR0VzM0bkhxZitrMVRXMlh5L0V6Y2J2STVzWGdtSXQwWFBjRXAyQVdUUHpzbCt4Z3UyQlpqVWcKQkFYWTdWZmNjSXhSM3BEYXlZdDZHVktPU1d0NnBSNTg5dXlDTGxwaW93c3UxRnRoS0VFQWU3OXk5WHFFUE5lVApObWt6bHlsTE1hU3hwVHo4d0hBaFJWTmlJcG1Zc1g1WDFsK1FMZGMwcUo4UE15OUZCR1NibVJ2UXFUcEhXQnhYCjBhRkpvYXB6c29Pc2lsQWVNUHJFNUt0SGtMdC9FcFI3aGNaM2FoL1JZenE3ZFlRU0VMYkxCQVdLNkhXVUlpK0QKVEZsd1ArdThDY2JjZExwbHdlTHVKTXUzUEVxYysrU1pwR2JzekhZaXlIdXB0WWhKc2NoMmptK2QzSzhpaUpHQwovdkxwazk5cVVaY0xlaEFmVm5SNFdMa2tNZUZQRmg0Vk1QeldQUmNCZ0hXTU1uRVhLQll3QWNtWVZVM25GV1NUCjkrRXMvaFBJQk1UUjZrSUd1eStVSjIzQ3Z5dHRmUWY1Y3NPRnlTL1NoODE2dzY1bTZPbk82ekdPSEpYb0dIRnYKb0NMZnhvVHlFaUdpU21kWVJDVE1hYjJEZmQ3L1NRSXBvUGpUY0ZMY2tvZFliS1JiUmwzd1I2eWhNZS9IT1lyWQowOXR4N2x1YnBDRFljYW85VkgweE04NmZ4SzNFVjRYWFpvZUZBZ01CQUFHamFqQm9NQllHQTFVZEpRRUIvd1FNCk1Bb0dDQ3NHQVFVRkJ3TUlNQTRHQTFVZER3RUIvd1FFQXdJR1FEQWRCZ05WSFE0RUZnUVV4encvTGt5bjBlQ2IKY2tpaVFjY3hGRkw3S2dnd0h3WURWUjBqQkJnd0ZvQVVZMmxUT0dvbHRHdFYvdDRWZ1JyUG1vdVZ2emd3RFFZSgpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFIbDhpSDcwZ240aFRWVmdMdlYzWURyMjJVaXp1bFNBZEtXaDlZUG9DL2Z3CmJ2VlV5VytGTjU4NWZFcERWVzZIREUwdFpqdUY3TzlkU2JOdDQzWk5kVVdIdVlGVGIydUlPRzVkL3pPUThFTSsKRVl6Zjd1M3o5dzdBL3FpVENwcGNqRUVSRG5pbk42STVXUGM1YUk0L1RmTUpQSm5MN3JWS1JoWm5JMmNZODgzdgpCZlZXTEFaemx6Z1JLb1M5Q05PWFQxQlZSanBHWGN5ZUEzREVEQ1pDS0E1MnUxN3dNdEN2RE5QdUt4RWFTUzRrCjBLTlJKU3BEeUhsOXlVTGVRKzdvOGJyaDAzYW02Z2VRbGQrVko2SVY4dnUwY0xFNW9NSkh6UXlYNWM1YWhOMzUKY09YbHJlakhlQklsTGtCV2tKdHRDdXdranFwUXovUWw1ZkpLVEtKU3JPQ29NZTN5dDZtdWZHT0Zva3NQV0pNTgpBRGZpb25SakNUcms3ei9XSVhRaS9uOVFyNnJya3pIb1ZDcWVQQjR1S1BCZW1xQ21pWlltZGp6VFYrc3d3MHlFClZQdlRPYUU1bVVzTkkxcGdHSGgyRVlZckhyaU81L2hsbitnMzBpTnJ0cmxndGY1Q2xuNm5PYWdiTFE5bi9qcEEKSGNOdjU0akhjQWhNTCtWVy9uUzB6dllNNTBTYVVSREVzbm9LV1VLZjV2cEZsdExiU0FXVm9ETllJTFlxb2t0OQo2akVSZTdtQUMwa3JoS3FTUmJBYWJCaXR3bEs3YVlCTWJnNWVrN0ptaFJyZFdsaGNRSGtQQWl5d1o0R0N2RUUyCmdIWXFrYmpQMkRRTUZESW5hRkZqOXpxekl2NWxoTDMzNXFrRlNKSjlJQnA1WmlrRDhjbTRMYnF3NCt3OThhM0IKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTFNVEV3TlRJeU1EazBOVm9YRFRRMU1UQXpNVEl5TURrMApOVm93SWpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVSTUE4R0ExVUVBd3dJVkdWemRDQlVVMEV3Z2dJaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURqVHpJS0F6SUQrR0ZBWURGWFdSL3lMTWROM3JEbnFDVHYKN2VLQjg2aGJYNC8yOWVMTHJ4WCt2SSs2TitGOXZjc2RGblFwSVlnakdmT1JOQXF5SmFpNUNZTExyYk5MeE40WApGVGg3dTJheG5ZYUFacE9lU0EydWs1VGNXbzdDNVJYZTNnZzRDd0RvdUlRWjcvaTlBZ3ZDYWsyZi9mY3EzNHlqCkprQVg2WjFaUUdxQ2kxRjhFVTdxWWFWNkhvc1hWS0Q2T0E1bHc2RE5pNXBpQnIyalRYSnlLVTY4N2hrSjJQSjcKcE1BRWd5NFVCbTcrTExWa1RaUlprWDVwelRHKytBeElGM1RXd09VZm85UXAzY0pObk5HQk1uRHBxVUVSMmk3TApWZ0Q2WlhFMU5BWUZLTHdSRDVzbkJxSWRXbXMrbjlpOEEvNm9KZVNsMUZGU0Z5WUNBaEY2NkREZFRyY3l0N2VkClREcEx6aDI0ak1ycWxPMXpaYnBkaHo5NlVtbkxzSGlwK2RUOWNNV2VmRTRnWFJDbktjbmc4L0N6eXNnOXNZaDAKeis4aTkrdmNOZFVScHRTZHR3a2pNQXJNUjhEajhQOTB1VHVmVGxDWlRZYWhsNlRlRnZsS3UybkRnaHRTc2Faawp6cUdDTGtpN1BqTk9idnlOYkhTb1RSOHZlUGZSK1pvSnZtdm82aEdWQXdZYXA3aGJxU2lXK29Yc2NSSHRSaWdNCnlORE5XWFRvNnZ1T0x3VUF6ZWJPbmZJeXI3ZkpKVWFNWkJNS0JESmU1NVY0RFhVbjFmMjBjMGNwQnpkMzFWWGIKUGQraEdMUWdVVGdFWHVJQ3UwSC8veWJyQ2xFNTJ0Y1JuUGJxR2d1b1Ntb3hGZkdiL2FoSGtTMzFpRjI0bkJCUgpiSkpFOXhPNXd3SURBUUFCbzJvd2FEQVdCZ05WSFNVQkFmOEVEREFLQmdnckJnRUZCUWNEQ0RBT0JnTlZIUThCCkFmOEVCQU1DQmtBd0hRWURWUjBPQkJZRUZHcno0SjluT3JZT21vSi83bjFDR3hYakQ0eGVNQjhHQTFVZEl3UVkKTUJhQUZGRUdKaDY4QzhzSnIrcDd6Q09XRlljU0dvNG5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUNPSjhHTgpYaTFRd0ZIMDVJMWU1QnZRc1o5M0dOb1hiVit1Tkt5U3FTRndhYXY4WVM4bjd2emszeTE5Y3NleE9jOGNZQjlYCkRXMDRUeDdpRmhCY09RdHU3bTVoeTR5Z2YwNWJpdzAwS3BVSFQ2dUdCWDVnTEhlM2U3cTlyZ3lXRkJEaDFBMHYKVys1V3RVT0NzSmhtQjk4bmZ6VTBMVVZ2ZkVsZ3BlT0NHMS9mTit2YVJXa0NXKzh5eUhTbWE4emtsR3NSbTAyRAoxenUwVFNBZlBaUkV2aG4wZTQvYUJRdWlXQmh5YVNkMERFQUMvT3RPbnQwS2NhZVJ5OUFEV0svNHArNzBiNzB0CkRMWXJ1MHhQekRtVkI1eTByazg5T2ZWeDNKMjhrRHVoUlZtZTFiMW1pQTVGcGZuVTdGRXg4b3MwYWN6YXo4aEkKTUNvbzRtS3ZZVXBjbWJyTEhETldETnFpeTM0NHN3bnZsTUhjV0YrQ2JLd29QcFdWL1NGczgwOElRNGRIQlQxcAptNTVpeGtISG93eFF4eEI3d1VUT0JUMzR6SWRhZm42dlNnMCtmRzl2ZXFCNEpIUVl5T3dkV09TT0krZU8wb0V3CmNPeDlWK0JoZmtKNTdoeEtENy9SbmxucDFYalRNdEhWSmJDdWJvaDltWklBVHM0eUUvQVBFcjN3T05Cd3B4MU4KWHNmWXp3T2VFRXh6RHloUFROODZ2VlB4QXkxV0I3bUhOdkYwb2JObXVubHVqM1pSR1VldmJNSW1zNVdKTFVGOQpRRmdGek9LVFZzM2RPSGRuQnlqRG5jRWhYcjBTdDJXbCtvWFd0MlRwbHZVRmRMMFJpWm9SbGNPYWI2NTVaSjhxClA3K2tGdlI4ME5KWWFWdmIyV3lGTUpHdGpzU2kxMElwanUrZnl3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + FREE @@ -62,24 +65,24 @@ Test client subsystem - - id5 - SS1 -
ss1
- 3HxwE/+PUFC7dPdJCOB+eOouVh8z0kJ4SeMSasi7Z6k= - id6 - id4 - id0 SS0
ss0
- iWJ4PMXoxImvwPQMVcNHRg3pFXwHhc9oDi9Kdl3li/E= + 7Meh1uzLrM0z4DWhf30PPzICihqTHGgRSmWczyAIWB8= id1 id2 id3 id6 + + id5 + SS1 +
ss1
+ ZW/oMvScXIzXpjWL68Dkd5ybl2ClA14qACkLJTWN8wk= + id6 + id4 + security-server-owners Security server owners diff --git a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata index 5ba80a0b21..829f831906 100644 --- a/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata +++ b/src/service/signer/signer-int-test/src/intTest/resources/signer-container-files/etc/xroad/globalconf/DEV/shared-params.xml.metadata @@ -1 +1 @@ -{"contentIdentifier":"SHARED-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-03-01T14:39:11Z","contentLocation":"/V5/20250303143911136407000/shared-params.xml","configurationVersion":"5"} +{"contentIdentifier":"SHARED-PARAMETERS","instanceIdentifier":"DEV","expirationDate":"2035-11-07T04:52:26Z","contentLocation":"/V6/20251106184446407787000/shared-params.xml","configurationVersion":"6"} From 1771e184bc194ea30d59d787ad7ebe654b6eecec Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Mon, 10 Nov 2025 20:57:09 +0200 Subject: [PATCH 2/8] feat: As a Security Server Administrator I want to be able to define what policy is used for choosing TSA-s and OCSP responders so that I can better manage costs ss system test fixes refs: XRDDEV-2980 --- .../test/ui/page/SystemParametersPageObj.java | 4 +- ...3000-global-conf-sign-key-rotation.feature | 4 +- .../etc/xroad/signer-predefined/keyconf.xml | 35 +++++---- .../softtoken/.softtoken.p12 | Bin 2514 -> 2514 bytes ...6A952E76B40A46C07628C7B13E5934E39A9C78.p12 | Bin 2653 -> 0 bytes ...42B84B4829BB79226AB268B4D8E70B01068613.p12 | Bin 0 -> 2653 bytes ...B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 | Bin 2653 -> 0 bytes ...9242D3CBDE6DAC8058D2878340C3B527041FD0.p12 | Bin 0 -> 2653 bytes ...7CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 | Bin 2653 -> 0 bytes ...73509F9E9DFB7A3D92B3D34DA6BD20374A24B0.p12 | Bin 0 -> 2653 bytes .../private-params.xml | 0 .../shared-params.xml | 0 .../V6/externalconf | 54 +++++++------- .../V6/internalconf | 70 +++++++++--------- .../private-params.xml | 0 .../shared-params.xml | 0 .../var/lib/xroad/public/V6/externalconf | 54 +++++++------- .../var/lib/xroad/public/V6/internalconf | 70 +++++++++--------- 18 files changed, 145 insertions(+), 146 deletions(-) delete mode 100644 src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/056A952E76B40A46C07628C7B13E5934E39A9C78.p12 create mode 100644 src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/1342B84B4829BB79226AB268B4D8E70B01068613.p12 delete mode 100644 src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 create mode 100644 src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/DF9242D3CBDE6DAC8058D2878340C3B527041FD0.p12 delete mode 100644 src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 create mode 100644 src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0.p12 rename src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/{20251106184246391905000 => 20251110170100462771000}/private-params.xml (100%) rename src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/{20251106184246391905000 => 20251110170100462771000}/shared-params.xml (100%) rename src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/{20251106184346396745000 => 20251110170000548026000}/private-params.xml (100%) rename src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/{20251106184346396745000 => 20251110170000548026000}/shared-params.xml (100%) diff --git a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java index f5c1b00394..81cefde074 100644 --- a/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java +++ b/src/security-server/system-test/src/intTest/java/org/niis/xroad/ss/test/ui/page/SystemParametersPageObj.java @@ -92,11 +92,11 @@ public SelenideElement tableApprovedCasNameByRow(int index, String name) { } public SelenideElement tableApprovedCasOcspUrlByRow(int index, String url) { - return tableApprovedCasRows().get(index).$x(format("./td[3][text() = '%s']", url)); + return tableApprovedCasRows().get(index).$x(format("./td[3]//*[text() = '%s']", url)); } public SelenideElement tableApprovedCasOcspCostTypeByRow(int index, String costType) { - return tableApprovedCasRows().get(index).$x(format("./td[4][text() = '%s']", costType)); + return tableApprovedCasRows().get(index).$x(format("./td[4]//*[text() = '%s']", costType)); } public SelenideElement ocspPrioritizationStrategy() { diff --git a/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature b/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature index f29313bf77..c6967c9503 100644 --- a/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature +++ b/src/security-server/system-test/src/intTest/resources/behavior/03-globalconf/3000-global-conf-sign-key-rotation.feature @@ -3,6 +3,6 @@ Feature: 3000 - SS: Global Conf Scenario: Global conf sign keys rotation - Given Security Server's global conf expiration date is equal to 2035-11-07T04:51:26Z + Given Security Server's global conf expiration date is equal to 2035-11-11T03:07:40Z When Central Server's global conf is updated by a new active signing key - Then Security Server's global conf expiration date is equal to 2035-11-07T04:50:26Z + Then Security Server's global conf expiration date is equal to 2035-11-11T03:08:40Z diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/keyconf.xml b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/keyconf.xml index 7aee0f762c..c33b3b1cea 100644 --- a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/keyconf.xml +++ b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/keyconf.xml @@ -8,47 +8,46 @@ Auth key - E67CCA8E9B3DA52DB740CDCDC0926F356F431063 - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8jWpRCjP+NCTTHdpab5DjCzt4Yi5KQi48vz6yjLAR4A5WhoN4PDi9sienylWQrXATT5ajjTlHaDEPcW8q0elUfD8f1wWqv/uGswfd4PHbydMNntRqyu1CobGFQrAwxr6a4Ikhv785q5aLxI/F3Ub161diubYC7/EEeTJJEmVpiv21M60z27PcGI14g0hbUKQEGyukWQCvpcXDxZCSLJORhwMVScQ/JF81uDOHCYp9lw5X1nbddCryPRrGzYr45tOU+3mUwU/Og4UTQSOua1z19brS7YpgvGBhMOp5F9sJYYgQGZXXWy5HGeiJu5oVeWPhxUFQaxTVguhkEZY5OVCzQIDAQAB - - MIIEbTCCAlWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJvYWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODQwNDZaFw00NTAyMjIwODQwNDZaMEsxCzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZXN0IG1lbWJlcjEQMA4GA1UEAwwHeHJkLXNzMDEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyNalEKM/40JNMd2lpvkOMLO3hiLkpCLjy/PrKMsBHgDlaGg3g8OL2yJ6fKVZCtcBNPlqONOUdoMQ9xbyrR6VR8Px/XBaq/+4azB93g8dvJ0w2e1GrK7UKhsYVCsDDGvprgiSG/vzmrlovEj8XdRvXrV2K5tgLv8QR5MkkSZWmK/bUzrTPbs9wYjXiDSFtQpAQbK6RZAK+lxcPFkJIsk5GHAxVJxD8kXzW4M4cJin2XDlfWdt10KvI9GsbNivjm05T7eZTBT86DhRNBI65rXPX1utLtimC8YGEw6nkX2wlhiBAZlddbLkcZ6Im7mhV5Y+HFQVBrFNWC6GQRljk5ULNAgMBAAGjfDB6MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgO4MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUMpbjRQF6QZzWKzqt4czCirJo3rwwHwYDVR0jBBgwFoAUY2lTOGoltGtV/t4VgRrPmouVvzgwDQYJKoZIhvcNAQELBQADggIBACALBepGr5bRrXXNnr0PUQCU5rjAqv28NGxSdznVe8Df1Lz3v0gHmfy8TCX0naF4eUqw2I4NsqEnu4L2qxr+klknz+X6qLFQaUXiUe/dC4Dh2gxc8gGANzKWdXoKCATpgr2d1rYTcvokOMtrus91Ch3t09vi80FcyZEbVStI/vHT1q5lq37swpNzVv0XuAQB6Op+ufvFTw/1FS4V0cKEfbRdd6egFTZ0NXZS+gNe/zgUadoxXbO0aefnNjuErLVwm5IofnQlRN3M+0wqn5nlCE4tzPKMQUaxwCqcjau/MskfalU/OKWwwXE3tN7aMgDWWTXf6z37lQ00bvn7lLN4hTLUje2NKCgr70Y/xmAHIEdWAaKaispSQltHYixf8zm9ZY1sPDYv+wYOHSQi6xMBLFO9tMw2d2IEcgTfftJ118H9OGu4b27ox3KYnMK6Iq2E7GjXk/bpaYI5jU6rxTLOi2gAGOzEeqOOGt+94fOpPgqt+xK9z4EffuD0m2C5tMACLmw+7TQ+60nI0hVt7LOlplKfy+np4K/wuwhcSdRAGeejVMoEqaefQYUqj1l8JX2OJ4MewMu3F5CXK7PmLJK/K4edHc+L2bnfYuDsIQZgvg8ZmDJOHecAX052LxsaFgWJHiHHcxqZvZ9iQTgjFRvgyrHYlidHV6EVT1t0mdFZqwOQ + DF9242D3CBDE6DAC8058D2878340C3B527041FD0 + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp1Ls34vBfJkD2bHtmnvb1HxhMBoBPP8rvwtcjGfVCTA7i+DlF3gTLV49k81FMi5gRHQNWLde1NmLTKTzFSoPUerCT7ohvTCTAm4h5W/328xoMo6m2h/nGyuIoAIIUJi/CKf+Ih+zZCklsZqWaOd1f1QIPJOtjQkoMl+2olj2tw1o4/Biim8B03aVTYXfkGhDRC2D6nZJm4Gi9EBZ+USMEAO6CCFobGLLThomWkHDUxjliSGsT4EJA3iR4h9gSuOfMpqHZv5/lY4X4axsR90c8oFEYMfuk9oZSL/dE0oqYpODW1mW7hEm/8afUfTR/8ZtGsvYZFT70VcGcYNNdfoxwIDAQAB + + MIIEXzCCAkegAwIBAgIBAzANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwMVoXDTQ1MTAzMTIyMTEwMVowRzELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQwwCgYDVQQDDANzczAxFDASBgNVBAUTC0RFVi9TUzAvQ09NMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp1Ls34vBfJkD2bHtmnvb1HxhMBoBPP8rvwtcjGfVCTA7i+DlF3gTLV49k81FMi5gRHQNWLde1NmLTKTzFSoPUerCT7ohvTCTAm4h5W/328xoMo6m2h/nGyuIoAIIUJi/CKf+Ih+zZCklsZqWaOd1f1QIPJOtjQkoMl+2olj2tw1o4/Biim8B03aVTYXfkGhDRC2D6nZJm4Gi9EBZ+USMEAO6CCFobGLLThomWkHDUxjliSGsT4EJA3iR4h9gSuOfMpqHZv5/lY4X4axsR90c8oFEYMfuk9oZSL/dE0oqYpODW1mW7hEm/8afUfTR/8ZtGsvYZFT70VcGcYNNdfoxwIDAQABo3wwejAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFF757d7rOx/BzngYLRV8hOUpJDR3MB8GA1UdIwQYMBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQCympOjqsvo6cJPSLN2FJ83VFVTtbp9JIY8WQ5ltHMi7nncSJZ0pKfx5rjA+TNb4lWvjUko6ijRDyr8DwNU3ik69DffIlz7SmbhTxnP5hbgVma/xYgPRSYw0LIln1EksRvhTSSHdZfxrKvdXeK0XTO6zmmgTPpYzpuN1kdsRFsua7H5IuDMMzPeH7vw++HsGAHpd0/Vp9cdknqpFZZOZckK65HAGD2xltfd5HIZ9nGz1M9QDir/+oiwkwDOF53OVC2lxpnKA4m6mKmuJ4TISy2l04chJuNfRWqrqssnQDOhZkzIfDi/7NTdE25wA0KiXPl6cVQ/IZxJ6a6uCEOC+cISxRfWvyuA4UDnnWDCKRdbDLv6f3O2/wDUIvWGjNU3j8xshA0axxb8VxXuLTLqBo8o0DMq4EBdAaumgzHuAO+Cj8dJs3yVkeK37MwvBUkmar7+gQmUL7U+mA9KUxMxalm8VAHZy2n7rlLU5kQCACyhEYWAtuUGZKHzLsqB3MOXKpIkbL5fqVNnHGeI0WxoorS3y/SQf5OaRybZLFmkDESCOqL8zqd3XO4jUB7NMX5MMX1883KfkeiuWBRTZQD4JTq9I7YsWGyI1YpIOxA2Mjz8wu+EmFIvvZ7ersui3MsnTwoYqxymEPx0QiYVD3BHQXkPkI2T2rVe4ptaiH2t3MhYDw== registered - 2045-02-08T08:40:46.000Z + 2045-10-17T22:11:01.000Z CKM_RSA_PKCS Sign key - 056A952E76B40A46C07628C7B13E5934E39A9C78 - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR0Yz6qnGBLjGYjZR9D1gShOg0oC0OdBpoxYDBZ40N+/DY3JNUzzcLNeH7X3/E+QQQlKJl3cuLuKxkHkkjymOTNdtTTAv4w35Ginbb4theZ/1ma3QGaPSdESKfw26/RZsHf4qIZMSmNM6+6DUf57AhyODemXyNolPPuHTp8Tq/LwcPFE+TwRR/BiCorj0yafykSkg7hfHr+EAuilxk+kNFqThb08buYsHYeVfF8JoQAM5NL56wTxFMp6eSOO7EsirGMj+y0+TEMZ8a4ofiVEnPN69qJzIJnx9akUFxV2b5+YpWi1GuNw3PqBxTx/8aNFeU9hoUpQ7W5h1soWWyrxqQIDAQAB - + 1342B84B4829BB79226AB268B4D8E70B01068613 + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArSTwszL4sROAQbi6WSuPoQ3+K/dPQoPTdLK/dZvCMkiWW5UmwZRx0PHCjNwUX+FtCYZZ6GF0V/9yrCwMvud+WAuKct/5n9bJLq+FXijupEvhXeyC0I/r6NaOUWK2jyXdMMdQOoBXojQTkNHECj/v7C3NZgHG0QDaXcLvLEJeL8tpec+9qctF0wyKiMvnN9hXiPYG3s9cOEouOn3QL+VYI02Hz/y3zxwDHFiGJ4FAHv2nxnYnhZgeCn5FVeH6aa1IUuS9YEAaqmYSCG6hOsaV5PiPiy51ZmsI8j8KpYTti79ejjN9TuGiEfk1gTPod2iv43sQiszZpcm89kwF3ZHCIwIDAQAB + DEV COM 1234 - MIIESzCCAjOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJvYWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODQwNDlaFw00NTAyMjIwODQwNDlaMEgxCzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZXN0IG1lbWJlcjENMAsGA1UEAwwEMTIzNDEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChHRjPqqcYEuMZiNlH0PWBKE6DSgLQ50GmjFgMFnjQ378Njck1TPNws14ftff8T5BBCUomXdy4u4rGQeSSPKY5M121NMC/jDfkaKdtvi2F5n/WZrdAZo9J0RIp/Dbr9Fmwd/iohkxKY0zr7oNR/nsCHI4N6ZfI2iU8+4dOnxOr8vBw8UT5PBFH8GIKiuPTJp/KRKSDuF8ev4QC6KXGT6Q0WpOFvTxu5iwdh5V8XwmhAAzk0vnrBPEUynp5I47sSyKsYyP7LT5MQxnxrih+JUSc83r2onMgmfH1qRQXFXZvn5ilaLUa43Dc+oHFPH/xo0V5T2GhSlDtbmHWyhZbKvGpAgMBAAGjXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMB0GA1UdDgQWBBROYou+TxqDwfPjgLBA5Ik8e/2bIzAfBgNVHSMEGDAWgBRjaVM4aiW0a1X+3hWBGs+ai5W/ODANBgkqhkiG9w0BAQsFAAOCAgEAFDOcJIMLKaU1VnzAJSfx7lPFE3I4qycjQmKMsp9af8qrZC/OtuWR48KOQ5PTaTvKpO5phrIpV4t7kPoyqozz12EXfcmao7dJvXqqpEWk78h3xPRff/yUrZ7EiGwlvngzkMVry6fzL1kkMaYNj9BAIpjz+XQwtmOp6N7f4jhCowj/z28ScRfOtmrhPR/ruTscLRKv/QCbIuQ9pnKKmLL1yGbvK6HkvpsT5m/CXmU0MqiaId+r9aZX251W5vjKw4LZpOnZ0QWaMyA1Xan83QUYtLp+/1frxHjAMZVr1HoI44pAjzmhX//sQrTmccyt7KqXUGIq6e9JMWRdgWgjzjk97xiY5Tp+VZz1mLKW4OP9RU5D0OD/J9GszO+4Ov30PY8pQ6uvtSmtRRq43AjFp1nMgd7/XO0aBIlWNoJKjip6wYYakq6flQz2Ym84+DcYW4jHAr8q1E1AFBhit0/wNCE0fMU4re5ntVt7TjS/lOZc/w5OoB0+h6EvYmEf0GjUw1R+aA+HGUGjNx2N30OVE+80HDBMimO2Kcw/oZNR6dbR10jBKoBQJEEFHSFi7FcddBCDcY1/asxiLB34wyjau1KSZQxKq1uGmB5l+QA5IwJ1sDxbH77LVNjaPYMTuwVC8VP/Fs6b4G6jPxeR6Fj0DdZWwgw7UoB9M13a1VnW6nPB26E= + MIIEQTCCAimgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwNFoXDTQ1MTAzMTIyMTEwNFowSDELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQ0wCwYDVQQDDAQxMjM0MRQwEgYDVQQFEwtERVYvU1MwL0NPTTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0k8LMy+LETgEG4ulkrj6EN/iv3T0KD03Syv3WbwjJIlluVJsGUcdDxwozcFF/hbQmGWehhdFf/cqwsDL7nflgLinLf+Z/WyS6vhV4o7qRL4V3sgtCP6+jWjlFito8l3TDHUDqAV6I0E5DRxAo/7+wtzWYBxtEA2l3C7yxCXi/LaXnPvanLRdMMiojL5zfYV4j2Bt7PXDhKLjp90C/lWCNNh8/8t88cAxxYhieBQB79p8Z2J4WYHgp+RVXh+mmtSFLkvWBAGqpmEghuoTrGleT4j4sudWZrCPI/CqWE7Yu/Xo4zfU7hohH5NYEz6Hdor+N7EIrM2aXJvPZMBd2RwiMCAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFJiL+gB6lCj5ggX7nXaSjdH0zYcdMB8GA1UdIwQYMBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQA12nl19PaM3RM+kyoqu4MUSln1PK8YaSkz66/XQlG7gbs4hv37IbKIe5JtfpRYZDcWsYLG2qC+1nngfrMJX+otrE3OrRu7hnFASuPQ24Yut8WicyM+V826c+tDISTL3+lvoQrXI/Eedmxsge1oGf591luc+GR3HaJMg7sC3sZryFY/0xq9zlzjCzTD5LwzPrBGQI3a/z93nb4oAPSZgQZtXjYt1d/gYNmoQiQBX+KOpeH1LywvhHoOy+wG/ArqGhsKoAzNjCOdp2nBSlYK7ye5yn9iE1ILyKHybNckMC52swjb6FDDwohwlRBCI40NNukKpLEXUvMwDZRg6YhMNICLuD+9EnhmY0DmYuB18dEFOsihPPWkaQe0oBpeC6/i8vxyz4sp9GXzHXj+Xw0GZ/FJNCQJSKbL9pvi7aTpK7YXog5V4NnGAcwRxlMGeZoGf7twsLaFlPfuiG0ESAZ8Oj/hwVYA7FA1Na7aHNxnfLSnZVMFeOxnocqr9UEp3ge2Nrs47L69hHFqLE3xgjkQMKUuSkbW4IwFUJNe56/f6DA0fA5nzShFLdbc1iNQWVv7GgYvKOxsdyG9MYqzuBpXAQM4gcFptL0+MoghLH3ZXkWca79a56Tn6coZ4i7nlNFvm1l92E2+SUYBlv36n6Q7rpCp4kN6OZWX7IYbfMirP0/afQ== registered - 2045-02-08T08:40:49.000Z + 2045-10-17T22:11:04.000Z CKM_RSA_PKCS - TestClient SIGN - - A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D - MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNqJJoIa1hcPGnY2768V8b/xLcgjdQQ9Dk7KQmAtKj/7EwqfFGbVyaltXZwCWE82yVtHlPToz1Mr73qXz+twZ/+j6SxWNBmJLlHpP0E7RV9OI6e7YuJWh4GgaCe5VT7Rywwrfp3vrtSM4C1Lg2dml32W1gX58Xd3fMHVGqh7GgtKQOVWpB4+8aq1NJEJp1F5+dSn+5039oV7iWyOSyJvWam4kXq/fgl93IiH0yfEuv/a+qUJEO5lG5v5tCHXPSmCMd83sfTqRL7O69AozagH5gEkCVg9m570SuL+OmSxh8PuZ3FyFW3Y2ibPruw9CnYMIJJPjcsEIpVXI3bftsx3LQIDAQAB - + + + FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0 + MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwvzMECjq7ImY9NHu6pGJsAQ1JliHd7KSASVf40WTBEbeIOlPTLKHQeZwxzTWZ2kzuUlmKmPY9S9jVhyJUrimB0vvqp1vu3UfTX9grJ4JyDXojn/gJfKeNmUTILWm+BU+VVv26UhOSMQKxZnX7ow+4NTy1tQWLRscTKjiMf3JtcI2HM7DpedBTHqGziCQzX9jQSSpfag95LEnUv2UwKwtSK2q/CS/TYSWbUCjLv/LAlV26qh9fSWAzgM9UqxxIUWsV1OPUoSUpDBC/SsuP365Bz8n9qRdt17mDE3bVjWiKOSAeiHMmcMEDrRLG0ajasfHZnQeYMQqrBc+rsZLk3cn4QIDAQAB + DEV COM 4321 - MIIERDCCAiygAwIBAgIBCDANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJvYWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjgwOTIyNTVaFw00NTAyMjMwOTIyNTVaMEExCzAJBgNVBAYTAkZJMQ0wCwYDVQQKDAR0ZXN0MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvU1MwL0NPTTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzaiSaCGtYXDxp2Nu+vFfG/8S3II3UEPQ5OykJgLSo/+xMKnxRm1cmpbV2cAlhPNslbR5T06M9TK+96l8/rcGf/o+ksVjQZiS5R6T9BO0VfTiOnu2LiVoeBoGgnuVU+0csMK36d767UjOAtS4NnZpd9ltYF+fF3d3zB1RqoexoLSkDlVqQePvGqtTSRCadRefnUp/udN/aFe4lsjksib1mpuJF6v34JfdyIh9MnxLr/2vqlCRDuZRub+bQh1z0pgjHfN7H06kS+zuvQKM2oB+YBJAlYPZue9Eri/jpksYfD7mdxchVt2Nomz67sPQp2DCCST43LBCKVVyN237bMdy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFAHAxWWIfTMyiFjUfxtP087ZFWiKMB8GA1UdIwQYMBaAFGNpUzhqJbRrVf7eFYEaz5qLlb84MA0GCSqGSIb3DQEBCwUAA4ICAQCSnX6DxwUDtTobj6yUPANbAOErfwegQOdh9WuP+goMP3VRraOGPbAARs2W+EA1VJsXchsyMaOINZZK2GULQXJNbofpdiToph07HMVTg2Rc4xdHX+ZCq8SrxHW0WG8uYutmTJgmuKZ8+tYg8j/T/XE7oZTwBmFIrnwUqLSNSpNGC4EODTFIOY7HXZvPhdAOQ8G9hzqaka3ztf5TempnfkOY+71l4eLj5voB/TGSqP2LcboTWa3oZhX6Qhm9OWqrdS5pOzFoiDX1bQiyCQtWSxyySYQJpmKAIgLUfQRvN+pa+VaVou068r4W1epyvDgRyvReYVYvshPCr3tarL523dKT6+RPHcPpZgjWwghuYsMtJPJ8EomC6QA8s09q/4xmfZ0w133LTqomptTGvqL9WICtcyBi5XPO6to563tAblVaFtfIKQ79AJQgDiHpkexe5ys/tFxQ+jFJFixAH89T+0+FSyr/obBMriMkMxaKtDnbp20/sq66jzV8nyxgvdgMVtMRL02ykmFjG0dmdeL8WDHdIffH69xNds1jbE8RRLgvTvXB0zydzHZsfsfwR2gEDc5GZKZfMVqzmF6MK4kwV962wDOZi2vI5c+VGHEiP7qf5s1VCSJnhDZdxWfnxUzuY1g+0EJFoznAri1kc2jU0/Xj+lOJOG8sfj9NBHbPa/0NcA== + MIIEQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNjE4MjUxMFoXDTQ1MTEwMTE4MjUxMFowSTELMAkGA1UEBhMCRkkxFTATBgNVBAoMDE9yZ2FuaXphdGlvbjENMAsGA1UEAwwENDMyMTEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC/MwQKOrsiZj00e7qkYmwBDUmWId3spIBJV/jRZMERt4g6U9MsodB5nDHNNZnaTO5SWYqY9j1L2NWHIlSuKYHS++qnW+7dR9Nf2CsngnINeiOf+Al8p42ZRMgtab4FT5VW/bpSE5IxArFmdfujD7g1PLW1BYtGxxMqOIx/cm1wjYczsOl50FMeobOIJDNf2NBJKl9qD3ksSdS/ZTArC1Irar8JL9NhJZtQKMu/8sCVXbqqH19JYDOAz1SrHEhRaxXU49ShJSkMEL9Ky4/frkHPyf2pF23XuYMTdtWNaIo5IB6IcyZwwQOtEsbRqNqx8dmdB5gxCqsFz6uxkuTdyfhAgMBAAGjXTBbMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMB0GA1UdDgQWBBSmCq5TPHuU1Z8D+JlUad2BU1st3DAfBgNVHSMEGDAWgBRRBiYevAvLCa/qe8wjlhWHEhqOJzANBgkqhkiG9w0BAQsFAAOCAgEAY3LhOo6bPW/faBbyA37D3AJP1IskqlE4U1hKbAdXMcGDiWYjRI2Q2Kno9yMVQzP0OZ/NP+5dETcspMI5VsLYFd41y285RWQcGC0nlSZuKtcb3ENONi0iitolkAGa12x6npz9RU997BvmDTFOZooORFO3DEbvYf/vL/7hBWeub7JsDmCEAafZmj52iCJysfAaH8hKyDFkT0RMwq3zUHZqcsYYrmsc2vz7H+6h4WH8dfX+FfG1TYyZz/THQl6N/P9KDn9rf/1TKxDpGXMhNzAx9ldPV21MO85X8dL8jLiCy43821fDaRY1V4MLP+S2C2pQn8Ej+3vbpTeV6mWEQSed7kJnEeziD8zD2kAVSBNA4e8ph9f+6SVhOkCksHtorMdVNdUjVIWJRrwN6hg5V7uEMNE2tA4vHegzB38pOcq7YObp/ZKagW/JSw8k3cOnl48+qv2K58tSV9H8p4MBj6VpDTPCPLKcZzIghbvFuNqMAb1FzN7Rp0x2DLB1VNRDQe60/JsUGpObz+smJef9pHMZD3UQYXrbDpWTg4qA/lOM+C2kuYon4kRM9V+JZc7BP2FqLsC5WTemw9t1wxxD1Qjgz8NFQu37O1l7AL+HirORwvEoL+jQoc+VvPbc4YStKi5LajuNsXtsfPtQ9SPW1iYRadp/PEfRvkNeOvwkpgKiAAk= registered - 2045-02-09T09:22:55.000Z - + 2045-10-18T18:25:10.000Z CKM_RSA_PKCS diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/.softtoken.p12 b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/.softtoken.p12 index d3d8b7076ea992d12864b3bea588e7939488755c..61c2143cf9e8f5caaf81f934e390ac537510e7ff 100644 GIT binary patch delta 2262 zcmV;{2r2i{6Velqb`-f*Bn}X-N{9;)c-aK8AW_gG#ch)-1|)yBq~CqAabytGq4V^_ z{t8G0f&|d4MW%la^iAFGVW`=5Exr{K94kJ_Aay3yF-8D?p(6xMn1s54PNAN?2&Zdw zBV$>%H^W<_=4A=G-JK}x6!qW6K>CY$p{OYgicU)208yv!_-SmPjw_JE%{>rg?ok6u z=n=ftSe2SzDJ_4@(VOa9%jWWnXKaJ;P}hMP-10u7Z>o$uK#!P!jG?xORqlWoVuF#1Jbx2T42d4+(ms(*bv4XsdJwtcm_TePC`Nx3iKs10Gho;U5bz59k#^xt z7YOdMX8;~PVjcH|ej^M6&g0Q%sR({aORq`;2;Ot1LA;PNY68=BaojAZ6?PadGjdYy z{}0)Q{-cTYe54`my-pM0UXU3If9{}pdgkjZsPV>=u6LATjUkTN2zfo-woYa)2S~ER z{%kJ0IK6+sGJLC}9RknrcTO-XkAzK=_QS>2#1Md|J8?)UR#XFmnACMX+4yFB`l+4f zOkg*;STAK3R5rPswu{LMnq24IP#wz4zZ#wle9WFB3W-s|rXImJxX#Z1(SY#L!t+R>*mr<6MBhaRK><6 z=&+||aLV7~O^@9jpgyzTO4W1KWW?GRwu+?$aAd`!uJN7DuZJrIzS_^Vx!)S-@(5wol4z+lkqUG$MrQ(@6)Em5MaclM06$uR2WG5t$2xBS<>xthD z^SuiARz<{llXxx8^rhI_f>fZWa5U!N2jclApWf*Nz0vsT(&Iyf7uk1@j z&?Eni7zl#=EmEf6#CJ|=2N7B|{5HGK{m1IR)n5{C_dz!qcKG8{BqjwqWtWC;aXo)A zH&UnxH7a&#oUclgXnhmosG95u3qU?i%iq(p20=>4<_bSGBz$BE^Tb`{CNO9ZzC9dqH=lqhsaiEzIykQC6miB>T#!E2g@mHN!ue9x5!t6t>w#xRGM@Cd7(<=B4prhNgc25Q4|9 zPbFBo@gja@)cyMyg%srh#T}K5lB1rHXzPMe2Vv!RGXcN-TlTmhH**K%#h-LVO?t|6 z@r5PJeIfS2<5PCaDkrwe<{zr)S$SSdk2i9K808N=O>Pcu`Tf_So4ZOrMd@qP$at*T zF*-061_>&LNQU5pF>1rs32~~h zyDsvac@$X_Jiv!!)zTR$`tkJ(qYv8%)MMSB<$gQyVV&mP&Ca8zH%@=lUcB%tjSZ6Y zWn-c~xV6J_rhreB*}m1J()K+Bq>=?=%yZvL5ECD7t@GgT7XG>oPj&2zDqt;RS-+ctc*2 zpRB`m^2kaZx{LsLwa@SKhMurOr| z7m9y8kLV}lL&%{mGp1#d4P>B~ixjCM&``bF3B1Pu6{h4`7!RK5o&y&VVO<_XPJg>k z7_YJRWaJj(l!jc`_sN01hbMTUuuKV{n}ue*gsgz%w?R(R1yA#_4hgk?0wd%S8UVNcULwaHT_aZgy&BTIF|zN|AMRKV*b^ZAzpRO% zI5z2mq%ch|F)$4V31Egu0c8UO0s#d81R!IN))PLN>Iv~shL^Lq-ZYx{A9NzeliF1C kMqxy6{m29quCC1wUfIUhTiB*9O_K`3IOG)I4*~)w5L$Ur%m4rY delta 2262 zcmV;{2r2i{6Velqb`*Q%&K~ny+}%9c5}}v}emL#q%m$My1|)ytu{rPF{MX*-k^0e2 zlg}9hf&|dCl8|Xuhi+xXAN4VrC4UX&pr+)2CpxGLBR#=dipIJA{9CZY+Pri(8#ERB zyYIRu;&y1ajC4|v+79!V~7=a*Yk9Zqj~r?>wAQ2FP=_L*Fs+V()z zEk6)}JuJbJQfzFLa~7cAF+LxwdxAE+m|nfyRp0ME8?$=Inh)qq3R( zsMr~kcXBs{PAMy5vYv}y??&G_{KJzR8hI;$Vdy?~Z;brUCnd(lt%}1R^!Lxf^%7+( zXTp8woeB3Ii`JJIx`TGT@b?vzuC!f1`RKUn3j!gDx~_jD=rePo>Q(>byF{oUP_Azr z6+3p-W4Lk**}?!t8$}8#Y(JL?ATr{s*!=(K}@5uc9WH zmAhKF_cpq`X1|K{ur@OCo!baH`c)M#6Llj%_h~2n74K4L#IT3AMpPHjSls;u>?P55 z#b1B^3Dzo9?g-IVvqFL%ID0Ulcg36(G}ezldb`r@K=uN+?gYCOEUYFA@fN2~4blr{ z`HnQ0b9rd8brvghQhl(#rdK~dJro+@92Ibr?>eQ18e8q8B&0mh;Aj|Bg9|x~y%t@o zoP2|(a^hHOvOsKTP){6CzOCU$D6OC#bLW3v?-^5u|H^&WxCO`ko~*k>4C#b=70f=l z@*lHxI&Y9{5v;M)T?e{?!e-**bD~T^$_dIzaQ-mBP#Mo*-p>MUG>{ z#T;ai30QBTrAX#@QeW6(V3Wdm<$^em69R9ChN3wc=L;^HW~zNgholGP}r2lxiw zY!J(#e&3`x7WEoK9r^a;P$4Jg6mUDy&LNQUnmuCUQRn> zr!bFr8zmU!>_R_6DPdX@gM);YY@#OsF~zQa&aj|E6uYwqiU8S1iyBHH;Expq{O-U< znUC$SlG#K;RCKqkGL7+NucaInO+_sYE}O_2992LIXM3Sgix3`l|X%H zW{jep8lRQOgo?W^^r8=g1Umls6#@aG#u9l$23a>ASO+H#u{r>V&=&@0t5oXx$sn)& zW18eI_+o$Hk>U_l)H~s>nE74-t+pYqkKzn=x#duRi)RmY0ywNU|t$7 z#mk;dTvmjPmW&Jki<&n4C|rlU@WdWmo(=W&YI8}3w5pr{z0S+R8#xZ8N=qE>fR=O- zdW+pSPSyxS_tE??YfRm@gg^y{L}3q8b@y^`|*3LMbH`z?Bd;MDe>XNA;aTmIi_$6K z9Ka>K8X>TM-wG1sM7aOKe_kz~IKC5Y2pfOV{~ihDf20Q0HG#-L4<(}w#XAx#+0Ku1 zYe3vdKu^~^x~l~F@{umFXXk(Fg!DaiO^tsOD{cr)kRAF zsfR1 zt=mk$Ac|QmNhkOCFv>GKz0n?RV8=HBTTW)cR=|kc_ zD*|i-N`S2b1lS@#VEp-C6ypylfpMG;kI>H`6Wf1Wa8@wn6@gKk4r&0dza5P1z!gCC z?-mZoKoJvGE-FF{bu41MJ&1m^mA4$m214UaEZ<(jm4s zgauu-#8G-JeDw@b&d;iG!J%Rho8IlIDAFJ!`Nx}=bLd9?7SdY%%P+uJK#k=m@9Ese zoD476?MS!vhbjQXxBFHH%y})UNYyNIwKwI6zkPodE_^raw(mJ4@)`eVdK&*}B^-}N zK{dY3Xw;{JD4Dgy${8d)rOzFjm(}{GK%!tr^38tD#h-!$nf;*taIQ*hvPC@Y4^mJFZ*m~IN4-%;zYvnc7dla^vmxQ6PJq!!OsgF8Sz@o@eghxt z1bBK~L4Un+SHnv*b-cjwRJm)v^4;Z0ai}pF8vb0;4dnNnc~ULqf%3c2C+EV*0n3%! zfD4=8Bt|xEdde`ewsr75=f%3OHG{oo15XQej%Xibm-O}wrq{F4g{ZX0akxZX-@7U0GJ7MTo_0`P{TqU42tpdbJxBt`KG0gNt-61 z3uU8Nb~|anAwUWTK&m8 zriY7mVIyCk>e;c@IS7v$VxRJT6uEcNe9Z~HFW`K&9sfZ;U)<_=2gmcM@JnklF6By+1*{%>9CeV-}?^se38gKtbhAd#rHtGeb`ET?d2(x zKTS$qUsSG@scZ2g3!MaXQ;2z!hNgWxC<>fb5@hS@YipSqQUk2^PD{i<(hDIksc$y} zdbMRmEg*(?-8SV&&FACE!^=W8nR*1BvJVce4F39%OEgI86GwC>ZY3-JA*ZhL_rOOl zM0EM7k&8j*AGep9BB}jLkr+4c_hpI-13t$Zh{b1ik9SAaCB*FnT^?L0V@|GOndjPE z@#$M0z@+yW!BGpI_o9YNxULtUjU*HKd@oM9vt)49#oAB1=*_bjxtDNco02FZ8h79G zNO!AL)0BsOP2jVDtVO$m5t8i1xqiK-cUIk@2V(M0O*UbUYJQ+e3Xs=F70?r*Kx)?I9Chq91s7f9nGrf0{J>YN}rG@>hIyFCCO43U= zLIlU$36~F#1e|{FOBh1l;tU=HfRsSWpz9zEJ)=P`AQgJ&3{s@y*XdCibc0^~!q6a9 zdaXj|UYPD*yzB zwcjFUrdI@pNjfwJ0fXpi;BN-}zjnR5GhgrJ*8ZxAokCj2j>Ge%+S=9sXV=HANDZ#f z?#W;)>b}=L?hp|R!($EpHo1#rc&Ei+M<9ROeb-@I(lc-X_Ts?(Nb=Uj>L1rubShi^XIq#sDlAA+0 zR=Tymr1sp0M*Dhe6o%=PEZ`^_MtK|I-9%$%|A`Lgt>@blGbs=*-U!botricgMB7LT z2^mDR;gZ8eV*`h?6*u}^gxBTr%5&Ofr+4~7 zmTsP9@O%)jx3$TSFLT01Fj;oK{LdNNhOt;Rn1wk%O)&1h_Ogen>DFNXbF-S){X*dW z0M58-`BOI1qQjl)S_|313ic;PIw@E3&llay>qD@n3ejeY8F?upqlcNXeE z+YVSmFbeGNl)q~#BJ$e@t;wd!Mjo?qQ{3;A&4$)IA5|sMhEYB*OP5VY8(<&~u6GoQ z*^LAw+gw_p<-#0VYby@JnO^d8hy!zAtxM!L&CZ zg7e`+d?v#PIDV$-&UNU?5?n6lWevw4H^HI(OTmDFo+zlKC@acPsRxvN)OAimJ#gS~ zzkzLT;pl;6={+zEMDuL%PyeAy>83O%QS+WNQjIm0Qiel>%$tRUx(VMrEZRhq2wmkA z`Px&<-X6ML-+j1F+qO=DHbt%^iM(+DQ#<`vN5b0t4AB=qk6!X9PefesU-S2e;&EtKF6cN*SWFl+vQ!#Pkuux zReCa%pdDMUiUwyEa!c=4FSU3JHH?2i%_It+G=TjGUE!s)Z6!a`vO8^vE*E_^#ZQJp$JM+n{3V^cDBzyVJP7t98j9Yy5kM`A6oU#5E Q`zHnWk7nL1zn=I%0a!Du8UO$Q diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/1342B84B4829BB79226AB268B4D8E70B01068613.p12 b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/1342B84B4829BB79226AB268B4D8E70B01068613.p12 new file mode 100644 index 0000000000000000000000000000000000000000..fa1bdf9960c6a2be3c936c55f4eb35e5fef03d04 GIT binary patch literal 2653 zcma)8c{tQ-8=lQD_ArQ}u@lM98pb*zgskDr$i8GRQ_60}u_sGN*0OI=A;!K(2!lhB zlI4_jvdi*K=libC_5JmI*LywJ{oMEcJkR^r`&=(Tptpg5p#Xs%3P(sp=|$}^foZ|{ z1jIIsfY<~Gh*f|s--^NA|YP-6U2KunQCh zmVmK3tW6vU|3hm}EmDRxpN znFTyUx$^G<;Pczg>)Eyn>=KoUj^P)hLUm_)PXv?2pcD?%9xDz7>z#@b_#p(9*gaL( zU4$RtFi^y!A|{iqI|d%Mo;i#&yn5e507;IR4WCu&T`tFH3M1YODfpJnrTtkVt$B^?r{N`OVqy=DZBhm6Q5-7j#0*du-kJgTdPBbW#-XH06;RcS6V~l7pV86z z#((5_9J?I7SP*!8%Kka<^G2vz)!q4VM`G}M`XtxMBuL{CZDHE1>s(?^9wo&l(pgq6 zoe|V5R8$-~MGTAMb$m%luOa_&W{cFmb!Qpn9JQD8yT#h#~&-%fZsN72Ju>RW^0=t|~h+ zsyeVs7ue#jt~RC>AN1yC;-#}Zm@QtB*YpY2#m1%8sNCS1qYHfMg%f8-Vp&*x5-aC% z5~Grr7jlqtxOXQV@%ETmt)_-PiJ<(?65gq*s&GZhY!~fa z$jCLsQ$E}Kr^1@r$&TH@#2rHmh@kWKb9*!r&f2{2%=#&`Y1mt$fR?jm150X1@ogHl zr=UwQqc_ZKypyi4XuKlfXP;xRyCZ~Q{|^g?M-e)M`^Y4gq#YkgL!yQ9Q;FSJ>ECy++o+#^_ThwkL$E&Vcx!0j&*6U5Jo3b)*k@&6%@aDsP-gj2GIb{Uei}Gm`wwTtObnxwdRvh-Cc{{+7f((D^tCW4Sz9J zYagQvM91@G@hj_EE7uBps(U##xrh{(an{n_5GIM{OMB)O=dlqpQ%Y6?MXrQ2#O9QK zB$>>JG-OYFb(r<$a^5agcaQ(M{<(fk}Vr#>> z_)s&Bw0nKiG0is11IDbBN9M8n$MScp6P`liQvB7qAN43aBKvC8GiQ3^8~u_bv(o$L zPVk#ID>w44o|7~>RWO6I&sd)6&pQ1BU1VzF#+DsEJ=)PTC9dmz$)(#LiKR0Kl;Ptr zHeG+I&Djd2kvOPZYG{>#za7P&vjBmAEpp;)lwD5ca zbe<}Ggn&U*`12nJ{J(ZRML2B9&{`v+@{JH}6ZVtj86K@plvmdFj%hpy`(lY}Z8JCbU1-hshO3-) zv&P<&?-WWMc@wuOU2Ob@<$`=ToK)}4CZ^e_xZY~9>sz>5gYnS`;Xgr>wBiidRbGzn zhCvS!9xS(K>UN2EER^h9L|Qb)bl8B-`#z?I$4n_TE`>GB;<7 zbWj8QrHRLGjfI|5=cFIE&vXZ>IFW0(EvpcAIk_^pXvY{w*B@gS+%X@pMm&-b7IRgB zN*x4xYaO(s^3Mkd!7ZktuZXw7TH!TC{L&xHrkx7zzs?X@xE0t6y8^{Y!?BJ8Ywxrms{^EXgL)dS;dB z$Gzy<5FWJc(qn!G&9CDlY!U5Rjf`S3Ofp&l{Sc8Ey`wLKt_JCU3^?^k7+nKtI-wVq zguVr0Qw)M^QISaSinRSTF}j9{qO`o^O}m=eTDk(!w;f0+CNlX!ZsMrJ=i#oQXEGg< z^fi<;_0Q4m9T#whlg|ZkYpgyHwzezkBWr_h;J|vMSO88kZ+V7;NnC1YS$MT;NR5-D z9l(+ElQetPA+p#bLVfGw0O;Ns@=5%0+x?z!#_HeL_r7A^Nb9!(Mt}^!^y|w70n>nB z`~%uCNmVUmhKmdv_P}a_uM^IFm^56V{}TQEkhclF3FB}qpqyq#X>2Z@O*SsQhpTq4 KNv!?(#Qy~VL!=4- literal 0 HcmV?d00001 diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 deleted file mode 100644 index 8dd73f1c175f5ff25e92aaf172fbad22d9591a11..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2653 zcma)8c{tSF9{-JDtb^Cm2vhc*#xlshWXV!UL}Z&8lpz_iFN2}%Y6?Y?Jv-Ub$S6Bm z=Cw8UEnC(~m+H=Y?|pio``5kCc|Pa+d_T)Mf1U4h5O@{`IuICvX8}W)WeBE(Z%_~; zC?C&!NRMaUMc|pY5O{`z|B@J%>G2HnG@44oB!u-pDK-`mT|S;ck49=CFuxNFP=o_Q z{qL3yAxqEG7r!^400bPu>`E{N zp~3VZ8G6oQS#hW7*+3_xSVCnO<=azwJpFM0JKKnjCw?Vy)RQwdWFjfEeIBv?(q=|S z<4k$8x{<6UafA{av-Q_0G23)I$UcBN*QP%enA(-)Lzx(&{Bm~Y zlQFu+Cc6I){qhUncmtRba%quIy$wl-*IlWbDCj{!g}ARn#>=P}lNVu@Gah7p)vDti zzp~nn`q%K)k~C}K9giNNN`V29?RDV$hmMyqA(I6SPFk=5P9#$NsZnJ&lc}cYJ=HC( zAX{Cl>llQ#+6ByZtneOo&aW^+^CbMPaeJAmUx)gY)>EtF0m3pv1h`Zl$Y z{gGP_Pml>Y6{HPQXovJ)Yx=$hNq30%2lpSzJgJb_W1YVcAFR9XM9;=wW85~3N>F9o zne@M02J*t1OR0DfjZ^sgB6oeA2COOi0`hJ`Ekp85cZl48V;FmR%41`x;_x=N)zmTT zKeJj3)?)le#sG80p04`%oUdSroq*@jREArizVeid+?JOEXJ`a}NV_~%5m~%M{G5E_ z>OhxAmUY4H6RInUG1+qp$Di-+aktdLCa3~))s;G%H#}b(C11?zLNfRJ!h0Gg@W;Y^ z9GlL{+7iSL&ljz;*I(ssFdEAr2#7{(qfIWStlWuT^)(2W>o{FY5o^VzB>QvJ3^aGg zhig}%_ELQ^jz%N4iw2L5Tt>g3c}*4FoocR(of_Q!LmmAV3*W2u4mWV9iLwg5>*}GW z(?sI!V3k6IqGZ2rmmGb{oFlTIOsjkeDfAX-o;Ec5XtuOukpz>ju_b%W@UnuM8@wjgRVa{9Cua3b0N^%^(M%UwA(RKeVgOWz$g)IPqW2 zwF+&!$~mUjZ0+8%gp?fk-W%W)>WO&OQDE2fG;j55wJ*-Qd(^4q6Zm>* z2)d#;RSzwH<6CsunmtZK2?oC+|1hJ4Gg!Y@x<1`rq;$TNTyv8ZBE^I1_@N<^FO-&0 zhhFILK;B~a>1y5bq@1T-#2F1<9bxhDL_7+AW}N)s!*1B1VE~1)=y(rGl=vcWiA7(h z$b)F%I#Kr>&fiH-eT5}(*`@OU7WMq3vltMHQaf{C&=jinQ+Q48QI2Y5o<@5GY`IR; zmtoUEEb6VZp15hVo_S0;DSem6XfEqiR#R)p%v&;h)Qpt0ly2Vqy5mDaNShen<|Nqm zp3wWIf?Zg%(hu;cWCrPz+Q|3|R!xZHwnNt;o12`;%HqK0TfH}?Jx8~^&aQI=<12hV z9`yT}rEOdf7kSr9*01XzqY{y0`Xjw3X3zKg!giK2IlVqiGd5W}+)7YbUg)gPPU0VA z9IZK6n~Z8>QY)Q)w0$_Gbd?bElbdS9dLci<)ms$#%pmU~Z&&DUSiPjzj}4q`N5{cu zNrh2eEs%-W2(NFebwy*hXeL$?Hho^!aXyG>f`GC+T~r=t2S~}-mKW^qj*c8dTrk4d zB|FBs^5`>)F>wf&-}920N73et72pOa0`35U1~d(dv>gGc(-s;~rfEvRc^c(GD) zfCSV4%)i_!fC|m`R|-SZ)c_RD{Z|r&5dQlDUPT^yE?aLbT1Zh%1)-*_f>c&jMJgfi z;Jx1_Mo2y$yhx*F=|BLjO#H2Y{@1K;v`Mws?tADl!6&LH5q7dUSyZ9*|IB)IBCJm` zPK$x!+m3`$Fagncuxl50z^IT`gV!H+43n`DuU*9r^~Pozq7o<}n`1Rzlno>+ODUV4 zX`rStXJuMe%zbT-IV9XLIGN(h8uSXIeD9)%y)1d_>YDu%(I0Gf7VL6TixfV#_!JpGnJE-)TqBqjKbCJ@fq}Ugt3ErXCrc z7`-uDlDs#H8;<;8k}l|RI~Tq@72-w@g*6LTb$z(?lfbN)5@ERV!Dl4g33HwGv2nZR z&73ib$&DaBu7eA~Sf24}Ru7-&*@?jqtE$V2erdtdIp~}|aR;f}lYB9Cz2p9dp}-(~ z<-1f$g{J80fFiNCQ_d=%b({S}_Yih7TTJe}7$2;;I7Y|{pHefVzG1L+Ji(9AY|LP2 zcI?){2#1o#bQh_Y{P*b|o5L;If+4yIDF(I`_v&uR`8t;zUT$P$2LfwZ?(8F14)m&> z-z#_Pa9yyfuw*~k+7!y_ER3}$W?+t^MC}#DzWl1yBbm&eW3v6;QPer^ec`jq5`o?E zL@;!P3}4%w&epj$<}~b*(j0^g3>FGwUFq8Q56<1&zkF%i)^e$HcJkaTc@3Evw0E(M zv=?QhBgmY4-#pkQ@@9(TwFS+Tfael=x^d@Q+*&LtsDt=bhaiCi2NVZsIg3QBGl$ok z%jQ*Yw&xg}^~{u;c%`-DD-Dh`7GKEkn<<>;;Hze+5sr$n>Cl)SO)nz+49f}`bkCuf zepMr-Nl+KDHy?V}70+4hbdrgIp82sCa}+6pfBzzdEV5b#w#S9PhUF~rv)xwpZ&5pyZTT7d72V&jA)71{0y)d!ai#tr zoDG3;;RSF}hbO$B>pF&8po0WLghJtic-Tt%Yt?Yt@Y{QsoFAMJ3$4XARx>WmifOYDxG}->Jc*0j{oTWK=g7}& RG|0O-En{)#vEc^YAeSgtjr2IRKg++IWAPlnaPxQnA3|K(t%cb9YYRH zZSy9ZWB3$vs&~qp5JHA;-}QZ0@AduleSbX9b3ONcKhN{m@4kL$vX}=5D1s)7i9lic z6g*{J0w@ZsAj4L{WY`j#4Eus6LstHaf_wy%A=5&5LKtIE@&8Q0#ekp+GQ?U4TA(lg zoPbE6J0s?-0?yqxwN0T`3Sy0}Y4n`S(T;3<5x_ zL18`=JkVbR4Acip?Iut5)^#SwKdwxZ-r=*_z+~_Ma7ORF>`?T)$u_}iIO+J6tI4lG zSY=qz)$W<%tirO%=QOryXRc|F?ui{G>z?rzsgR326L6no@jxi;*LrLtQbG`E_%!?+ zaA?NI9ygk2wL1Lc$iAqiiKmO>Hg7SSgXuecs@nu^RH(ff{tQ)v&l9&_v@R3S-J~dR zT2h2v%t&3e66ZlKwLFa}E)IOvROWvPj5g_=eJqpj2wizOGC=(xKtOwo>wMk(yC+6? z0bv=ZS)?kN<<-`#%QZ*F=q}YRS^`;K2XNYV&TUwXJjeZjD?WMw$;ufIlLAe=Q}m*I zN!JlckJ-Yl%NyAn%!a%NR&gaPxT_p+`<4mUWHStXFsnF4w0u&vW1UNV6JKPQGk(Fz zHk%({e(BNhFTstPgJ%Xd29M`T%?%Yz=f>o#-6wkOnAbJO@MyY)yUF@xCx^P2&$R?N zrlssX&V}DNb8;DoqrRKWV0;`K^R5Sd`5B6YaNMUCr_K1)^=r3xFe3|@vzRnv2@3By z>SYe=jA~}PAqyVZB0I$6dEB>~95PHsM)4jUOOZ4^X7E}k-BRkm)XIQ4s ztI|4j;@TT$xN*<(NXmzUuKL6GCY{sTh`(AlJj9+&b?Zn%IFs0Z-R|61B>kyAk<73d z)ITiE*huBcbkbfFIZo%kuZrcT+V~znW*f?0+gtDnW}%$fvbnz_Y~FUQ4Dx!=F?|;M zjd^pxT{P^RYqWNkX{GL<*Oa{|d&h(PJ#15xkP23Onm$MawJW>~+@2PBk>?(XJ4TTc zEZk~2Jg>wm4i&S*Sq+G$i$VI=5L%T_D^&0$jP)zq#DV>f zN#l}!YlPaiDIhUpODfk|@&w{)>KQ@e zk9b69i4l9-0LS;~mARac*V`WR4erW^D9%>pSV%_rS|G#;{1hU6lV~j4{BTRHZa!s2 zzgjqx~o6W)GC>dv7G5ict7;5 zQry`6uiQRBMB>SSW%pH08*!x>3L!P85p|GVbmfe$`-xW&<3{F^$A(<_W{i{7k!pX5 zLkZ7_Q_nE_Ru%$hdoC%EvbcXWuc-Zrt-00TB^sF*9c%Ga(JYy>aqkgvR!{F-;LU}= zyEh#+8l59cvu*8F6~AuUN_Qd?bWgX6{q=pRE=iw`%8~AoGg~}gDzig&HTJ&GJDO#r zUbn4GGrjKS$qkzk(-DnOP)hauF2|{5wG;&PjS3`gY2<9Ir;3y*U_r+Z;TX`_yp!Fo zr8$Dgvi5#B<2(M$hk2j=wgW(f=k(mUQ^*&RwF(T?jJKpU#6#+{SXmZhCVA9g-6}+x z&OEOneTqz|ADYwIzo*{+!B(pHOd)=URgmmuk1F+)?%%tNdD6?l|9IjU)|QlskmSBS%8%B-kxa} zy9(Ni+aZBeEwl=(3$Fn*u7dZwssHh98lvpEIs>hraci+r3`Z#lTQi6Z;9E6 zBHnhh?7Zg~@wpB8&J4yrKS7RY_^XttwOSX+P&>?d$a}cQ70k$nE>E0v+iC^p0IR%rEz%J!);!NFWbljD z;OD_3BIJ4#bAM;JF4sN52w9S(+TQlN;gcbDZ}x=LMg*b9OrLK%aJB28AWl!v27EEwa3; z%*2Zn2-_QnkCJN7@{$cZrnF*3SLZTeUs(uRYjUl_Nt|5qAneEMiQ&YesQbry8}drQ z<6^p~`{x%XuzNLJYcm7Ig7=c{l;cR(*f+4ShT+7sU!vp>DA1lHM;z>kHPdte#16!E z5}&2aU=$n3Czh%bx4+@}Y!IFGxdAJick$|j>ieDrT46LP7?apLFLJHsXj&;Whb(jB zlPzm-d2a$NXASq|$7<^(xvyU}huz*Kc;pK>pLcx3ba8|6<)^knFL*UFD{H!1w~ZNU z7WDcUWN%{H5I&lZBF3>5MI9V`)_aLwZ!fMa&}6>bzs)%*t#Ud{EHX*OGxs3pRd@cmC7BstwBx9{G9ivs=#3y zFzw=3iA@*dzB$dxAD*{+tU^=wIdx<4lKyVY=(@>L@F{{JWn7PPs~JvMLm34>@5Hu! zQn#U zxFz2GFPwbAn&WI}!fSJc+X1;hU#bAy47-C0cMjlOolcwL$3AMB1>C}=*Z3Gv)YE=+ zq8-r~w8YOZ7YGOefHg>;U9t*mf&w-^4<8<{foD9L>0tzTpx{a_))4J!=QXh0!SLl; YOr^KZ*6hZO#=@1c*9GUL{`JKF3H2bR^#A|> literal 0 HcmV?d00001 diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 deleted file mode 100644 index e1a85cff7022bb2eebed205abfbed201f0c7f068..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2653 zcma)8c{mi@9-bLv8C%k*$vPo>j4%w5CE3E4Eu>6#vX*@}GPW$)$uhPkvWy{nh>)z2 zCCS!E#?JT<@y)&Wd-|UH*S*hqe$RW}-}}Dj{B?fML0}jyKtLJ(hL5E#fB0z*Uwr8j{MaT4aikT4z!eMAtsm*H$hu;ZW7K8;t z;UCJ35C=moUcHrW+Sr(pJTjwoY5G-sn4;LjWZK<15~CpR5VCjP*M~LT zT`}%)3t*yn_%S_g40TX$v<1dUvCbN{-E9cUEN65eAXM*!&4~YKvWMU$JH!3 z8^K?w&U17giHYR@d910=^3KygEXxgb3hNXvXmQtk#w|2-*Z~51v&h7 z$vviLhFP1?5qX8W%Nz%n+|LeWERvs&FT7p3ujsoY%qKCq-MW>HPthH~-gJ89?IG>( zOl41MS1@T64+!^#z03DZd3}6qM3Qki0;K`pLsqZb8dRAgrx7H8z^s{QyMfM8wYD8Y zq=3m4?OXKBFsXnHp8m8a>5 zKQ^9WYE#;f<4J6&D0F+hd)ma4fftq6QPf>BDdZs~Pu^`i-P(b!Gak2U(8=t*XmnTD z8bH!F#RmGZR@{k{2oiLvQMRl8JmmN2P<7lx)EWikS+~b>C~<*aA=`u@n5Tsd-IAF0 zE2A%8hU`dO|GIbA2sV;|6AjOkZCbw{@rQi*d2`)2#3uuXVU2f-(nGlxLrE#16lLCE za9Qj2V%5t%2_~PZsPEz1*x8sU4)j_c`*>GVeRHAT>=Mkz_a~%t=?WNBU#=EHa2g2@ zQeKs{>$^lDCNTHhBxY*)xn3ehd4VI=_^_Cy$~u>?7cc?_n6B_jL%*2o20~kulPMy1 zQi_m;kQ4>Rsgw~kd32Rgb8v@t$Mo*&#z#$hGGaI7i*J0ZHKNBp$bKa<7??7nTu7i_ z>w#bJO#hS&uTyR$WG03aQ@>aWGkjh7VV#(#U!*PI2<=*IqPY4G1_#F`difZB7Ru+|=iz8)N%1kwMqD0bq6!sU$@#ld-+9q-rM&RMu%`@{_Qsx?Ypn$FT+j`$FB7g``dGe zW;odN+AgL})(+U4CRqgB`kB*mO0mh(Df|#Dx_}U5O+cVi>F@MV% zdRSCgtQ^`cnEr=LY8~OrIHbYpq$=IYa{3!qtcBb_Um-i#j5ol$Y_B6YXsuYbTOq@+ z(CQU@gI^if1L=q-224F{Ja)7H;w4ti9 z00dRH`@0ZS&sA#5f$Ed{H_B3X(o_!;AcMH{&jlRPP%yiRvzt9!T3!}`l$AruBIQvi z1cqk&w~3w(hoM=dwq`*<02L%afh^zjoxwd4D@7xe$a3Y(@cmOwm?_^I87Coc23=) zzZV*p07f8s#s_^mNOFr~>TH=IU#+Ize-R4I3M$Oroe0?b%xe2k&Uso|Q|irJe9tt9 zB;@WPlHN={qwW5@aWeAE+tGUuJX8dTgJhiny?0UJuf2PP1lXpI`h6&8m?V=zmJ_rZ zb!BRn^->AXbNO)s=n88miMp*DZegrm$7Lq{B3E2>V!pB-mP#nZpYQ3wZdqoB=CNES zkp5# z{$7m>2q*VPo+vj%GJFLREd`Cwz*Jr9$3LN~cpD2`qs>dv`L7<+2RR9a*T_gOrOh9KyK>A+q$ERbB1pgK)NJ+fw+eo`fme0T7RxE4%G{%3374f z9}T-Cc{V%ItCo9L(U8w#)MKKDwTV%Y%-APRB~9;kK-U)RRu5S^OcjJS{M3fK7zb;; z9^wND#MuKe@r#vN(R9{ppb5tk!#|IH;!x-)tLJ7yw?Pp(4(3IlE?ysxlaDyM%?<;U z7vM7CT_4+=gWtT2Y41zCrWVmsKLC|5#e_wV?&GUkjH(0qJfnB)i#mSNr`bZP*f~@P z6*6pm1bKW*$m%cQTejWWnRJl;k{1mFI%6fGRgb^y^NGxM7@J|j^raWBPsdbqI`Vp} z+2sfO5PoF9=lo3@B%MZbPA1^Fy%DAdpWU=**P+J}I-3_7E+W5fbSxfRSi`6JLzH1w z8mdy&s!8opN9cB%Wf46UNx86GTDqpY|pEuM1ry17fa1%wM5b?*At-oQrmg)V}jhMnD|ilFhx U{x(@gKy2*T?m_T}e?9TP02w;K%K!iX diff --git a/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0.p12 b/src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/FA73509F9E9DFB7A3D92B3D34DA6BD20374A24B0.p12 new file mode 100644 index 0000000000000000000000000000000000000000..cb6154cff3537f8224ee67ef7c6f649727d365b4 GIT binary patch literal 2653 zcma);X*d*W8^>oDV<*hmiWtJ7W`?nilqGv%Iyj8%%pglimZ&h8tTFbjC=%H!StAX{ zG1f%3GnOI6*teP#=ACoB?^W0P>3u)k&-4HP?)!e8PtSclNCFR*4aklp@UVlqm5F9V z20xG!SVG|50};5lkOb~EB!Of1zfv5FAOZ)Cg{N6D3FiGz7atFht%Sg#&w{#0{Lc;! zek2yD{mb$pRX`95Ct6U)+;1q~cpilz!M?mdyW7derg)4ED1+n!bN%~7Hf|08QVPuN zMl=KB*g-&L&@n@U=Ut5HwZ-8ZoCa5eteiju&~OEFw3A}UfZTCjB~4i~l|Aynq>CYS zT!V-JW6Fn!idtJbpRfH`uwf_aah0`Cbik2%VW~aB_W?VAyT;_UT$q(Sw8q`7&|=*? z#Ldp3$W0xR|9a@Lpv(5-zH3r}0Z;&1L%<5Hr&4lUfTn{^&}_Lj@G2C(D)Og2(&K`T zJ5Amg*C9n*JMz)fJiNl|Byt+BU!3F$I~y_XHb13MVKKO^LAi48^2bXLFsj8;oM0D+ zTNmmM58bZCqq|NfZYht9Fyi0|C&ELKY27^M^6uKF>_~L^R6Xi?IztqK+(hT8v-uUTOOaO~s?qYXZ?USo4oo|W8E;}F*Ow4##nqxv%|)_#G9sl$Yb^&> zYS(QN^rGZW>AX;R&gZK)`+03wcY&}SW0PofLG0kWLdG1-GWl1;Cvt^TeNiI$}TkRWih8!L;B=MBqaWzJI zf5vrSFb`CiAtl@$hgVzek#!pjjB5~!=(f{=raz*h#=^2}XFub!{lE~qydq-bpl^Ou zYrFYdRa&&tz3I9cM51jNbL=qbW~pe6@j};-lW&&51NxT!LT`)9lh8g7S!x3>9$wo9 zZg%6k>H^Cdw3*y%$^_oHorX6?V8KH2Wn+w%^v2JY$LDHKx7@iBj0)}{@9EV>%H;H5 zH7`BX5C0Ij(IvV{)eDd!N zU{FfSOowm=Rh3`e>Y8;#en6|`ouf(eAAA(34af2L`3LD^Lat|BCTIl(UQIgPB4+Uc zSP@~1z79*t(~Vx48hg}=Cw?aF;bV-f!}<e*t{)0;LZ`l!& zJ@jc6@ysv3X*kn(W0SY&45Jb)6puTv(ey1IqKY;mftKW-XoTbD%V|w=#0~LXD(KvP z*tufA=9)0yu;>?|8WV?f{W&kWA*#PiV*q%7J3tG70%!n`05r>?0XSB8v6KgkyR$N0 zEU(6L|0ondowd3HG+Ew@MUgC`#bWL(trhej#Ca}A`cg!xhGL)gXx_`|v&f!a(_-5ZR6`+3 zif_DjDNsu>q~4RlNhYm3+*2&T`4X@_mwld%TVT6R{`jz4!w@(pvXv1 zg*Js`?m5o2zf0cqo_!NLyxx}`w`AIkRo*-aEA^*VeLW^xJ(QsnSwgGduur}CeMzG+ zhR@t-33niRoU--`qFA1nV`!deo;$9cGI>cg&=XjlHYwka>Zhvm;yH~Z#4yUP{X%Ty zr?6B*nkVALeJ%-zQU}MTLix(PXq28#?6!Pw*C~n&XsAIcA&K&Ld~!RC$2u``kgiLZ z)g;36Y&q~r!+pvAF{P*D&x?`3Jwe_g$M=ViM#3Y?dL0Y9{+jWdVV>_5vXe_bL2Aei zhm)MKUBNCZhEy~h*c80(E*oIY|-B*CJ55+K`B&J92x|%_6_neCPqyDYd^fj)3Y=g+bC+cH7H;wMe)z`x zq44Frn*zI&UEwpH?Fy;bsHMNM@upH_Lp^5imHUzo7ZG=b*>k2jzkd~8cW$ME7T%4g z`;zCH&BQF_?vA?m`Dewi`gT+<$`%woD4XJwp6jTGeA=%HhLLzG#vd;(w7jt;A}x`s zNdBK+E;b+s03>6QmoV5{t4Y@K{n4R6D;9kEgn$7hgKmer8@B<&<_m!!q$cw4E#^Z| U&H3AC=xCd!#3k_y|2*-30cV!3u>b%7 literal 0 HcmV?d00001 diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/private-params.xml b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/private-params.xml similarity index 100% rename from src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/private-params.xml rename to src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/private-params.xml diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/shared-params.xml b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/shared-params.xml similarity index 100% rename from src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251106184246391905000/shared-params.xml rename to src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/20251110170100462771000/shared-params.xml diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf index e609181ba5..f5b4dd38f7 100644 --- a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/externalconf @@ -1,27 +1,27 @@ -Content-Type: multipart/related; charset=UTF-8; boundary=1ph2KgtUKKLG7qFGQ0J4 - ---1ph2KgtUKKLG7qFGQ0J4 -Content-Type: multipart/mixed; charset=UTF-8; boundary=AhiuXNE9wI1JbQZBc4Em - ---AhiuXNE9wI1JbQZBc4Em -Expire-date: 2035-11-07T04:50:26Z -Version: 6 - ---AhiuXNE9wI1JbQZBc4Em -Content-type: application/octet-stream -Content-transfer-encoding: base64 -Content-identifier: SHARED-PARAMETERS; instance='DEV' -Content-location: /V6/20251106184246391905000/shared-params.xml -Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 - -7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== ---AhiuXNE9wI1JbQZBc4Em-- - ---1ph2KgtUKKLG7qFGQ0J4 -Content-Type: application/octet-stream -Content-Transfer-Encoding: base64 -Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 -Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" - -nkOcd0woS3CRwBoPt/zxt6MnTJCUppLpxkGupBln9dQDUSvoMlHwMtu2GqtjMJlk5Imb8Q0egqRyAvzWs+O6E7l3Y1QqbecHObK8M2D6+9cCcW6XfaoM21gYM9loiHrTSfQ0p5u+8OAXIWbXJtXy2v4TcCfl5VnSqk63WRivQIogCbbcstCI5ARwShC+u7rs1eJHtI7AeEOzOSaccBZok0O/LTX1UyFitANP0XUSFyr1Hw+rpa5cyvSEE1SeYX1cY1mGJyUaflA0X4N2bZaMMrDZcMwcK9aM8+Bi15tJM9/gKeBwUKQbf+P7r6ShB1zUw66A9d/SopxOiA8Bpa4tLQ== ---1ph2KgtUKKLG7qFGQ0J4-- +Content-Type: multipart/related; charset=UTF-8; boundary=z4B0y4A4IQsHupzWQ00L + +--z4B0y4A4IQsHupzWQ00L +Content-Type: multipart/mixed; charset=UTF-8; boundary=ELqYfwY0DNwFqhpFeOBJ + +--ELqYfwY0DNwFqhpFeOBJ +Expire-date: 2035-11-11T03:08:40Z +Version: 6 + +--ELqYfwY0DNwFqhpFeOBJ +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170100462771000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--ELqYfwY0DNwFqhpFeOBJ-- + +--z4B0y4A4IQsHupzWQ00L +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +Z5VDwFE53GsYy6DkZ7t1jMIRJj3qC/PO9wL1qUbXwe2evf1moufyP/L5rzYTzrOjHLRWjcF4rDS7Y2mGO8PKDjzJLxASIAgyLVDQ4lejKE9cfoT58msDOnxhii6DRSnwSRr5CvaKfs1nFHYl/EqiyKrwq0aDGNg9foFb0DqTskzMWGF9PqH5+UfbkTczDAFTL7meNnTj6t3anFZPzfh9ALVSRQS+xok3sV/7F0YlTl6BanS4QVKIs3BF7dCyKkuSwDDqmHuHFquEt1bl77OuDKJGtUWHieiz4ka0+Ebd00pkwbrHvGVvmX5SFqX91GxeSfQt4fmMo+tQUhGHVEM0kg== +--z4B0y4A4IQsHupzWQ00L-- diff --git a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf index f8314cb98e..ab238f280e 100644 --- a/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf +++ b/src/security-server/system-test/src/intTest/resources/files/global_conf_signed_with_rotated_keys/V6/internalconf @@ -1,35 +1,35 @@ -Content-Type: multipart/related; charset=UTF-8; boundary=IT4sGeIfC5LUhlYojTkx - ---IT4sGeIfC5LUhlYojTkx -Content-Type: multipart/mixed; charset=UTF-8; boundary=FLCFdHDKU2MjjOziBVOg - ---FLCFdHDKU2MjjOziBVOg -Expire-date: 2035-11-07T04:50:26Z -Version: 6 - ---FLCFdHDKU2MjjOziBVOg -Content-type: application/octet-stream -Content-transfer-encoding: base64 -Content-identifier: SHARED-PARAMETERS; instance='DEV' -Content-location: /V6/20251106184246391905000/shared-params.xml -Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 - -7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== ---FLCFdHDKU2MjjOziBVOg -Content-type: application/octet-stream -Content-transfer-encoding: base64 -Content-identifier: PRIVATE-PARAMETERS; instance='DEV' -Content-location: /V6/20251106184246391905000/private-params.xml -Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 - -6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== ---FLCFdHDKU2MjjOziBVOg-- - ---IT4sGeIfC5LUhlYojTkx -Content-Type: application/octet-stream -Content-Transfer-Encoding: base64 -Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 -Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" - -doXVMlleOahRB6TCBXBu1+6UNfATR07ePE5Penc3X4VNfGsLIg3P3oZ7giSO5KNGXkN+ilMDALkj+JJ2zP3s2Hk84xSnnwI3ek2crTJc8swI+Y1a2oAEX4Lm2j/viMtVPaB6wrnIMMLacrHedIC7KFqqiYGgHN1YqRAtDQqHiI2tuxZpewHYqIzFFn6Y8HWa4VXvn624o0AP43CK8/0JUaewP/L9pwcjBbiQcgHDkHHj3NXTm9IAtjCq6SVetkdIdnRlCgepyqKi+jHPsLUyaDBmIQvv87Y0fVeADRJb94fAYubcd6PeVpExy31nqjuGDEvCL8hXPl6FZsDRB2hnfQ== ---IT4sGeIfC5LUhlYojTkx-- +Content-Type: multipart/related; charset=UTF-8; boundary=nj3J1133jI6NB6snk3gL + +--nj3J1133jI6NB6snk3gL +Content-Type: multipart/mixed; charset=UTF-8; boundary=tvvzow1Zh1suGa6qRhZb + +--tvvzow1Zh1suGa6qRhZb +Expire-date: 2035-11-11T03:08:40Z +Version: 6 + +--tvvzow1Zh1suGa6qRhZb +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170100462771000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--tvvzow1Zh1suGa6qRhZb +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: PRIVATE-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170100462771000/private-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== +--tvvzow1Zh1suGa6qRhZb-- + +--nj3J1133jI6NB6snk3gL +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +KyVSr+V/4uu1hvezmWGb6/WKl48/VUIqpigpm2oSa57OR/YC9p9hx4mc79YLMmOUR7Y4OgnTOCYKlNq/hgIrM+imYqX+Gc4ZcRz79mg5MXT1lIyvYqOLfS5ABn0Syc5FJTosH/QBXimEykkngDfgTUOO+H2EJ4j/Ze8QyO+MhnDHhYhuOC2GOKG68e5UKgbeUcOPTwZ7ze5F1vxXkC3PzcRkNOVIa/4l2tWEpdJwkN3AvSnhjj+M/4EGBFUzzL058yAifRiHZ2/T1mXKRSmDrGwpB12N0+3UOTrOQKTIf2u+A8o7c0EIzPFSCAro+NtYCSXLmfzCn642ySfLacEfPQ== +--nj3J1133jI6NB6snk3gL-- diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/private-params.xml b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/private-params.xml similarity index 100% rename from src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/private-params.xml rename to src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/private-params.xml diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/shared-params.xml b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/shared-params.xml similarity index 100% rename from src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251106184346396745000/shared-params.xml rename to src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/20251110170000548026000/shared-params.xml diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf index 2dc4400e5e..02281f16e2 100644 --- a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/externalconf @@ -1,27 +1,27 @@ -Content-Type: multipart/related; charset=UTF-8; boundary=53ym6pJxOQXWdyO2ZzeI - ---53ym6pJxOQXWdyO2ZzeI -Content-Type: multipart/mixed; charset=UTF-8; boundary=t1hY0NEh7SDQcxvdWBHh - ---t1hY0NEh7SDQcxvdWBHh -Expire-date: 2035-11-07T04:51:26Z -Version: 6 - ---t1hY0NEh7SDQcxvdWBHh -Content-type: application/octet-stream -Content-transfer-encoding: base64 -Content-identifier: SHARED-PARAMETERS; instance='DEV' -Content-location: /V6/20251106184346396745000/shared-params.xml -Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 - -7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== ---t1hY0NEh7SDQcxvdWBHh-- - ---53ym6pJxOQXWdyO2ZzeI -Content-Type: application/octet-stream -Content-Transfer-Encoding: base64 -Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 -Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" - -A4AB6u5V+XdZyy0f9FbRbd097a2RHtCo3IrKxTRck9pRvLk41Lq1CcJfWB9XzP1xi6VcsKXwEQtvwVtyBO2Bxzwm3Yy2G6zBrY72BlQNE6i6A6TN690p4CvLfjg6OEsajuQBWYzHBPhx3kL7NYwz8gA8nCAuIgb8bycR4/HuuxOjitax6NWPN9n1xM3+p0zkuT9MGjT/JgPmWOF94P7eLGFrKqmW0J7K8X0cuywkcu/7bkVZr1ODAdTK+FZEYBJZJK1FfPS/gZ4EeYtREhFWQcEhARgU6C7+dhB5sLOUh/RSVTHgfdoltFQ/yP8fX+yp9W5L19IwyQ7cdI51s+u3xg== ---53ym6pJxOQXWdyO2ZzeI-- +Content-Type: multipart/related; charset=UTF-8; boundary=d84U0L3CmhYqodd20ebO + +--d84U0L3CmhYqodd20ebO +Content-Type: multipart/mixed; charset=UTF-8; boundary=KD5PN27E3y2oVhx3HmHP + +--KD5PN27E3y2oVhx3HmHP +Expire-date: 2035-11-11T03:07:40Z +Version: 6 + +--KD5PN27E3y2oVhx3HmHP +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170000548026000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--KD5PN27E3y2oVhx3HmHP-- + +--d84U0L3CmhYqodd20ebO +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: saNm+c4jOCC0dnzCL3bHvutn+k3dBbU4+YhES/n9sR5IX1M0fFmM1kIGG1nnnOoLDK2z8mei3qa3fhH1QUtqaw==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +dge8MLbpYIFpcVKFDYl6+6STJ8wb4P2ayl9wxeUSMsIKuJ+oBBYmvw320fvoarcnjaKYRHpVs5ShK9jGlIsc4ezHwNDb04EDtnOaFf8Rw3d6x4Z6UHS51tuJPHzfoz7wC19BEf/K0+yLa9FaJE8q1jtZCf5UMtCvqG/s0Xkf7idmQ13jNcJ5i/jA3hUZp8VRSb2Yr1Oinmv1xRa2Hs7dba5FicHBKqP+JLCA1inUoOtqwUwfnwN02raWtOsvdSRRIKsUyOZngXktNuf6CkYFXZ/9UXy+l2R0iNHGAQls9a5pLNyPwHyPh0Lp4kgNh8iIWQU6w+MbmtF3MVyiPoD9zQ== +--d84U0L3CmhYqodd20ebO-- diff --git a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf index 70c7605198..0db6a9a341 100644 --- a/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf +++ b/src/security-server/system-test/src/intTest/resources/nginx-container-files/var/lib/xroad/public/V6/internalconf @@ -1,35 +1,35 @@ -Content-Type: multipart/related; charset=UTF-8; boundary=IwNKAxJX0LYa1QzMOPSC - ---IwNKAxJX0LYa1QzMOPSC -Content-Type: multipart/mixed; charset=UTF-8; boundary=yR1dYPFb1AAbffPvsejQ - ---yR1dYPFb1AAbffPvsejQ -Expire-date: 2035-11-07T04:51:26Z -Version: 6 - ---yR1dYPFb1AAbffPvsejQ -Content-type: application/octet-stream -Content-transfer-encoding: base64 -Content-identifier: SHARED-PARAMETERS; instance='DEV' -Content-location: /V6/20251106184346396745000/shared-params.xml -Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 - -7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== ---yR1dYPFb1AAbffPvsejQ -Content-type: application/octet-stream -Content-transfer-encoding: base64 -Content-identifier: PRIVATE-PARAMETERS; instance='DEV' -Content-location: /V6/20251106184346396745000/private-params.xml -Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 - -6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== ---yR1dYPFb1AAbffPvsejQ-- - ---IwNKAxJX0LYa1QzMOPSC -Content-Type: application/octet-stream -Content-Transfer-Encoding: base64 -Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 -Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" - -kihg0PX79wY2ZQ9XYScaypaxrK3PyiyUkr58ywAi8RGYziTG8jGuW+zVuL6g8nxO9D9I1iQSkhEZK4/rV6j+Q6tAyaTNNwH6L1uDnTw1wK1/N763RnqxKmid9+ev30dlryz9+yAJfZxxCVMI43wuMcqfUWn39QpmHikYcSM1l5k17UYCnA/R1pcYdv5CeYUEE91dBoVs+iPLLfM7IOMLA+SNjCD32kCe9UuBEERIPr8QIVd5Bgh5LkIpKKi3g+q8lDChm8PC74EYCjBE4SXiLxirdivzd6Isaj4lMpQKsEVz278VX6AFcQGU+hFGm8oN117xelLZ89oP2x00eU+Asg== ---IwNKAxJX0LYa1QzMOPSC-- +Content-Type: multipart/related; charset=UTF-8; boundary=liXZvQn3qLHSIEaQqiHo + +--liXZvQn3qLHSIEaQqiHo +Content-Type: multipart/mixed; charset=UTF-8; boundary=mxVldgyFMoulDBLDTGjc + +--mxVldgyFMoulDBLDTGjc +Expire-date: 2035-11-11T03:07:40Z +Version: 6 + +--mxVldgyFMoulDBLDTGjc +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: SHARED-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170000548026000/shared-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +7FO5X6GL2ac8OnshU0yGPyML79wdg0Nn2wGmlAIXdM+3Pr3ZDBYks6bIIKxU+rKXo452RMJhujMl5o0UAmRMdQ== +--mxVldgyFMoulDBLDTGjc +Content-type: application/octet-stream +Content-transfer-encoding: base64 +Content-identifier: PRIVATE-PARAMETERS; instance='DEV' +Content-location: /V6/20251110170000548026000/private-params.xml +Hash-algorithm-id: http://www.w3.org/2001/04/xmlenc#sha512 + +6VjiRca3em/F6voolLd0DCKbofnJ66VgILL25tLvglrCkDuFMc1N38v7Knd8UngZskzj2aRFdAXpuguybewz7g== +--mxVldgyFMoulDBLDTGjc-- + +--liXZvQn3qLHSIEaQqiHo +Content-Type: application/octet-stream +Content-Transfer-Encoding: base64 +Signature-Algorithm-Id: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 +Verification-certificate-hash: Sacl28E9D89PBwAOJDK3eXGjnW/iqUzVkUqLgADY0P/p63GUxzs8/Ft74i+WbRbslqSNfvSmBZ0zAr+0uAP6Ng==; hash-algorithm-id="http://www.w3.org/2001/04/xmlenc#sha512" + +icOXZrvplB0li0JcF+NTPOU0N7qkpaVxj8+4xAe5irll6zMLyNayXunVC7yPyqos5PMxyay9/yje0PPo0amm4dOyRzkihYoumMifE+fQNZzusmpAcL9WL5iQyTWiNZSAx0y5eH6nilUZXGAIbeePSaW+MPU8vo92BTaIlneaJjyK+g0m1O7UiDnjFfkpaWmxgs9ax2yt1n3uIYZ6kjDjB7a2J5pc45kCXrinxrFuGvR/AGbNBkfkIMkg5KnqKmx1gH2eWpsjI3rlgBgEhDpgnPrB4b+i4adbInCy0KUCImaSUwbeipFY/bMoAtAtuXX3CHp3Vww86daIIpZPjyqkew== +--liXZvQn3qLHSIEaQqiHo-- From ff5036f07c6bc048b287f70b80fec412aeaab78b Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Wed, 12 Nov 2025 21:42:41 +0200 Subject: [PATCH 3/8] feat: As a Security Server Administrator I want to be able to define what policy is used for choosing TSA-s and OCSP responders so that I can better manage costs check chrome version refs: XRDDEV-2980 --- .github/workflows/build.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index b29b79ec94..600bf3c153 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -259,6 +259,8 @@ jobs: with: task: get-measurement label: 'Set up Central Server tests' + - name: Check Chromium version + run: chromium --version || chromium-browser --version || google-chrome --version - name: Run Central Server system tests working-directory: ./src run: ./gradlew -Dorg.gradle.jvmargs=-Xmx1g :central-server:admin-service:ui-system-test:systemTest -PsystemTestCsImageName=localhost:5000/xrd-centralserver:${{ github.sha }} From 481cfcdbefb0effc58edc236a1c99384bfb83a02 Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Thu, 13 Nov 2025 02:13:56 +0200 Subject: [PATCH 4/8] feat: As a Security Server Administrator I want to be able to define what policy is used for choosing TSA-s and OCSP responders so that I can better manage costs update selenide refs: XRDDEV-2980 --- .../org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java | 6 +++--- src/common/common-int-test/build.gradle.kts | 2 ++ src/gradle/libs.versions.toml | 3 +++ 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java b/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java index e58f06090e..7000a0261c 100644 --- a/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java +++ b/src/central-server/admin-service/ui-system-test/src/intTest/java/org/niis/xroad/cs/test/ui/glue/CommonUiStepDefs.java @@ -29,8 +29,8 @@ import io.cucumber.java.After; import io.cucumber.java.en.Step; import org.openqa.selenium.devtools.DevTools; -import org.openqa.selenium.devtools.v137.network.Network; -import org.openqa.selenium.devtools.v137.network.model.ConnectionType; +import org.openqa.selenium.devtools.v142.network.Network; +import org.openqa.selenium.devtools.v142.network.model.ConnectionType; import java.util.Optional; @@ -58,7 +58,7 @@ public void preparePage() { @Step("Browser is set in {} network speed") public void setInBrowserSpeed(String connectionType) { DevTools devTools = chromiumDevTools.getDevTools(); - devTools.send(Network.enable(Optional.empty(), Optional.empty(), Optional.empty())); + devTools.send(Network.enable(Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty(), Optional.empty())); devTools.send(Network.emulateNetworkConditions( false, 350, diff --git a/src/common/common-int-test/build.gradle.kts b/src/common/common-int-test/build.gradle.kts index a36f77136b..9adceb8b77 100644 --- a/src/common/common-int-test/build.gradle.kts +++ b/src/common/common-int-test/build.gradle.kts @@ -12,6 +12,8 @@ dependencies { api(libs.testAutomation.selenide) { exclude(group = "org.slf4j", module = "*") } + api(libs.test.selenide.core) + api(libs.test.selenide.proxy) api(libs.bouncyCastle.bcpkix) api(libs.awaitility) } diff --git a/src/gradle/libs.versions.toml b/src/gradle/libs.versions.toml index 8e761af567..b0ba22cdff 100644 --- a/src/gradle/libs.versions.toml +++ b/src/gradle/libs.versions.toml @@ -19,6 +19,7 @@ xmlUnit = "2.10.4" bouncyCastle = "1.82" slf4j = "2.0.17" testAutomationFramework = "0.2.21" +selenide="7.12.0" protoc = "4.32.1" grpc = "1.76.0" swaggerParser = "2.1.34" @@ -77,6 +78,8 @@ testAutomation-feign = { module = "com.nortal.test:test-automation-feign", versi testAutomation-selenide = { module = "com.nortal.test:test-automation-selenide", version.ref = "testAutomationFramework" } testAutomation-assert = { module = "com.nortal.test:test-automation-assert", version.ref = "testAutomationFramework" } testAutomation-restassured = { module = "com.nortal.test:test-automation-restassured", version.ref = "testAutomationFramework" } +test-selenide-core = { module = "com.codeborne:selenide", version.ref = "selenide" } +test-selenide-proxy = { module = "com.codeborne:selenide-proxy", version.ref = "selenide" } jakarta-validationApi = { module = "jakarta.validation:jakarta.validation-api", version = "3.1.1" } jakarta-servletApi = { module = "jakarta.servlet:jakarta.servlet-api", version = "6.1.0" } From cf237acbbf6bf8b4e1b4c13ccdd8dfc514e5a9ee Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Thu, 13 Nov 2025 16:41:28 +0200 Subject: [PATCH 5/8] feat: As a Security Server Administrator I want to be able to define what policy is used for choosing TSA-s and OCSP responders so that I can better manage costs minor refacto refs: XRDDEV-2980 --- .../niis/xroad/serverconf/impl/ServerConfImpl.java | 11 +++-------- .../converter/CertificateAuthorityConverter.java | 2 +- .../openapi/CertificateAuthoritiesApiController.java | 2 +- .../restapi/openapi/SystemApiController.java | 2 +- 4 files changed, 6 insertions(+), 11 deletions(-) diff --git a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java index a38700c0ff..65efa6f45b 100644 --- a/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java +++ b/src/lib/serverconf-impl/src/main/java/org/niis/xroad/serverconf/impl/ServerConfImpl.java @@ -363,16 +363,11 @@ public List getTspUrl() { @Override public String getTspCostType(String tspUrl) { - return tx(session -> { - TimestampingService tsp = getConf(session).getTimestampingServices().stream() + return tx(session -> getConf(session).getTimestampingServices().stream() .filter(t -> StringUtils.equals(t.getUrl(), tspUrl)) .findFirst() - .orElse(null); - if (tsp != null) { - return tsp.getCostType(); - } - return null; - }); + .map(TimestampingService::getCostType) + .orElse(null)); } @Override diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java index 5a1c97e55e..ed2fc67b9a 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java @@ -76,7 +76,7 @@ public CertificateAuthorityDto convert(ApprovedCaDto approvedCaDto) { private List convertOcspResponders(Map ocspUrlsAndCostTypes) { return ocspUrlsAndCostTypes.entrySet().stream() .map(entry -> new OcspResponderDto(entry.getKey(), convertCostType(entry.getValue()))) - .collect(Collectors.toList()); + .toList(); } private static CostTypeDto convertCostType(CostType costType) { diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java index 020f9f65d1..33362df14d 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java @@ -113,7 +113,7 @@ public ResponseEntity> getApprovedCertificateAuthor @PreAuthorize("hasAuthority('VIEW_APPROVED_CERTIFICATE_AUTHORITIES')") public ResponseEntity getOcspPrioritizationStrategy() { var strategy = certificateAuthorityService.getOcspPrioritizationStrategy(); - return new ResponseEntity<>(ServicePrioritizationStrategyDto.valueOf(strategy.name()), HttpStatus.OK); + return ResponseEntity.ok(ServicePrioritizationStrategyDto.valueOf(strategy.name())); } @SuppressWarnings("squid:S3655") // see reason below diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java index 4bec9ec3aa..260ab73a79 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiController.java @@ -151,7 +151,7 @@ public ResponseEntity> getConfiguredTimestampingServ @PreAuthorize("hasAuthority('VIEW_TSPS')") public ResponseEntity getTimestampingPrioritizationStrategy() { var strategy = systemService.getTimestampingPrioritizationStrategy(); - return new ResponseEntity<>(ServicePrioritizationStrategyDto.valueOf(strategy.name()), HttpStatus.OK); + return ResponseEntity.ok(ServicePrioritizationStrategyDto.valueOf(strategy.name())); } @Override From a9fc263fe4900634165b2de5190c5345c6ce241c Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Tue, 18 Nov 2025 01:44:12 +0200 Subject: [PATCH 6/8] chore: merge to dev-8.x fixes for free and paid timestamping and ocsp services security server ui changes refs: XRDDEV-2980 --- .../common/ServicePrioritizationStrategy.java | 32 ++++++++++++++++ .../globalconf/impl/GlobalConfVer6Test.java | 6 ++- .../restapi/converter/EndpointConverter.java | 3 +- .../service/CertificateAuthorityService.java | 15 ++++++-- .../restapi/service/SystemService.java | 7 +++- ...rtificateAuthoritiesApiControllerTest.java | 4 +- .../openapi/SystemApiControllerTest.java | 3 +- .../restapi/service/SystemServiceTest.java | 5 ++- .../service/TokenCertificateServiceTest.java | 6 +-- .../liquibase/serverconf/010-add-tps-cost.xml | 2 +- .../DiagnosticsTimestampingServiceCard.vue | 18 +++++---- .../AddTimestampingServiceDialog.vue | 10 +++-- .../SystemParameters/SystemParameters.vue | 8 ++-- .../container/service/TestTokenService.java | 30 +++++++-------- .../2300-ss-proxy-healthcheck.feature | 12 +++--- .../etc/xroad/conf.d/local.yaml | 3 ++ .../softtoken/.softtoken.p12 | 0 ...6A952E76B40A46C07628C7B13E5934E39A9C78.p12 | 0 ...42B84B4829BB79226AB268B4D8E70B01068613.p12 | 34 +++++++++++++++++ ...B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 | 0 ...7CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 | 0 ...A0AFEE2602D2846621118997E268F5FA843C94.pem | 25 +++++++++++++ ...83ECC7DCE9C81826F99FC79FE96393A342FE42.pem | 25 +++++++++++++ ...C622B62052EE89F2020C2FA91872CB49EB1502.pem | 26 +++++++++++++ ...E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem | 25 ------------- ...D15F0ED1A1320EBA0190C838506B60EC07C994.pem | 26 ------------- ...DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem | 25 ------------- .../xroad/proxy/core/admin/AdminService.java | 37 +++++++++++++++++++ .../ProxyMessageLogProperties.java | 5 +++ .../core/configuration/ProxyProperties.java | 6 +++ ...ectingSSLSocketFactoryIntegrationTest.java | 6 +++ .../xroad/proxy/proto/ProxyRpcClient.java | 20 ++++++++++ .../src/main/proto/admin_service.proto | 17 +++++++++ 33 files changed, 312 insertions(+), 129 deletions(-) delete mode 100644 src/security-server/system-test/src/intTest/resources/container-files/etc/xroad/signer-predefined/softtoken/.softtoken.p12 delete mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/056A952E76B40A46C07628C7B13E5934E39A9C78.p12 delete mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 delete mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 create mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/certs/15A0AFEE2602D2846621118997E268F5FA843C94.pem create mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/certs/2383ECC7DCE9C81826F99FC79FE96393A342FE42.pem create mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/certs/5BC622B62052EE89F2020C2FA91872CB49EB1502.pem delete mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/certs/84E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem delete mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/certs/D7D15F0ED1A1320EBA0190C838506B60EC07C994.pem delete mode 100644 src/security-server/system-test/src/intTest/resources/files/keystores/certs/E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem diff --git a/src/common/common-core/src/main/java/ee/ria/xroad/common/ServicePrioritizationStrategy.java b/src/common/common-core/src/main/java/ee/ria/xroad/common/ServicePrioritizationStrategy.java index afaaf1e005..929ea9f9bf 100644 --- a/src/common/common-core/src/main/java/ee/ria/xroad/common/ServicePrioritizationStrategy.java +++ b/src/common/common-core/src/main/java/ee/ria/xroad/common/ServicePrioritizationStrategy.java @@ -1,4 +1,36 @@ +/* + * The MIT License + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ package ee.ria.xroad.common; public enum ServicePrioritizationStrategy { + + ONLY_FREE, + ONLY_PAID, + FREE_FIRST, + PAID_FIRST, + NONE + } diff --git a/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java index 3cb6ca7c23..6e82d67a95 100644 --- a/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java +++ b/src/lib/globalconf-impl/src/test/java/org/niis/xroad/globalconf/impl/GlobalConfVer6Test.java @@ -36,6 +36,8 @@ import org.junit.Rule; import org.junit.Test; import org.niis.xroad.globalconf.GlobalConfProvider; +import org.niis.xroad.globalconf.extension.GlobalConfExtensions; +import org.niis.xroad.globalconf.impl.extension.GlobalConfExtensionFactoryImpl; import org.niis.xroad.globalconf.model.CostType; import java.io.File; @@ -66,7 +68,9 @@ public static void setUpBeforeClass() throws Exception { createConfigurationFiles(); - globalConfProvider = new GlobalConfImpl(new FileSystemGlobalConfSource(getConfigurationPath())); + FileSystemGlobalConfSource globalConfSource = new FileSystemGlobalConfSource(getConfigurationPath()); + globalConfProvider = + new GlobalConfImpl(globalConfSource, new GlobalConfExtensions(globalConfSource, new GlobalConfExtensionFactoryImpl())); } diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java index 6f105520f2..ad20571e08 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/EndpointConverter.java @@ -43,8 +43,7 @@ public EndpointDto convert(Endpoint endpoint) { endpointDto.setId(String.valueOf(endpoint.getId())); endpointDto.setServiceCode(endpoint.getServiceCode()); - endpointDto.setClientId(clientIdConverter.convertId( - endpoint.getClient().getIdentifier())); + endpointDto.setClientId(clientIdConverter.convertId(endpoint.getClient().getIdentifier())); endpointDto.setMethod(EndpointDto.MethodEnum.fromValue(endpoint.getMethod())); endpointDto.setPath(endpoint.getPath()); endpointDto.setGenerated(endpoint.isGenerated()); diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java index 5b7d78df1b..f7f683b9de 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java @@ -25,7 +25,7 @@ */ package org.niis.xroad.securityserver.restapi.service; -import ee.ria.xroad.common.SystemProperties; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfo; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfoProvider; import ee.ria.xroad.common.certificateprofile.GetCertificateProfile; @@ -42,6 +42,8 @@ import org.niis.xroad.common.exception.InternalServerErrorException; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ApprovedCAInfo; +import org.niis.xroad.globalconf.model.CostType; +import org.niis.xroad.proxy.proto.ProxyRpcClient; import org.niis.xroad.restapi.util.FormatUtils; import org.niis.xroad.securityserver.restapi.cache.CurrentSecurityServerId; import org.niis.xroad.securityserver.restapi.dto.ApprovedCaDto; @@ -85,6 +87,7 @@ public class CertificateAuthorityService { private final CurrentSecurityServerId currentSecurityServerId; private final AcmeService acmeService; private final AcmeProperties acmeProperties; + private final ProxyRpcClient proxyRpcClient; /** * {@link CertificateAuthorityService#getCertificateAuthorities(KeyUsageInfo, boolean)} @@ -210,7 +213,11 @@ private ApprovedCaDto buildCertificateAuthorityDto( builder.subjectDnPath(subjectDnPath); builder.topCa(subjectDnPath.size() <= 1 && subjectName.equals(subjectDnPath.getFirst())); - builder.ocspUrlsAndCostTypes(globalConfService.getOcspResponderAddressesAndCostTypes(certificate)); + Map ocspResponderAddressesAndCostTypes = globalConfService.getOcspResponderAddressesAndCostTypes(certificate); + ocspResponderAddressesAndCostTypes.put("http://ocsp.int-xroad.net", CostType.FREE); // default OCSP responder + ocspResponderAddressesAndCostTypes.put("http://ocsp.int-xroad.net/ocsp2", CostType.PAID); // default OCSP responder + ocspResponderAddressesAndCostTypes.put("http://ocsp.int-xroad.net/ocsp3", CostType.UNDEFINED); // default OCSP responder + builder.ocspUrlsAndCostTypes(ocspResponderAddressesAndCostTypes); return builder.build(); } @@ -232,8 +239,8 @@ List buildPath(X509Certificate certificate, return pathElements; } - public SystemProperties.ServicePrioritizationStrategy getOcspPrioritizationStrategy() { - return SystemProperties.getOcspPrioritizationStrategy(); + public ServicePrioritizationStrategy getOcspPrioritizationStrategy() { + return proxyRpcClient.getOcspPrioritizationStrategy(); } public boolean isAcmeExternalAccountBindingRequired(String caName) throws CertificateAuthorityNotFoundException { diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java index d5ed76d24d..6a8812a38f 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/SystemService.java @@ -26,6 +26,7 @@ package org.niis.xroad.securityserver.restapi.service; import ee.ria.xroad.common.CodedException; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.crypto.Digests; import lombok.RequiredArgsConstructor; @@ -38,6 +39,7 @@ import org.niis.xroad.confclient.rpc.ConfClientRpcClient; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ConfigurationAnchor; +import org.niis.xroad.proxy.proto.ProxyRpcClient; import org.niis.xroad.restapi.config.audit.AuditDataHelper; import org.niis.xroad.restapi.config.audit.RestApiAuditProperty; import org.niis.xroad.restapi.service.ConfigurationVerifier; @@ -95,6 +97,7 @@ public class SystemService { private final ConfClientRpcClient confClientRpcClient; private final MaintenanceModeStatus maintenanceModeStatus; private final GlobalConfProvider globalConfProvider; + private final ProxyRpcClient proxyRpcClient; private static final String ANCHOR_DOWNLOAD_FILENAME_PREFIX = "configuration_anchor_UTC_"; private static final String ANCHOR_DOWNLOAD_DATE_TIME_FORMAT = "yyyy-MM-dd_HH_mm_ss"; @@ -397,8 +400,8 @@ public NodeProperties.NodeType getServerNodeType() { return NodeProperties.getServerNodeType(); } - public SystemProperties.ServicePrioritizationStrategy getTimestampingPrioritizationStrategy() { - return SystemProperties.getTimestampingPrioritizationStrategy(); + public ServicePrioritizationStrategy getTimestampingPrioritizationStrategy() { + return proxyRpcClient.getTimestampingPrioritizationStrategy(); } public boolean isManagementServiceProvider() { diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java index ef6c563607..cf4f6c5953 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiControllerTest.java @@ -26,7 +26,7 @@ */ package org.niis.xroad.securityserver.restapi.openapi; -import ee.ria.xroad.common.SystemProperties; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.certificateprofile.CertificateProfileInfo; import ee.ria.xroad.common.certificateprofile.DnFieldDescription; import ee.ria.xroad.common.certificateprofile.DnFieldValue; @@ -165,7 +165,7 @@ public void getApprovedCertificateAuthoritiesAuthWithSignPermission() throws Exc @WithMockUser(authorities = {"VIEW_APPROVED_CERTIFICATE_AUTHORITIES"}) public void getOcspPrioritizationStrategy() { when(certificateAuthorityService.getOcspPrioritizationStrategy()) - .thenReturn(SystemProperties.ServicePrioritizationStrategy.ONLY_PAID); + .thenReturn(ServicePrioritizationStrategy.ONLY_PAID); ResponseEntity response = caController.getOcspPrioritizationStrategy(); assertEquals(HttpStatus.OK, response.getStatusCode()); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java index c18ea25227..fb6c3ef26d 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/openapi/SystemApiControllerTest.java @@ -25,6 +25,7 @@ */ package org.niis.xroad.securityserver.restapi.openapi; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.util.CryptoUtils; import org.apache.commons.io.FileUtils; @@ -206,7 +207,7 @@ public void getConfiguredTimestampingServicesEmptyList() { @WithMockUser(authorities = {"VIEW_TSPS"}) public void getTimestampingPrioritizationStrategy() { when(systemService.getTimestampingPrioritizationStrategy()) - .thenReturn(SystemProperties.ServicePrioritizationStrategy.FREE_FIRST); + .thenReturn(ServicePrioritizationStrategy.FREE_FIRST); ResponseEntity response = systemApiController.getTimestampingPrioritizationStrategy(); assertEquals(HttpStatus.OK, response.getStatusCode()); diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java index dcbc976f1e..63199bcc0f 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/SystemServiceTest.java @@ -44,6 +44,7 @@ import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.globalconf.model.SharedParameters; +import org.niis.xroad.proxy.proto.ProxyRpcClient; import org.niis.xroad.restapi.config.audit.AuditDataHelper; import org.niis.xroad.restapi.config.audit.RestApiAuditProperty; import org.niis.xroad.securityserver.restapi.cache.CurrentSecurityServerId; @@ -95,6 +96,8 @@ public class SystemServiceTest { @Mock private ConfClientRpcClient confClientRpcClient; @Mock + private ProxyRpcClient proxyRpcClient; + @Mock private AuditDataHelper auditDataHelper; private final SecurityServerAddressChangeStatus addressChangeStatus = new SecurityServerAddressChangeStatus(); private final MaintenanceModeStatus maintenanceModeStatus = new MaintenanceModeStatus(); @@ -116,7 +119,7 @@ public void setup() throws Exception { systemService = new SystemService(globalConfService, serverConfService, currentSecurityServerId, managementRequestSenderService, auditDataHelper, - addressChangeStatus, confClientRpcClient, maintenanceModeStatus, globalConfProvider); + addressChangeStatus, confClientRpcClient, maintenanceModeStatus, globalConfProvider, proxyRpcClient); } @Test diff --git a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java index c63fa867c4..dcdb182d70 100644 --- a/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java +++ b/src/security-server/admin-service/application/src/test/java/org/niis/xroad/securityserver/restapi/service/TokenCertificateServiceTest.java @@ -366,8 +366,8 @@ private void mockGetCertForHash() { return switch (certHash) { case NOT_FOUND_CERT_HASH -> throw XrdRuntimeException.systemException(CERT_NOT_FOUND).build(); case EXISTING_CERT_HASH, EXISTING_CERT_IN_AUTH_KEY_HASH, EXISTING_CERT_IN_SIGN_KEY_HASH, - SIGNER_EX_CERT_WITH_ID_NOT_FOUND_HASH, SIGNER_EX_INTERNAL_ERROR_HASH, SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, - SIGNER_EX_TOKEN_READONLY_HASH, HASH_FOR_ACME_IMPORT -> + SIGNER_EX_CERT_WITH_ID_NOT_FOUND_HASH, SIGNER_EX_INTERNAL_ERROR_HASH, SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, + SIGNER_EX_TOKEN_READONLY_HASH, HASH_FOR_ACME_IMPORT -> // cert will have same id as hash new CertificateTestUtils.CertificateInfoBuilder().id(certHash).build(); case MISSING_CERTIFICATE_HASH -> createCertificateInfo(null, false, false, "status", "certID", @@ -427,7 +427,7 @@ private void mockGetTokenAndKeyIdForCertificateHash(KeyInfo authKey, KeyInfo goo new TokenInfoAndKeyId(tokenInfo, authKey.getId()); case EXISTING_CERT_IN_SIGN_KEY_HASH -> new TokenInfoAndKeyId(tokenInfo, signKey.getId()); case NOT_FOUND_CERT_HASH, EXISTING_CERT_HASH, SIGNER_EX_CERT_WITH_ID_NOT_FOUND_HASH, SIGNER_EX_INTERNAL_ERROR_HASH, - SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, SIGNER_EX_TOKEN_READONLY_HASH, CertificateTestUtils.MOCK_CERTIFICATE_HASH -> + SIGNER_EX_TOKEN_NOT_AVAILABLE_HASH, SIGNER_EX_TOKEN_READONLY_HASH, CertificateTestUtils.MOCK_CERTIFICATE_HASH -> new TokenInfoAndKeyId(tokenInfo, goodKey.getId()); default -> throw new CertificateNotFoundException("unknown cert: " + hash); }; diff --git a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/010-add-tps-cost.xml b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/010-add-tps-cost.xml index fd22351fd0..2f79245586 100644 --- a/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/010-add-tps-cost.xml +++ b/src/security-server/admin-service/infra-jpa/src/main/resources/liquibase/serverconf/010-add-tps-cost.xml @@ -5,7 +5,7 @@ xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.19.xsd"> - + diff --git a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue index 91a4ae84ae..17c541e748 100644 --- a/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue +++ b/src/security-server/admin-service/ui/src/views/Diagnostics/Overview/DiagnosticsTimestampingServiceCard.vue @@ -43,7 +43,7 @@ {{ $t('diagnostics.status') }} {{ $t('diagnostics.serviceUrl') }} {{ $t('diagnostics.costType') }} - {{ $t('diagnostics.message') }} + {{ $t('diagnostics.message') }} {{ $t('diagnostics.previousUpdate') }} @@ -66,13 +66,15 @@ data-test="service-url" > {{ timestampingService.url }} - - - {{ $t('systemParameters.costType.' + timestampingService.cost_type) }} + + + {{ + $t('systemParameters.costType.' + timestampingService.cost_type) + }} - -
- {{ $t('systemParameters.costType.' + timestampingService.cost_type) }} + {{ + $t( + 'systemParameters.costType.' + + timestampingService.cost_type, + ) + }}
diff --git a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue index 129b8dfa49..4e6a7154e8 100644 --- a/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue +++ b/src/security-server/admin-service/ui/src/views/Settings/SystemParameters/SystemParameters.vue @@ -166,7 +166,7 @@ /> - + {{ $t( 'systemParameters.servicePrioritizationStrategy.timestamping.label', @@ -199,7 +199,7 @@ ) }} - + {{ $t( 'systemParameters.timestampingServices.table.header.costType', @@ -326,7 +326,7 @@ ) }} - +
- +
��Љn���\*�+D�3\����`B�A���*{)m�(����(;�Ǻ���<<5G-R�;m� �����5�=��_��uLT"d��`;��X���m*���[���o��`�;�B�^RYm�V�?��tݮB[�Ђ�s�����E�����n+L�T9�*���M>b��;x�z���[�}�J���;C��4Qb +}���1"� �����?� �pd���c��2�t�+�{^�v�&\p���];�)=�?!��Z�,)�=�1� �Bb��f��&Cֺ� ���I:Jݕ%�w���n��Ĵt��"�\�lc�e%���^$�&�/k��������z%G}����޺P�%����7�U���6k�~����W�����I�" \��\�q0������~R�x�و�Y��N�S���4v�����s>��5��o?��mt�p�+�����t�i��K+M�5R�Uɛ��;�QPg�������(Fm7e�s[S09�Fs-�ݫ8Њg�~�+��k� +������;���n�3nB�lhL��@�̗ +Y���-&�3+�5dM�<S��n������!�{����=t]%��NC�R�WC�[҄��g����=W��%���I}^/t́^�Ub�� 4�ǯ!��c �ʢOk۾�j341��0_ *�H�� + 1RP1342b84b4829bb79226ab268b4d8e70b010686130! *�H�� + 1Time 17623806640660�� *�H�� +���0��0�� *�H�� +0f *�H�� + +0Y08 *�H�� + 0+�$�LX#��#����yL��}>' 0 *�H�� + 0 `�He*�=�_��Vfk��:��`�L؜���=��r��.{�=��h�'wv<6D F!`ga$j��S����� 8[Pzڸ�iiĝ�ڹ|��[z$����(�����"�[ �:A�%�2*P����tn�a��2��������X��qg��Ѭj�@C>ᗨ�{Q28�~��j�؉� +? �u�7��>Ee�j��4񪬴��?��U\��SSo侠m:gX[x4�#��Ȋ�/�N�,4���m'@�6�T�o��BnE} �;�A�J:���������F�%j��W�z�Q�E�y��DHe50S��m�U�B�W���VB��˒� +�f�/��J�YBZ��Gs��v�fc�d�'�`��uR�7n����CV�\�p!.����c�(�|SP��b��>3_y�#CJ�[ f�6��^�V>�Bg� YM�;��Tp�~��K$���}�!M����4�T�[ *EP�O��*��/ $� .e��(c��[ՒW�h�"�t�M)S�S���0;�ʥ +М_u��0�r�(��/{��Pj��THc��pn����ο��D��|��N\Ɉ_|��w��*$'f:-�zmA���)w#T���rA��� /�R�c�y��%�q���H~0}� �Fm$p8�&� +�k��BԼ{�RÉ��6�Y(� +�s����@Q�:�U�P/HR����;�};]� @�����A� '� +1Aw�%�H���fJ���c�*MO@c;��#�z[�J{]��/`O'�ե����_�ݴ�&��- +�Ӎ���a���͢1�+ +��>���,\L֮!\�n�G>���gz�'w\+��� +(-��$���=�0\Ӡ�@�>2[�����w������yŀ ���[�/I�0M010 + `�He �C����� . �`0�oc\hκΣI�;���;�b�����?���N�x\�h���' diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/A1B0BEB1E088E3A291AEEC57FB04400BF17D3E0D.p12 deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/E67CCA8E9B3DA52DB740CDCDC0926F356F431063.p12 deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/15A0AFEE2602D2846621118997E268F5FA843C94.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/15A0AFEE2602D2846621118997E268F5FA843C94.pem new file mode 100644 index 0000000000..9605da405f --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/15A0AFEE2602D2846621118997E268F5FA843C94.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQTCCAimgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwNFoXDTQ1MTAzMTIyMTEw +NFowSDELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQ0wCwYDVQQD +DAQxMjM0MRQwEgYDVQQFEwtERVYvU1MwL0NPTTCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAK0k8LMy+LETgEG4ulkrj6EN/iv3T0KD03Syv3WbwjJIlluV +JsGUcdDxwozcFF/hbQmGWehhdFf/cqwsDL7nflgLinLf+Z/WyS6vhV4o7qRL4V3s +gtCP6+jWjlFito8l3TDHUDqAV6I0E5DRxAo/7+wtzWYBxtEA2l3C7yxCXi/LaXnP +vanLRdMMiojL5zfYV4j2Bt7PXDhKLjp90C/lWCNNh8/8t88cAxxYhieBQB79p8Z2 +J4WYHgp+RVXh+mmtSFLkvWBAGqpmEghuoTrGleT4j4sudWZrCPI/CqWE7Yu/Xo4z +fU7hohH5NYEz6Hdor+N7EIrM2aXJvPZMBd2RwiMCAwEAAaNdMFswCQYDVR0TBAIw +ADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFJiL+gB6lCj5ggX7nXaSjdH0zYcd +MB8GA1UdIwQYMBaAFFEGJh68C8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUA +A4ICAQA12nl19PaM3RM+kyoqu4MUSln1PK8YaSkz66/XQlG7gbs4hv37IbKIe5Jt +fpRYZDcWsYLG2qC+1nngfrMJX+otrE3OrRu7hnFASuPQ24Yut8WicyM+V826c+tD +ISTL3+lvoQrXI/Eedmxsge1oGf591luc+GR3HaJMg7sC3sZryFY/0xq9zlzjCzTD +5LwzPrBGQI3a/z93nb4oAPSZgQZtXjYt1d/gYNmoQiQBX+KOpeH1LywvhHoOy+wG +/ArqGhsKoAzNjCOdp2nBSlYK7ye5yn9iE1ILyKHybNckMC52swjb6FDDwohwlRBC +I40NNukKpLEXUvMwDZRg6YhMNICLuD+9EnhmY0DmYuB18dEFOsihPPWkaQe0oBpe +C6/i8vxyz4sp9GXzHXj+Xw0GZ/FJNCQJSKbL9pvi7aTpK7YXog5V4NnGAcwRxlMG +eZoGf7twsLaFlPfuiG0ESAZ8Oj/hwVYA7FA1Na7aHNxnfLSnZVMFeOxnocqr9UEp +3ge2Nrs47L69hHFqLE3xgjkQMKUuSkbW4IwFUJNe56/f6DA0fA5nzShFLdbc1iNQ +WVv7GgYvKOxsdyG9MYqzuBpXAQM4gcFptL0+MoghLH3ZXkWca79a56Tn6coZ4i7n +lNFvm1l92E2+SUYBlv36n6Q7rpCp4kN6OZWX7IYbfMirP0/afQ== +-----END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/2383ECC7DCE9C81826F99FC79FE96393A342FE42.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/2383ECC7DCE9C81826F99FC79FE96393A342FE42.pem new file mode 100644 index 0000000000..d669253c64 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/2383ECC7DCE9C81826F99FC79FE96393A342FE42.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNjE4MjUxMFoXDTQ1MTEwMTE4MjUx +MFowSTELMAkGA1UEBhMCRkkxFTATBgNVBAoMDE9yZ2FuaXphdGlvbjENMAsGA1UE +AwwENDMyMTEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDC/MwQKOrsiZj00e7qkYmwBDUmWId3spIBJV/jRZMERt4g +6U9MsodB5nDHNNZnaTO5SWYqY9j1L2NWHIlSuKYHS++qnW+7dR9Nf2CsngnINeiO +f+Al8p42ZRMgtab4FT5VW/bpSE5IxArFmdfujD7g1PLW1BYtGxxMqOIx/cm1wjYc +zsOl50FMeobOIJDNf2NBJKl9qD3ksSdS/ZTArC1Irar8JL9NhJZtQKMu/8sCVXbq +qH19JYDOAz1SrHEhRaxXU49ShJSkMEL9Ky4/frkHPyf2pF23XuYMTdtWNaIo5IB6 +IcyZwwQOtEsbRqNqx8dmdB5gxCqsFz6uxkuTdyfhAgMBAAGjXTBbMAkGA1UdEwQC +MAAwDgYDVR0PAQH/BAQDAgZAMB0GA1UdDgQWBBSmCq5TPHuU1Z8D+JlUad2BU1st +3DAfBgNVHSMEGDAWgBRRBiYevAvLCa/qe8wjlhWHEhqOJzANBgkqhkiG9w0BAQsF +AAOCAgEAY3LhOo6bPW/faBbyA37D3AJP1IskqlE4U1hKbAdXMcGDiWYjRI2Q2Kno +9yMVQzP0OZ/NP+5dETcspMI5VsLYFd41y285RWQcGC0nlSZuKtcb3ENONi0iitol +kAGa12x6npz9RU997BvmDTFOZooORFO3DEbvYf/vL/7hBWeub7JsDmCEAafZmj52 +iCJysfAaH8hKyDFkT0RMwq3zUHZqcsYYrmsc2vz7H+6h4WH8dfX+FfG1TYyZz/TH +Ql6N/P9KDn9rf/1TKxDpGXMhNzAx9ldPV21MO85X8dL8jLiCy43821fDaRY1V4ML +P+S2C2pQn8Ej+3vbpTeV6mWEQSed7kJnEeziD8zD2kAVSBNA4e8ph9f+6SVhOkCk +sHtorMdVNdUjVIWJRrwN6hg5V7uEMNE2tA4vHegzB38pOcq7YObp/ZKagW/JSw8k +3cOnl48+qv2K58tSV9H8p4MBj6VpDTPCPLKcZzIghbvFuNqMAb1FzN7Rp0x2DLB1 +VNRDQe60/JsUGpObz+smJef9pHMZD3UQYXrbDpWTg4qA/lOM+C2kuYon4kRM9V+J +Zc7BP2FqLsC5WTemw9t1wxxD1Qjgz8NFQu37O1l7AL+HirORwvEoL+jQoc+VvPbc +4YStKi5LajuNsXtsfPtQ9SPW1iYRadp/PEfRvkNeOvwkpgKiAAk= +-----END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/5BC622B62052EE89F2020C2FA91872CB49EB1502.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/5BC622B62052EE89F2020C2FA91872CB49EB1502.pem new file mode 100644 index 0000000000..bbcf9c6590 --- /dev/null +++ b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/5BC622B62052EE89F2020C2FA91872CB49EB1502.pem @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEXzCCAkegAwIBAgIBAzANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0 +MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI1MTEwNTIyMTEwMVoXDTQ1MTAzMTIyMTEw +MVowRzELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgbWVtYmVyMQwwCgYDVQQD +DANzczAxFDASBgNVBAUTC0RFVi9TUzAvQ09NMIIBIjANBgkqhkiG9w0BAQEFAAOCA +Q8AMIIBCgKCAQEApp1Ls34vBfJkD2bHtmnvb1HxhMBoBPP8rvwtcjGfVCTA7i+Dl +F3gTLV49k81FMi5gRHQNWLde1NmLTKTzFSoPUerCT7ohvTCTAm4h5W/328xoMo6m +2h/nGyuIoAIIUJi/CKf+Ih+zZCklsZqWaOd1f1QIPJOtjQkoMl+2olj2tw1o4/Bi +im8B03aVTYXfkGhDRC2D6nZJm4Gi9EBZ+USMEAO6CCFobGLLThomWkHDUxjliSGs +T4EJA3iR4h9gSuOfMpqHZv5/lY4X4axsR90c8oFEYMfuk9oZSL/dE0oqYpODW1mW +7hEm/8afUfTR/8ZtGsvYZFT70VcGcYNNdfoxwIDAQABo3wwejAJBgNVHRMEAjAAM +A4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwH +QYDVR0OBBYEFF757d7rOx/BzngYLRV8hOUpJDR3MB8GA1UdIwQYMBaAFFEGJh68C +8sJr+p7zCOWFYcSGo4nMA0GCSqGSIb3DQEBCwUAA4ICAQCympOjqsvo6cJPSLN2F +J83VFVTtbp9JIY8WQ5ltHMi7nncSJZ0pKfx5rjA+TNb4lWvjUko6ijRDyr8DwNU3 +ik69DffIlz7SmbhTxnP5hbgVma/xYgPRSYw0LIln1EksRvhTSSHdZfxrKvdXeK0X +TO6zmmgTPpYzpuN1kdsRFsua7H5IuDMMzPeH7vw++HsGAHpd0/Vp9cdknqpFZZOZ +ckK65HAGD2xltfd5HIZ9nGz1M9QDir/+oiwkwDOF53OVC2lxpnKA4m6mKmuJ4TIS +y2l04chJuNfRWqrqssnQDOhZkzIfDi/7NTdE25wA0KiXPl6cVQ/IZxJ6a6uCEOC+ +cISxRfWvyuA4UDnnWDCKRdbDLv6f3O2/wDUIvWGjNU3j8xshA0axxb8VxXuLTLqB +o8o0DMq4EBdAaumgzHuAO+Cj8dJs3yVkeK37MwvBUkmar7+gQmUL7U+mA9KUxMxa +lm8VAHZy2n7rlLU5kQCACyhEYWAtuUGZKHzLsqB3MOXKpIkbL5fqVNnHGeI0Wxoo +rS3y/SQf5OaRybZLFmkDESCOqL8zqd3XO4jUB7NMX5MMX1883KfkeiuWBRTZQD4J +Tq9I7YsWGyI1YpIOxA2Mjz8wu+EmFIvvZ7ersui3MsnTwoYqxymEPx0QiYVD3BHQ +XkPkI2T2rVe4ptaiH2t3MhYDw== +-----END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/84E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/84E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem deleted file mode 100644 index 1462e13e4d..0000000000 --- a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/84E4773AFCC4051226ACAEF9AC256AAE4059EE93.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIERDCCAiygAwIBAgIBCDANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjgwOTIyNTVaFw00 -NTAyMjMwOTIyNTVaMEExCzAJBgNVBAYTAkZJMQ0wCwYDVQQKDAR0ZXN0MQ0wCwYD -VQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvU1MwL0NPTTCCASIwDQYJKoZIhvcNAQEB -BQADggEPADCCAQoCggEBAMzaiSaCGtYXDxp2Nu+vFfG/8S3II3UEPQ5OykJgLSo/ -+xMKnxRm1cmpbV2cAlhPNslbR5T06M9TK+96l8/rcGf/o+ksVjQZiS5R6T9BO0Vf -TiOnu2LiVoeBoGgnuVU+0csMK36d767UjOAtS4NnZpd9ltYF+fF3d3zB1RqoexoL -SkDlVqQePvGqtTSRCadRefnUp/udN/aFe4lsjksib1mpuJF6v34JfdyIh9MnxLr/ -2vqlCRDuZRub+bQh1z0pgjHfN7H06kS+zuvQKM2oB+YBJAlYPZue9Eri/jpksYfD -7mdxchVt2Nomz67sPQp2DCCST43LBCKVVyN237bMdy0CAwEAAaNdMFswCQYDVR0T -BAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFAHAxWWIfTMyiFjUfxtP087Z -FWiKMB8GA1UdIwQYMBaAFGNpUzhqJbRrVf7eFYEaz5qLlb84MA0GCSqGSIb3DQEB -CwUAA4ICAQCSnX6DxwUDtTobj6yUPANbAOErfwegQOdh9WuP+goMP3VRraOGPbAA -Rs2W+EA1VJsXchsyMaOINZZK2GULQXJNbofpdiToph07HMVTg2Rc4xdHX+ZCq8Sr -xHW0WG8uYutmTJgmuKZ8+tYg8j/T/XE7oZTwBmFIrnwUqLSNSpNGC4EODTFIOY7H -XZvPhdAOQ8G9hzqaka3ztf5TempnfkOY+71l4eLj5voB/TGSqP2LcboTWa3oZhX6 -Qhm9OWqrdS5pOzFoiDX1bQiyCQtWSxyySYQJpmKAIgLUfQRvN+pa+VaVou068r4W -1epyvDgRyvReYVYvshPCr3tarL523dKT6+RPHcPpZgjWwghuYsMtJPJ8EomC6QA8 -s09q/4xmfZ0w133LTqomptTGvqL9WICtcyBi5XPO6to563tAblVaFtfIKQ79AJQg -DiHpkexe5ys/tFxQ+jFJFixAH89T+0+FSyr/obBMriMkMxaKtDnbp20/sq66jzV8 -nyxgvdgMVtMRL02ykmFjG0dmdeL8WDHdIffH69xNds1jbE8RRLgvTvXB0zydzHZs -fsfwR2gEDc5GZKZfMVqzmF6MK4kwV962wDOZi2vI5c+VGHEiP7qf5s1VCSJnhDZd -xWfnxUzuY1g+0EJFoznAri1kc2jU0/Xj+lOJOG8sfj9NBHbPa/0NcA== ------END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/D7D15F0ED1A1320EBA0190C838506B60EC07C994.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/D7D15F0ED1A1320EBA0190C838506B60EC07C994.pem deleted file mode 100644 index 1ccd5950a3..0000000000 --- a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/D7D15F0ED1A1320EBA0190C838506B60EC07C994.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEbTCCAlWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODQwNDZaFw00 -NTAyMjIwODQwNDZaMEsxCzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZXN0IG1lbWJl -cjEQMA4GA1UEAwwHeHJkLXNzMDEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0G -CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyNalEKM/40JNMd2lpvkOMLO3hiLkp -CLjy/PrKMsBHgDlaGg3g8OL2yJ6fKVZCtcBNPlqONOUdoMQ9xbyrR6VR8Px/XBaq -/+4azB93g8dvJ0w2e1GrK7UKhsYVCsDDGvprgiSG/vzmrlovEj8XdRvXrV2K5tgL -v8QR5MkkSZWmK/bUzrTPbs9wYjXiDSFtQpAQbK6RZAK+lxcPFkJIsk5GHAxVJxD8 -kXzW4M4cJin2XDlfWdt10KvI9GsbNivjm05T7eZTBT86DhRNBI65rXPX1utLtimC -8YGEw6nkX2wlhiBAZlddbLkcZ6Im7mhV5Y+HFQVBrFNWC6GQRljk5ULNAgMBAAGj -fDB6MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgO4MB0GA1UdJQQWMBQGCCsGAQUF -BwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUMpbjRQF6QZzWKzqt4czCirJo3rwwHwYD -VR0jBBgwFoAUY2lTOGoltGtV/t4VgRrPmouVvzgwDQYJKoZIhvcNAQELBQADggIB -ACALBepGr5bRrXXNnr0PUQCU5rjAqv28NGxSdznVe8Df1Lz3v0gHmfy8TCX0naF4 -eUqw2I4NsqEnu4L2qxr+klknz+X6qLFQaUXiUe/dC4Dh2gxc8gGANzKWdXoKCATp -gr2d1rYTcvokOMtrus91Ch3t09vi80FcyZEbVStI/vHT1q5lq37swpNzVv0XuAQB -6Op+ufvFTw/1FS4V0cKEfbRdd6egFTZ0NXZS+gNe/zgUadoxXbO0aefnNjuErLVw -m5IofnQlRN3M+0wqn5nlCE4tzPKMQUaxwCqcjau/MskfalU/OKWwwXE3tN7aMgDW -WTXf6z37lQ00bvn7lLN4hTLUje2NKCgr70Y/xmAHIEdWAaKaispSQltHYixf8zm9 -ZY1sPDYv+wYOHSQi6xMBLFO9tMw2d2IEcgTfftJ118H9OGu4b27ox3KYnMK6Iq2E -7GjXk/bpaYI5jU6rxTLOi2gAGOzEeqOOGt+94fOpPgqt+xK9z4EffuD0m2C5tMAC -Lmw+7TQ+60nI0hVt7LOlplKfy+np4K/wuwhcSdRAGeejVMoEqaefQYUqj1l8JX2O -J4MewMu3F5CXK7PmLJK/K4edHc+L2bnfYuDsIQZgvg8ZmDJOHecAX052LxsaFgWJ -HiHHcxqZvZ9iQTgjFRvgyrHYlidHV6EVT1t0mdFZqwOQ ------END CERTIFICATE----- diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem b/src/security-server/system-test/src/intTest/resources/files/keystores/certs/E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem deleted file mode 100644 index 2f584ebe68..0000000000 --- a/src/security-server/system-test/src/intTest/resources/files/keystores/certs/E3DC911F8E2EB7AD3BE2D65748F6B7048936EDFE.pem +++ /dev/null @@ -1,25 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIESzCCAjOgAwIBAgIBBDANBgkqhkiG9w0BAQsFADArMRcwFQYDVQQKDA5YLVJv -YWQgVGVzdCBDQTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNTAyMjcwODQwNDlaFw00 -NTAyMjIwODQwNDlaMEgxCzAJBgNVBAYTAkZJMRQwEgYDVQQKDAtUZXN0IG1lbWJl -cjENMAsGA1UEAwwEMTIzNDEUMBIGA1UEBRMLREVWL1NTMC9DT00wggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQChHRjPqqcYEuMZiNlH0PWBKE6DSgLQ50Gm -jFgMFnjQ378Njck1TPNws14ftff8T5BBCUomXdy4u4rGQeSSPKY5M121NMC/jDfk -aKdtvi2F5n/WZrdAZo9J0RIp/Dbr9Fmwd/iohkxKY0zr7oNR/nsCHI4N6ZfI2iU8 -+4dOnxOr8vBw8UT5PBFH8GIKiuPTJp/KRKSDuF8ev4QC6KXGT6Q0WpOFvTxu5iwd -h5V8XwmhAAzk0vnrBPEUynp5I47sSyKsYyP7LT5MQxnxrih+JUSc83r2onMgmfH1 -qRQXFXZvn5ilaLUa43Dc+oHFPH/xo0V5T2GhSlDtbmHWyhZbKvGpAgMBAAGjXTBb -MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgZAMB0GA1UdDgQWBBROYou+TxqDwfPj -gLBA5Ik8e/2bIzAfBgNVHSMEGDAWgBRjaVM4aiW0a1X+3hWBGs+ai5W/ODANBgkq -hkiG9w0BAQsFAAOCAgEAFDOcJIMLKaU1VnzAJSfx7lPFE3I4qycjQmKMsp9af8qr -ZC/OtuWR48KOQ5PTaTvKpO5phrIpV4t7kPoyqozz12EXfcmao7dJvXqqpEWk78h3 -xPRff/yUrZ7EiGwlvngzkMVry6fzL1kkMaYNj9BAIpjz+XQwtmOp6N7f4jhCowj/ -z28ScRfOtmrhPR/ruTscLRKv/QCbIuQ9pnKKmLL1yGbvK6HkvpsT5m/CXmU0Mqia -Id+r9aZX251W5vjKw4LZpOnZ0QWaMyA1Xan83QUYtLp+/1frxHjAMZVr1HoI44pA -jzmhX//sQrTmccyt7KqXUGIq6e9JMWRdgWgjzjk97xiY5Tp+VZz1mLKW4OP9RU5D -0OD/J9GszO+4Ov30PY8pQ6uvtSmtRRq43AjFp1nMgd7/XO0aBIlWNoJKjip6wYYa -kq6flQz2Ym84+DcYW4jHAr8q1E1AFBhit0/wNCE0fMU4re5ntVt7TjS/lOZc/w5O -oB0+h6EvYmEf0GjUw1R+aA+HGUGjNx2N30OVE+80HDBMimO2Kcw/oZNR6dbR10jB -KoBQJEEFHSFi7FcddBCDcY1/asxiLB34wyjau1KSZQxKq1uGmB5l+QA5IwJ1sDxb -H77LVNjaPYMTuwVC8VP/Fs6b4G6jPxeR6Fj0DdZWwgw7UoB9M13a1VnW6nPB26E= ------END CERTIFICATE----- diff --git a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java index 981430bd00..9d5c3a2e24 100644 --- a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java +++ b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/admin/AdminService.java @@ -38,12 +38,16 @@ import org.niis.xroad.messagelog.archive.EncryptionConfigProvider; import org.niis.xroad.proxy.core.admin.handler.TimestampStatusHandler; import org.niis.xroad.proxy.core.configuration.ProxyMessageLogProperties; +import org.niis.xroad.proxy.core.configuration.ProxyProperties; import org.niis.xroad.proxy.proto.AddOnStatusResp; import org.niis.xroad.proxy.proto.AdminServiceGrpc; import org.niis.xroad.proxy.proto.MessageLogArchiveEncryptionMember; import org.niis.xroad.proxy.proto.MessageLogEncryptionStatusResp; +import org.niis.xroad.proxy.proto.OcspPrioritizationStrategyResp; import org.niis.xroad.proxy.proto.ProxyMemoryStatusResp; +import org.niis.xroad.proxy.proto.ServicePrioritizationStrategy; import org.niis.xroad.proxy.proto.TimestampStatusResp; +import org.niis.xroad.proxy.proto.TimestampingPrioritizationStrategyResp; import org.niis.xroad.proxy.proto.dto.MessageLogEncryptionStatusDiagnostics; import org.niis.xroad.rpc.common.Empty; import org.niis.xroad.serverconf.ServerConfProvider; @@ -64,6 +68,7 @@ public class AdminService extends AdminServiceGrpc.AdminServiceImplBase { private final ProxyMemoryStatusService proxyMemoryStatusService; private final EncryptionConfigProvider encryptionConfigProvider; private final ProxyMessageLogProperties messageLogProperties; + private final ProxyProperties.OcspResponderProperties ocspResponderProperties; private MessageLogEncryptionStatusDiagnostics messageLogEncryptionStatusDiagnostics; @@ -92,6 +97,17 @@ public void clearConfCache(Empty request, StreamObserver responseObserver handleRequest(responseObserver, this::handleClearConfCache); } + @Override + public void getTimestampingPrioritizationStrategy( + Empty request, StreamObserver responseObserver) { + handleRequest(responseObserver, this::handleGetTimestampingPrioritizationStrategy); + } + + @Override + public void getOcspPrioritizationStrategy(Empty request, StreamObserver responseObserver) { + handleRequest(responseObserver, this::handleGetOcspPrioritizationStrategy); + } + private void handleRequest(StreamObserver responseObserver, Supplier handler) { try { responseObserver.onNext(handler.get()); @@ -178,4 +194,25 @@ private List g member.keys(), member.defaultKeyUsed())) .toList(); } + + private OcspPrioritizationStrategyResp handleGetOcspPrioritizationStrategy() { + var strategy = ocspResponderProperties.ocspPrioritizationStrategy(); + return OcspPrioritizationStrategyResp.newBuilder() + .setStrategy(getServicePrioritizationStrategy(strategy)) + .build(); + } + + private TimestampingPrioritizationStrategyResp handleGetTimestampingPrioritizationStrategy() { + var strategy = messageLogProperties.timestampingPrioritizationStrategy(); + return TimestampingPrioritizationStrategyResp.newBuilder() + .setStrategy(getServicePrioritizationStrategy(strategy)) + .build(); + } + + private static ServicePrioritizationStrategy getServicePrioritizationStrategy( + ee.ria.xroad.common.ServicePrioritizationStrategy strategy) { + return ee.ria.xroad.common.ServicePrioritizationStrategy.NONE.equals(strategy) + ? ServicePrioritizationStrategy.SERVICE_PRIORITIZATION_STRATEGY_NONE + : ServicePrioritizationStrategy.valueOf(strategy.name()); + } } diff --git a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java index 6ca573cd62..9391a3daf9 100644 --- a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java +++ b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyMessageLogProperties.java @@ -26,6 +26,7 @@ */ package org.niis.xroad.proxy.core.configuration; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.crypto.identifier.DigestAlgorithm; import io.smallrye.config.ConfigMapping; @@ -70,6 +71,10 @@ public interface ProxyMessageLogProperties { @WithDefault("SHA-512") String hashAlgoIdStr(); + @WithName("timestamping-prioritization-strategy") + @WithDefault("NONE") + ServicePrioritizationStrategy timestampingPrioritizationStrategy(); + default DigestAlgorithm hashAlg() { return Optional.ofNullable(hashAlgoIdStr()) .map(DigestAlgorithm::ofName) diff --git a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java index 57fbfd0d37..9774141c93 100644 --- a/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java +++ b/src/service/proxy/proxy-core/src/main/java/org/niis/xroad/proxy/core/configuration/ProxyProperties.java @@ -27,6 +27,8 @@ package org.niis.xroad.proxy.core.configuration; +import ee.ria.xroad.common.ServicePrioritizationStrategy; + import io.smallrye.config.ConfigMapping; import io.smallrye.config.WithDefault; import io.smallrye.config.WithName; @@ -221,6 +223,10 @@ interface OcspResponderProperties { @WithName("jetty-configuration-file") @WithDefault("classpath:jetty/ocsp-responder.xml") String jettyConfigurationFile(); + + @WithName("ocsp-prioritization-strategy") + @WithDefault("NONE") + ServicePrioritizationStrategy ocspPrioritizationStrategy(); } @ConfigMapping(prefix = "xroad.proxy.addon") diff --git a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java index 8acd6a4ac6..8f65d6ed3e 100644 --- a/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java +++ b/src/service/proxy/proxy-core/src/test/java/org/niis/xroad/proxy/core/clientproxy/FastestConnectionSelectingSSLSocketFactoryIntegrationTest.java @@ -25,6 +25,7 @@ */ package org.niis.xroad.proxy.core.clientproxy; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.TestCertUtil; import ee.ria.xroad.common.identifier.ServiceId; import ee.ria.xroad.common.util.CryptoUtils; @@ -129,6 +130,11 @@ public int clientReadTimeout() { public String jettyConfigurationFile() { return "src/test/ocsp-responder.xml"; } + + @Override + public ServicePrioritizationStrategy ocspPrioritizationStrategy() { + return ServicePrioritizationStrategy.NONE; + } }); authTrustVerifier = new AuthTrustVerifier(ocspResponderClient, globalConfProvider, keyConfProvider, new CertHelper(globalConfProvider, new OcspVerifierFactory())); diff --git a/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java b/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java index b9d76e66ff..a3e593f03e 100644 --- a/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java +++ b/src/service/proxy/proxy-rpc-client/src/main/java/org/niis/xroad/proxy/proto/ProxyRpcClient.java @@ -31,6 +31,7 @@ import ee.ria.xroad.common.AddOnStatusDiagnostics; import ee.ria.xroad.common.DiagnosticsStatus; import ee.ria.xroad.common.ProxyMemory; +import ee.ria.xroad.common.ServicePrioritizationStrategy; import ee.ria.xroad.common.util.CryptoUtils; import com.google.protobuf.ByteString; @@ -187,4 +188,23 @@ public X509Certificate importInternalTlsCertificate(byte[] certificateBytes) { var response = exec(() -> internalTlsServiceBlockingStub.importInternalTlsCertificate(request)); return CryptoUtils.readCertificate(response.getInternalTlsCertificate().toByteArray()); } + + public ServicePrioritizationStrategy getTimestampingPrioritizationStrategy() { + var response = exec(() -> adminServiceBlockingStub + .getTimestampingPrioritizationStrategy(Empty.getDefaultInstance())); + return getServicePrioritizationStrategy(response.getStrategy()); + } + + public ServicePrioritizationStrategy getOcspPrioritizationStrategy() { + var response = exec(() -> adminServiceBlockingStub + .getOcspPrioritizationStrategy(Empty.getDefaultInstance())); + return getServicePrioritizationStrategy(response.getStrategy()); + } + + private static ServicePrioritizationStrategy getServicePrioritizationStrategy( + org.niis.xroad.proxy.proto.ServicePrioritizationStrategy strategy) { + return org.niis.xroad.proxy.proto.ServicePrioritizationStrategy.SERVICE_PRIORITIZATION_STRATEGY_NONE.equals(strategy) + ? ServicePrioritizationStrategy.NONE + : ServicePrioritizationStrategy.valueOf(strategy.name()); + } } diff --git a/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto b/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto index 9cfb50e15b..9de3dbbf4d 100644 --- a/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto +++ b/src/service/proxy/proxy-rpc-client/src/main/proto/admin_service.proto @@ -38,6 +38,8 @@ service AdminService { rpc GetProxyMemoryStatus(Empty) returns (ProxyMemoryStatusResp) {} rpc ClearConfCache(Empty) returns (Empty) {} rpc TriggerDSAssetUpdate(Empty) returns (Empty) {} + rpc GetTimestampingPrioritizationStrategy(Empty) returns (TimestampingPrioritizationStrategyResp) {} + rpc GetOcspPrioritizationStrategy(Empty) returns (OcspPrioritizationStrategyResp) {} } message AddOnStatusResp { @@ -71,3 +73,18 @@ message ProxyMemoryStatusResp { optional int64 threshold = 6; } +message TimestampingPrioritizationStrategyResp { + ServicePrioritizationStrategy strategy = 1; +} + +message OcspPrioritizationStrategyResp { + ServicePrioritizationStrategy strategy = 1; +} + +enum ServicePrioritizationStrategy { + SERVICE_PRIORITIZATION_STRATEGY_NONE = 0; + ONLY_FREE = 1; + ONLY_PAID = 2; + FREE_FIRST = 3; + PAID_FIRST = 4; +} From 6c788683bd245696b3dd72d1768b8271efc1bd71 Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Tue, 18 Nov 2025 11:45:05 +0200 Subject: [PATCH 7/8] chore: temporary fix for vulnerability GHSA-5j98-mcp5-4vw2 refs: XRDDEV-2980 --- src/package.json | 5 ++ src/pnpm-lock.yaml | 126 ++++++++++++++++++--------------------------- 2 files changed, 55 insertions(+), 76 deletions(-) diff --git a/src/package.json b/src/package.json index eff4b556dd..11f8dff6f5 100644 --- a/src/package.json +++ b/src/package.json @@ -10,6 +10,11 @@ "prepReportDirs": "mkdirp ./build && mkdirp ./build/reports", "npx-check-audit": "pnpm run prepReportDirs && pnpm dlx audit-ci@^7 --config shared-ui/audit-ci-shared.json >build/reports/audit-ci.txt" }, + "pnpm": { + "overrides": { + "glob": "^11.1.0" + } + }, "devDependencies": { "@eslint/js": "^9.39.1", "@intlify/eslint-plugin-vue-i18n": "^4.1.0", diff --git a/src/pnpm-lock.yaml b/src/pnpm-lock.yaml index f00910ca28..c1460f20d2 100644 --- a/src/pnpm-lock.yaml +++ b/src/pnpm-lock.yaml @@ -4,6 +4,9 @@ settings: autoInstallPeers: true excludeLinksFromLockfile: false +overrides: + glob: ^11.1.0 + importers: .: @@ -464,6 +467,14 @@ packages: resolution: {integrity: sha512-Om86EjuQtA69hdNj3GQec9ZC0L0vPSAnXzB3gP/gyJ7+mA7t06d9aOAiqMZ+xEOsumGP4eEBlfl8zF2LOTzf2A==} engines: {node: '>= 16'} + '@isaacs/balanced-match@4.0.1': + resolution: {integrity: sha512-yzMTt9lEb8Gv7zRioUilSglI0c0smZ9k5D65677DLWLtWJaXIS3CqcGyUFByYKlnUj6TkjLVs54fBl6+TiGQDQ==} + engines: {node: 20 || >=22} + + '@isaacs/brace-expansion@5.0.0': + resolution: {integrity: sha512-ZT55BDLV0yv0RBm2czMiZ+SqCGO7AvmOM3G/w2xhVPH+te0aKgFjmBvGlL1dH+ql2tgGO3MVrbb3jCKyvpgnxA==} + engines: {node: 20 || >=22} + '@isaacs/cliui@8.0.2': resolution: {integrity: sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==} engines: {node: '>=12'} @@ -593,10 +604,6 @@ packages: peerDependencies: pinia: '>=3.0.4' - '@pkgjs/parseargs@0.11.0': - resolution: {integrity: sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==} - engines: {node: '>=14'} - '@pkgr/core@0.2.9': resolution: {integrity: sha512-QNqXyfVS2wm9hweSYD2O7F0G06uurj9kZ96TRQE5Y9hU7+tgdZwIkbAKc5Ocy1HxEY2kuDQa6cQ1WRs/O5LFKA==} engines: {node: ^12.20.0 || ^14.18.0 || >=16.0.0} @@ -1538,9 +1545,6 @@ packages: resolution: {integrity: sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==} engines: {node: '>=6 <7 || >=8'} - fs.realpath@1.0.0: - resolution: {integrity: sha512-OO0pH2lK6a0hZnAdau5ItzHPI6pUlvI7jMVnxUQRtw4owF2wk8lOSabtGDCTP4Ggrg2MbGnWO9X8K1t4+fGMDw==} - fsevents@2.3.3: resolution: {integrity: sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==} engines: {node: ^8.16.0 || ^10.6.0 || >=11.0.0} @@ -1581,14 +1585,11 @@ packages: resolution: {integrity: sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==} engines: {node: '>=10.13.0'} - glob@10.4.5: - resolution: {integrity: sha512-7Bv8RF0k6xjo7d4A/PxYLbUCfb6c+Vpd2/mB2yRDlew7Jb5hEXiCD9ibfO7wpk8i4sevK6DFny9h7EYbM3/sHg==} + glob@11.1.0: + resolution: {integrity: sha512-vuNwKSaKiqm7g0THUBu2x7ckSs3XJLXE+2ssL7/MfTGPLLcrJQ/4Uq1CjPTtO5cCIiRxqvN6Twy1qOwhL0Xjcw==} + engines: {node: 20 || >=22} hasBin: true - glob@7.2.3: - resolution: {integrity: sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==} - deprecated: Glob versions prior to v9 are no longer supported - globals@14.0.0: resolution: {integrity: sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==} engines: {node: '>=18'} @@ -1662,10 +1663,6 @@ packages: resolution: {integrity: sha512-JmXMZ6wuvDmLiHEml9ykzqO6lwFbof0GG4IkcGaENdCRDDmMVnny7s5HsIgHCbaq0w2MyPhDqkhTUgS2LU2PHA==} engines: {node: '>=0.8.19'} - inflight@1.0.6: - resolution: {integrity: sha512-k92I/b08q4wvFscXCLvqfsHCrjrF7yiXsQuIVvVE7N82W3+aqpzuUdBbfhWcy/FZR3/4IgflMgKLOsvPDrGCJA==} - deprecated: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful. - inherits@2.0.3: resolution: {integrity: sha512-x00IRNXNy63jwGkJmzPigoySHbaqpNuzKbBOmzK+g2OdZpQ9w+sxCN+VSB3ja7IAge2OP2qpfxTjeNcyjmW1uw==} @@ -1717,8 +1714,9 @@ packages: isexe@2.0.0: resolution: {integrity: sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==} - jackspeak@3.4.3: - resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} + jackspeak@4.1.1: + resolution: {integrity: sha512-zptv57P3GpL+O0I7VdMJNBZCu+BPHVQUk55Ft8/QCJjTVxrnJHuVuX/0Bl2A6/+2oyR/ZMEuFKwmzqqZ/U5nPQ==} + engines: {node: 20 || >=22} jiti@2.6.1: resolution: {integrity: sha512-ekilCSN1jwRvIbgeg/57YFh8qQDNbwDb9xT/qu2DAHbFFZUicIl4ygVaAvzveMhMVr3LnpSKTNnwt8PoOfmKhQ==} @@ -1803,8 +1801,9 @@ packages: lodash@4.17.21: resolution: {integrity: sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==} - lru-cache@10.4.3: - resolution: {integrity: sha512-JNAzZcXrCt42VGLuYz0zfAzDfAvJWW6AfYlDBQyDV5DClI2m5sAmK+OIO7s59XfsRsWHp02jAJrRadPRGTt6SQ==} + lru-cache@11.2.2: + resolution: {integrity: sha512-F9ODfyqML2coTIsQpSkRHnLSZMtkU8Q+mSfcaIyKwy58u+8k5nvAYeiNhsyMARvzNcXJ9QfWVrcPsC9e9rAxtg==} + engines: {node: 20 || >=22} magic-string@0.30.21: resolution: {integrity: sha512-vd2F4YUyEXKGcLHoq+TEyCjxueSeHnFxyyjNp80yg0XV4vUhnDer/lvvlqM/arB5bXQN5K2/3oinyCRyx8T2CQ==} @@ -1832,6 +1831,10 @@ packages: resolution: {integrity: sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==} engines: {node: '>= 0.6'} + minimatch@10.1.1: + resolution: {integrity: sha512-enIvLvRAFZYXJzkCYG5RKmPfrFArdLv+R+lbQ53BmIMLIry74bjKzX6iHAm8WYamJkhSSEabrWN5D97XnKObjQ==} + engines: {node: 20 || >=22} + minimatch@3.1.2: resolution: {integrity: sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==} @@ -1900,9 +1903,6 @@ packages: ohash@2.0.11: resolution: {integrity: sha512-RdR9FQrFwNBNXAr4GixM8YaRZRJ5PUWbKYbE5eOsrwAjJW0q2REGcf79oYPsLyskQCZG1PLN+S/K1V00joZAoQ==} - once@1.4.0: - resolution: {integrity: sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w==} - openapi-types@12.1.3: resolution: {integrity: sha512-N4YtSYJqghVu4iek2ZUvcN/0aqH1kRDuNqzcycDxhOUpg7GdvLa2F3DgS6yBNhInhv2r/6I0Flkn7CqL8+nIcw==} @@ -1955,17 +1955,13 @@ packages: resolution: {integrity: sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==} engines: {node: '>=8'} - path-is-absolute@1.0.1: - resolution: {integrity: sha512-AVbw3UJ2e9bq64vSaS9Am0fje1Pa8pbGqTTsmXfaIiMpnr5DlDhfJOuLj9Sf95ZPVDAUerDfEk88MPmPe7UCQg==} - engines: {node: '>=0.10.0'} - path-key@3.1.1: resolution: {integrity: sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==} engines: {node: '>=8'} - path-scurry@1.11.1: - resolution: {integrity: sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==} - engines: {node: '>=16 || 14 >=14.18'} + path-scurry@2.0.1: + resolution: {integrity: sha512-oWyT4gICAu+kaA7QWk/jvCHWarMKNs6pXOGWKDTr7cw4IGcUbW+PeTfbaQiLGheFRpjo6O9J0PmyMfQPjH71oA==} + engines: {node: 20 || >=22} path-type@4.0.0: resolution: {integrity: sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw==} @@ -2572,9 +2568,6 @@ packages: resolution: {integrity: sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==} engines: {node: '>=12'} - wrappy@1.0.2: - resolution: {integrity: sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ==} - xml-name-validator@4.0.0: resolution: {integrity: sha512-ICP2e+jsHvAj2E2lIHxa5tjXRlKDJo4IdvPvCXbXQGdzSfmSpNVyIKMvoZHjDY9DP0zV17iI85o90vRFXNccRw==} engines: {node: '>=12'} @@ -2779,7 +2772,7 @@ snapshots: debug: 4.4.3 eslint: 9.39.1(jiti@2.6.1) eslint-compat-utils: 0.6.5(eslint@9.39.1(jiti@2.6.1)) - glob: 10.4.5 + glob: 11.1.0 globals: 16.5.0 ignore: 7.0.5 import-fresh: 3.3.1 @@ -2803,6 +2796,12 @@ snapshots: '@intlify/shared@11.1.12': {} + '@isaacs/balanced-match@4.0.1': {} + + '@isaacs/brace-expansion@5.0.0': + dependencies: + '@isaacs/balanced-match': 4.0.1 + '@isaacs/cliui@8.0.2': dependencies: string-width: 5.1.2 @@ -2944,9 +2943,6 @@ snapshots: dependencies: pinia: 3.0.4(typescript@5.9.3)(vue@3.5.24(typescript@5.9.3)) - '@pkgjs/parseargs@0.11.0': - optional: true - '@pkgr/core@0.2.9': {} '@rolldown/pluginutils@1.0.0-beta.29': {} @@ -3950,8 +3946,6 @@ snapshots: jsonfile: 4.0.0 universalify: 0.1.2 - fs.realpath@1.0.0: {} - fsevents@2.3.3: optional: true @@ -3999,23 +3993,14 @@ snapshots: dependencies: is-glob: 4.0.3 - glob@10.4.5: + glob@11.1.0: dependencies: foreground-child: 3.3.1 - jackspeak: 3.4.3 - minimatch: 9.0.5 + jackspeak: 4.1.1 + minimatch: 10.1.1 minipass: 7.1.2 package-json-from-dist: 1.0.1 - path-scurry: 1.11.1 - - glob@7.2.3: - dependencies: - fs.realpath: 1.0.0 - inflight: 1.0.6 - inherits: 2.0.4 - minimatch: 3.1.2 - once: 1.4.0 - path-is-absolute: 1.0.1 + path-scurry: 2.0.1 globals@14.0.0: {} @@ -4027,7 +4012,7 @@ snapshots: array-union: 2.1.0 dir-glob: 3.0.1 fast-glob: 3.3.3 - glob: 7.2.3 + glob: 11.1.0 ignore: 5.3.2 merge2: 1.4.1 slash: 3.0.0 @@ -4082,11 +4067,6 @@ snapshots: imurmurhash@0.1.4: {} - inflight@1.0.6: - dependencies: - once: 1.4.0 - wrappy: 1.0.2 - inherits@2.0.3: {} inherits@2.0.4: {} @@ -4122,11 +4102,9 @@ snapshots: isexe@2.0.0: {} - jackspeak@3.4.3: + jackspeak@4.1.1: dependencies: '@isaacs/cliui': 8.0.2 - optionalDependencies: - '@pkgjs/parseargs': 0.11.0 jiti@2.6.1: optional: true @@ -4135,7 +4113,7 @@ snapshots: dependencies: config-chain: 1.1.13 editorconfig: 1.0.4 - glob: 10.4.5 + glob: 11.1.0 js-cookie: 3.0.5 nopt: 7.2.1 @@ -4218,7 +4196,7 @@ snapshots: lodash@4.17.21: {} - lru-cache@10.4.3: {} + lru-cache@11.2.2: {} magic-string@0.30.21: dependencies: @@ -4241,6 +4219,10 @@ snapshots: dependencies: mime-db: 1.52.0 + minimatch@10.1.1: + dependencies: + '@isaacs/brace-expansion': 5.0.0 + minimatch@3.1.2: dependencies: brace-expansion: 1.1.12 @@ -4305,10 +4287,6 @@ snapshots: ohash@2.0.11: optional: true - once@1.4.0: - dependencies: - wrappy: 1.0.2 - openapi-types@12.1.3: {} openapi-typescript-codegen@0.29.0: @@ -4362,13 +4340,11 @@ snapshots: path-exists@4.0.0: {} - path-is-absolute@1.0.1: {} - path-key@3.1.1: {} - path-scurry@1.11.1: + path-scurry@2.0.1: dependencies: - lru-cache: 10.4.3 + lru-cache: 11.2.2 minipass: 7.1.2 path-type@4.0.0: {} @@ -4628,7 +4604,7 @@ snapshots: dependencies: css: 3.0.0 debug: 4.4.3 - glob: 7.2.3 + glob: 11.1.0 safer-buffer: 2.1.2 sax: 1.2.4 source-map: 0.7.6 @@ -4639,7 +4615,7 @@ snapshots: dependencies: '@adobe/css-tools': 4.3.3 debug: 4.4.3 - glob: 10.4.5 + glob: 11.1.0 sax: 1.4.3 source-map: 0.7.6 transitivePeerDependencies: @@ -4957,8 +4933,6 @@ snapshots: string-width: 5.1.2 strip-ansi: 7.1.2 - wrappy@1.0.2: {} - xml-name-validator@4.0.0: {} y18n@4.0.3: {} From 8593277db733bdd00102ac5b94f5756ca568501d Mon Sep 17 00:00:00 2001 From: Mikk Bachmann Date: Tue, 18 Nov 2025 13:54:09 +0200 Subject: [PATCH 8/8] chore: merge to dev-8.x fixes for free and paid timestamping and ocsp services security server ui changes refs: XRDDEV-2980 --- .../service/CertificateAuthorityService.java | 7 +------ ...42B84B4829BB79226AB268B4D8E70B01068613.p12 | Bin 4526 -> 2653 bytes 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java index f7f683b9de..520bb28e3f 100644 --- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java +++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java @@ -42,7 +42,6 @@ import org.niis.xroad.common.exception.InternalServerErrorException; import org.niis.xroad.globalconf.GlobalConfProvider; import org.niis.xroad.globalconf.model.ApprovedCAInfo; -import org.niis.xroad.globalconf.model.CostType; import org.niis.xroad.proxy.proto.ProxyRpcClient; import org.niis.xroad.restapi.util.FormatUtils; import org.niis.xroad.securityserver.restapi.cache.CurrentSecurityServerId; @@ -213,11 +212,7 @@ private ApprovedCaDto buildCertificateAuthorityDto( builder.subjectDnPath(subjectDnPath); builder.topCa(subjectDnPath.size() <= 1 && subjectName.equals(subjectDnPath.getFirst())); - Map ocspResponderAddressesAndCostTypes = globalConfService.getOcspResponderAddressesAndCostTypes(certificate); - ocspResponderAddressesAndCostTypes.put("http://ocsp.int-xroad.net", CostType.FREE); // default OCSP responder - ocspResponderAddressesAndCostTypes.put("http://ocsp.int-xroad.net/ocsp2", CostType.PAID); // default OCSP responder - ocspResponderAddressesAndCostTypes.put("http://ocsp.int-xroad.net/ocsp3", CostType.UNDEFINED); // default OCSP responder - builder.ocspUrlsAndCostTypes(ocspResponderAddressesAndCostTypes); + builder.ocspUrlsAndCostTypes(globalConfService.getOcspResponderAddressesAndCostTypes(certificate)); return builder.build(); } diff --git a/src/security-server/system-test/src/intTest/resources/files/keystores/1342B84B4829BB79226AB268B4D8E70B01068613.p12 b/src/security-server/system-test/src/intTest/resources/files/keystores/1342B84B4829BB79226AB268B4D8E70B01068613.p12 index 1bcd9665fc8dc857d208a67dfcf96fdc107e2c5e..fa1bdf9960c6a2be3c936c55f4eb35e5fef03d04 100644 GIT binary patch literal 2653 zcma)8c{tQ-8=lQD_ArQ}u@lM98pb*zgskDr$i8GRQ_60}u_sGN*0OI=A;!K(2!lhB zlI4_jvdi*K=libC_5JmI*LywJ{oMEcJkR^r`&=(Tptpg5p#Xs%3P(sp=|$}^foZ|{ z1jIIsfY<~Gh*f|s--^NA|YP-6U2KunQCh zmVmK3tW6vU|3hm}EmDRxpN znFTyUx$^G<;Pczg>)Eyn>=KoUj^P)hLUm_)PXv?2pcD?%9xDz7>z#@b_#p(9*gaL( zU4$RtFi^y!A|{iqI|d%Mo;i#&yn5e507;IR4WCu&T`tFH3M1YODfpJnrTtkVt$B^?r{N`OVqy=DZBhm6Q5-7j#0*du-kJgTdPBbW#-XH06;RcS6V~l7pV86z z#((5_9J?I7SP*!8%Kka<^G2vz)!q4VM`G}M`XtxMBuL{CZDHE1>s(?^9wo&l(pgq6 zoe|V5R8$-~MGTAMb$m%luOa_&W{cFmb!Qpn9JQD8yT#h#~&-%fZsN72Ju>RW^0=t|~h+ zsyeVs7ue#jt~RC>AN1yC;-#}Zm@QtB*YpY2#m1%8sNCS1qYHfMg%f8-Vp&*x5-aC% z5~Grr7jlqtxOXQV@%ETmt)_-PiJ<(?65gq*s&GZhY!~fa z$jCLsQ$E}Kr^1@r$&TH@#2rHmh@kWKb9*!r&f2{2%=#&`Y1mt$fR?jm150X1@ogHl zr=UwQqc_ZKypyi4XuKlfXP;xRyCZ~Q{|^g?M-e)M`^Y4gq#YkgL!yQ9Q;FSJ>ECy++o+#^_ThwkL$E&Vcx!0j&*6U5Jo3b)*k@&6%@aDsP-gj2GIb{Uei}Gm`wwTtObnxwdRvh-Cc{{+7f((D^tCW4Sz9J zYagQvM91@G@hj_EE7uBps(U##xrh{(an{n_5GIM{OMB)O=dlqpQ%Y6?MXrQ2#O9QK zB$>>JG-OYFb(r<$a^5agcaQ(M{<(fk}Vr#>> z_)s&Bw0nKiG0is11IDbBN9M8n$MScp6P`liQvB7qAN43aBKvC8GiQ3^8~u_bv(o$L zPVk#ID>w44o|7~>RWO6I&sd)6&pQ1BU1VzF#+DsEJ=)PTC9dmz$)(#LiKR0Kl;Ptr zHeG+I&Djd2kvOPZYG{>#za7P&vjBmAEpp;)lwD5ca zbe<}Ggn&U*`12nJ{J(ZRML2B9&{`v+@{JH}6ZVtj86K@plvmdFj%hpy`(lY}Z8JCbU1-hshO3-) zv&P<&?-WWMc@wuOU2Ob@<$`=ToK)}4CZ^e_xZY~9>sz>5gYnS`;Xgr>wBiidRbGzn zhCvS!9xS(K>UN2EER^h9L|Qb)bl8B-`#z?I$4n_TE`>GB;<7 zbWj8QrHRLGjfI|5=cFIE&vXZ>IFW0(EvpcAIk_^pXvY{w*B@gS+%X@pMm&-b7IRgB zN*x4xYaO(s^3Mkd!7ZktuZXw7TH!TC{L&xHrkx7zzs?X@xE0t6y8^{Y!?BJ8Ywxrms{^EXgL)dS;dB z$Gzy<5FWJc(qn!G&9CDlY!U5Rjf`S3Ofp&l{Sc8Ey`wLKt_JCU3^?^k7+nKtI-wVq zguVr0Qw)M^QISaSinRSTF}j9{qO`o^O}m=eTDk(!w;f0+CNlX!ZsMrJ=i#oQXEGg< z^fi<;_0Q4m9T#whlg|ZkYpgyHwzezkBWr_h;J|vMSO88kZ+V7;NnC1YS$MT;NR5-D z9l(+ElQetPA+p#bLVfGw0O;Ns@=5%0+x?z!#_HeL_r7A^Nb9!(Mt}^!^y|w70n>nB z`~%uCNmVUmhKmdv_P}a_uM^IFm^56V{}TQEkhclF3FB}qpqyq#X>2Z@O*SsQhpTq4 KNv!?(#Qy~VL!=4- literal 4526 zcmb7I`%l}~6_+0vV=PR99bO@rM}YABVvI3h446lN5W*`Y#3q1w6HG|rlmr6VQ+-HV zw@O*3Eq$m{rfR7=P0OS<>)Icdu5H#tELkJgjZV|1{V+|M_8;u?*|{+u(tfD)IiGXx zxsUI?_ndQ$(EjzouPmc_ok62vFeQ~jcR|?HCF;aVf-*v=Iq<1Yfc<}_u!~cuIVE13 zlKx)zM zI;Unend3jKPfE~oOi2?M*rl5>7d@72*MBJ$Tg(wW_8}!yciJq!O~(DQ$2*q}Twm4}ebD zYfnQ7xP(4e?CoFNyA_3L@9{+Gdh%V4yZ<6+9|Y( z^x=)tMA!jo$Mc_VODnKAKCO;%JyTpfpXnsXDeWAnWii1AJg!ElRtM;87Rc~yGtYSh zbggO(oB;tig(-imK5X?(rd7cliyr&uyEk9}zj+lDrFSu9SX|(42p49a0J#vA5#>34 z@nvp3Z?i3n4Gyu)%GyDWno!IOV}hsWW(B3|MU`LVOy_uTm-MZq>}IcdN=6*gr8-Kf3fVDxIZX6-aL?aNiyviqncz%5`xuE$z1 znrzWA6-iSc3x!X`DH_2?-v9&LHju5PNdd0=}zkl-99qDO? z;?7U1muYC|{NLVxJz{FeoI4%7!n9U_{P+df{KfBs*vi?XvMI8^m}TmL3`5lKVqm#r z!-*#An|INZrh*3hI&*UmI?+C?HprS=gA71&3?1OB5TLzlrdCr0&tF=;!F(?`K`>%s z8~E)@APZy`QpKkg=z)v|&Pe0vCDD9LXQx2ZkYdQhK@f16uS4DL!-AHsZ3N7_TFI*f z^T8BwffC;2wV_lMZ$1u8V1Lax_g~P)&j+2{kjD-J_=qHq_<557#yM$}j~ed`Fb-#| zK=BdPL5>yjQ4(xG<#A|M%*BZC{)5iatPbwrgmjgPs!C?+CRH*IfD#=y3|rJDhqN$Rnc~dJ{;DqSAO>FFMpok(lrx#dBH%oLd$%(2EY+<%ww~MVf(T}NVkVDN zdi+Go6c+>vAZtNT&-xgz#lbwOnmAExhW_jpD28!ZJ9p^kK>@c*@&PE|KZJC2`6OWeN;^tuEiU!FEdJd!KnXOEton;%3W@#|;eEY8O{PW@i^9RlHAL)+r1ONa4