mirror of https://github.com/hyperledger/besu
Remove P2P TLS (experimental) feature (#7942)
Sally MacFarlane
6 days ago
committed by
GitHub
parent
792c6569cd
commit
63496dbc6c
@ -1,60 +0,0 @@ |
||||
/* |
||||
* Copyright contributors to Hyperledger Besu. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.tests.acceptance.dsl.node.configuration.pki; |
||||
|
||||
import java.io.File; |
||||
import java.io.FileInputStream; |
||||
import java.io.FileOutputStream; |
||||
import java.io.IOException; |
||||
import java.io.InputStream; |
||||
import java.io.UncheckedIOException; |
||||
import java.nio.file.Path; |
||||
import java.util.Properties; |
||||
|
||||
public class PKCS11Utils { |
||||
|
||||
public static Path initNSSConfigFile(final Path srcFilePath) { |
||||
// load nss file as Properties
|
||||
final Properties nssProp = new Properties(); |
||||
try (InputStream input = new FileInputStream(srcFilePath.toFile())) { |
||||
nssProp.load(input); |
||||
String nssDbPath = srcFilePath.getParent().resolve("nssdb").toAbsolutePath().toString(); |
||||
nssProp.setProperty("nssSecmodDirectory", nssDbPath); |
||||
} catch (final IOException e) { |
||||
throw new UncheckedIOException(e); |
||||
} |
||||
|
||||
// store modified config into temporary file
|
||||
final Path targetFilePath = createTemporaryFile("nsscfg"); |
||||
try (FileOutputStream outputStream = new FileOutputStream(targetFilePath.toFile())) { |
||||
nssProp.store(outputStream, null); |
||||
} catch (final IOException e) { |
||||
throw new UncheckedIOException(e); |
||||
} |
||||
|
||||
return targetFilePath; |
||||
} |
||||
|
||||
private static Path createTemporaryFile(final String suffix) { |
||||
final File tempFile; |
||||
try { |
||||
tempFile = File.createTempFile("temp", suffix); |
||||
tempFile.deleteOnExit(); |
||||
} catch (IOException e) { |
||||
throw new RuntimeException("Error creating temporary file", e); |
||||
} |
||||
return tempFile.toPath(); |
||||
} |
||||
} |
||||
@ -1,163 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.cli.options; |
||||
|
||||
import static java.util.Arrays.asList; |
||||
import static org.hyperledger.besu.cli.DefaultCommandValues.DEFAULT_KEYSTORE_TYPE; |
||||
import static org.hyperledger.besu.cli.DefaultCommandValues.MANDATORY_FILE_FORMAT_HELP; |
||||
|
||||
import org.hyperledger.besu.cli.util.CommandLineUtils; |
||||
import org.hyperledger.besu.ethereum.api.tls.FileBasedPasswordProvider; |
||||
import org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.TLSConfiguration; |
||||
|
||||
import java.nio.file.Path; |
||||
import java.util.Optional; |
||||
|
||||
import org.slf4j.Logger; |
||||
import picocli.CommandLine; |
||||
import picocli.CommandLine.Option; |
||||
import picocli.CommandLine.ParameterException; |
||||
|
||||
/** The P2P TLS Config Cli Options. */ |
||||
public class P2PTLSConfigOptions { |
||||
@Option( |
||||
names = {"--Xp2p-tls-enabled"}, |
||||
hidden = true, |
||||
description = "Enable P2P TLS functionality (default: ${DEFAULT-VALUE})") |
||||
private final Boolean p2pTLSEnabled = false; |
||||
|
||||
@SuppressWarnings({ |
||||
"FieldCanBeFinal", |
||||
"FieldMayBeFinal" |
||||
}) // p2pTLSKeyStoreType requires non-final Strings.
|
||||
@Option( |
||||
names = {"--Xp2p-tls-keystore-type"}, |
||||
hidden = true, |
||||
paramLabel = "<NAME>", |
||||
description = "P2P service keystore type. Required if P2P TLS is enabled.") |
||||
private String p2pTLSKeyStoreType = DEFAULT_KEYSTORE_TYPE; |
||||
|
||||
@Option( |
||||
names = {"--Xp2p-tls-keystore-file"}, |
||||
hidden = true, |
||||
paramLabel = MANDATORY_FILE_FORMAT_HELP, |
||||
description = "Keystore containing key/certificate for the P2P service.") |
||||
private final Path p2pTLSKeyStoreFile = null; |
||||
|
||||
@Option( |
||||
names = {"--Xp2p-tls-keystore-password-file"}, |
||||
hidden = true, |
||||
paramLabel = MANDATORY_FILE_FORMAT_HELP, |
||||
description = |
||||
"File containing password to unlock keystore for the P2P service. Required if P2P TLS is enabled.") |
||||
private final Path p2pTLSKeyStorePasswordFile = null; |
||||
|
||||
@SuppressWarnings({ |
||||
"FieldCanBeFinal", |
||||
"FieldMayBeFinal" |
||||
}) // p2pTLSTrustStoreType requires non-final Strings.
|
||||
@Option( |
||||
names = {"--Xp2p-tls-truststore-type"}, |
||||
hidden = true, |
||||
paramLabel = "<NAME>", |
||||
description = "P2P service truststore type.") |
||||
private String p2pTLSTrustStoreType = DEFAULT_KEYSTORE_TYPE; |
||||
|
||||
@Option( |
||||
names = {"--Xp2p-tls-truststore-file"}, |
||||
hidden = true, |
||||
paramLabel = MANDATORY_FILE_FORMAT_HELP, |
||||
description = "Truststore containing trusted certificates for the P2P service.") |
||||
private final Path p2pTLSTrustStoreFile = null; |
||||
|
||||
@Option( |
||||
names = {"--Xp2p-tls-truststore-password-file"}, |
||||
hidden = true, |
||||
paramLabel = MANDATORY_FILE_FORMAT_HELP, |
||||
description = "File containing password to unlock truststore for the P2P service.") |
||||
private final Path p2pTLSTrustStorePasswordFile = null; |
||||
|
||||
@Option( |
||||
names = {"--Xp2p-tls-crl-file"}, |
||||
hidden = true, |
||||
paramLabel = MANDATORY_FILE_FORMAT_HELP, |
||||
description = "Certificate revocation list for the P2P service.") |
||||
private final Path p2pCrlFile = null; |
||||
|
||||
@Option( |
||||
names = {"--Xp2p-tls-clienthello-sni"}, |
||||
hidden = true, |
||||
description = |
||||
"Whether to send a SNI header in the TLS ClientHello message (default: ${DEFAULT-VALUE})") |
||||
private final Boolean p2pTlsClientHelloSniHeaderEnabled = false; |
||||
|
||||
/** Default constructor. */ |
||||
P2PTLSConfigOptions() {} |
||||
|
||||
/** |
||||
* Generate P2p tls configuration. |
||||
* |
||||
* @param commandLine the command line object to report exceptions |
||||
* @return the optional TLSConfiguration |
||||
*/ |
||||
public Optional<TLSConfiguration> p2pTLSConfiguration(final CommandLine commandLine) { |
||||
if (!p2pTLSEnabled) { |
||||
return Optional.empty(); |
||||
} |
||||
|
||||
if (p2pTLSKeyStoreType == null) { |
||||
throw new ParameterException( |
||||
commandLine, "Keystore type is required when p2p TLS is enabled"); |
||||
} |
||||
|
||||
if (p2pTLSKeyStorePasswordFile == null) { |
||||
throw new ParameterException( |
||||
commandLine, |
||||
"File containing password to unlock keystore is required when p2p TLS is enabled"); |
||||
} |
||||
|
||||
return Optional.of( |
||||
TLSConfiguration.Builder.tlsConfiguration() |
||||
.withKeyStoreType(p2pTLSKeyStoreType) |
||||
.withKeyStorePath(p2pTLSKeyStoreFile) |
||||
.withKeyStorePasswordSupplier(new FileBasedPasswordProvider(p2pTLSKeyStorePasswordFile)) |
||||
.withKeyStorePasswordPath(p2pTLSKeyStorePasswordFile) |
||||
.withTrustStoreType(p2pTLSTrustStoreType) |
||||
.withTrustStorePath(p2pTLSTrustStoreFile) |
||||
.withTrustStorePasswordSupplier( |
||||
null == p2pTLSTrustStorePasswordFile |
||||
? null |
||||
: new FileBasedPasswordProvider(p2pTLSTrustStorePasswordFile)) |
||||
.withTrustStorePasswordPath(p2pTLSTrustStorePasswordFile) |
||||
.withCrlPath(p2pCrlFile) |
||||
.withClientHelloSniEnabled(p2pTlsClientHelloSniHeaderEnabled) |
||||
.build()); |
||||
} |
||||
|
||||
/** |
||||
* Check P2P Tls options dependencies. |
||||
* |
||||
* @param logger the logger |
||||
* @param commandLine the command line |
||||
*/ |
||||
public void checkP2PTLSOptionsDependencies(final Logger logger, final CommandLine commandLine) { |
||||
CommandLineUtils.checkOptionDependencies( |
||||
logger, |
||||
commandLine, |
||||
"--Xp2p-tls-enabled", |
||||
!p2pTLSEnabled, |
||||
asList("--Xp2p-tls-keystore-type", "--Xp2p-tls-keystore-password-file")); |
||||
} |
||||
} |
||||
@ -1,159 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty; |
||||
|
||||
import static org.hyperledger.besu.ethereum.p2p.rlpx.RlpxFrameConstants.LENGTH_FRAME_SIZE; |
||||
import static org.hyperledger.besu.ethereum.p2p.rlpx.RlpxFrameConstants.LENGTH_MAX_MESSAGE_FRAME; |
||||
|
||||
import org.hyperledger.besu.cryptoservices.NodeKey; |
||||
import org.hyperledger.besu.ethereum.p2p.config.RlpxConfiguration; |
||||
import org.hyperledger.besu.ethereum.p2p.discovery.internal.PeerTable; |
||||
import org.hyperledger.besu.ethereum.p2p.peers.LocalNode; |
||||
import org.hyperledger.besu.ethereum.p2p.peers.Peer; |
||||
import org.hyperledger.besu.ethereum.p2p.plain.PlainFramer; |
||||
import org.hyperledger.besu.ethereum.p2p.plain.PlainHandshaker; |
||||
import org.hyperledger.besu.ethereum.p2p.rlpx.connections.PeerConnectionEventDispatcher; |
||||
import org.hyperledger.besu.ethereum.p2p.rlpx.framing.Framer; |
||||
import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.HandshakeSecrets; |
||||
import org.hyperledger.besu.ethereum.p2p.rlpx.handshake.Handshaker; |
||||
import org.hyperledger.besu.plugin.data.EnodeURL; |
||||
import org.hyperledger.besu.plugin.services.MetricsSystem; |
||||
|
||||
import java.security.GeneralSecurityException; |
||||
import java.util.Optional; |
||||
import java.util.function.Supplier; |
||||
|
||||
import com.google.common.annotations.VisibleForTesting; |
||||
import com.google.common.base.Suppliers; |
||||
import io.netty.channel.Channel; |
||||
import io.netty.handler.codec.LengthFieldBasedFrameDecoder; |
||||
import io.netty.handler.codec.LengthFieldPrepender; |
||||
import io.netty.handler.codec.compression.SnappyFrameDecoder; |
||||
import io.netty.handler.codec.compression.SnappyFrameEncoder; |
||||
import io.netty.handler.ssl.SslContext; |
||||
import io.netty.handler.ssl.SslHandler; |
||||
|
||||
public class NettyTLSConnectionInitializer extends NettyConnectionInitializer { |
||||
|
||||
private final Optional<Supplier<TLSContextFactory>> tlsContextFactorySupplier; |
||||
private final Boolean clientHelloSniHeaderEnabled; |
||||
|
||||
public NettyTLSConnectionInitializer( |
||||
final NodeKey nodeKey, |
||||
final RlpxConfiguration config, |
||||
final LocalNode localNode, |
||||
final PeerConnectionEventDispatcher eventDispatcher, |
||||
final MetricsSystem metricsSystem, |
||||
final TLSConfiguration p2pTLSConfiguration, |
||||
final PeerTable peerTable) { |
||||
this( |
||||
nodeKey, |
||||
config, |
||||
localNode, |
||||
eventDispatcher, |
||||
metricsSystem, |
||||
defaultTlsContextFactorySupplier(p2pTLSConfiguration), |
||||
p2pTLSConfiguration.getClientHelloSniHeaderEnabled(), |
||||
peerTable); |
||||
} |
||||
|
||||
@VisibleForTesting |
||||
NettyTLSConnectionInitializer( |
||||
final NodeKey nodeKey, |
||||
final RlpxConfiguration config, |
||||
final LocalNode localNode, |
||||
final PeerConnectionEventDispatcher eventDispatcher, |
||||
final MetricsSystem metricsSystem, |
||||
final Supplier<TLSContextFactory> tlsContextFactorySupplier, |
||||
final Boolean clientHelloSniHeaderEnabled, |
||||
final PeerTable peerTable) { |
||||
super(nodeKey, config, localNode, eventDispatcher, metricsSystem, peerTable); |
||||
if (tlsContextFactorySupplier != null) { |
||||
this.tlsContextFactorySupplier = |
||||
Optional.of(Suppliers.memoize(tlsContextFactorySupplier::get)); |
||||
} else { |
||||
this.tlsContextFactorySupplier = Optional.empty(); |
||||
} |
||||
this.clientHelloSniHeaderEnabled = clientHelloSniHeaderEnabled; |
||||
} |
||||
|
||||
@Override |
||||
void addAdditionalOutboundHandlers(final Channel ch, final Peer peer) |
||||
throws GeneralSecurityException { |
||||
if (tlsContextFactorySupplier.isPresent()) { |
||||
final SslContext clientSslContext = |
||||
tlsContextFactorySupplier.get().get().createNettyClientSslContext(); |
||||
final EnodeURL enode = peer.getEnodeURL(); |
||||
final SslHandler sslHandler = createClientSslHandler(ch, clientSslContext, enode); |
||||
addHandlersToChannelPipeline(ch, sslHandler); |
||||
} |
||||
} |
||||
|
||||
private SslHandler createClientSslHandler( |
||||
final Channel ch, final SslContext sslContext, final EnodeURL enode) { |
||||
if (this.clientHelloSniHeaderEnabled) { |
||||
return sslContext.newHandler( |
||||
ch.alloc(), enode.getHost(), enode.getListeningPort().orElseThrow()); |
||||
} else { |
||||
return sslContext.newHandler(ch.alloc()); |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
void addAdditionalInboundHandlers(final Channel ch) throws GeneralSecurityException { |
||||
if (tlsContextFactorySupplier.isPresent()) { |
||||
final SslContext serverSslContext = |
||||
tlsContextFactorySupplier.get().get().createNettyServerSslContext(); |
||||
addHandlersToChannelPipeline(ch, serverSslContext.newHandler(ch.alloc())); |
||||
} |
||||
} |
||||
|
||||
private void addHandlersToChannelPipeline(final Channel ch, final SslHandler sslHandler) { |
||||
ch.pipeline().addLast(sslHandler); |
||||
ch.pipeline().addLast(new SnappyFrameDecoder()); |
||||
ch.pipeline().addLast(new SnappyFrameEncoder()); |
||||
ch.pipeline() |
||||
.addLast( |
||||
new LengthFieldBasedFrameDecoder( |
||||
LENGTH_MAX_MESSAGE_FRAME, 0, LENGTH_FRAME_SIZE, 0, LENGTH_FRAME_SIZE)); |
||||
ch.pipeline().addLast(new LengthFieldPrepender(LENGTH_FRAME_SIZE)); |
||||
} |
||||
|
||||
@Override |
||||
public Handshaker buildInstance() { |
||||
return new PlainHandshaker(); |
||||
} |
||||
|
||||
@Override |
||||
public Framer buildFramer(final HandshakeSecrets secrets) { |
||||
return new PlainFramer(); |
||||
} |
||||
|
||||
@VisibleForTesting |
||||
static Supplier<TLSContextFactory> defaultTlsContextFactorySupplier( |
||||
final TLSConfiguration tlsConfiguration) { |
||||
if (tlsConfiguration == null) { |
||||
throw new IllegalStateException("TLSConfiguration cannot be null when using TLS"); |
||||
} |
||||
|
||||
return () -> { |
||||
try { |
||||
return TLSContextFactory.buildFrom(tlsConfiguration); |
||||
} catch (final Exception e) { |
||||
throw new IllegalStateException("Error creating TLSContextFactory", e); |
||||
} |
||||
}; |
||||
} |
||||
} |
||||
@ -1,197 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty; |
||||
|
||||
import static java.util.Objects.requireNonNull; |
||||
|
||||
import java.nio.file.Path; |
||||
import java.util.function.Supplier; |
||||
|
||||
public class TLSConfiguration { |
||||
|
||||
private final String keyStoreType; |
||||
private final Path keyStorePath; |
||||
private final Supplier<String> keyStorePasswordSupplier; |
||||
private final Path keyStorePasswordPath; |
||||
private final String trustStoreType; |
||||
private final Path trustStorePath; |
||||
private final Supplier<String> trustStorePasswordSupplier; |
||||
private final Path trustStorePasswordPath; |
||||
private final Path crlPath; |
||||
private final String[] allowedProtocols; |
||||
private final Boolean clientHelloSniHeaderEnabled; |
||||
|
||||
private TLSConfiguration( |
||||
final String keyStoreType, |
||||
final Path keyStorePath, |
||||
final Supplier<String> keyStorePasswordSupplier, |
||||
final Path keyStorePasswordPath, |
||||
final String trustStoreType, |
||||
final Path trustStorePath, |
||||
final Supplier<String> trustStorePasswordSupplier, |
||||
final Path trustStorePasswordPath, |
||||
final Path crlPath, |
||||
final String[] allowedProtocols, |
||||
final Boolean clientHelloSniHeaderEnabled) { |
||||
this.keyStoreType = keyStoreType; |
||||
this.keyStorePath = keyStorePath; |
||||
this.keyStorePasswordSupplier = keyStorePasswordSupplier; |
||||
this.keyStorePasswordPath = keyStorePasswordPath; |
||||
this.trustStoreType = trustStoreType; |
||||
this.trustStorePath = trustStorePath; |
||||
this.trustStorePasswordSupplier = trustStorePasswordSupplier; |
||||
this.trustStorePasswordPath = trustStorePasswordPath; |
||||
this.crlPath = crlPath; |
||||
this.allowedProtocols = allowedProtocols; |
||||
this.clientHelloSniHeaderEnabled = clientHelloSniHeaderEnabled; |
||||
} |
||||
|
||||
public String getKeyStoreType() { |
||||
return keyStoreType; |
||||
} |
||||
|
||||
public Path getKeyStorePath() { |
||||
return keyStorePath; |
||||
} |
||||
|
||||
public String getKeyStorePassword() { |
||||
return null == keyStorePasswordSupplier ? null : keyStorePasswordSupplier.get(); |
||||
} |
||||
|
||||
public Path getKeyStorePasswordPath() { |
||||
return keyStorePasswordPath; |
||||
} |
||||
|
||||
public String getTrustStoreType() { |
||||
return trustStoreType; |
||||
} |
||||
|
||||
public Path getTrustStorePath() { |
||||
return trustStorePath; |
||||
} |
||||
|
||||
public String getTrustStorePassword() { |
||||
return null == trustStorePasswordSupplier ? null : trustStorePasswordSupplier.get(); |
||||
} |
||||
|
||||
public Path getTrustStorePasswordPath() { |
||||
return trustStorePasswordPath; |
||||
} |
||||
|
||||
public Path getCrlPath() { |
||||
return crlPath; |
||||
} |
||||
|
||||
public String[] getAllowedProtocols() { |
||||
return allowedProtocols; |
||||
} |
||||
|
||||
public Boolean getClientHelloSniHeaderEnabled() { |
||||
return clientHelloSniHeaderEnabled; |
||||
} |
||||
|
||||
public static final class Builder { |
||||
private String keyStoreType; |
||||
private Path keyStorePath; |
||||
private Supplier<String> keyStorePasswordSupplier; |
||||
private Path keyStorePasswordPath; |
||||
private String trustStoreType; |
||||
private Path trustStorePath; |
||||
private Supplier<String> trustStorePasswordSupplier; |
||||
private Path trustStorePasswordPath; |
||||
private Path crlPath; |
||||
private String[] allowedProtocols; |
||||
private Boolean clientHelloSniHeaderEnabled; |
||||
|
||||
private Builder() {} |
||||
|
||||
public static Builder tlsConfiguration() { |
||||
return new Builder(); |
||||
} |
||||
|
||||
public Builder withKeyStoreType(final String keyStoreType) { |
||||
this.keyStoreType = keyStoreType; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withKeyStorePath(final Path keyStorePath) { |
||||
this.keyStorePath = keyStorePath; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withKeyStorePasswordPath(final Path keyStorePasswordPath) { |
||||
this.keyStorePasswordPath = keyStorePasswordPath; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withKeyStorePasswordSupplier(final Supplier<String> keyStorePasswordSupplier) { |
||||
this.keyStorePasswordSupplier = keyStorePasswordSupplier; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withTrustStoreType(final String trustStoreType) { |
||||
this.trustStoreType = trustStoreType; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withTrustStorePath(final Path trustStorePath) { |
||||
this.trustStorePath = trustStorePath; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withTrustStorePasswordSupplier( |
||||
final Supplier<String> trustStorePasswordSupplier) { |
||||
this.trustStorePasswordSupplier = trustStorePasswordSupplier; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withTrustStorePasswordPath(final Path trustStorePasswordPath) { |
||||
this.trustStorePasswordPath = trustStorePasswordPath; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withCrlPath(final Path crlPath) { |
||||
this.crlPath = crlPath; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withAllowedProtocols(final String[] allowedProtocols) { |
||||
this.allowedProtocols = allowedProtocols; |
||||
return this; |
||||
} |
||||
|
||||
public Builder withClientHelloSniEnabled(final Boolean clientHelloSniHeaderEnabled) { |
||||
this.clientHelloSniHeaderEnabled = clientHelloSniHeaderEnabled; |
||||
return this; |
||||
} |
||||
|
||||
public TLSConfiguration build() { |
||||
requireNonNull(keyStoreType, "Key Store Type must not be null"); |
||||
requireNonNull(keyStorePasswordSupplier, "Key Store password supplier must not be null"); |
||||
return new TLSConfiguration( |
||||
keyStoreType, |
||||
keyStorePath, |
||||
keyStorePasswordSupplier, |
||||
keyStorePasswordPath, |
||||
trustStoreType, |
||||
trustStorePath, |
||||
trustStorePasswordSupplier, |
||||
trustStorePasswordPath, |
||||
crlPath, |
||||
allowedProtocols, |
||||
clientHelloSniHeaderEnabled); |
||||
} |
||||
} |
||||
} |
||||
@ -1,230 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty; |
||||
|
||||
import org.hyperledger.besu.pki.keystore.HardwareKeyStoreWrapper; |
||||
import org.hyperledger.besu.pki.keystore.KeyStoreWrapper; |
||||
import org.hyperledger.besu.pki.keystore.SoftwareKeyStoreWrapper; |
||||
|
||||
import java.io.IOException; |
||||
import java.security.GeneralSecurityException; |
||||
import java.security.KeyManagementException; |
||||
import java.security.KeyStore; |
||||
import java.security.NoSuchAlgorithmException; |
||||
import java.security.cert.CertificateException; |
||||
import java.security.cert.X509CRL; |
||||
import java.security.cert.X509Certificate; |
||||
import java.util.Arrays; |
||||
import java.util.Collection; |
||||
import java.util.Comparator; |
||||
import java.util.List; |
||||
import javax.net.ssl.KeyManagerFactory; |
||||
import javax.net.ssl.SSLContext; |
||||
import javax.net.ssl.TrustManager; |
||||
import javax.net.ssl.TrustManagerFactory; |
||||
import javax.net.ssl.X509TrustManager; |
||||
|
||||
import io.netty.handler.ssl.ClientAuth; |
||||
import io.netty.handler.ssl.IdentityCipherSuiteFilter; |
||||
import io.netty.handler.ssl.JdkSslContext; |
||||
import io.netty.handler.ssl.SslContext; |
||||
import org.slf4j.Logger; |
||||
import org.slf4j.LoggerFactory; |
||||
|
||||
public class TLSContextFactory { |
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(TLSContextFactory.class); |
||||
|
||||
private static final String[] ALLOWED_PROTOCOLS = {"TLSv1.3"}; |
||||
private static final String KEYMANAGER_FACTORY_ALGORITHM = "PKIX"; |
||||
private static final String TRUSTMANAGER_FACTORY_ALGORITHM = "PKIX"; |
||||
|
||||
private List<String> enabledCipherSuites = null; |
||||
private KeyManagerFactory kmf; |
||||
private TrustManagerFactory tmf; |
||||
private Collection<X509CRL> crls; |
||||
private String[] allowedProtocols; |
||||
|
||||
protected TLSContextFactory() {} |
||||
|
||||
protected TLSContextFactory( |
||||
final String keystorePass, |
||||
final KeyStoreWrapper keystoreWrapper, |
||||
final List<String> configuredCipherSuites, |
||||
final String[] allowedProtocols) |
||||
throws GeneralSecurityException, IOException { |
||||
kmf = getKeyManagerFactory(keystoreWrapper.getKeyStore(), keystorePass); |
||||
tmf = getTrustManagerFactory(keystoreWrapper.getTrustStore()); |
||||
crls = keystoreWrapper.getCRLs(); |
||||
if (configuredCipherSuites != null && !configuredCipherSuites.isEmpty()) { |
||||
enabledCipherSuites = configuredCipherSuites; |
||||
} |
||||
this.allowedProtocols = null == allowedProtocols ? ALLOWED_PROTOCOLS : allowedProtocols; |
||||
} |
||||
|
||||
public static TLSContextFactory getInstance( |
||||
final String keyStorePassword, final KeyStoreWrapper wrapper, final String[] allowedProtocols) |
||||
throws GeneralSecurityException, IOException { |
||||
return new TLSContextFactory(keyStorePassword, wrapper, null, allowedProtocols); |
||||
} |
||||
|
||||
public static TLSContextFactory getInstance( |
||||
final String keyStorePassword, final KeyStoreWrapper wrapper) |
||||
throws GeneralSecurityException, IOException { |
||||
return new TLSContextFactory(keyStorePassword, wrapper, null, null); |
||||
} |
||||
|
||||
public SslContext createNettyServerSslContext() |
||||
throws NoSuchAlgorithmException, KeyManagementException { |
||||
final List<String> enabledCipherSuites = getEnabledCipherSuites(); |
||||
|
||||
return new JdkSslContext( |
||||
createJavaSslContext(), |
||||
false, |
||||
enabledCipherSuites, |
||||
IdentityCipherSuiteFilter.INSTANCE, |
||||
null, |
||||
ClientAuth.REQUIRE, |
||||
null, |
||||
false); |
||||
} |
||||
|
||||
public SslContext createNettyClientSslContext() |
||||
throws NoSuchAlgorithmException, KeyManagementException { |
||||
final List<String> enabledCipherSuites = getEnabledCipherSuites(); |
||||
|
||||
return new JdkSslContext( |
||||
createJavaSslContext(), |
||||
true, |
||||
enabledCipherSuites, |
||||
IdentityCipherSuiteFilter.INSTANCE, |
||||
null, |
||||
ClientAuth.NONE, |
||||
null, |
||||
false); |
||||
} |
||||
|
||||
public SSLContext createJavaSslContext() throws NoSuchAlgorithmException, KeyManagementException { |
||||
final SSLContext context = SSLContext.getInstance(getTlsProtocol()); |
||||
context.init( |
||||
kmf.getKeyManagers(), |
||||
null == crls || crls.isEmpty() ? tmf.getTrustManagers() : wrap(tmf.getTrustManagers()), |
||||
null); |
||||
return context; |
||||
} |
||||
|
||||
protected TrustManager[] wrap(final TrustManager[] trustMgrs) { |
||||
final TrustManager[] ret = trustMgrs.clone(); |
||||
for (int i = 0; i < ret.length; i++) { |
||||
TrustManager trustMgr = ret[i]; |
||||
if (trustMgr instanceof X509TrustManager) { |
||||
X509TrustManager x509TrustManager = (X509TrustManager) trustMgr; |
||||
ret[i] = |
||||
new X509TrustManager() { |
||||
@Override |
||||
public void checkClientTrusted( |
||||
final X509Certificate[] x509Certificates, final String s) |
||||
throws CertificateException { |
||||
checkRevoked(x509Certificates); |
||||
x509TrustManager.checkClientTrusted(x509Certificates, s); |
||||
} |
||||
|
||||
@Override |
||||
public void checkServerTrusted( |
||||
final X509Certificate[] x509Certificates, final String s) |
||||
throws CertificateException { |
||||
checkRevoked(x509Certificates); |
||||
x509TrustManager.checkServerTrusted(x509Certificates, s); |
||||
} |
||||
|
||||
private void checkRevoked(final X509Certificate[] x509Certificates) |
||||
throws CertificateException { |
||||
for (X509CRL crl : crls) { |
||||
for (X509Certificate cert : x509Certificates) { |
||||
if (crl.isRevoked(cert)) { |
||||
throw new CertificateException("Certificate revoked"); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public X509Certificate[] getAcceptedIssuers() { |
||||
return x509TrustManager.getAcceptedIssuers(); |
||||
} |
||||
}; |
||||
} |
||||
} |
||||
return ret; |
||||
} |
||||
|
||||
protected TrustManagerFactory getTrustManagerFactory(final KeyStore truststore) |
||||
throws GeneralSecurityException { |
||||
final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TRUSTMANAGER_FACTORY_ALGORITHM); |
||||
tmf.init(truststore); |
||||
return tmf; |
||||
} |
||||
|
||||
protected KeyManagerFactory getKeyManagerFactory( |
||||
final KeyStore keystore, final String keystorePassword) throws GeneralSecurityException { |
||||
final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KEYMANAGER_FACTORY_ALGORITHM); |
||||
kmf.init(keystore, keystorePassword.toCharArray()); |
||||
return kmf; |
||||
} |
||||
|
||||
private List<String> getEnabledCipherSuites() { |
||||
final String protocol = getTlsProtocol(); |
||||
try { |
||||
if (enabledCipherSuites == null || enabledCipherSuites.isEmpty()) { |
||||
final SSLContext sslcontext = SSLContext.getInstance(protocol); |
||||
sslcontext.init(null, null, null); |
||||
enabledCipherSuites = Arrays.asList(sslcontext.createSSLEngine().getEnabledCipherSuites()); |
||||
} |
||||
} catch (final NoSuchAlgorithmException | KeyManagementException e) { |
||||
LOG.warn( |
||||
"Could not get list of enabled (JDK) cipher suites for protocol:{}, reverting to Netty's default ones.", |
||||
protocol); |
||||
} |
||||
return enabledCipherSuites; |
||||
} |
||||
|
||||
private String getTlsProtocol() { |
||||
return Arrays.stream(allowedProtocols).max(Comparator.naturalOrder()).orElse(null); |
||||
} |
||||
|
||||
public static TLSContextFactory buildFrom(final TLSConfiguration config) |
||||
throws GeneralSecurityException, IOException { |
||||
TLSContextFactory ret = null; |
||||
if (null != config) { |
||||
LOG.info("Initializing SSL Context using {} keystore.", config.getKeyStoreType()); |
||||
KeyStoreWrapper wrapper = |
||||
KeyStoreWrapper.KEYSTORE_TYPE_PKCS11.equalsIgnoreCase(config.getKeyStoreType()) |
||||
? new HardwareKeyStoreWrapper( |
||||
config.getKeyStorePassword(), config.getKeyStorePath(), config.getCrlPath()) |
||||
: new SoftwareKeyStoreWrapper( |
||||
config.getKeyStoreType(), |
||||
config.getKeyStorePath(), |
||||
config.getKeyStorePassword(), |
||||
config.getTrustStoreType(), |
||||
config.getTrustStorePath(), |
||||
config.getTrustStorePassword(), |
||||
config.getCrlPath()); |
||||
ret = |
||||
TLSContextFactory.getInstance( |
||||
config.getKeyStorePassword(), wrapper, config.getAllowedProtocols()); |
||||
} |
||||
return ret; |
||||
} |
||||
} |
||||
@ -1,195 +0,0 @@ |
||||
/* |
||||
* Copyright contributors to Hyperledger Besu. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty; |
||||
|
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThat; |
||||
import static org.assertj.core.api.AssertionsForClassTypes.assertThatThrownBy; |
||||
import static org.mockito.ArgumentMatchers.any; |
||||
import static org.mockito.ArgumentMatchers.eq; |
||||
import static org.mockito.Mockito.mock; |
||||
import static org.mockito.Mockito.verify; |
||||
import static org.mockito.Mockito.when; |
||||
|
||||
import org.hyperledger.besu.cryptoservices.NodeKey; |
||||
import org.hyperledger.besu.ethereum.p2p.config.RlpxConfiguration; |
||||
import org.hyperledger.besu.ethereum.p2p.discovery.internal.PeerTable; |
||||
import org.hyperledger.besu.ethereum.p2p.peers.LocalNode; |
||||
import org.hyperledger.besu.ethereum.p2p.peers.Peer; |
||||
import org.hyperledger.besu.ethereum.p2p.rlpx.connections.PeerConnectionEventDispatcher; |
||||
import org.hyperledger.besu.metrics.noop.NoOpMetricsSystem; |
||||
import org.hyperledger.besu.plugin.data.EnodeURL; |
||||
|
||||
import java.util.ArrayList; |
||||
import java.util.List; |
||||
import java.util.Optional; |
||||
|
||||
import com.google.common.collect.ImmutableList; |
||||
import io.netty.channel.ChannelPipeline; |
||||
import io.netty.channel.embedded.EmbeddedChannel; |
||||
import io.netty.handler.codec.LengthFieldBasedFrameDecoder; |
||||
import io.netty.handler.codec.LengthFieldPrepender; |
||||
import io.netty.handler.codec.compression.SnappyFrameDecoder; |
||||
import io.netty.handler.codec.compression.SnappyFrameEncoder; |
||||
import io.netty.handler.ssl.SslContext; |
||||
import io.netty.handler.ssl.SslHandler; |
||||
import org.apache.tuweni.bytes.Bytes; |
||||
import org.junit.jupiter.api.BeforeEach; |
||||
import org.junit.jupiter.api.Test; |
||||
import org.junit.jupiter.api.extension.ExtendWith; |
||||
import org.mockito.Mock; |
||||
import org.mockito.junit.jupiter.MockitoExtension; |
||||
import org.mockito.junit.jupiter.MockitoSettings; |
||||
import org.mockito.quality.Strictness; |
||||
|
||||
@ExtendWith(MockitoExtension.class) |
||||
@MockitoSettings(strictness = Strictness.LENIENT) |
||||
public class NettyTLSConnectionInitializerTest { |
||||
|
||||
private static final String PEER_HOST = "hyperledger.org"; |
||||
private static final int PEER_PORT = 30303; |
||||
@Mock private NodeKey nodeKey; |
||||
@Mock private RlpxConfiguration rlpxConfiguration; |
||||
@Mock private LocalNode localNode; |
||||
@Mock private PeerConnectionEventDispatcher eventDispatcher; |
||||
@Mock private TLSContextFactory tlsContextFactory; |
||||
@Mock private SslContext clientSslContext; |
||||
@Mock private SslContext serverSslContext; |
||||
@Mock private SslHandler clientSslHandler; |
||||
@Mock private SslHandler serverSslHandler; |
||||
@Mock private Peer peer; |
||||
@Mock private EnodeURL enodeURL; |
||||
|
||||
private NettyTLSConnectionInitializer nettyTLSConnectionInitializer; |
||||
|
||||
@BeforeEach |
||||
public void before() throws Exception { |
||||
nettyTLSConnectionInitializer = createNettyTLSConnectionInitializer(false); |
||||
|
||||
when(tlsContextFactory.createNettyServerSslContext()).thenReturn(serverSslContext); |
||||
when(serverSslContext.newHandler(any())).thenReturn(serverSslHandler); |
||||
|
||||
when(tlsContextFactory.createNettyClientSslContext()).thenReturn(clientSslContext); |
||||
when(clientSslContext.newHandler(any())).thenReturn(clientSslHandler); |
||||
when(peer.getEnodeURL()).thenReturn(enodeURL); |
||||
when(enodeURL.getHost()).thenReturn(PEER_HOST); |
||||
when(enodeURL.getListeningPort()).thenReturn(Optional.of(PEER_PORT)); |
||||
} |
||||
|
||||
private NettyTLSConnectionInitializer createNettyTLSConnectionInitializer( |
||||
final boolean clientHelloSniHeaderEnabled) { |
||||
return new NettyTLSConnectionInitializer( |
||||
nodeKey, |
||||
rlpxConfiguration, |
||||
localNode, |
||||
eventDispatcher, |
||||
new NoOpMetricsSystem(), |
||||
() -> tlsContextFactory, |
||||
clientHelloSniHeaderEnabled, |
||||
new PeerTable(Bytes.random(64))); |
||||
} |
||||
|
||||
@Test |
||||
public void addAdditionalOutboundHandlersIncludesAllExpectedHandlersToChannelPipeline() |
||||
throws Exception { |
||||
final EmbeddedChannel embeddedChannel = new EmbeddedChannel(); |
||||
nettyTLSConnectionInitializer.addAdditionalOutboundHandlers(embeddedChannel, peer); |
||||
|
||||
// TLS
|
||||
assertThat(embeddedChannel.pipeline().get(SslHandler.class)).isEqualTo(clientSslHandler); |
||||
|
||||
// Snappy compression
|
||||
assertThat(embeddedChannel.pipeline().get(SnappyFrameDecoder.class)).isNotNull(); |
||||
assertThat(embeddedChannel.pipeline().get(SnappyFrameEncoder.class)).isNotNull(); |
||||
|
||||
// Message Framing
|
||||
assertThat(embeddedChannel.pipeline().get(LengthFieldBasedFrameDecoder.class)).isNotNull(); |
||||
assertThat(embeddedChannel.pipeline().get(LengthFieldPrepender.class)).isNotNull(); |
||||
|
||||
assertHandlersOrderInPipeline(embeddedChannel.pipeline()); |
||||
} |
||||
|
||||
@Test |
||||
public void addAdditionalOutboundHandlersUsesSslHandlerWithSniHeaderEnabledIfConfigured() |
||||
throws Exception { |
||||
nettyTLSConnectionInitializer = createNettyTLSConnectionInitializer(true); |
||||
when(clientSslContext.newHandler(any(), eq(PEER_HOST), eq(PEER_PORT))) |
||||
.thenReturn(clientSslHandler); |
||||
|
||||
final EmbeddedChannel embeddedChannel = new EmbeddedChannel(); |
||||
nettyTLSConnectionInitializer.addAdditionalOutboundHandlers(embeddedChannel, peer); |
||||
|
||||
// Handler with SNI params was created
|
||||
verify(clientSslContext).newHandler(any(), eq(PEER_HOST), eq(PEER_PORT)); |
||||
|
||||
// Other handlers are still present as expected
|
||||
assertHandlersOrderInPipeline(embeddedChannel.pipeline()); |
||||
} |
||||
|
||||
@Test |
||||
public void addAdditionalInboundHandlersIncludesAllExpectedHandlersToChannelPipeline() |
||||
throws Exception { |
||||
final EmbeddedChannel embeddedChannel = new EmbeddedChannel(); |
||||
nettyTLSConnectionInitializer.addAdditionalInboundHandlers(embeddedChannel); |
||||
|
||||
// TLS
|
||||
assertThat(embeddedChannel.pipeline().get(SslHandler.class)).isEqualTo(serverSslHandler); |
||||
|
||||
// Snappy compression
|
||||
assertThat(embeddedChannel.pipeline().get(SnappyFrameDecoder.class)).isNotNull(); |
||||
assertThat(embeddedChannel.pipeline().get(SnappyFrameEncoder.class)).isNotNull(); |
||||
|
||||
// Message Framing
|
||||
assertThat(embeddedChannel.pipeline().get(LengthFieldBasedFrameDecoder.class)).isNotNull(); |
||||
assertThat(embeddedChannel.pipeline().get(LengthFieldPrepender.class)).isNotNull(); |
||||
|
||||
assertHandlersOrderInPipeline(embeddedChannel.pipeline()); |
||||
} |
||||
|
||||
private void assertHandlersOrderInPipeline(final ChannelPipeline pipeline) { |
||||
// Appending '#0' because Netty adds it to the handler's names
|
||||
final ArrayList<String> expectedHandlerNamesInOrder = |
||||
new ArrayList<>( |
||||
ImmutableList.of( |
||||
"SslHandler#0", |
||||
"SnappyFrameDecoder#0", |
||||
"SnappyFrameEncoder#0", |
||||
"LengthFieldBasedFrameDecoder#0", |
||||
"LengthFieldPrepender#0", |
||||
"DefaultChannelPipeline$TailContext#0")); // This final handler is Netty's default
|
||||
|
||||
final List<String> actualHandlerNamesInOrder = pipeline.names(); |
||||
assertThat(actualHandlerNamesInOrder).isEqualTo(expectedHandlerNamesInOrder); |
||||
} |
||||
|
||||
@Test |
||||
public void defaultTlsContextFactorySupplierThrowsErrorWithNullTLSConfiguration() { |
||||
assertThatThrownBy(() -> NettyTLSConnectionInitializer.defaultTlsContextFactorySupplier(null)) |
||||
.isInstanceOf(IllegalStateException.class) |
||||
.hasMessage("TLSConfiguration cannot be null when using TLS"); |
||||
} |
||||
|
||||
@Test |
||||
public void defaultTlsContextFactorySupplierCapturesInternalError() { |
||||
final TLSConfiguration tlsConfiguration = mock(TLSConfiguration.class); |
||||
when(tlsConfiguration.getKeyStoreType()).thenThrow(new RuntimeException()); |
||||
|
||||
assertThatThrownBy( |
||||
() -> |
||||
NettyTLSConnectionInitializer.defaultTlsContextFactorySupplier(tlsConfiguration) |
||||
.get()) |
||||
.isInstanceOf(IllegalStateException.class) |
||||
.hasMessage("Error creating TLSContextFactory"); |
||||
} |
||||
} |
||||
@ -1,504 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty; |
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat; |
||||
import static org.hyperledger.besu.pki.keystore.KeyStoreWrapper.KEYSTORE_TYPE_PKCS12; |
||||
|
||||
import org.hyperledger.besu.pki.PkiException; |
||||
import org.hyperledger.besu.pki.keystore.HardwareKeyStoreWrapper; |
||||
import org.hyperledger.besu.pki.keystore.KeyStoreWrapper; |
||||
import org.hyperledger.besu.pki.keystore.SoftwareKeyStoreWrapper; |
||||
|
||||
import java.net.InetSocketAddress; |
||||
import java.nio.file.Path; |
||||
import java.util.Arrays; |
||||
import java.util.Collection; |
||||
import java.util.Optional; |
||||
import java.util.concurrent.CountDownLatch; |
||||
import java.util.concurrent.TimeUnit; |
||||
|
||||
import io.netty.bootstrap.Bootstrap; |
||||
import io.netty.bootstrap.ServerBootstrap; |
||||
import io.netty.buffer.ByteBuf; |
||||
import io.netty.buffer.Unpooled; |
||||
import io.netty.channel.Channel; |
||||
import io.netty.channel.ChannelFuture; |
||||
import io.netty.channel.ChannelHandlerContext; |
||||
import io.netty.channel.ChannelInboundHandlerAdapter; |
||||
import io.netty.channel.ChannelInitializer; |
||||
import io.netty.channel.EventLoopGroup; |
||||
import io.netty.channel.nio.NioEventLoopGroup; |
||||
import io.netty.channel.socket.SocketChannel; |
||||
import io.netty.channel.socket.nio.NioServerSocketChannel; |
||||
import io.netty.channel.socket.nio.NioSocketChannel; |
||||
import io.netty.handler.ssl.SslContext; |
||||
import io.netty.handler.ssl.SslHandler; |
||||
import org.junit.jupiter.api.AfterEach; |
||||
import org.junit.jupiter.api.BeforeEach; |
||||
import org.junit.jupiter.api.Test; |
||||
import org.junit.jupiter.api.condition.DisabledOnOs; |
||||
import org.junit.jupiter.api.condition.OS; |
||||
import org.junit.jupiter.params.ParameterizedTest; |
||||
import org.junit.jupiter.params.provider.MethodSource; |
||||
import org.slf4j.Logger; |
||||
import org.slf4j.LoggerFactory; |
||||
|
||||
class TLSContextFactoryTest { |
||||
|
||||
// see resources/keys/README.md for setup details.
|
||||
private static final String keystorePassword = "test123"; |
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(TLSContextFactoryTest.class); |
||||
|
||||
private static final int MAX_NUMBER_MESSAGES = 10; |
||||
private static final String CRL_PEM = "/keys/crl/crl.pem"; |
||||
private static final String PARTNER1_CLIENT1_PKCS11 = "/keys/partner1client1/nss.cfg"; |
||||
private static final String PARTNER1_CLIENT1_KEYSTORE = "/keys/partner1client1/client1.p12"; |
||||
private static final String PARTNET1_CLIENT2_KEYSTORE = "/keys/partner1client2rvk/client2.p12"; |
||||
private static final String PARTNER2_CLIENT1_KEYSTORE = "/keys/partner2client1/client1.p12"; |
||||
private static final String PARTNER2_CLIENT2_KEYSTORE = "/keys/partner2client2rvk/client2.p12"; |
||||
private static final String INVALIDPARTNER1_CLIENT1_KEYSTORE = |
||||
"/keys/invalidpartner1client1/client1.p12"; |
||||
|
||||
private static final String PARTNER1_CLIENT1_TRUSTSTORE = "/keys/partner1client1/truststore.p12"; |
||||
private static final String PARTNET1_CLIENT2_TRUSTSTORE = |
||||
"/keys/partner1client2rvk/truststore.p12"; |
||||
private static final String PARTNER2_CLIENT1_TRUSTSTORE = "/keys/partner2client1/truststore.p12"; |
||||
private static final String PARTNER2_CLIENT2_TRUSTSTORE = |
||||
"/keys/partner2client2rvk/truststore.p12"; |
||||
private static final String INVALIDPARTNER1_CLIENT1_TRUSTSTORE = |
||||
"/keys/invalidpartner1client1/truststore.p12"; |
||||
|
||||
private Server server; |
||||
private Client client; |
||||
|
||||
static Collection<Object[]> hardwareKeysData() { |
||||
return Arrays.asList( |
||||
new Object[][] { |
||||
{ |
||||
"PKCS11 server Partner1 Client1 -> PKCS12 client Partner2 Client1 SuccessfulConnection", |
||||
true, |
||||
getHardwareKeyStoreWrapper(PARTNER1_CLIENT1_PKCS11, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT1_KEYSTORE, PARTNER2_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
Optional.empty(), |
||||
Optional.empty() |
||||
}, |
||||
{ |
||||
"PKCS11 server Partner1 Client1 -> PKCS12 client InvalidPartner1 Client1 FailedConnection", |
||||
false, |
||||
getHardwareKeyStoreWrapper(PARTNER1_CLIENT1_PKCS11, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
INVALIDPARTNER1_CLIENT1_KEYSTORE, INVALIDPARTNER1_CLIENT1_TRUSTSTORE, null), |
||||
Optional.empty(), |
||||
Optional.of("certificate_unknown") |
||||
}, |
||||
{ |
||||
"PKCS11 server Partner1 Client1 -> PKCS12 client Partner2 Client2 revoked FailedConnection", |
||||
false, |
||||
getHardwareKeyStoreWrapper(PARTNER1_CLIENT1_PKCS11, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT2_KEYSTORE, PARTNER2_CLIENT2_TRUSTSTORE, null), |
||||
Optional.of("Certificate revoked"), |
||||
Optional.of("certificate_unknown") |
||||
}, |
||||
}); |
||||
} |
||||
|
||||
static Collection<Object[]> softwareKeysData() { |
||||
return Arrays.asList( |
||||
new Object[][] { |
||||
{ |
||||
"PKCS12 server Partner1 Client1 -> PKCS12 client Partner2 Client1 SuccessfulConnection", |
||||
true, |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER1_CLIENT1_KEYSTORE, PARTNER1_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT1_KEYSTORE, PARTNER2_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
Optional.empty(), |
||||
Optional.empty() |
||||
}, |
||||
{ |
||||
"PKCS12 server Partner2 Client1 -> PKCS12 client Partner1 Client1 SuccessfulConnection", |
||||
true, |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT1_KEYSTORE, PARTNER2_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER1_CLIENT1_KEYSTORE, PARTNER1_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
Optional.empty(), |
||||
Optional.empty() |
||||
}, |
||||
{ |
||||
"PKCS12 server Partner1 Client1 -> PKCS12 client InvalidPartner1 Client1 FailedConnection", |
||||
false, |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER1_CLIENT1_KEYSTORE, PARTNER1_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
INVALIDPARTNER1_CLIENT1_KEYSTORE, INVALIDPARTNER1_CLIENT1_TRUSTSTORE, null), |
||||
Optional.empty(), |
||||
Optional.of("certificate_unknown") |
||||
}, |
||||
{ |
||||
"PKCS12 server InvalidPartner1 Client1 -> PKCS12 client Partner1 Client1 FailedConnection", |
||||
false, |
||||
getSoftwareKeyStoreWrapper( |
||||
INVALIDPARTNER1_CLIENT1_KEYSTORE, INVALIDPARTNER1_CLIENT1_TRUSTSTORE, null), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER1_CLIENT1_KEYSTORE, PARTNER1_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
Optional.of("certificate_unknown"), |
||||
Optional.empty() |
||||
}, |
||||
{ |
||||
"PKCS12 server Partner1 Client2 (revoked) -> PKCS12 client Partner2 Client1 FailedConnection", |
||||
false, |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNET1_CLIENT2_KEYSTORE, PARTNET1_CLIENT2_TRUSTSTORE, null), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT1_KEYSTORE, PARTNER2_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
Optional.empty(), |
||||
Optional.of("Certificate revoked") |
||||
}, |
||||
{ |
||||
"PKCS12 server Partner2 Client1 -> PKCS12 client Partner1 Client2 (revoked) FailedConnection", |
||||
false, |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT1_KEYSTORE, PARTNER2_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNET1_CLIENT2_KEYSTORE, PARTNET1_CLIENT2_TRUSTSTORE, null), |
||||
Optional.of("Certificate revoked"), |
||||
Optional.of("certificate_unknown") |
||||
}, |
||||
{ |
||||
"PKCS12 server Partner2 Client2 (revoked) -> PKCS12 client Partner1 Client1 FailedConnection", |
||||
false, |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT2_KEYSTORE, PARTNER2_CLIENT2_TRUSTSTORE, null), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER1_CLIENT1_KEYSTORE, PARTNER1_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
Optional.empty(), |
||||
Optional.of("Certificate revoked"), |
||||
}, |
||||
{ |
||||
"PKCS12 server Partner1 Client1 -> PKCS12 client Partner2 Client2 (revoked) FailedConnection", |
||||
false, |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER1_CLIENT1_KEYSTORE, PARTNER1_CLIENT1_TRUSTSTORE, CRL_PEM), |
||||
getSoftwareKeyStoreWrapper( |
||||
PARTNER2_CLIENT2_KEYSTORE, PARTNER2_CLIENT2_TRUSTSTORE, null), |
||||
Optional.of("Certificate revoked"), |
||||
Optional.of("certificate_unknown") |
||||
} |
||||
}); |
||||
} |
||||
|
||||
@BeforeEach |
||||
void init() {} |
||||
|
||||
@AfterEach |
||||
void tearDown() { |
||||
if (client != null) { |
||||
client.stop(); |
||||
} |
||||
if (server != null) { |
||||
server.stop(); |
||||
} |
||||
} |
||||
|
||||
private static Path toPath(final String path) throws Exception { |
||||
return null == path ? null : Path.of(TLSContextFactoryTest.class.getResource(path).toURI()); |
||||
} |
||||
|
||||
private static KeyStoreWrapper getHardwareKeyStoreWrapper( |
||||
final String config, final String crlLocation) { |
||||
try { |
||||
return new HardwareKeyStoreWrapper(keystorePassword, toPath(config), toPath(crlLocation)); |
||||
} catch (final Exception e) { |
||||
// Not a mac, probably a production build. Full failure.
|
||||
throw new PkiException("Failed to initialize hardware keystore", e); |
||||
} |
||||
} |
||||
|
||||
private static KeyStoreWrapper getSoftwareKeyStoreWrapper( |
||||
final String jksKeyStore, final String trustStore, final String crl) { |
||||
try { |
||||
return new SoftwareKeyStoreWrapper( |
||||
KEYSTORE_TYPE_PKCS12, |
||||
toPath(jksKeyStore), |
||||
keystorePassword, |
||||
KEYSTORE_TYPE_PKCS12, |
||||
toPath(trustStore), |
||||
keystorePassword, |
||||
toPath(crl)); |
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to initialize software keystore", e); |
||||
} |
||||
} |
||||
|
||||
@ParameterizedTest(name = "{index}: {0}") |
||||
@MethodSource("softwareKeysData") |
||||
@DisabledOnOs(OS.MAC) |
||||
void testConnectionSoftwareKeys( |
||||
final String ignoredTestDescription, |
||||
final boolean testSuccess, |
||||
final KeyStoreWrapper serverKeyStoreWrapper, |
||||
final KeyStoreWrapper clientKeyStoreWrapper, |
||||
final Optional<String> serverFailureMessage, |
||||
final Optional<String> clientFailureMessage) |
||||
throws Exception { |
||||
testConnection( |
||||
testSuccess, |
||||
serverKeyStoreWrapper, |
||||
clientKeyStoreWrapper, |
||||
serverFailureMessage, |
||||
clientFailureMessage); |
||||
} |
||||
|
||||
@ParameterizedTest(name = "{index}: {0}") |
||||
@MethodSource("hardwareKeysData") |
||||
@DisabledOnOs(OS.MAC) |
||||
void testConnectionHardwareKeys( |
||||
final String ignoredTestDescription, |
||||
final boolean testSuccess, |
||||
final KeyStoreWrapper serverKeyStoreWrapper, |
||||
final KeyStoreWrapper clientKeyStoreWrapper, |
||||
final Optional<String> serverFailureMessage, |
||||
final Optional<String> clientFailureMessage) |
||||
throws Exception { |
||||
testConnection( |
||||
testSuccess, |
||||
serverKeyStoreWrapper, |
||||
clientKeyStoreWrapper, |
||||
serverFailureMessage, |
||||
clientFailureMessage); |
||||
} |
||||
|
||||
private void testConnection( |
||||
final boolean testSuccess, |
||||
final KeyStoreWrapper serverKeyStoreWrapper, |
||||
final KeyStoreWrapper clientKeyStoreWrapper, |
||||
final Optional<String> serverFailureMessage, |
||||
final Optional<String> clientFailureMessage) |
||||
throws Exception { |
||||
final CountDownLatch serverLatch = new CountDownLatch(MAX_NUMBER_MESSAGES); |
||||
final CountDownLatch clientLatch = new CountDownLatch(MAX_NUMBER_MESSAGES); |
||||
server = startServer(serverKeyStoreWrapper, serverLatch); |
||||
client = startClient(server.port, clientKeyStoreWrapper, clientLatch); |
||||
|
||||
if (testSuccess) { |
||||
client.getChannelFuture().channel().writeAndFlush(Unpooled.copyInt(0)); |
||||
final boolean allMessagesServerExchanged = serverLatch.await(10, TimeUnit.SECONDS); |
||||
final boolean allMessagesClientExchanged = clientLatch.await(10, TimeUnit.SECONDS); |
||||
assertThat(allMessagesClientExchanged && allMessagesServerExchanged).isTrue(); |
||||
} else { |
||||
try { |
||||
client.getChannelFuture().channel().writeAndFlush(Unpooled.copyInt(0)).sync(); |
||||
serverLatch.await(2, TimeUnit.SECONDS); |
||||
assertThat(client.getChannelFuture().channel().isActive()).isFalse(); |
||||
|
||||
if (serverFailureMessage.isPresent()) { |
||||
assertThat(server.getCause()).isNotEmpty(); |
||||
assertThat(server.getCause().get()).hasMessageContaining(serverFailureMessage.get()); |
||||
} else { |
||||
assertThat(server.getCause()).isEmpty(); |
||||
} |
||||
|
||||
if (clientFailureMessage.isPresent()) { |
||||
assertThat(client.getCause()).isNotEmpty(); |
||||
assertThat(client.getCause().get()).hasMessageContaining(clientFailureMessage.get()); |
||||
} else { |
||||
assertThat(client.getCause()).isEmpty(); |
||||
} |
||||
} catch (final Exception e) { |
||||
// NOOP
|
||||
} |
||||
} |
||||
} |
||||
|
||||
private Server startServer(final KeyStoreWrapper keyStoreWrapper, final CountDownLatch latch) |
||||
throws Exception { |
||||
|
||||
final Server nettyServer = new Server(keystorePassword, keyStoreWrapper, latch); |
||||
nettyServer.start(); |
||||
return nettyServer; |
||||
} |
||||
|
||||
private Client startClient( |
||||
final int port, final KeyStoreWrapper keyStoreWrapper, final CountDownLatch latch) |
||||
throws Exception { |
||||
|
||||
final Client nettyClient = new Client(port, keystorePassword, keyStoreWrapper, latch); |
||||
nettyClient.start(); |
||||
return nettyClient; |
||||
} |
||||
|
||||
static class MessageHandler extends ChannelInboundHandlerAdapter { |
||||
private final String id; |
||||
private final CountDownLatch latch; |
||||
|
||||
private Throwable cause; |
||||
|
||||
MessageHandler(final String id, final CountDownLatch latch) { |
||||
this.id = id; |
||||
this.latch = latch; |
||||
} |
||||
|
||||
@Override |
||||
public void channelRead(final ChannelHandlerContext ctx, final Object msg) |
||||
throws InterruptedException { |
||||
final int message = ((ByteBuf) msg).readInt(); |
||||
LOG.info("[" + id + "] Received message: " + message); |
||||
|
||||
if (message < 2 * MAX_NUMBER_MESSAGES) { |
||||
final int replyMessage = message + 1; |
||||
ctx.writeAndFlush(Unpooled.copyInt(replyMessage)).sync(); |
||||
LOG.info("[" + id + "] Sent message: " + replyMessage); |
||||
this.latch.countDown(); |
||||
LOG.info("Remaining {}", this.latch.getCount()); |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public void exceptionCaught(final ChannelHandlerContext ctx, final Throwable cause) |
||||
throws Exception { |
||||
this.cause = cause; |
||||
} |
||||
|
||||
public Optional<Throwable> getCause() { |
||||
return Optional.ofNullable(cause); |
||||
} |
||||
} |
||||
|
||||
static class Client { |
||||
int port; |
||||
private final String keystorePassword; |
||||
private final KeyStoreWrapper keyStoreWrapper; |
||||
private final CountDownLatch latch; |
||||
|
||||
private ChannelFuture channelFuture; |
||||
private final EventLoopGroup group = new NioEventLoopGroup(); |
||||
private MessageHandler messageHandler; |
||||
|
||||
ChannelFuture getChannelFuture() { |
||||
return channelFuture; |
||||
} |
||||
|
||||
Client( |
||||
final int port, |
||||
final String keystorePassword, |
||||
final KeyStoreWrapper keyStoreWrapper, |
||||
final CountDownLatch latch) { |
||||
this.port = port; |
||||
this.keystorePassword = keystorePassword; |
||||
this.keyStoreWrapper = keyStoreWrapper; |
||||
this.latch = latch; |
||||
} |
||||
|
||||
void start() throws Exception { |
||||
final Bootstrap b = new Bootstrap(); |
||||
b.group(group); |
||||
b.channel(NioSocketChannel.class); |
||||
b.handler( |
||||
new ChannelInitializer<SocketChannel>() { |
||||
@Override |
||||
protected void initChannel(final SocketChannel socketChannel) throws Exception { |
||||
final SslContext sslContext = |
||||
TLSContextFactory.getInstance(keystorePassword, keyStoreWrapper) |
||||
.createNettyClientSslContext(); |
||||
|
||||
final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc()); |
||||
socketChannel.pipeline().addFirst("ssl", sslHandler); |
||||
messageHandler = new MessageHandler("Client", latch); |
||||
socketChannel.pipeline().addLast(messageHandler); |
||||
} |
||||
}); |
||||
|
||||
this.channelFuture = b.connect("127.0.0.1", this.port).sync(); |
||||
} |
||||
|
||||
void stop() { |
||||
group.shutdownGracefully(); |
||||
messageHandler = null; |
||||
} |
||||
|
||||
Optional<Throwable> getCause() { |
||||
return messageHandler != null ? messageHandler.getCause() : Optional.empty(); |
||||
} |
||||
} |
||||
|
||||
static class Server { |
||||
private int port; |
||||
private final String keystorePassword; |
||||
private final KeyStoreWrapper keyStoreWrapper; |
||||
private final CountDownLatch latch; |
||||
|
||||
private Channel channel; |
||||
|
||||
private final EventLoopGroup parentGroup = new NioEventLoopGroup(); |
||||
private final EventLoopGroup childGroup = new NioEventLoopGroup(); |
||||
|
||||
private MessageHandler messageHandler; |
||||
|
||||
Server( |
||||
final String keystorePassword, |
||||
final KeyStoreWrapper keyStoreWrapper, |
||||
final CountDownLatch latch) { |
||||
this.keystorePassword = keystorePassword; |
||||
this.keyStoreWrapper = keyStoreWrapper; |
||||
this.latch = latch; |
||||
} |
||||
|
||||
void start() throws Exception { |
||||
final ServerBootstrap sb = new ServerBootstrap(); |
||||
sb.group(parentGroup, childGroup) |
||||
.channel(NioServerSocketChannel.class) |
||||
.childHandler( |
||||
new ChannelInitializer<SocketChannel>() { |
||||
@Override |
||||
public void initChannel(final SocketChannel socketChannel) throws Exception { |
||||
final SslContext sslContext = |
||||
TLSContextFactory.getInstance(keystorePassword, keyStoreWrapper) |
||||
.createNettyServerSslContext(); |
||||
final SslHandler sslHandler = sslContext.newHandler(channel.alloc()); |
||||
socketChannel.pipeline().addFirst("ssl", sslHandler); |
||||
|
||||
socketChannel |
||||
.pipeline() |
||||
.addLast(messageHandler = new MessageHandler("Server", latch)); |
||||
} |
||||
}); |
||||
|
||||
final ChannelFuture cf = sb.bind(0).sync(); |
||||
this.channel = cf.channel(); |
||||
this.port = ((InetSocketAddress) channel.localAddress()).getPort(); |
||||
} |
||||
|
||||
void stop() { |
||||
childGroup.shutdownGracefully(); |
||||
parentGroup.shutdownGracefully(); |
||||
} |
||||
|
||||
Optional<Throwable> getCause() { |
||||
return messageHandler != null ? messageHandler.getCause() : Optional.empty(); |
||||
} |
||||
} |
||||
|
||||
@Test |
||||
void dryRunDetector() { |
||||
assertThat(true) |
||||
.withFailMessage("This test is here so gradle --dry-run executes this class") |
||||
.isTrue(); |
||||
} |
||||
} |
||||
@ -1,49 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0 |
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
|
||||
apply plugin: 'java-library' |
||||
|
||||
jar { |
||||
archiveBaseName = 'besu-pki' |
||||
manifest { |
||||
attributes( |
||||
'Specification-Title': archiveBaseName, |
||||
'Specification-Version': project.version, |
||||
'Implementation-Title': archiveBaseName, |
||||
'Implementation-Version': calculateVersion(), |
||||
'Commit-Hash': getGitCommitDetails(40).hash |
||||
) |
||||
} |
||||
} |
||||
|
||||
dependencies { |
||||
api 'org.slf4j:slf4j-api' |
||||
|
||||
implementation 'com.google.guava:guava' |
||||
implementation 'io.tmio:tuweni-bytes' |
||||
implementation 'org.bouncycastle:bcpkix-jdk18on' |
||||
|
||||
testImplementation 'org.junit.jupiter:junit-jupiter' |
||||
testImplementation 'org.mockito:mockito-core' |
||||
testImplementation 'org.mockito:mockito-junit-jupiter' |
||||
} |
||||
|
||||
configurations { testArtifacts } |
||||
tasks.register('testJar', Jar) { |
||||
archiveBaseName = "${project.name}-test" |
||||
from sourceSets.test.output |
||||
} |
||||
|
||||
artifacts { testArtifacts testJar } |
||||
@ -1,54 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki; |
||||
|
||||
/** The Pki exception. */ |
||||
public class PkiException extends RuntimeException { |
||||
|
||||
private static final long serialVersionUID = 1L; |
||||
|
||||
/** Instantiates a new Pki exception. */ |
||||
public PkiException() { |
||||
super(); |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Pki exception. |
||||
* |
||||
* @param message the message |
||||
*/ |
||||
public PkiException(final String message) { |
||||
super(message); |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Pki exception. |
||||
* |
||||
* @param message the message |
||||
* @param t the Throwable cause |
||||
*/ |
||||
public PkiException(final String message, final Throwable t) { |
||||
super(message, t); |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Pki exception. |
||||
* |
||||
* @param t the Throwable cause |
||||
*/ |
||||
public PkiException(final Throwable t) { |
||||
super(t); |
||||
} |
||||
} |
||||
@ -1,142 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.cms; |
||||
|
||||
import org.hyperledger.besu.pki.keystore.KeyStoreWrapper; |
||||
|
||||
import java.security.PrivateKey; |
||||
import java.security.PublicKey; |
||||
import java.security.Security; |
||||
import java.security.cert.X509Certificate; |
||||
import java.security.interfaces.ECPublicKey; |
||||
import java.security.spec.EllipticCurve; |
||||
import java.util.List; |
||||
import java.util.stream.Collectors; |
||||
import java.util.stream.Stream; |
||||
|
||||
import com.google.common.annotations.VisibleForTesting; |
||||
import org.apache.tuweni.bytes.Bytes; |
||||
import org.bouncycastle.cert.jcajce.JcaCertStore; |
||||
import org.bouncycastle.cms.CMSProcessableByteArray; |
||||
import org.bouncycastle.cms.CMSSignedData; |
||||
import org.bouncycastle.cms.CMSSignedDataGenerator; |
||||
import org.bouncycastle.cms.CMSTypedData; |
||||
import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; |
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider; |
||||
import org.bouncycastle.operator.ContentSigner; |
||||
import org.bouncycastle.operator.DigestCalculatorProvider; |
||||
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; |
||||
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; |
||||
import org.bouncycastle.util.Store; |
||||
|
||||
/** The Cms creator. */ |
||||
public class CmsCreator { |
||||
|
||||
static { |
||||
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { |
||||
Security.addProvider(new BouncyCastleProvider()); |
||||
} |
||||
} |
||||
|
||||
private final String certificateAlias; |
||||
private final KeyStoreWrapper keyStore; |
||||
|
||||
/** |
||||
* Instantiates a new Cms creator. |
||||
* |
||||
* @param keyStore the key store |
||||
* @param certificateAlias the certificate alias |
||||
*/ |
||||
public CmsCreator(final KeyStoreWrapper keyStore, final String certificateAlias) { |
||||
this.keyStore = keyStore; |
||||
this.certificateAlias = certificateAlias; |
||||
} |
||||
|
||||
/** |
||||
* Creates a CMS message with the content parameter, signed with the certificate with alias |
||||
* defined in the {@code CmsCreator} constructor. The certificate chain is also included so the |
||||
* recipient has the information needed to build a trusted certificate path when validating this |
||||
* message. |
||||
* |
||||
* @param contentToSign the content that will be signed and added to the message |
||||
* @return the CMS message bytes |
||||
*/ |
||||
@SuppressWarnings("rawtypes") |
||||
public Bytes create(final Bytes contentToSign) { |
||||
try { |
||||
// Certificates that will be sent
|
||||
final List<X509Certificate> x509Certificates = |
||||
Stream.of(keyStore.getCertificateChain(certificateAlias)) |
||||
.map(X509Certificate.class::cast) |
||||
.collect(Collectors.toList()); |
||||
final Store certs = new JcaCertStore(x509Certificates); |
||||
|
||||
// Private key of the certificate that will sign the message
|
||||
final PrivateKey privateKey = keyStore.getPrivateKey(certificateAlias); |
||||
|
||||
final ContentSigner contentSigner = |
||||
new JcaContentSignerBuilder( |
||||
getPreferredSignatureAlgorithm(keyStore.getPublicKey(certificateAlias))) |
||||
.build(privateKey); |
||||
|
||||
final CMSSignedDataGenerator cmsGenerator = new CMSSignedDataGenerator(); |
||||
|
||||
// Additional intermediate certificates for path building
|
||||
cmsGenerator.addCertificates(certs); |
||||
|
||||
final DigestCalculatorProvider digestCalculatorProvider = |
||||
new JcaDigestCalculatorProviderBuilder().setProvider("BC").build(); |
||||
// The first certificate in the list (leaf certificate is the signer)
|
||||
cmsGenerator.addSignerInfoGenerator( |
||||
new JcaSignerInfoGeneratorBuilder(digestCalculatorProvider) |
||||
.build(contentSigner, x509Certificates.get(0))); |
||||
|
||||
// Add signed content
|
||||
final CMSTypedData cmsData = new CMSProcessableByteArray(contentToSign.toArray()); |
||||
final CMSSignedData cmsSignedData = cmsGenerator.generate(cmsData, false); |
||||
|
||||
return Bytes.wrap(cmsSignedData.getEncoded()); |
||||
} catch (final Exception e) { |
||||
throw new RuntimeException("Error creating CMS data", e); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Gets preferred signature algorithm for EC or RSA keys |
||||
* |
||||
* @param pub the public key |
||||
* @return the preferred signature algorithm |
||||
*/ |
||||
@VisibleForTesting |
||||
public static String getPreferredSignatureAlgorithm(final PublicKey pub) { |
||||
switch (pub.getAlgorithm()) { |
||||
case "EC" -> { |
||||
final EllipticCurve curve = ((ECPublicKey) pub).getParams().getCurve(); |
||||
return switch (curve.getField().getFieldSize()) { |
||||
case 224, 256 -> "SHA256withECDSA"; |
||||
case 384 -> "SHA384withECDSA"; |
||||
case 521 -> "SHA512withECDSA"; |
||||
default -> throw new IllegalArgumentException("Elliptic curve not supported: " + curve); |
||||
}; |
||||
} |
||||
case "RSA" -> { |
||||
return "SHA256WithRSAEncryption"; |
||||
} |
||||
default -> |
||||
throw new UnsupportedOperationException( |
||||
"Private key algorithm not supported: " + pub.getAlgorithm()); |
||||
} |
||||
} |
||||
} |
||||
@ -1,203 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.cms; |
||||
|
||||
import org.hyperledger.besu.pki.keystore.KeyStoreWrapper; |
||||
|
||||
import java.security.Security; |
||||
import java.security.cert.CertPathBuilder; |
||||
import java.security.cert.CertPathBuilderException; |
||||
import java.security.cert.CertStore; |
||||
import java.security.cert.CollectionCertStoreParameters; |
||||
import java.security.cert.PKIXBuilderParameters; |
||||
import java.security.cert.PKIXRevocationChecker; |
||||
import java.security.cert.PKIXRevocationChecker.Option; |
||||
import java.security.cert.X509CertSelector; |
||||
import java.security.cert.X509Certificate; |
||||
import java.util.Collection; |
||||
import java.util.EnumSet; |
||||
import java.util.Optional; |
||||
|
||||
import org.apache.tuweni.bytes.Bytes; |
||||
import org.bouncycastle.cert.X509CertificateHolder; |
||||
import org.bouncycastle.cert.jcajce.JcaCertStoreBuilder; |
||||
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; |
||||
import org.bouncycastle.cms.CMSException; |
||||
import org.bouncycastle.cms.CMSProcessableByteArray; |
||||
import org.bouncycastle.cms.CMSSignedData; |
||||
import org.bouncycastle.cms.SignerInformation; |
||||
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder; |
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider; |
||||
import org.bouncycastle.util.Store; |
||||
import org.slf4j.Logger; |
||||
import org.slf4j.LoggerFactory; |
||||
|
||||
/** The Cms validator. */ |
||||
public class CmsValidator { |
||||
|
||||
static { |
||||
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { |
||||
Security.addProvider(new BouncyCastleProvider()); |
||||
} |
||||
} |
||||
|
||||
private static final Logger LOGGER = LoggerFactory.getLogger(CmsValidator.class); |
||||
|
||||
private final KeyStoreWrapper truststore; |
||||
|
||||
/** |
||||
* Instantiates a new Cms validator. |
||||
* |
||||
* @param truststore the truststore |
||||
*/ |
||||
public CmsValidator(final KeyStoreWrapper truststore) { |
||||
this.truststore = truststore; |
||||
} |
||||
|
||||
/** |
||||
* Verifies that a CMS message signed content matched the expected content, and that the message |
||||
* signer is from a certificate that is trusted (has permission to propose a block) |
||||
* |
||||
* @param cms the CMS message bytes |
||||
* @param expectedContent the expected signed content in the CMS message |
||||
* @return true, if the signed content matched the expected content and the signer's certificate |
||||
* is trusted, otherwise returns false. |
||||
*/ |
||||
public boolean validate(final Bytes cms, final Bytes expectedContent) { |
||||
if (cms == null || cms.isEmpty()) { |
||||
return false; |
||||
} |
||||
|
||||
try { |
||||
LOGGER.trace("Validating CMS message"); |
||||
|
||||
final CMSSignedData cmsSignedData = |
||||
new CMSSignedData(new CMSProcessableByteArray(expectedContent.toArray()), cms.toArray()); |
||||
final X509Certificate signerCertificate = getSignerCertificate(cmsSignedData); |
||||
|
||||
// Validate msg signature and content
|
||||
if (!isSignatureValid(signerCertificate, cmsSignedData)) { |
||||
return false; |
||||
} |
||||
|
||||
// Validate certificate trust
|
||||
if (!isCertificateTrusted(signerCertificate, cmsSignedData)) { |
||||
return false; |
||||
} |
||||
|
||||
return true; |
||||
} catch (final Exception e) { |
||||
throw new RuntimeException("Error validating CMS data", e); |
||||
} |
||||
} |
||||
|
||||
@SuppressWarnings("unchecked") |
||||
private X509Certificate getSignerCertificate(final CMSSignedData cmsSignedData) { |
||||
try { |
||||
final Store<X509CertificateHolder> certificateStore = cmsSignedData.getCertificates(); |
||||
|
||||
// We don't expect more than one signer on the CMS data
|
||||
if (cmsSignedData.getSignerInfos().size() != 1) { |
||||
throw new RuntimeException("Only one signer is expected on the CMS message"); |
||||
} |
||||
final SignerInformation signerInformation = |
||||
cmsSignedData.getSignerInfos().getSigners().stream().findFirst().get(); |
||||
|
||||
// Find signer's certificate from CMS data
|
||||
final Collection<X509CertificateHolder> signerCertificates = |
||||
certificateStore.getMatches(signerInformation.getSID()); |
||||
final X509CertificateHolder certificateHolder = signerCertificates.stream().findFirst().get(); |
||||
|
||||
return new JcaX509CertificateConverter().getCertificate(certificateHolder); |
||||
} catch (final Exception e) { |
||||
throw new RuntimeException("Error retrieving signer certificate from CMS data", e); |
||||
} |
||||
} |
||||
|
||||
private boolean isSignatureValid( |
||||
final X509Certificate signerCertificate, final CMSSignedData cmsSignedData) { |
||||
LOGGER.trace("Validating CMS signature"); |
||||
try { |
||||
return cmsSignedData.verifySignatures( |
||||
sid -> new JcaSimpleSignerInfoVerifierBuilder().build(signerCertificate)); |
||||
} catch (final CMSException e) { |
||||
return false; |
||||
} |
||||
} |
||||
|
||||
private boolean isCertificateTrusted( |
||||
final X509Certificate signerCertificate, final CMSSignedData cmsSignedData) { |
||||
LOGGER.trace("Starting CMS certificate validation"); |
||||
|
||||
try { |
||||
final CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX"); |
||||
|
||||
// Define CMS signer certificate as the starting point of the path (leaf certificate)
|
||||
final X509CertSelector targetConstraints = new X509CertSelector(); |
||||
targetConstraints.setCertificate(signerCertificate); |
||||
|
||||
// Set parameters for the certificate path building algorithm
|
||||
final PKIXBuilderParameters params = |
||||
new PKIXBuilderParameters(truststore.getKeyStore(), targetConstraints); |
||||
|
||||
// Adding CertStore with CRLs (if present, otherwise disabling revocation check)
|
||||
createCRLCertStore(truststore) |
||||
.ifPresentOrElse( |
||||
CRLs -> { |
||||
params.addCertStore(CRLs); |
||||
PKIXRevocationChecker rc = (PKIXRevocationChecker) cpb.getRevocationChecker(); |
||||
rc.setOptions(EnumSet.of(Option.PREFER_CRLS)); |
||||
params.addCertPathChecker(rc); |
||||
}, |
||||
() -> { |
||||
LOGGER.warn("No CRL CertStore provided. CRL validation will be disabled."); |
||||
params.setRevocationEnabled(false); |
||||
}); |
||||
|
||||
// Read certificates sent on the CMS message and adding it to the path building algorithm
|
||||
final CertStore cmsCertificates = |
||||
new JcaCertStoreBuilder().addCertificates(cmsSignedData.getCertificates()).build(); |
||||
params.addCertStore(cmsCertificates); |
||||
|
||||
// Validate certificate path
|
||||
try { |
||||
cpb.build(params); |
||||
return true; |
||||
} catch (final CertPathBuilderException cpbe) { |
||||
LOGGER.warn("Untrusted certificate chain", cpbe); |
||||
LOGGER.trace("Reason for failed validation", cpbe.getCause()); |
||||
return false; |
||||
} |
||||
|
||||
} catch (final Exception e) { |
||||
LOGGER.error("Error validating certificate chain"); |
||||
throw new RuntimeException("Error validating certificate chain", e); |
||||
} |
||||
} |
||||
|
||||
private Optional<CertStore> createCRLCertStore(final KeyStoreWrapper truststore) { |
||||
if (truststore.getCRLs() != null) { |
||||
try { |
||||
return Optional.of( |
||||
CertStore.getInstance( |
||||
"Collection", new CollectionCertStoreParameters(truststore.getCRLs()))); |
||||
} catch (final Exception e) { |
||||
throw new RuntimeException("Error loading CRLs from Truststore", e); |
||||
} |
||||
} else { |
||||
return Optional.empty(); |
||||
} |
||||
} |
||||
} |
||||
@ -1,303 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.config; |
||||
|
||||
import static java.util.Objects.requireNonNull; |
||||
|
||||
import java.io.IOException; |
||||
import java.nio.file.Files; |
||||
import java.nio.file.Path; |
||||
import java.util.Optional; |
||||
import java.util.stream.Stream; |
||||
|
||||
import com.google.common.annotations.VisibleForTesting; |
||||
|
||||
/** The Pki key store configuration. */ |
||||
public class PkiKeyStoreConfiguration { |
||||
|
||||
/** The constant DEFAULT_KEYSTORE_TYPE. */ |
||||
public static String DEFAULT_KEYSTORE_TYPE = "PKCS12"; |
||||
|
||||
/** The constant DEFAULT_CERTIFICATE_ALIAS. */ |
||||
public static String DEFAULT_CERTIFICATE_ALIAS = "validator"; |
||||
|
||||
private final String keyStoreType; |
||||
private final Path keyStorePath; |
||||
private final Path keyStorePasswordPath; |
||||
private final String certificateAlias; |
||||
private final String trustStoreType; |
||||
private final Path trustStorePath; |
||||
private final Path trustStorePasswordPath; |
||||
private final Optional<Path> crlFilePath; |
||||
|
||||
/** |
||||
* Instantiates a new Pki key store configuration. |
||||
* |
||||
* @param keyStoreType the key store type |
||||
* @param keyStorePath the key store path |
||||
* @param keyStorePasswordPath the key store password path |
||||
* @param certificateAlias the certificate alias |
||||
* @param trustStoreType the trust store type |
||||
* @param trustStorePath the trust store path |
||||
* @param trustStorePasswordPath the trust store password path |
||||
* @param crlFilePath the crl file path |
||||
*/ |
||||
public PkiKeyStoreConfiguration( |
||||
final String keyStoreType, |
||||
final Path keyStorePath, |
||||
final Path keyStorePasswordPath, |
||||
final String certificateAlias, |
||||
final String trustStoreType, |
||||
final Path trustStorePath, |
||||
final Path trustStorePasswordPath, |
||||
final Optional<Path> crlFilePath) { |
||||
this.keyStoreType = keyStoreType; |
||||
this.keyStorePath = keyStorePath; |
||||
this.keyStorePasswordPath = keyStorePasswordPath; |
||||
this.certificateAlias = certificateAlias; |
||||
this.trustStoreType = trustStoreType; |
||||
this.trustStorePath = trustStorePath; |
||||
this.trustStorePasswordPath = trustStorePasswordPath; |
||||
this.crlFilePath = crlFilePath; |
||||
} |
||||
|
||||
/** |
||||
* Gets key store type. |
||||
* |
||||
* @return the key store type |
||||
*/ |
||||
public String getKeyStoreType() { |
||||
return keyStoreType; |
||||
} |
||||
|
||||
/** |
||||
* Gets key store path. |
||||
* |
||||
* @return the key store path |
||||
*/ |
||||
public Path getKeyStorePath() { |
||||
return keyStorePath; |
||||
} |
||||
|
||||
/** |
||||
* Gets key store password path. |
||||
* |
||||
* @return the key store password path |
||||
*/ |
||||
@VisibleForTesting |
||||
public Path getKeyStorePasswordPath() { |
||||
return keyStorePasswordPath; |
||||
} |
||||
|
||||
/** |
||||
* Gets key store password. |
||||
* |
||||
* @return the key store password |
||||
*/ |
||||
public String getKeyStorePassword() { |
||||
return readPasswordFromFile(keyStorePasswordPath); |
||||
} |
||||
|
||||
/** |
||||
* Gets certificate alias. |
||||
* |
||||
* @return the certificate alias |
||||
*/ |
||||
public String getCertificateAlias() { |
||||
return certificateAlias; |
||||
} |
||||
|
||||
/** |
||||
* Gets trust store type. |
||||
* |
||||
* @return the trust store type |
||||
*/ |
||||
public String getTrustStoreType() { |
||||
return trustStoreType; |
||||
} |
||||
|
||||
/** |
||||
* Gets trust store path. |
||||
* |
||||
* @return the trust store path |
||||
*/ |
||||
public Path getTrustStorePath() { |
||||
return trustStorePath; |
||||
} |
||||
|
||||
/** |
||||
* Gets trust store password path. |
||||
* |
||||
* @return the trust store password path |
||||
*/ |
||||
@VisibleForTesting |
||||
public Path getTrustStorePasswordPath() { |
||||
return trustStorePasswordPath; |
||||
} |
||||
|
||||
/** |
||||
* Gets trust store password. |
||||
* |
||||
* @return the trust store password |
||||
*/ |
||||
public String getTrustStorePassword() { |
||||
return readPasswordFromFile(trustStorePasswordPath); |
||||
} |
||||
|
||||
/** |
||||
* Gets CRL file path. |
||||
* |
||||
* @return the crl file path |
||||
*/ |
||||
public Optional<Path> getCrlFilePath() { |
||||
return crlFilePath; |
||||
} |
||||
|
||||
/** The Builder. */ |
||||
public static final class Builder { |
||||
|
||||
private String keyStoreType = DEFAULT_KEYSTORE_TYPE; |
||||
private Path keyStorePath; |
||||
private Path keyStorePasswordPath; |
||||
private String certificateAlias = DEFAULT_CERTIFICATE_ALIAS; |
||||
private String trustStoreType = DEFAULT_KEYSTORE_TYPE; |
||||
private Path trustStorePath; |
||||
private Path trustStorePasswordPath; |
||||
private Path crlFilePath; |
||||
|
||||
/** Instantiates a new Builder. */ |
||||
public Builder() {} |
||||
|
||||
/** |
||||
* With key store type. |
||||
* |
||||
* @param keyStoreType the key store type |
||||
* @return the builder |
||||
*/ |
||||
public Builder withKeyStoreType(final String keyStoreType) { |
||||
this.keyStoreType = keyStoreType; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* With key store path. |
||||
* |
||||
* @param keyStorePath the key store path |
||||
* @return the builder |
||||
*/ |
||||
public Builder withKeyStorePath(final Path keyStorePath) { |
||||
this.keyStorePath = keyStorePath; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* With key store password path. |
||||
* |
||||
* @param keyStorePasswordPath the key store password path |
||||
* @return the builder |
||||
*/ |
||||
public Builder withKeyStorePasswordPath(final Path keyStorePasswordPath) { |
||||
this.keyStorePasswordPath = keyStorePasswordPath; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* With certificate alias. |
||||
* |
||||
* @param certificateAlias the certificate alias |
||||
* @return the builder |
||||
*/ |
||||
public Builder withCertificateAlias(final String certificateAlias) { |
||||
this.certificateAlias = certificateAlias; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* With trust store type. |
||||
* |
||||
* @param trustStoreType the trust store type |
||||
* @return the builder |
||||
*/ |
||||
public Builder withTrustStoreType(final String trustStoreType) { |
||||
this.trustStoreType = trustStoreType; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* With trust store path. |
||||
* |
||||
* @param trustStorePath the trust store path |
||||
* @return the builder |
||||
*/ |
||||
public Builder withTrustStorePath(final Path trustStorePath) { |
||||
this.trustStorePath = trustStorePath; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* With trust store password path. |
||||
* |
||||
* @param trustStorePasswordPath the trust store password path |
||||
* @return the builder |
||||
*/ |
||||
public Builder withTrustStorePasswordPath(final Path trustStorePasswordPath) { |
||||
this.trustStorePasswordPath = trustStorePasswordPath; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* With crl file path. |
||||
* |
||||
* @param filePath the file path |
||||
* @return the builder |
||||
*/ |
||||
public Builder withCrlFilePath(final Path filePath) { |
||||
this.crlFilePath = filePath; |
||||
return this; |
||||
} |
||||
|
||||
/** |
||||
* Build pki key store configuration. |
||||
* |
||||
* @return the pki key store configuration |
||||
*/ |
||||
public PkiKeyStoreConfiguration build() { |
||||
requireNonNull(keyStoreType, "Key Store Type must not be null"); |
||||
requireNonNull(keyStorePasswordPath, "Key Store password file must not be null"); |
||||
|
||||
return new PkiKeyStoreConfiguration( |
||||
keyStoreType, |
||||
keyStorePath, |
||||
keyStorePasswordPath, |
||||
certificateAlias, |
||||
trustStoreType, |
||||
trustStorePath, |
||||
trustStorePasswordPath, |
||||
Optional.ofNullable(crlFilePath)); |
||||
} |
||||
} |
||||
|
||||
private String readPasswordFromFile(final Path passwordFile) { |
||||
try (final Stream<String> fileStream = Files.lines(passwordFile)) { |
||||
return fileStream.findFirst().orElseThrow(() -> errorReadingFileException(passwordFile)); |
||||
} catch (final IOException e) { |
||||
throw errorReadingFileException(passwordFile); |
||||
} |
||||
} |
||||
|
||||
private RuntimeException errorReadingFileException(final Path path) { |
||||
return new RuntimeException(String.format("Unable to read keystore password from %s", path)); |
||||
} |
||||
} |
||||
@ -1,53 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.crl; |
||||
|
||||
import org.hyperledger.besu.pki.PkiException; |
||||
|
||||
import java.io.FileInputStream; |
||||
import java.nio.file.Paths; |
||||
import java.security.cert.CertStore; |
||||
import java.security.cert.CertificateFactory; |
||||
import java.security.cert.CollectionCertStoreParameters; |
||||
import java.security.cert.X509CRL; |
||||
import java.util.List; |
||||
import java.util.stream.Collectors; |
||||
|
||||
/** The CRL util. */ |
||||
public class CRLUtil { |
||||
/** Default constructor */ |
||||
private CRLUtil() {} |
||||
|
||||
/** |
||||
* Load CRLs cert store. |
||||
* |
||||
* @param path the path |
||||
* @return the cert store |
||||
*/ |
||||
public static CertStore loadCRLs(final String path) { |
||||
try { |
||||
final List<X509CRL> crls = |
||||
CertificateFactory.getInstance("X509") |
||||
.generateCRLs(new FileInputStream(Paths.get(path).toFile())) |
||||
.stream() |
||||
.map(X509CRL.class::cast) |
||||
.collect(Collectors.toList()); |
||||
|
||||
return CertStore.getInstance("Collection", new CollectionCertStoreParameters(crls)); |
||||
} catch (Exception e) { |
||||
throw new PkiException("Error loading CRL file " + path, e); |
||||
} |
||||
} |
||||
} |
||||
@ -1,68 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.keystore; |
||||
|
||||
import org.hyperledger.besu.pki.PkiException; |
||||
|
||||
import java.io.FileInputStream; |
||||
import java.io.InputStream; |
||||
import java.nio.file.Path; |
||||
import java.security.cert.CertificateFactory; |
||||
import java.security.cert.X509CRL; |
||||
import java.util.Collection; |
||||
import java.util.stream.Collectors; |
||||
|
||||
/** The Abstract key store wrapper. */ |
||||
public abstract class AbstractKeyStoreWrapper implements KeyStoreWrapper { |
||||
|
||||
private static final String X_509 = "X.509"; |
||||
|
||||
private final Collection<X509CRL> crls; |
||||
|
||||
/** |
||||
* Instantiates a new Abstract key store wrapper. |
||||
* |
||||
* @param crlLocation the crl location |
||||
*/ |
||||
protected AbstractKeyStoreWrapper(final Path crlLocation) { |
||||
super(); |
||||
if (null == crlLocation) { |
||||
this.crls = null; |
||||
} else { |
||||
try (InputStream stream = new FileInputStream(crlLocation.toFile())) { |
||||
this.crls = |
||||
CertificateFactory.getInstance(X_509).generateCRLs(stream).stream() |
||||
.map(X509CRL.class::cast) |
||||
.collect(Collectors.toList()); |
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to initialize software truststore", e); |
||||
} |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Abstract key store wrapper. |
||||
* |
||||
* @param crls the collection of X509CRL instances |
||||
*/ |
||||
protected AbstractKeyStoreWrapper(final Collection<X509CRL> crls) { |
||||
this.crls = crls; |
||||
} |
||||
|
||||
@Override |
||||
public Collection<X509CRL> getCRLs() { |
||||
return crls; |
||||
} |
||||
} |
||||
@ -1,210 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.keystore; |
||||
|
||||
import org.hyperledger.besu.pki.PkiException; |
||||
|
||||
import java.io.File; |
||||
import java.io.FileInputStream; |
||||
import java.io.InputStream; |
||||
import java.nio.file.Path; |
||||
import java.security.KeyStore; |
||||
import java.security.PrivateKey; |
||||
import java.security.Provider; |
||||
import java.security.PublicKey; |
||||
import java.security.Security; |
||||
import java.security.cert.Certificate; |
||||
import java.security.cert.X509CRL; |
||||
import java.util.Collection; |
||||
import java.util.Optional; |
||||
import java.util.Properties; |
||||
import java.util.stream.Stream; |
||||
|
||||
import com.google.common.annotations.VisibleForTesting; |
||||
import org.slf4j.Logger; |
||||
import org.slf4j.LoggerFactory; |
||||
|
||||
/** |
||||
* Creates an instance of this class which is backed by a PKCS#11 keystore, such as a software |
||||
* (emulated) HSM or a physical/cloud HSM (see <a href= |
||||
* "https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html">here</a> |
||||
*/ |
||||
public class HardwareKeyStoreWrapper extends AbstractKeyStoreWrapper { |
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(HardwareKeyStoreWrapper.class); |
||||
|
||||
private static final String pkcs11Provider = "SunPKCS11"; |
||||
|
||||
private final KeyStore keystore; |
||||
private final transient char[] keystorePassword; |
||||
|
||||
private final java.security.Provider provider; |
||||
|
||||
/** |
||||
* Instantiates a new Hardware key store wrapper. |
||||
* |
||||
* @param keystorePassword the keystore password |
||||
* @param provider the provider |
||||
* @param crlLocation the crl location |
||||
*/ |
||||
public HardwareKeyStoreWrapper( |
||||
final String keystorePassword, final Provider provider, final Path crlLocation) { |
||||
super(crlLocation); |
||||
try { |
||||
if (provider == null) { |
||||
throw new IllegalArgumentException("Provider is null"); |
||||
} |
||||
this.keystorePassword = keystorePassword.toCharArray(); |
||||
|
||||
this.provider = provider; |
||||
if (Security.getProvider(provider.getName()) == null) { |
||||
Security.addProvider(provider); |
||||
} |
||||
|
||||
keystore = KeyStore.getInstance(KeyStoreWrapper.KEYSTORE_TYPE_PKCS11, provider); |
||||
keystore.load(null, this.keystorePassword); |
||||
|
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to initialize HSM keystore", e); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Hardware key store wrapper. |
||||
* |
||||
* @param keystorePassword the keystore password |
||||
* @param config the config |
||||
* @param crlLocation the CRL location |
||||
*/ |
||||
public HardwareKeyStoreWrapper( |
||||
final String keystorePassword, final Path config, final Path crlLocation) { |
||||
super(crlLocation); |
||||
try { |
||||
if (keystorePassword == null) { |
||||
throw new IllegalArgumentException("Keystore password is null"); |
||||
} |
||||
final Properties properties = new Properties(); |
||||
final File configFile = config.toFile(); |
||||
try (InputStream ins = new FileInputStream(configFile)) { |
||||
properties.load(ins); |
||||
} |
||||
final String name = properties.getProperty("name"); |
||||
this.keystorePassword = keystorePassword.toCharArray(); |
||||
final Optional<Provider> existingProvider = |
||||
Stream.of(Security.getProviders()) |
||||
.filter(p -> p.getName().equals(String.format("%s-%s", pkcs11Provider, name))) |
||||
.findAny(); |
||||
if (existingProvider.isPresent()) { |
||||
provider = existingProvider.get(); |
||||
} else { |
||||
provider = getPkcs11Provider(configFile.getAbsolutePath()); |
||||
Security.addProvider(provider); |
||||
} |
||||
|
||||
keystore = KeyStore.getInstance(KeyStoreWrapper.KEYSTORE_TYPE_PKCS11, provider); |
||||
keystore.load(null, this.keystorePassword); |
||||
|
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to initialize HSM keystore", e); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Hardware key store wrapper. |
||||
* |
||||
* @param crls the collection of X509CRL crls |
||||
* @param keystore the keystore |
||||
* @param password the password |
||||
*/ |
||||
@VisibleForTesting |
||||
HardwareKeyStoreWrapper( |
||||
final Collection<X509CRL> crls, final KeyStore keystore, final String password) { |
||||
super(crls); |
||||
this.keystore = keystore; |
||||
this.keystorePassword = password.toCharArray(); |
||||
this.provider = null; |
||||
} |
||||
|
||||
@Override |
||||
public PrivateKey getPrivateKey(final String keyAlias) { |
||||
try { |
||||
LOG.debug("Retrieving private key for alias: {}", keyAlias); |
||||
return (PrivateKey) keystore.getKey(keyAlias, this.keystorePassword); |
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to get key: " + keyAlias, e); |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public PublicKey getPublicKey(final String keyAlias) { |
||||
try { |
||||
LOG.debug("Retrieving public key for alias: {}", keyAlias); |
||||
final Certificate certificate = keystore.getCertificate(keyAlias); |
||||
return (certificate != null) ? certificate.getPublicKey() : null; |
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to get key: " + keyAlias, e); |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public Certificate getCertificate(final String certificateAlias) { |
||||
try { |
||||
LOG.debug("Retrieving certificate for alias: {}", certificateAlias); |
||||
return keystore.getCertificate(certificateAlias); |
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to get certificate: " + certificateAlias, e); |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public Certificate[] getCertificateChain(final String certificateAlias) { |
||||
try { |
||||
LOG.debug("Retrieving certificate chain for alias: {}", certificateAlias); |
||||
return keystore.getCertificateChain(certificateAlias); |
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to certificate chain for alias: " + certificateAlias, e); |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public KeyStore getKeyStore() { |
||||
return keystore; |
||||
} |
||||
|
||||
@Override |
||||
public KeyStore getTrustStore() { |
||||
return keystore; |
||||
} |
||||
|
||||
private Provider getPkcs11Provider(final String config) { |
||||
final Provider provider = Security.getProvider(pkcs11Provider); |
||||
if (null == provider) { |
||||
throw new IllegalArgumentException("Unable to load PKCS11 provider configuration."); |
||||
} else { |
||||
return provider.configure(config); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Gets PKCS11 provider. |
||||
* |
||||
* @param config the config |
||||
* @return the PKCS11 provider |
||||
*/ |
||||
@VisibleForTesting |
||||
public Provider getPkcs11ProviderForConfig(final String config) { |
||||
return getPkcs11Provider(config); |
||||
} |
||||
} |
||||
@ -1,88 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.keystore; |
||||
|
||||
import java.security.KeyStore; |
||||
import java.security.PrivateKey; |
||||
import java.security.PublicKey; |
||||
import java.security.cert.Certificate; |
||||
import java.security.cert.X509CRL; |
||||
import java.util.Collection; |
||||
|
||||
/** The interface Key store wrapper. */ |
||||
public interface KeyStoreWrapper { |
||||
|
||||
/** The constant KEYSTORE_TYPE_JKS. */ |
||||
String KEYSTORE_TYPE_JKS = "JKS"; |
||||
|
||||
/** The constant KEYSTORE_TYPE_PKCS11. */ |
||||
String KEYSTORE_TYPE_PKCS11 = "PKCS11"; |
||||
|
||||
/** The constant KEYSTORE_TYPE_PKCS12. */ |
||||
String KEYSTORE_TYPE_PKCS12 = "PKCS12"; |
||||
|
||||
/** |
||||
* Gets key store. |
||||
* |
||||
* @return the key store |
||||
*/ |
||||
KeyStore getKeyStore(); |
||||
|
||||
/** |
||||
* Gets trust store. |
||||
* |
||||
* @return the trust store |
||||
*/ |
||||
KeyStore getTrustStore(); |
||||
|
||||
/** |
||||
* Gets private key. |
||||
* |
||||
* @param keyAlias the key alias |
||||
* @return the private key |
||||
*/ |
||||
PrivateKey getPrivateKey(String keyAlias); |
||||
|
||||
/** |
||||
* Gets public key. |
||||
* |
||||
* @param keyAlias the key alias |
||||
* @return the public key |
||||
*/ |
||||
PublicKey getPublicKey(String keyAlias); |
||||
|
||||
/** |
||||
* Gets certificate. |
||||
* |
||||
* @param certificateAlias the certificate alias |
||||
* @return the certificate |
||||
*/ |
||||
Certificate getCertificate(String certificateAlias); |
||||
|
||||
/** |
||||
* Get certificate chain array. |
||||
* |
||||
* @param certificateAlias the certificate alias |
||||
* @return the certificate [ ] |
||||
*/ |
||||
Certificate[] getCertificateChain(String certificateAlias); |
||||
|
||||
/** |
||||
* Gets CRLs. |
||||
* |
||||
* @return the CRLs |
||||
*/ |
||||
Collection<X509CRL> getCRLs(); |
||||
} |
||||
@ -1,269 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.keystore; |
||||
|
||||
import org.hyperledger.besu.pki.PkiException; |
||||
|
||||
import java.io.FileInputStream; |
||||
import java.io.InputStream; |
||||
import java.nio.file.Path; |
||||
import java.security.GeneralSecurityException; |
||||
import java.security.Key; |
||||
import java.security.KeyStore; |
||||
import java.security.PrivateKey; |
||||
import java.security.PublicKey; |
||||
import java.security.cert.Certificate; |
||||
import java.security.cert.X509CRL; |
||||
import java.util.Collection; |
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
|
||||
import com.google.common.annotations.VisibleForTesting; |
||||
import org.slf4j.Logger; |
||||
import org.slf4j.LoggerFactory; |
||||
|
||||
/** The Software key store wrapper. */ |
||||
public class SoftwareKeyStoreWrapper extends AbstractKeyStoreWrapper { |
||||
|
||||
private static final Logger LOG = LoggerFactory.getLogger(SoftwareKeyStoreWrapper.class); |
||||
|
||||
private final KeyStore keystore; |
||||
private final transient char[] keystorePassword; |
||||
private KeyStore truststore; |
||||
private transient char[] truststorePassword; |
||||
|
||||
private final Map<String, PrivateKey> cachedPrivateKeys = new HashMap<>(); |
||||
private final Map<String, PublicKey> cachedPublicKeys = new HashMap<>(); |
||||
private final Map<String, Certificate> cachedCertificates = new HashMap<>(); |
||||
|
||||
/** |
||||
* Instantiates a new Software key store wrapper. |
||||
* |
||||
* @param keystoreType the keystore type |
||||
* @param keystoreLocation the keystore location |
||||
* @param keystorePassword the keystore password |
||||
* @param crlLocation the crl location |
||||
*/ |
||||
public SoftwareKeyStoreWrapper( |
||||
final String keystoreType, |
||||
final Path keystoreLocation, |
||||
final String keystorePassword, |
||||
final Path crlLocation) { |
||||
this(keystoreType, keystoreLocation, keystorePassword, null, null, null, crlLocation); |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Software key store wrapper. |
||||
* |
||||
* @param keystoreType the keystore type |
||||
* @param keystoreLocation the keystore location |
||||
* @param keystorePassword the keystore password |
||||
* @param truststoreType the truststore type |
||||
* @param truststoreLocation the truststore location |
||||
* @param truststorePassword the truststore password |
||||
* @param crlLocation the crl location |
||||
*/ |
||||
public SoftwareKeyStoreWrapper( |
||||
final String keystoreType, |
||||
final Path keystoreLocation, |
||||
final String keystorePassword, |
||||
final String truststoreType, |
||||
final Path truststoreLocation, |
||||
final String truststorePassword, |
||||
final Path crlLocation) { |
||||
super(crlLocation); |
||||
|
||||
if (keystorePassword == null) { |
||||
throw new IllegalArgumentException("Keystore password is null"); |
||||
} |
||||
this.keystorePassword = keystorePassword.toCharArray(); |
||||
try (InputStream stream = new FileInputStream(keystoreLocation.toFile())) { |
||||
keystore = KeyStore.getInstance(keystoreType); |
||||
keystore.load(stream, this.keystorePassword); |
||||
|
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to initialize software keystore: " + keystoreLocation, e); |
||||
} |
||||
|
||||
if (truststoreType != null && truststoreLocation != null) { |
||||
this.truststorePassword = |
||||
(truststorePassword != null) ? truststorePassword.toCharArray() : null; |
||||
try (InputStream stream = new FileInputStream(truststoreLocation.toFile())) { |
||||
truststore = KeyStore.getInstance(truststoreType); |
||||
truststore.load(stream, this.truststorePassword); |
||||
|
||||
} catch (final Exception e) { |
||||
throw new PkiException( |
||||
"Failed to initialize software truststore: " + truststoreLocation, e); |
||||
} |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Software key store wrapper. |
||||
* |
||||
* @param keystore the keystore |
||||
* @param keystorePassword the keystore password |
||||
* @param truststore the truststore |
||||
* @param truststorePassword the truststore password |
||||
*/ |
||||
@VisibleForTesting |
||||
public SoftwareKeyStoreWrapper( |
||||
final KeyStore keystore, |
||||
final String keystorePassword, |
||||
final KeyStore truststore, |
||||
final String truststorePassword) { |
||||
super((Path) null); |
||||
this.keystore = keystore; |
||||
this.keystorePassword = keystorePassword.toCharArray(); |
||||
this.truststore = truststore; |
||||
this.truststorePassword = truststorePassword.toCharArray(); |
||||
} |
||||
|
||||
/** |
||||
* Instantiates a new Software key store wrapper. |
||||
* |
||||
* @param crls the collection of X509CRL crls |
||||
* @param keystore the keystore |
||||
* @param keystorePassword the keystore password |
||||
*/ |
||||
@VisibleForTesting |
||||
public SoftwareKeyStoreWrapper( |
||||
final Collection<X509CRL> crls, final KeyStore keystore, final String keystorePassword) { |
||||
super(crls); |
||||
this.keystore = keystore; |
||||
this.keystorePassword = keystorePassword.toCharArray(); |
||||
this.truststore = null; |
||||
this.truststorePassword = null; |
||||
} |
||||
|
||||
@Override |
||||
public PrivateKey getPrivateKey(final String keyAlias) { |
||||
LOG.debug("Retrieving private key for alias: {}", keyAlias); |
||||
return (PrivateKey) getKey(keyAlias, PrivateKey.class, cachedPrivateKeys); |
||||
} |
||||
|
||||
@Override |
||||
public PublicKey getPublicKey(final String keyAlias) { |
||||
LOG.debug("Retrieving public key for alias: {}", keyAlias); |
||||
return (PublicKey) getKey(keyAlias, PublicKey.class, cachedPublicKeys); |
||||
} |
||||
|
||||
@Override |
||||
public Certificate getCertificate(final String certificateAlias) { |
||||
try { |
||||
LOG.debug("Retrieving certificate for alias: {}", certificateAlias); |
||||
Certificate certificate = cachedCertificates.get(certificateAlias); |
||||
if (certificate == null) { |
||||
LOG.debug("Certificate alias: {} not cached", certificateAlias); |
||||
|
||||
certificate = keystore.getCertificate(certificateAlias); |
||||
if (certificate == null && truststore != null) { |
||||
certificate = truststore.getCertificate(certificateAlias); |
||||
} |
||||
if (certificate != null) { |
||||
LOG.debug("Certificate alias: {} found in keystore/truststore", certificateAlias); |
||||
cachedCertificates.put(certificateAlias, certificate); |
||||
cachedPublicKeys.put(certificateAlias, certificate.getPublicKey()); |
||||
return certificate; |
||||
} else { |
||||
LOG.warn("Certificate alias: {} not found in keystore/truststore", certificateAlias); |
||||
} |
||||
} |
||||
return certificate; |
||||
|
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to get certificate: " + certificateAlias, e); |
||||
} |
||||
} |
||||
|
||||
@Override |
||||
public Certificate[] getCertificateChain(final String certificateAlias) { |
||||
try { |
||||
LOG.debug("Retrieving certificate chain for alias: {}", certificateAlias); |
||||
|
||||
Certificate[] certificateChain = keystore.getCertificateChain(certificateAlias); |
||||
if (certificateChain == null && truststore != null) { |
||||
certificateChain = truststore.getCertificateChain(certificateAlias); |
||||
} |
||||
return certificateChain; |
||||
} catch (final Exception e) { |
||||
throw new PkiException( |
||||
"Failed to retrieve certificate chain for alias: " + certificateAlias, e); |
||||
} |
||||
} |
||||
|
||||
private Key getKey( |
||||
final String keyAlias, |
||||
final Class<? extends Key> keyTypeClass, |
||||
final Map<String, ? extends Key> keyCache) { |
||||
Key cachedKey = keyCache.get(keyAlias); |
||||
if (cachedKey == null) { |
||||
LOG.debug("Key alias: {} not cached", keyAlias); |
||||
try { |
||||
cachedKey = loadAndCacheKey(this.keystore, this.keystorePassword, keyAlias, keyTypeClass); |
||||
if (cachedKey == null) { |
||||
cachedKey = |
||||
loadAndCacheKey(this.truststore, this.truststorePassword, keyAlias, keyTypeClass); |
||||
} |
||||
} catch (final Exception e) { |
||||
throw new PkiException("Failed to get key: " + keyAlias, e); |
||||
} |
||||
} |
||||
return cachedKey; |
||||
} |
||||
|
||||
@Override |
||||
public KeyStore getKeyStore() { |
||||
return keystore; |
||||
} |
||||
|
||||
@Override |
||||
public KeyStore getTrustStore() { |
||||
return truststore; |
||||
} |
||||
|
||||
private Key loadAndCacheKey( |
||||
final KeyStore keystore, |
||||
final char[] keystorePassword, |
||||
final String keyAlias, |
||||
final Class<? extends Key> keyTypeClass) |
||||
throws GeneralSecurityException { |
||||
if (keystore != null && keystore.containsAlias(keyAlias)) { |
||||
|
||||
final Key key = keystore.getKey(keyAlias, keystorePassword); |
||||
if (key != null) { |
||||
LOG.debug("Key alias: {} found in keystore/truststore", keyAlias); |
||||
if (key instanceof PrivateKey && PrivateKey.class.isAssignableFrom(keyTypeClass)) { |
||||
cachedPrivateKeys.put(keyAlias, (PrivateKey) key); |
||||
return key; |
||||
} else if (key instanceof PublicKey && PublicKey.class.isAssignableFrom(keyTypeClass)) { |
||||
cachedPublicKeys.put(keyAlias, (PublicKey) key); |
||||
return key; |
||||
} |
||||
} |
||||
|
||||
if (PublicKey.class.isAssignableFrom(keyTypeClass)) { |
||||
final Certificate certificate = getCertificate(keyAlias); |
||||
if (certificate != null) { |
||||
return certificate.getPublicKey(); |
||||
} |
||||
} |
||||
} |
||||
|
||||
LOG.warn("Key alias: {} not found in keystore/truststore", keyAlias); |
||||
return null; |
||||
} |
||||
} |
||||
@ -1,217 +0,0 @@ |
||||
/* |
||||
* Copyright ConsenSys AG. |
||||
* |
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with |
||||
* the License. You may obtain a copy of the License at |
||||
* |
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
* |
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on |
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the |
||||
* specific language governing permissions and limitations under the License. |
||||
* |
||||
* SPDX-License-Identifier: Apache-2.0 |
||||
*/ |
||||
package org.hyperledger.besu.pki.util; |
||||
|
||||
import org.hyperledger.besu.pki.cms.CmsCreator; |
||||
|
||||
import java.io.IOException; |
||||
import java.math.BigInteger; |
||||
import java.security.InvalidAlgorithmParameterException; |
||||
import java.security.KeyPair; |
||||
import java.security.KeyPairGenerator; |
||||
import java.security.NoSuchAlgorithmException; |
||||
import java.security.Security; |
||||
import java.security.cert.CRLException; |
||||
import java.security.cert.CRLReason; |
||||
import java.security.cert.CertificateEncodingException; |
||||
import java.security.cert.X509CRL; |
||||
import java.security.cert.X509Certificate; |
||||
import java.security.spec.ECGenParameterSpec; |
||||
import java.sql.Date; |
||||
import java.time.Instant; |
||||
import java.time.temporal.ChronoUnit; |
||||
import java.util.Collection; |
||||
import java.util.Random; |
||||
|
||||
import org.bouncycastle.asn1.x500.X500Name; |
||||
import org.bouncycastle.asn1.x509.BasicConstraints; |
||||
import org.bouncycastle.asn1.x509.Extension; |
||||
import org.bouncycastle.cert.X509CRLHolder; |
||||
import org.bouncycastle.cert.X509CertificateHolder; |
||||
import org.bouncycastle.cert.X509v2CRLBuilder; |
||||
import org.bouncycastle.cert.X509v3CertificateBuilder; |
||||
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter; |
||||
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; |
||||
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils; |
||||
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; |
||||
import org.bouncycastle.jce.X509KeyUsage; |
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider; |
||||
import org.bouncycastle.operator.ContentSigner; |
||||
import org.bouncycastle.operator.OperatorCreationException; |
||||
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; |
||||
|
||||
/* |
||||
This class provides utility method for creating certificates used on tests. |
||||
|
||||
Based on https://stackoverflow.com/a/18648284/5021783
|
||||
*/ |
||||
public class TestCertificateUtils { |
||||
|
||||
static { |
||||
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) { |
||||
Security.addProvider(new BouncyCastleProvider()); |
||||
} |
||||
} |
||||
|
||||
public enum Algorithm { |
||||
RSA, |
||||
EC |
||||
} |
||||
|
||||
public static KeyPair createKeyPair(final Algorithm algorithm) { |
||||
try { |
||||
@SuppressWarnings("InsecureCryptoUsage") |
||||
final KeyPairGenerator kpg = KeyPairGenerator.getInstance(algorithm.name()); |
||||
if (algorithm == Algorithm.EC) { |
||||
kpg.initialize(new ECGenParameterSpec("secp256r1")); |
||||
} |
||||
return kpg.generateKeyPair(); |
||||
} catch (NoSuchAlgorithmException e) { |
||||
throw new RuntimeException("Error creating KeyPair", e); |
||||
} catch (InvalidAlgorithmParameterException e) { |
||||
throw new RuntimeException(e); |
||||
} |
||||
} |
||||
|
||||
public static X509Certificate createSelfSignedCertificate( |
||||
final String name, final Instant notBefore, final Instant notAfter, final KeyPair keyPair) { |
||||
try { |
||||
final String signatureAlgorithm = |
||||
CmsCreator.getPreferredSignatureAlgorithm(keyPair.getPublic()); |
||||
final ContentSigner signer = |
||||
new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate()); |
||||
|
||||
final X509v3CertificateBuilder certificateBuilder = |
||||
new JcaX509v3CertificateBuilder( |
||||
new X500Name("CN=" + name), |
||||
new BigInteger(32, new Random()), |
||||
Date.from(notBefore), |
||||
Date.from(notAfter), |
||||
new X500Name("CN=" + name), |
||||
keyPair.getPublic()) |
||||
.addExtension( |
||||
Extension.authorityKeyIdentifier, |
||||
false, |
||||
new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(keyPair.getPublic())) |
||||
.addExtension( |
||||
Extension.subjectKeyIdentifier, |
||||
false, |
||||
new JcaX509ExtensionUtils().createSubjectKeyIdentifier(keyPair.getPublic())) |
||||
.addExtension( |
||||
Extension.basicConstraints, |
||||
false, |
||||
new BasicConstraints(true)) // true if it is allowed to sign other certs
|
||||
.addExtension( |
||||
Extension.keyUsage, |
||||
true, |
||||
new X509KeyUsage(X509KeyUsage.keyCertSign | X509KeyUsage.cRLSign)); |
||||
|
||||
final X509CertificateHolder certHolder = certificateBuilder.build(signer); |
||||
|
||||
return new JcaX509CertificateConverter() |
||||
.setProvider(BouncyCastleProvider.PROVIDER_NAME) |
||||
.getCertificate(certHolder); |
||||
|
||||
} catch (final Exception e) { |
||||
throw new RuntimeException("Error creating CA certificate", e); |
||||
} |
||||
} |
||||
|
||||
public static X509Certificate issueCertificate( |
||||
final X509Certificate issuer, |
||||
final KeyPair issuerKeyPair, |
||||
final String subject, |
||||
final Instant notBefore, |
||||
final Instant notAfter, |
||||
final KeyPair keyPair, |
||||
final boolean isCa) { |
||||
|
||||
try { |
||||
final String signatureAlgorithm = |
||||
CmsCreator.getPreferredSignatureAlgorithm(keyPair.getPublic()); |
||||
final ContentSigner signer = |
||||
new JcaContentSignerBuilder(signatureAlgorithm).build(issuerKeyPair.getPrivate()); |
||||
|
||||
final X509v3CertificateBuilder certificateBuilder = |
||||
new JcaX509v3CertificateBuilder( |
||||
issuer, |
||||
new BigInteger(32, new Random()), |
||||
Date.from(notBefore), |
||||
Date.from(notAfter), |
||||
new X500Name("CN=" + subject), |
||||
keyPair.getPublic()) |
||||
.addExtension( |
||||
Extension.authorityKeyIdentifier, |
||||
false, |
||||
new JcaX509ExtensionUtils() |
||||
.createAuthorityKeyIdentifier(issuerKeyPair.getPublic())) |
||||
.addExtension( |
||||
Extension.basicConstraints, |
||||
false, |
||||
new BasicConstraints(isCa)) // true if it is allowed to sign other certs
|
||||
.addExtension( |
||||
Extension.keyUsage, |
||||
true, |
||||
new X509KeyUsage( |
||||
X509KeyUsage.digitalSignature |
||||
| X509KeyUsage.nonRepudiation |
||||
| X509KeyUsage.keyEncipherment |
||||
| X509KeyUsage.dataEncipherment |
||||
| X509KeyUsage.cRLSign |
||||
| X509KeyUsage.keyCertSign)); |
||||
|
||||
final X509CertificateHolder certHolder = certificateBuilder.build(signer); |
||||
|
||||
return new JcaX509CertificateConverter() |
||||
.setProvider(BouncyCastleProvider.PROVIDER_NAME) |
||||
.getCertificate(certHolder); |
||||
} catch (final Exception e) { |
||||
throw new RuntimeException("Error creating certificate", e); |
||||
} |
||||
} |
||||
|
||||
public static X509CRL createCRL( |
||||
final X509Certificate issuer, |
||||
final KeyPair issuerKeyPair, |
||||
final Collection<X509Certificate> revokedCertificates) { |
||||
try { |
||||
final X509CertificateHolder x509CertificateHolder = |
||||
new X509CertificateHolder(issuer.getEncoded()); |
||||
|
||||
final X509v2CRLBuilder crlBuilder = |
||||
new X509v2CRLBuilder(x509CertificateHolder.getSubject(), Date.from(Instant.now())); |
||||
|
||||
revokedCertificates.forEach( |
||||
c -> |
||||
crlBuilder.addCRLEntry( |
||||
c.getSerialNumber(), Date.from(Instant.now()), CRLReason.UNSPECIFIED.ordinal())); |
||||
|
||||
crlBuilder.setNextUpdate(Date.from(Instant.now().plus(1, ChronoUnit.DAYS))); |
||||
final String signatureAlgorithm = |
||||
CmsCreator.getPreferredSignatureAlgorithm(issuerKeyPair.getPublic()); |
||||
final ContentSigner signer = |
||||
new JcaContentSignerBuilder(signatureAlgorithm).build(issuerKeyPair.getPrivate()); |
||||
final X509CRLHolder crlHolder = crlBuilder.build(signer); |
||||
return new JcaX509CRLConverter() |
||||
.setProvider(BouncyCastleProvider.PROVIDER_NAME) |
||||
.getCRL(crlHolder); |
||||
} catch (OperatorCreationException |
||||
| CRLException |
||||
| CertificateEncodingException |
||||
| IOException e) { |
||||
throw new RuntimeException(e); |
||||
} |
||||
} |
||||
} |
||||
@ -1,27 +0,0 @@ |
||||
-----BEGIN X509 CRL----- |
||||
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCVVMxCzAJBgNV |
||||
BAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJBgNVBAoMAk1DMQ0wCwYDVQQLDARyb290 |
||||
MRMwEQYDVQQDDApwYXJ0bmVyMWNhMSYwJAYJKoZIhvcNAQkBFhdwYXJ0bmVyMWNh |
||||
QHBhcnRuZXIxLmNvbRcNMjEwNjA3MTcwNjAwWhcNMjIwNjA3MTcwNjAwWjAnMCUC |
||||
FGltgEkvXupxY562dERH8+uKOf89Fw0yMTA2MDcxNzA2MDBaoA4wDDAKBgNVHRQE |
||||
AwIBADANBgkqhkiG9w0BAQsFAAOCAQEABF/7Kq+byYi/bRoftL8xqgSGcaLVuCOF |
||||
BZVZXDKjyYfISwBqbvPSqtIvnFO1ewicgD7dNIZwWcQ9Kx7OOz4BA6Pe8YPtiBfp |
||||
HZMabT8BS2eLePvViGumY7PTo3oIk3yXylOtzMDo59WQhCH/0vp5xjzJC+VFex/W |
||||
p/an5ii1y3Q1FpEZNer6jpU0xJEJ2mCaGT/zuj6Mg1awWqmmYce3BahZeCNj8Wyx |
||||
GIy8bGUjOdJyp99rAF9euCZ45pAjI12sg9lhPIVkp3Wnoy3La4Yj219Elc3MbJvF |
||||
8GEFEmZ0Lm5Ze/EG5VyLB+wRpggeSJTc20i/eGWdaWg8AEukCgMdCg== |
||||
-----END X509 CRL----- |
||||
-----BEGIN X509 CRL----- |
||||
MIICLDCCARQCAQEwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD |
||||
VQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9v |
||||
dDETMBEGA1UEAwwKcGFydG5lcjJjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcjJj |
||||
YUBwYXJ0bmVyMi5jb20XDTIxMDYwNzE3MDYwMFoXDTIyMDYwNzE3MDYwMFowTjAl |
||||
AhRpbYBJL17qcWOetnRER/Prijn/PRcNMjEwNjA3MTcwNjAwWjAlAhR+2Aa1zeVQ |
||||
jbXFGnXFu53h4vZEahcNMjEwNjA3MTcwNjAwWqAOMAwwCgYDVR0UBAMCAQEwDQYJ |
||||
KoZIhvcNAQELBQADggEBAFXQOMk+6FDP8bm9TGK079IHojhooipo+9x3I1y/kUhH |
||||
XY7xuyTXOvzv14//xenDuryIjSAC8pyqbls+DcUXkmGZ/nIWugtMykGLNgqqo/Oe |
||||
pfoUSXRJP7CtvfHa4ejfr3q1t5MXfM3nqBQumu65slWjDFtE6mZF4ANcsIlsNQ10 |
||||
GTkDIdDHgUWxmZlBzTkoofvYspixuUptpJfl5eei9SDA+T1uADKnjARkxVv8xeYi |
||||
QwTp6jVYq6YKc9z0l1UMadnFQz8osk7QNypWnsrD0+iBB1if8ikJwy+8BWayTkgQ |
||||
tWLFT4n/c1m/wYzSclvZUUOxkkkE4Q9fZ3ReCADC+bQ= |
||||
-----END X509 CRL----- |
||||
Binary file not shown.
Binary file not shown.
@ -1,6 +0,0 @@ |
||||
|
||||
name = NSScrypto-invalidpartner1client1 |
||||
nssSecmodDirectory = ./src/test/resources/keystore/invalidpartner1client1/nssdb |
||||
nssDbMode = readOnly |
||||
nssModule = keystore |
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1 +0,0 @@ |
||||
test123 |
||||
@ -1,72 +0,0 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIEFDCCAvygAwIBAgIUaZCzBtI9osbhHtrNGSQLldSCSHkwDQYJKoZIhvcNAQEL |
||||
BQAwgYYxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEXMBUGA1UEAwwOaW52YWxpZGludGVy |
||||
Y2ExJzAlBgkqhkiG9w0BCQEWGGludmFsaWRpbnRlcmNhQGFkbWluLmNvbTAgFw0y |
||||
MTA2MDcxNzA1NTJaGA8yMTIxMDUxNDE3MDU1MlowgZYxCzAJBgNVBAYTAlVTMQsw |
||||
CQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwE |
||||
cm9vdDEaMBgGA1UEAwwRaW52YWxpZHBhcnRuZXIxY2ExNDAyBgkqhkiG9w0BCQEW |
||||
JWludmFsaWRwYXJ0bmVyMWNhQGludmFsaWRwYXJ0bmVyMS5jb20wggEiMA0GCSqG |
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEMKBBPhzkvg+icZoRsN8CW2tlB4RZXo3C |
||||
apaQu2oJdEIqyKMRx86Uk7mRsW4rNWSbOjQwfCVsvhkUdriqBD+DfkzE03KKmhmL |
||||
hs2aC+ICb31aGyEvfWYFmKckY4zO8ptObaddWUZt27aie5vOzutB9n+oBmZMezd1 |
||||
xc4dwOO+MzC92Ay3DIxw52SzGiywPGn3gfNWZ5NGvWM1poV4SwTi/eJXF/lwU9aY |
||||
Hl/+XOQ5/PJrIiQKGbBaywoOwYUU3FReosgCFVwDadnsj4ma++TKi/U7GQTcA01B |
||||
1F42sZx1vmLJC68jAyDJylAEtUZxiGs8LQ/S8B1zXBvdfiYW7RQfAgMBAAGjZjBk |
||||
MB0GA1UdDgQWBBQswNKqcoGkBJOL6/iCkqmNYsyypzAfBgNVHSMEGDAWgBRZVeo2 |
||||
o+J44Ie43gS6L4tG3S0CaTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE |
||||
AwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAUu60om2Fcx7h5C+bVmmBUhMDbnkWO9pa |
||||
lmEhmeuRrrmvSj/Ny6vmAmy9XOpox2PWMO5AndCIChLX697M4HskxIXCYhZzhjHE |
||||
x85WtmRjZAxdBA7vhgA6KIz58BJ6PmmJ3nYwc9dpyMthuMH74FcjfgsBL/1UalLI |
||||
26WtNMqEr+qK/drrlKpGHb1TjB3eWC1OPAwusgkw4uQBzKGHUZKxsVlaQ8jNkLdq |
||||
t31kMk770wXPh57N1tMn+gF21kACbkk0L4os+5AknYXWUS1A546I1TiEKmbKktPa |
||||
SdZIUT2AdIpZl4XMR5DZXBhMw8i/XyNfU6mW4b7TRt+QHU8l8ao47Q== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIECDCCAvCgAwIBAgIUK5+/p9u9ZYQuD9obuRHeJx0msBgwDQYJKoZIhvcNAQEL |
||||
BQAwgYoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEcMBoGA1UEAwwTcm9vdGludmFsaWRj |
||||
YS5hZG1pbjEmMCQGCSqGSIb3DQEJARYXcm9vdGludmFsaWRjYUBhZG1pbi5jb20w |
||||
IBcNMjEwNjA3MTcwNTUyWhgPMjEyMTA1MTQxNzA1NTJaMIGGMQswCQYDVQQGEwJV |
||||
UzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMxDTALBgNV |
||||
BAsMBHJvb3QxFzAVBgNVBAMMDmludmFsaWRpbnRlcmNhMScwJQYJKoZIhvcNAQkB |
||||
FhhpbnZhbGlkaW50ZXJjYUBhZG1pbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB |
||||
DwAwggEKAoIBAQDNNU2p6MImjkrboq5MG7x422jISEYA9Zi/AMruUlQIXYwNUClc |
||||
yhalIPaToNRDBZ1mxj1uhdS/bxbAGxfO7EDQAcTGzIMhlkC+i/zLTSXTsoHjmgrt |
||||
5ZNQsc2Ok/a4aMpDUxZIx480Gm1GWEn5wrZpKJPdPnwwOg8tcjT4FCxI3CsMYQqb |
||||
UOR3iJn9IRyqTc1M/LCt5rYsd3slXVMnEOU5iu4UHJaNzKLlfsnB2LsdVqGqKA2e |
||||
nc6xdui+iJh81dqX/0RVUmyz4lDvhw8qfE58WAo4iIcpjBDcS8GPwt7WBF5KR120 |
||||
HWF3HErVOsra/eVPK3iZU5vvWuU+zQ8pAm5DAgMBAAGjZjBkMB0GA1UdDgQWBBRZ |
||||
Veo2o+J44Ie43gS6L4tG3S0CaTAfBgNVHSMEGDAWgBS5ftf0c7cpwPnkG0MaBaV5 |
||||
jXxrdzASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG |
||||
9w0BAQsFAAOCAQEAjnY1t9Pt8DxhExpqnLBLkhGeg+upWQutTsvW+JMowPw+rX3H |
||||
m7mRKDkGl98Ol9m/6Iwx4kjgNz/bFx9flgJTYKvLE+yK/Jg4cizMjE4s9CzBA9ic |
||||
R20L0MrRS3w8ae6IXXDZaaZvwmUqxYOCChr1mXslP59EXPPeTbQa2asTAz5sYAFV |
||||
btPAjNa0T3KGcSbKyfZj3kAmNBFXrpyS0FcEQCt/u3USx1zGF1YuPGte0VBxtYw1 |
||||
S/6DAeff+3rA9FAXXoG4qu+ZKu2kYydyJJPborTtJ3A/ATJmcJL2KW6ADHRK7rn1 |
||||
NLj25w6mQoSRhoOLWHe+oWNF5nMO1SmMzfwlEQ== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID+TCCAuGgAwIBAgIUMcRYNxIDRzqdAgyjxeKuyrSVsscwDQYJKoZIhvcNAQEL |
||||
BQAwgYoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEcMBoGA1UEAwwTcm9vdGludmFsaWRj |
||||
YS5hZG1pbjEmMCQGCSqGSIb3DQEJARYXcm9vdGludmFsaWRjYUBhZG1pbi5jb20w |
||||
IBcNMjEwNjA3MTcwNTUyWhgPMjEyMTA1MTQxNzA1NTJaMIGKMQswCQYDVQQGEwJV |
||||
UzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMxDTALBgNV |
||||
BAsMBHJvb3QxHDAaBgNVBAMME3Jvb3RpbnZhbGlkY2EuYWRtaW4xJjAkBgkqhkiG |
||||
9w0BCQEWF3Jvb3RpbnZhbGlkY2FAYWRtaW4uY29tMIIBIjANBgkqhkiG9w0BAQEF |
||||
AAOCAQ8AMIIBCgKCAQEAzmtt2EEdHNucUr8lZt8owINf9dSmCcpt663rnj833TO1 |
||||
mCdKdmZvQYzgvdfVCLqonj5CaHts4GCyh3PeHxU+zqjEWxPbZCSkITKOtn3AblTJ |
||||
n4yFGpV6eIuGRFSL6TAaSPOyt59ZIFfSn5HDpVtET2/1hKRjjEnWhKy1pIG2J/mp |
||||
BaXO7QJtJyTbYdXm2AXorQChbX8T5J965wl4k/xLGrHtRcvaDeZsy9TdtYLseC78 |
||||
bLFVwi7gAu3S9R6u9AuoVEn3rSZXaF+wSkH0GTX8rP049wQ9pQCS/zwjcQtcg+uT |
||||
2gbgRtMo+se1FV1YFylx0xIUWCh91uX1EAPhmw0IBQIDAQABo1MwUTAdBgNVHQ4E |
||||
FgQUuX7X9HO3KcD55BtDGgWleY18a3cwHwYDVR0jBBgwFoAUuX7X9HO3KcD55BtD |
||||
GgWleY18a3cwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj/rZ |
||||
ga+ClC89q4a89U/OhX7hR8xOTPfpDLBGI8TpU2iXR57SZd4LvSNW1MTOJh/aTC/z |
||||
wA+MvhP3RK03kzW2pE3aauglT0bwx+mZ24oaQFGR1GLPhgq5BMina6Fr9C3NJggf |
||||
WtAoKNe+JoYUZkoLeBEnOcYEBZ1JYq7WBmctEY7sJgz456Coa0Ja+yXrPUPDbkKO |
||||
oTCeIwt9Fusk9T8y78+Ugx9eQuQGbwKF7evwQg0ZsuOWPvn0Y1qG0obph95tPp0s |
||||
HfNIDbTyjVga/gy3Et81E+AMrl7lKl5XZW0DZHSi41Y0KC5GhBBohrTIBoruIIkI |
||||
+hYCoquh8+xoYv32jg== |
||||
-----END CERTIFICATE----- |
||||
@ -1,129 +0,0 @@ |
||||
-----BEGIN PRIVATE KEY----- |
||||
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCfr4vk1jKqglCu |
||||
6yGwIkqNFY/khpYA4UzHMueQ3ChFNTuQo+NhKz6B4akmL7fAFvYyeXdAAceNsBJ+ |
||||
eTDDB/DdLUqMPwYI1DUvG/8aDds7j+bRTX1ozLKML96qdL+JfGMAuT8jz37L66iW |
||||
DXYAS7dDHXOaNJ7HzUddngLMutjJ2NKi4jGhRHOeGxi22PLEL+yguZha3wyGMIks |
||||
2Gqz2rMqkuqLqAyEPX8GHWmNVXy0e/ruhp6VRa4vNyzWiMjs5Z6LR1/JQVzjlT5R |
||||
1MB1QYSp5u8tv6N+ySaH1kK/DiNi/TIAWnGGjaVkfW9iWANYodEuH/9yAzbFLT7e |
||||
vt92CRHVAgMBAAECggEBAJUZS/23IkeitcMdOK9E1Wc2Isy1/YmE1DOKjDzt04wL |
||||
UDqVS9GGly6ejVliZKeuyOIIGBhjkPfy1tHQRn9UAsoBaAHbNr83pRD/iwnAtlq+ |
||||
2j3DpL0do/jRGY7+w3iT87zROuss6q9sslSo7O0JxWudLDtntnnIakI3L1YJgDG2 |
||||
D92AVgwrDj+cePdns8CEOVjhW9qURxFz7dpC8AWS9mBmhcjCz2lAORjlpcR0TGEQ |
||||
+FN6KNVrsAi4ixURaetW1Jnj+N5v/rrmfDwGQq3rr5LL26rBao9ScteWJRUTlDqX |
||||
AkexjIrFeDKvlH6+rvwAq17dbTVvPmUjrmNd70AxgAECgYEA0hesj1BpELmxqowY |
||||
IIGKuIxVYAqBuZoU+rgiXPIjBvGX6iwvovUeGuDgeXPcb9bkmVvAfQM40JJyRVBm |
||||
Ww5tVX0+omrSrksOxf/+1g11Dybpnv4ZSa2cE30qQMxiyStADJHD+EyTZoRg3BUc |
||||
E7m77ml2/8EtrQ5lIG8aBDvrfdUCgYEAwpQtnshmzj9vQF2webxFCnUA5judEwpi |
||||
T8bwlJlPAB0l0K70lFkju3W8H52qHIoy+FR6kyoC76q5G4s8gVx5sPilOf7Gph29 |
||||
w3IfSKsk3BC2xKl8saKZvMBmve02EtZVCf5JAoeD9KzfVOPculPljcKmEetI68qn |
||||
PPaaozVtRAECgYEAqzkoJdT/C+aLadergjKRgD6/BfsKJt3w4zVWrDGbYnlbujow |
||||
yLrEwlssF0/aBDw7KtGgW0JY94OjJeKUyPlFGjts5Kny8qGxdKViZ8mn8aVhGXc1 |
||||
3NplLW0BFrZ8fD+Hf7b85ExkhVS2LCf4LgtdorzJgz9JnpTwzjI+Hd1H29ECgYEA |
||||
p3UDNg3efE4XntuCz6H6AR/lID/Z1NMw/NuHnTu7w6tSKiEIGMwGdoTC3KrCBkHh |
||||
z9pUi2aylDTnjg7siaBekrHK8PiVWc1qzVPgHJg95q7zvJjo2a/Ig6tKQNZvnRKc |
||||
qTcQ+n5KUD6fDd30zt75RmFory9A2LzV5R+OwjtuyAECgYBZrqUVGu61Rod3zFvz |
||||
y/SAirOMEgNDNfxGKSyuUwllrX/9H9jmmcM198Sx/bGXPX80H6f8Ov0Od46MhpXR |
||||
rnhHDQ6N/8OPzeZ5C7ri/ku1RS11Q7Z+a9kn5VS3gjFZpHCu2GIa6Tzn3Ag+czV1 |
||||
3QpC2/6ydTgrrDAhNBwcZ5xY/g== |
||||
-----END PRIVATE KEY----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIFAzCCA+ugAwIBAgIUBxLi0l/lss+0yOGpKQjfW+GTHI4wDQYJKoZIhvcNAQEL |
||||
BQAwgZYxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEaMBgGA1UEAwwRaW52YWxpZHBhcnRu |
||||
ZXIxY2ExNDAyBgkqhkiG9w0BCQEWJWludmFsaWRwYXJ0bmVyMWNhQGludmFsaWRw |
||||
YXJ0bmVyMS5jb20wIBcNMjEwNjA3MTcwNTUyWhgPMjEyMTA1MTQxNzA1NTJaMIGg |
||||
MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UE |
||||
CgwCTUMxDTALBgNVBAsMBHJvb3QxHzAdBgNVBAMMFmludmFsaWRwYXJ0bmVyMWNs |
||||
aWVudDExOTA3BgkqhkiG9w0BCQEWKmludmFsaWRwYXJ0bmVyMWNsaWVudDFAaW52 |
||||
YWxpZHBhcnRuZXIxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB |
||||
AJ+vi+TWMqqCUK7rIbAiSo0Vj+SGlgDhTMcy55DcKEU1O5Cj42ErPoHhqSYvt8AW |
||||
9jJ5d0ABx42wEn55MMMH8N0tSow/BgjUNS8b/xoN2zuP5tFNfWjMsowv3qp0v4l8 |
||||
YwC5PyPPfsvrqJYNdgBLt0Mdc5o0nsfNR12eAsy62MnY0qLiMaFEc54bGLbY8sQv |
||||
7KC5mFrfDIYwiSzYarPasyqS6ouoDIQ9fwYdaY1VfLR7+u6GnpVFri83LNaIyOzl |
||||
notHX8lBXOOVPlHUwHVBhKnm7y2/o37JJofWQr8OI2L9MgBacYaNpWR9b2JYA1ih |
||||
0S4f/3IDNsUtPt6+33YJEdUCAwEAAaOCATkwggE1MBEGCWCGSAGG+EIBAQQEAwIG |
||||
wDAdBgNVHQ4EFgQUEUDbVrBFiwidyWrMY6rUqIi06bIwCQYDVR0TBAIwADAOBgNV |
||||
HQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMIHGBgNV |
||||
HSMEgb4wgbuAFCzA0qpygaQEk4vr+IKSqY1izLKnoYGMpIGJMIGGMQswCQYDVQQG |
||||
EwJVUzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMxDTAL |
||||
BgNVBAsMBHJvb3QxFzAVBgNVBAMMDmludmFsaWRpbnRlcmNhMScwJQYJKoZIhvcN |
||||
AQkBFhhpbnZhbGlkaW50ZXJjYUBhZG1pbi5jb22CFGmQswbSPaLG4R7azRkkC5XU |
||||
gkh5MA0GCSqGSIb3DQEBCwUAA4IBAQB5fiodcOYjxuCLjI+1AAsQP+mApMO5DJn3 |
||||
tJh8ARt7TK1TzWBTaOQNe+MP4vUHKYu2pXDv07csgBM9F5WEXPbADTHOVd16h+5Q |
||||
OVK8JsfXaq26mg/+zp6UiK2JVHE+MCyVOfDhbpbu2WPXdzeOiPuQsBwzsolPWoMI |
||||
/dvIhKuHtUZ9wGSIurulCYPSqvUDOoHkFnIdsDMq3ISP5y6kCLCDDAqpwYb6PrfF |
||||
R0lJvbORWZ67LcHAvJgdmN1u93FG3yTh9xCl4fhCfNtsbVsQpXaYyTKhdBLaS9in |
||||
pyrOIxZJ9yiWk4iMv4/Ehm5BgR6CAJPHo3dvx46veSkVsztYQQDe |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIEFDCCAvygAwIBAgIUaZCzBtI9osbhHtrNGSQLldSCSHkwDQYJKoZIhvcNAQEL |
||||
BQAwgYYxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEXMBUGA1UEAwwOaW52YWxpZGludGVy |
||||
Y2ExJzAlBgkqhkiG9w0BCQEWGGludmFsaWRpbnRlcmNhQGFkbWluLmNvbTAgFw0y |
||||
MTA2MDcxNzA1NTJaGA8yMTIxMDUxNDE3MDU1MlowgZYxCzAJBgNVBAYTAlVTMQsw |
||||
CQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwE |
||||
cm9vdDEaMBgGA1UEAwwRaW52YWxpZHBhcnRuZXIxY2ExNDAyBgkqhkiG9w0BCQEW |
||||
JWludmFsaWRwYXJ0bmVyMWNhQGludmFsaWRwYXJ0bmVyMS5jb20wggEiMA0GCSqG |
||||
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEMKBBPhzkvg+icZoRsN8CW2tlB4RZXo3C |
||||
apaQu2oJdEIqyKMRx86Uk7mRsW4rNWSbOjQwfCVsvhkUdriqBD+DfkzE03KKmhmL |
||||
hs2aC+ICb31aGyEvfWYFmKckY4zO8ptObaddWUZt27aie5vOzutB9n+oBmZMezd1 |
||||
xc4dwOO+MzC92Ay3DIxw52SzGiywPGn3gfNWZ5NGvWM1poV4SwTi/eJXF/lwU9aY |
||||
Hl/+XOQ5/PJrIiQKGbBaywoOwYUU3FReosgCFVwDadnsj4ma++TKi/U7GQTcA01B |
||||
1F42sZx1vmLJC68jAyDJylAEtUZxiGs8LQ/S8B1zXBvdfiYW7RQfAgMBAAGjZjBk |
||||
MB0GA1UdDgQWBBQswNKqcoGkBJOL6/iCkqmNYsyypzAfBgNVHSMEGDAWgBRZVeo2 |
||||
o+J44Ie43gS6L4tG3S0CaTASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQE |
||||
AwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAUu60om2Fcx7h5C+bVmmBUhMDbnkWO9pa |
||||
lmEhmeuRrrmvSj/Ny6vmAmy9XOpox2PWMO5AndCIChLX697M4HskxIXCYhZzhjHE |
||||
x85WtmRjZAxdBA7vhgA6KIz58BJ6PmmJ3nYwc9dpyMthuMH74FcjfgsBL/1UalLI |
||||
26WtNMqEr+qK/drrlKpGHb1TjB3eWC1OPAwusgkw4uQBzKGHUZKxsVlaQ8jNkLdq |
||||
t31kMk770wXPh57N1tMn+gF21kACbkk0L4os+5AknYXWUS1A546I1TiEKmbKktPa |
||||
SdZIUT2AdIpZl4XMR5DZXBhMw8i/XyNfU6mW4b7TRt+QHU8l8ao47Q== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIECDCCAvCgAwIBAgIUK5+/p9u9ZYQuD9obuRHeJx0msBgwDQYJKoZIhvcNAQEL |
||||
BQAwgYoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEcMBoGA1UEAwwTcm9vdGludmFsaWRj |
||||
YS5hZG1pbjEmMCQGCSqGSIb3DQEJARYXcm9vdGludmFsaWRjYUBhZG1pbi5jb20w |
||||
IBcNMjEwNjA3MTcwNTUyWhgPMjEyMTA1MTQxNzA1NTJaMIGGMQswCQYDVQQGEwJV |
||||
UzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMxDTALBgNV |
||||
BAsMBHJvb3QxFzAVBgNVBAMMDmludmFsaWRpbnRlcmNhMScwJQYJKoZIhvcNAQkB |
||||
FhhpbnZhbGlkaW50ZXJjYUBhZG1pbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB |
||||
DwAwggEKAoIBAQDNNU2p6MImjkrboq5MG7x422jISEYA9Zi/AMruUlQIXYwNUClc |
||||
yhalIPaToNRDBZ1mxj1uhdS/bxbAGxfO7EDQAcTGzIMhlkC+i/zLTSXTsoHjmgrt |
||||
5ZNQsc2Ok/a4aMpDUxZIx480Gm1GWEn5wrZpKJPdPnwwOg8tcjT4FCxI3CsMYQqb |
||||
UOR3iJn9IRyqTc1M/LCt5rYsd3slXVMnEOU5iu4UHJaNzKLlfsnB2LsdVqGqKA2e |
||||
nc6xdui+iJh81dqX/0RVUmyz4lDvhw8qfE58WAo4iIcpjBDcS8GPwt7WBF5KR120 |
||||
HWF3HErVOsra/eVPK3iZU5vvWuU+zQ8pAm5DAgMBAAGjZjBkMB0GA1UdDgQWBBRZ |
||||
Veo2o+J44Ie43gS6L4tG3S0CaTAfBgNVHSMEGDAWgBS5ftf0c7cpwPnkG0MaBaV5 |
||||
jXxrdzASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG |
||||
9w0BAQsFAAOCAQEAjnY1t9Pt8DxhExpqnLBLkhGeg+upWQutTsvW+JMowPw+rX3H |
||||
m7mRKDkGl98Ol9m/6Iwx4kjgNz/bFx9flgJTYKvLE+yK/Jg4cizMjE4s9CzBA9ic |
||||
R20L0MrRS3w8ae6IXXDZaaZvwmUqxYOCChr1mXslP59EXPPeTbQa2asTAz5sYAFV |
||||
btPAjNa0T3KGcSbKyfZj3kAmNBFXrpyS0FcEQCt/u3USx1zGF1YuPGte0VBxtYw1 |
||||
S/6DAeff+3rA9FAXXoG4qu+ZKu2kYydyJJPborTtJ3A/ATJmcJL2KW6ADHRK7rn1 |
||||
NLj25w6mQoSRhoOLWHe+oWNF5nMO1SmMzfwlEQ== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID+TCCAuGgAwIBAgIUMcRYNxIDRzqdAgyjxeKuyrSVsscwDQYJKoZIhvcNAQEL |
||||
BQAwgYoxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEcMBoGA1UEAwwTcm9vdGludmFsaWRj |
||||
YS5hZG1pbjEmMCQGCSqGSIb3DQEJARYXcm9vdGludmFsaWRjYUBhZG1pbi5jb20w |
||||
IBcNMjEwNjA3MTcwNTUyWhgPMjEyMTA1MTQxNzA1NTJaMIGKMQswCQYDVQQGEwJV |
||||
UzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMxDTALBgNV |
||||
BAsMBHJvb3QxHDAaBgNVBAMME3Jvb3RpbnZhbGlkY2EuYWRtaW4xJjAkBgkqhkiG |
||||
9w0BCQEWF3Jvb3RpbnZhbGlkY2FAYWRtaW4uY29tMIIBIjANBgkqhkiG9w0BAQEF |
||||
AAOCAQ8AMIIBCgKCAQEAzmtt2EEdHNucUr8lZt8owINf9dSmCcpt663rnj833TO1 |
||||
mCdKdmZvQYzgvdfVCLqonj5CaHts4GCyh3PeHxU+zqjEWxPbZCSkITKOtn3AblTJ |
||||
n4yFGpV6eIuGRFSL6TAaSPOyt59ZIFfSn5HDpVtET2/1hKRjjEnWhKy1pIG2J/mp |
||||
BaXO7QJtJyTbYdXm2AXorQChbX8T5J965wl4k/xLGrHtRcvaDeZsy9TdtYLseC78 |
||||
bLFVwi7gAu3S9R6u9AuoVEn3rSZXaF+wSkH0GTX8rP049wQ9pQCS/zwjcQtcg+uT |
||||
2gbgRtMo+se1FV1YFylx0xIUWCh91uX1EAPhmw0IBQIDAQABo1MwUTAdBgNVHQ4E |
||||
FgQUuX7X9HO3KcD55BtDGgWleY18a3cwHwYDVR0jBBgwFoAUuX7X9HO3KcD55BtD |
||||
GgWleY18a3cwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAj/rZ |
||||
ga+ClC89q4a89U/OhX7hR8xOTPfpDLBGI8TpU2iXR57SZd4LvSNW1MTOJh/aTC/z |
||||
wA+MvhP3RK03kzW2pE3aauglT0bwx+mZ24oaQFGR1GLPhgq5BMina6Fr9C3NJggf |
||||
WtAoKNe+JoYUZkoLeBEnOcYEBZ1JYq7WBmctEY7sJgz456Coa0Ja+yXrPUPDbkKO |
||||
oTCeIwt9Fusk9T8y78+Ugx9eQuQGbwKF7evwQg0ZsuOWPvn0Y1qG0obph95tPp0s |
||||
HfNIDbTyjVga/gy3Et81E+AMrl7lKl5XZW0DZHSi41Y0KC5GhBBohrTIBoruIIkI |
||||
+hYCoquh8+xoYv32jg== |
||||
-----END CERTIFICATE----- |
||||
Binary file not shown.
Binary file not shown.
@ -1,27 +0,0 @@ |
||||
-----BEGIN X509 CRL----- |
||||
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCVVMxCzAJBgNV |
||||
BAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJBgNVBAoMAk1DMQ0wCwYDVQQLDARyb290 |
||||
MRMwEQYDVQQDDApwYXJ0bmVyMWNhMSYwJAYJKoZIhvcNAQkBFhdwYXJ0bmVyMWNh |
||||
QHBhcnRuZXIxLmNvbRcNMjEwNjA3MTcwNjAwWhcNMjIwNjA3MTcwNjAwWjAnMCUC |
||||
FGltgEkvXupxY562dERH8+uKOf89Fw0yMTA2MDcxNzA2MDBaoA4wDDAKBgNVHRQE |
||||
AwIBADANBgkqhkiG9w0BAQsFAAOCAQEABF/7Kq+byYi/bRoftL8xqgSGcaLVuCOF |
||||
BZVZXDKjyYfISwBqbvPSqtIvnFO1ewicgD7dNIZwWcQ9Kx7OOz4BA6Pe8YPtiBfp |
||||
HZMabT8BS2eLePvViGumY7PTo3oIk3yXylOtzMDo59WQhCH/0vp5xjzJC+VFex/W |
||||
p/an5ii1y3Q1FpEZNer6jpU0xJEJ2mCaGT/zuj6Mg1awWqmmYce3BahZeCNj8Wyx |
||||
GIy8bGUjOdJyp99rAF9euCZ45pAjI12sg9lhPIVkp3Wnoy3La4Yj219Elc3MbJvF |
||||
8GEFEmZ0Lm5Ze/EG5VyLB+wRpggeSJTc20i/eGWdaWg8AEukCgMdCg== |
||||
-----END X509 CRL----- |
||||
-----BEGIN X509 CRL----- |
||||
MIICLDCCARQCAQEwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD |
||||
VQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9v |
||||
dDETMBEGA1UEAwwKcGFydG5lcjJjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcjJj |
||||
YUBwYXJ0bmVyMi5jb20XDTIxMDYwNzE3MDYwMFoXDTIyMDYwNzE3MDYwMFowTjAl |
||||
AhRpbYBJL17qcWOetnRER/Prijn/PRcNMjEwNjA3MTcwNjAwWjAlAhR+2Aa1zeVQ |
||||
jbXFGnXFu53h4vZEahcNMjEwNjA3MTcwNjAwWqAOMAwwCgYDVR0UBAMCAQEwDQYJ |
||||
KoZIhvcNAQELBQADggEBAFXQOMk+6FDP8bm9TGK079IHojhooipo+9x3I1y/kUhH |
||||
XY7xuyTXOvzv14//xenDuryIjSAC8pyqbls+DcUXkmGZ/nIWugtMykGLNgqqo/Oe |
||||
pfoUSXRJP7CtvfHa4ejfr3q1t5MXfM3nqBQumu65slWjDFtE6mZF4ANcsIlsNQ10 |
||||
GTkDIdDHgUWxmZlBzTkoofvYspixuUptpJfl5eei9SDA+T1uADKnjARkxVv8xeYi |
||||
QwTp6jVYq6YKc9z0l1UMadnFQz8osk7QNypWnsrD0+iBB1if8ikJwy+8BWayTkgQ |
||||
tWLFT4n/c1m/wYzSclvZUUOxkkkE4Q9fZ3ReCADC+bQ= |
||||
-----END X509 CRL----- |
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1 +0,0 @@ |
||||
test123 |
||||
@ -1,70 +0,0 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID8DCCAtigAwIBAgIUNniG6StciHezbAqX+uNMciPW7jowDQYJKoZIhvcNAQEL |
||||
BQAweDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRAwDgYDVQQDDAdpbnRlcmNhMSAwHgYJ |
||||
KoZIhvcNAQkBFhFpbnRlcmNhQGFkbWluLmNvbTAgFw0yMTA2MDcxNzA1NDdaGA8y |
||||
MTIxMDUxNDE3MDU0N1owgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoG |
||||
A1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDETMBEGA1UEAwwK |
||||
cGFydG5lcjFjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcjFjYUBwYXJ0bmVyMS5j |
||||
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR8KbDV1MbtC1Siuo2 |
||||
pbOU6eMRaNyDdlhcz48FY+mKGsUEAePceFJTvh1w9gXwt/A26CO02BVdTPYowudf |
||||
Qkl9v+qSRIKXgKz1fkNUW4xYKl7KsgABi/zpgY/bM3CarBcBan9VKWapgx680Aj2 |
||||
bv99ODNqZTH9Iwdq2IrHNBplLp2TmFao7oKz+LeMV6ZrdfY1THf1AuprD86Ccxfa |
||||
9YAyuMI4t7BKqmIqMuDKSSykXuEDY/CCDWw8o/0rg6baoM4bKzipv/4oqaegM3MB |
||||
8vt979rx4PGH69+/JSMt7wL3SQbkQtMNODZyGM/HW+TsPAFYfHPsURVRezFpOB7G |
||||
OoTdAgMBAAGjZjBkMB0GA1UdDgQWBBSB8CJNxPXuu/mEDmD1+rPhI/qN5DAfBgNV |
||||
HSMEGDAWgBT8BlnPk8BS8+JHlIEoCp3sO8jDDjASBgNVHRMBAf8ECDAGAQH/AgEA |
||||
MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAKb5S3NTSxSJrI5Mk |
||||
EKoULvy7vKh+W/o5wDKm8ILwJHn76HFyq3Nl0zYdoshROnLG8gL69rMWZgTg+Fsl |
||||
teX8pNvLEQV7Asx5Yvn2oFBQqRevwGsg2z48et5SIq5pDYeThwUMbdrGuhkEkizW |
||||
ecBUN8j7auRLSpx5ornl9zFx5bvsVb4Dy/rIMVnPiw3VniOAOplGIJOm/TiPxTR0 |
||||
qyzdHljsRbM0uyw81QkeskuJWCpmKTFZxfV1Jww3ScKApNY8WFW+iuarWBvRTq7l |
||||
3AxXcE11ms92rnZw3vFvrIfM6WlE7Idb0rlRK69e73j40eBtJN5i6L7IPJ7Uht+N |
||||
mLfQvw== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID6jCCAtKgAwIBAgIUTwPfI+2FxYq0V6uukemLf67qANowDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEQMA4GA1UE |
||||
AwwHaW50ZXJjYTEgMB4GCSqGSIb3DQEJARYRaW50ZXJjYUBhZG1pbi5jb20wggEi |
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxuUWq2F6MFQLeFVBB800pjiJv |
||||
pqrpMb8lv5aEOX87slRRkIVe0M/6mSlNvJSSclGindIhsWxaYD4Kend+o+ODhMqT |
||||
Jl7zvVTTluGg8SK22kyJ8DTWHnhnFhpoKVLc5qjgvglOf0h7S9F/tL5AkpGoBq7t |
||||
PkbOJPxKR7bvn34Iux3HgS1uzwZqHSYBcNHuYB6PSgyQJiNLIrA/019YqqUI5R+W |
||||
V/Nb/kkrnsUS+hU6ntAtewus0irO+4fJzBlpN+bvbEBdVHeVmIYhF6ILxtCGWX5l |
||||
lOlDrYNXiff0ksKtEvyUV/NFOASixEBMQ88Un7NGHR8y1NW3fCGiVkOhvaprAgMB |
||||
AAGjZjBkMB0GA1UdDgQWBBT8BlnPk8BS8+JHlIEoCp3sO8jDDjAfBgNVHSMEGDAW |
||||
gBTj0UDC6u67VvpJ2NmXE7vz77nHHTASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud |
||||
DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAZYQg0VUOQ1DGoU0y0TsTzAZ4 |
||||
IEy5xavV7Nma9AJI0ZVFpqGEBjTXjxi7r/co1EREN3bi7QnZfJhU4SGVZ0T7wq+p |
||||
/S3x16DEPEufa3JmP+brBPOOP/5EJX5+2BXMUWuDcY7MAokaAIAudjmVk32FoZgy |
||||
54FkZ+YRillU++7k0ie8EEYE8pN2ABIqNCdHxGEhwEc0wVwB6bBONmcEssYmipUh |
||||
DQH6+sfKBcd+sUMGG3qd79sE7BF9w8bAHhKcBm5eTdEks9jh6H1o0PgBvFP8fFzF |
||||
q89KGuLw7T0n/Khkmrv5cifwmTpg42Ivorv8qk02aeiOAGiMyFFJ38BQtH64LQ== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID2zCCAsOgAwIBAgIURc832yfuirkVrhWhC4O1uBfTZXAwDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEVMBMGA1UE |
||||
AwwMcm9vdGNhLmFkbWluMR8wHQYJKoZIhvcNAQkBFhByb290Y2FAYWRtaW4uY29t |
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKd0JrZR3N0A3C7Gp7sT |
||||
zLurt0pVjAIBh3N+5NsyY7eAHJWA7wRR+JpG4q6MxmYVWsk4MjsnWB0ViCCm+fTY |
||||
a9tFms6lmsjM4fJgIs8/DP+zBEOien7sD3kfddmI4ClODynNv3ODbJKyhzKQEOZ8 |
||||
sdf61yWYuFzayEfNoon6BlqroPv9B0eAsgOFDndPo6vbqAFlrYAyVXx+7hmH7Hv6 |
||||
8RWDaSr0uI62uhvAQeK4a+p9aTSwLcHRh1/7NezW9rzI0/7yzP3w/RS7tevDuacU |
||||
XMr3sH5xEUahGF72qYUVejUlP48fPLrdGK76QZk0M8K2EOyvuNq66P+UMialx+83 |
||||
NwIDAQABo1MwUTAdBgNVHQ4EFgQU49FAwuruu1b6SdjZlxO78++5xx0wHwYDVR0j |
||||
BBgwFoAU49FAwuruu1b6SdjZlxO78++5xx0wDwYDVR0TAQH/BAUwAwEB/zANBgkq |
||||
hkiG9w0BAQsFAAOCAQEADfrsmYBaeV4/MTRVazsey/o0ZhBoLJ+3RFYC6+M2lYB1 |
||||
yT92tbAT3787aHTw/SdFvA11oT+lMDEmBWowzZ1bp/J7tqlqMcmwL4QyhZjp0gmK |
||||
eqDXy2Jui/fOTRzWQ1ka7mR6OTWxxVoIjKVvJ/AysqGCTFMXZXrMthtCuQDG+b85 |
||||
B3ALz6/j0ZFqgKzftCIuY0UnBtDEuKkAa0QkDMHLvcMAw7V/etpQPypCXqmwnc2e |
||||
vvL6cSvakEVE7rErhIeeL+1m2TBSWNrPVIvggLMv655meqkhGQn9uYyiGw6i/2V/ |
||||
ngBAs4gYDvk20Cyg0kxQONmzreAdFzArud+k7FofZw== |
||||
-----END CERTIFICATE----- |
||||
@ -1,126 +0,0 @@ |
||||
-----BEGIN PRIVATE KEY----- |
||||
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC8YRSLAPea6rIG |
||||
tgDxF+q4KVlm5zV5VWyvKf6KjECZC6fHekQkP1sFYhG6+wq+nDT8hf+Em8JYa/oV |
||||
WMi4QDHZkzryJC2rEyukq1Pi9ELBhGfbLw356zP4zCK+/RtiR06B/UOPkQ8/Itz+ |
||||
fTbuU7LrgIA6AT8rDG5kTOuKBvcNWDx02QEeAguZVXSVOG1A6Un8NsL/pFi9tsUU |
||||
qW9jgTA389wHunggAKa+KDPg5HXsqZfG/sioJv3iZw42zvmBaSaQJ+ZtQeVx2zu+ |
||||
OUMWhke5nmr+6ohLqG0R8GwKhW6AxlErKvFZXEKhLTobUAWOExL6ImtqgvYUc8wT |
||||
gvN92pfPAgMBAAECggEBAJ0HN76fcccbOIdLlAFk9G3LWhDjTrnzsYNaOCp5uydY |
||||
heVMUBz/Cvqzwx/gQBaf07NkZ5i81gYrC+5bcgXUzTkW95389mySsGC1yFl5T2RM |
||||
4N3enYHkxA/y6kvWZMtJsXG+EmFMhC8W+qzQ58dG0fBpz3mKrINP+310eSs3nxzp |
||||
MGnAHaawB8KVTIfqsFbVbT+DMShU8KkZSe8HAwEZF0vsD0Epq/IftH3H+gucH8Ny |
||||
5O3/hfvU4CBn0RxJyH239YDyPaf+TeZfJwI361k5se/aDwicj2azFo60uObsV8FT |
||||
DhYxPFB39LT0kKgeo14SrW6USyhv6PEZs/x6dTKyw8ECgYEA3drXVsEwOuVrg8DD |
||||
H8/pfsKS6EXB9Enxs5jzeS2nWR6qjjEo9+Ks4dZTRstlkCe+WSMgeeX9snDCJodJ |
||||
cG/5XDpg5GlrcapRz79zJ7SKcaiaH/EKs7pmcUR+3BanGYB2AWYjwil9yLTv7FB9 |
||||
o08Xx6dEbm/doQlOoTNrmZUcKH8CgYEA2V9JnkJmqVZAyYISRniESZNxHElVd98B |
||||
jR546VeGS41faEyiXZd6vrjubbMkxylsNBxri774g04ki+T3fNSXNDBr1TcOf4do |
||||
XoVhrVk03p2xTt/4tDV5XfefIam11POEVs/H9R5cUeF5aylOP5Wi3tNveSDeqhwW |
||||
RSKfOHuRaLECgYAc46Bi5ak4IiPL9k/yVoqbPQ8QO/UzsGVO873Qq8c87adb+L7S |
||||
+Kt2hQg3EclZ6jL5PH/AH9jXYaOGjNtdTtdz0Q5I8AlTtdANc2q1YuccQc5AFo1E |
||||
NiOc4ER8uF5uDbJQIFLLt8dvWVBcv2Z825HHJ9rbXqnHjIS2rRF34FjYVQKBgGUz |
||||
p+K2p3VPYvpuRHPqyCw5KQAyZEha2y4IceKxjSS/vRuiEjXgwJTrJJaOQSE4d9gL |
||||
I0b8slbvmrRG9bJ4h60Unh+2clmNgVoAX2mFjsfWQyalv/SmsMq+7qeNi8qJVaPV |
||||
ORM1/2VfxFfP805HLHzxk4SheQlZ6kRlyhtR7HEBAoGAMPaMPm0PaPesN6dpwgKD |
||||
HHm4BgniKafmikjkieuVQgtu/Rl/1Eq+haGHIDMQtRn9fD88y1lETEw4o2vXUDjI |
||||
vBFkGE+Mf/Vjg6V1THAGd9XseLgAK2PCvfEDsCYAiyEEVY0hPfmgQwNZxxCt94fE |
||||
fjI21dc+cX9CHXTHyzORnWE= |
||||
-----END PRIVATE KEY----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIEyDCCA7CgAwIBAgIUaW2ASS9e6nFjnrZ0REfz64o5/zwwDQYJKoZIhvcNAQEL |
||||
BQAwgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDETMBEGA1UEAwwKcGFydG5lcjFjYTEm |
||||
MCQGCSqGSIb3DQEJARYXcGFydG5lcjFjYUBwYXJ0bmVyMS5jb20wIBcNMjEwNjA3 |
||||
MTcwNTQ3WhgPMjEyMTA1MTQxNzA1NDdaMIGLMQswCQYDVQQGEwJVUzELMAkGA1UE |
||||
CAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMxDTALBgNVBAsMBHJvb3Qx |
||||
GDAWBgNVBAMMD3BhcnRuZXIxY2xpZW50MTErMCkGCSqGSIb3DQEJARYccGFydG5l |
||||
cjFjbGllbnQxQHBhcnRuZXIxLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC |
||||
AQoCggEBALxhFIsA95rqsga2APEX6rgpWWbnNXlVbK8p/oqMQJkLp8d6RCQ/WwVi |
||||
Ebr7Cr6cNPyF/4Sbwlhr+hVYyLhAMdmTOvIkLasTK6SrU+L0QsGEZ9svDfnrM/jM |
||||
Ir79G2JHToH9Q4+RDz8i3P59Nu5TsuuAgDoBPysMbmRM64oG9w1YPHTZAR4CC5lV |
||||
dJU4bUDpSfw2wv+kWL22xRSpb2OBMDfz3Ae6eCAApr4oM+Dkdeypl8b+yKgm/eJn |
||||
DjbO+YFpJpAn5m1B5XHbO745QxaGR7meav7qiEuobRHwbAqFboDGUSsq8VlcQqEt |
||||
OhtQBY4TEvoia2qC9hRzzBOC833al88CAwEAAaOCASgwggEkMBEGCWCGSAGG+EIB |
||||
AQQEAwIGwDAdBgNVHQ4EFgQUteJ5GVlEpzaoonh4YXoc+1103lowCQYDVR0TBAIw |
||||
ADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC |
||||
MIG1BgNVHSMEga0wgaqAFIHwIk3E9e67+YQOYPX6s+Ej+o3koXykejB4MQswCQYD |
||||
VQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMx |
||||
DTALBgNVBAsMBHJvb3QxEDAOBgNVBAMMB2ludGVyY2ExIDAeBgkqhkiG9w0BCQEW |
||||
EWludGVyY2FAYWRtaW4uY29tghQ2eIbpK1yId7NsCpf640xyI9buOjANBgkqhkiG |
||||
9w0BAQsFAAOCAQEABiqi7zOT55MIm5rbCGwe00LvAghbkfUitDEEotRjvF8E/fvA |
||||
rwnbqgBDbetYtI+88ml3NhdU2B3qZA8Z/KXnjJA+vmNmpdRVYGnl8BdKjqTUl+QV |
||||
d1vm0IbOID33gOKhaxba+Tbq7WYnzCMltqOzqtjgCUmJamacGR5sDYvz057vWEM/ |
||||
19Gw1agAAY+sb1Vx7BwM6A81iKP7rf1z0jKZTVMc8bW1IOZJxqDsMosnuSAyQwMK |
||||
4Bwt6CEbWjknRZ/jTioM0C2HFpWXz51SyNwP583s60OVqf7/NYb1LC3lWrpWL7yf |
||||
rsHBob8jsrkCRHbRHIjXjio3l29ObL5AfQm3Ig== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID8DCCAtigAwIBAgIUNniG6StciHezbAqX+uNMciPW7jowDQYJKoZIhvcNAQEL |
||||
BQAweDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRAwDgYDVQQDDAdpbnRlcmNhMSAwHgYJ |
||||
KoZIhvcNAQkBFhFpbnRlcmNhQGFkbWluLmNvbTAgFw0yMTA2MDcxNzA1NDdaGA8y |
||||
MTIxMDUxNDE3MDU0N1owgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoG |
||||
A1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDETMBEGA1UEAwwK |
||||
cGFydG5lcjFjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcjFjYUBwYXJ0bmVyMS5j |
||||
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR8KbDV1MbtC1Siuo2 |
||||
pbOU6eMRaNyDdlhcz48FY+mKGsUEAePceFJTvh1w9gXwt/A26CO02BVdTPYowudf |
||||
Qkl9v+qSRIKXgKz1fkNUW4xYKl7KsgABi/zpgY/bM3CarBcBan9VKWapgx680Aj2 |
||||
bv99ODNqZTH9Iwdq2IrHNBplLp2TmFao7oKz+LeMV6ZrdfY1THf1AuprD86Ccxfa |
||||
9YAyuMI4t7BKqmIqMuDKSSykXuEDY/CCDWw8o/0rg6baoM4bKzipv/4oqaegM3MB |
||||
8vt979rx4PGH69+/JSMt7wL3SQbkQtMNODZyGM/HW+TsPAFYfHPsURVRezFpOB7G |
||||
OoTdAgMBAAGjZjBkMB0GA1UdDgQWBBSB8CJNxPXuu/mEDmD1+rPhI/qN5DAfBgNV |
||||
HSMEGDAWgBT8BlnPk8BS8+JHlIEoCp3sO8jDDjASBgNVHRMBAf8ECDAGAQH/AgEA |
||||
MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAKb5S3NTSxSJrI5Mk |
||||
EKoULvy7vKh+W/o5wDKm8ILwJHn76HFyq3Nl0zYdoshROnLG8gL69rMWZgTg+Fsl |
||||
teX8pNvLEQV7Asx5Yvn2oFBQqRevwGsg2z48et5SIq5pDYeThwUMbdrGuhkEkizW |
||||
ecBUN8j7auRLSpx5ornl9zFx5bvsVb4Dy/rIMVnPiw3VniOAOplGIJOm/TiPxTR0 |
||||
qyzdHljsRbM0uyw81QkeskuJWCpmKTFZxfV1Jww3ScKApNY8WFW+iuarWBvRTq7l |
||||
3AxXcE11ms92rnZw3vFvrIfM6WlE7Idb0rlRK69e73j40eBtJN5i6L7IPJ7Uht+N |
||||
mLfQvw== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID6jCCAtKgAwIBAgIUTwPfI+2FxYq0V6uukemLf67qANowDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEQMA4GA1UE |
||||
AwwHaW50ZXJjYTEgMB4GCSqGSIb3DQEJARYRaW50ZXJjYUBhZG1pbi5jb20wggEi |
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxuUWq2F6MFQLeFVBB800pjiJv |
||||
pqrpMb8lv5aEOX87slRRkIVe0M/6mSlNvJSSclGindIhsWxaYD4Kend+o+ODhMqT |
||||
Jl7zvVTTluGg8SK22kyJ8DTWHnhnFhpoKVLc5qjgvglOf0h7S9F/tL5AkpGoBq7t |
||||
PkbOJPxKR7bvn34Iux3HgS1uzwZqHSYBcNHuYB6PSgyQJiNLIrA/019YqqUI5R+W |
||||
V/Nb/kkrnsUS+hU6ntAtewus0irO+4fJzBlpN+bvbEBdVHeVmIYhF6ILxtCGWX5l |
||||
lOlDrYNXiff0ksKtEvyUV/NFOASixEBMQ88Un7NGHR8y1NW3fCGiVkOhvaprAgMB |
||||
AAGjZjBkMB0GA1UdDgQWBBT8BlnPk8BS8+JHlIEoCp3sO8jDDjAfBgNVHSMEGDAW |
||||
gBTj0UDC6u67VvpJ2NmXE7vz77nHHTASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud |
||||
DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAZYQg0VUOQ1DGoU0y0TsTzAZ4 |
||||
IEy5xavV7Nma9AJI0ZVFpqGEBjTXjxi7r/co1EREN3bi7QnZfJhU4SGVZ0T7wq+p |
||||
/S3x16DEPEufa3JmP+brBPOOP/5EJX5+2BXMUWuDcY7MAokaAIAudjmVk32FoZgy |
||||
54FkZ+YRillU++7k0ie8EEYE8pN2ABIqNCdHxGEhwEc0wVwB6bBONmcEssYmipUh |
||||
DQH6+sfKBcd+sUMGG3qd79sE7BF9w8bAHhKcBm5eTdEks9jh6H1o0PgBvFP8fFzF |
||||
q89KGuLw7T0n/Khkmrv5cifwmTpg42Ivorv8qk02aeiOAGiMyFFJ38BQtH64LQ== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID2zCCAsOgAwIBAgIURc832yfuirkVrhWhC4O1uBfTZXAwDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEVMBMGA1UE |
||||
AwwMcm9vdGNhLmFkbWluMR8wHQYJKoZIhvcNAQkBFhByb290Y2FAYWRtaW4uY29t |
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKd0JrZR3N0A3C7Gp7sT |
||||
zLurt0pVjAIBh3N+5NsyY7eAHJWA7wRR+JpG4q6MxmYVWsk4MjsnWB0ViCCm+fTY |
||||
a9tFms6lmsjM4fJgIs8/DP+zBEOien7sD3kfddmI4ClODynNv3ODbJKyhzKQEOZ8 |
||||
sdf61yWYuFzayEfNoon6BlqroPv9B0eAsgOFDndPo6vbqAFlrYAyVXx+7hmH7Hv6 |
||||
8RWDaSr0uI62uhvAQeK4a+p9aTSwLcHRh1/7NezW9rzI0/7yzP3w/RS7tevDuacU |
||||
XMr3sH5xEUahGF72qYUVejUlP48fPLrdGK76QZk0M8K2EOyvuNq66P+UMialx+83 |
||||
NwIDAQABo1MwUTAdBgNVHQ4EFgQU49FAwuruu1b6SdjZlxO78++5xx0wHwYDVR0j |
||||
BBgwFoAU49FAwuruu1b6SdjZlxO78++5xx0wDwYDVR0TAQH/BAUwAwEB/zANBgkq |
||||
hkiG9w0BAQsFAAOCAQEADfrsmYBaeV4/MTRVazsey/o0ZhBoLJ+3RFYC6+M2lYB1 |
||||
yT92tbAT3787aHTw/SdFvA11oT+lMDEmBWowzZ1bp/J7tqlqMcmwL4QyhZjp0gmK |
||||
eqDXy2Jui/fOTRzWQ1ka7mR6OTWxxVoIjKVvJ/AysqGCTFMXZXrMthtCuQDG+b85 |
||||
B3ALz6/j0ZFqgKzftCIuY0UnBtDEuKkAa0QkDMHLvcMAw7V/etpQPypCXqmwnc2e |
||||
vvL6cSvakEVE7rErhIeeL+1m2TBSWNrPVIvggLMv655meqkhGQn9uYyiGw6i/2V/ |
||||
ngBAs4gYDvk20Cyg0kxQONmzreAdFzArud+k7FofZw== |
||||
-----END CERTIFICATE----- |
||||
@ -1,27 +0,0 @@ |
||||
-----BEGIN X509 CRL----- |
||||
MIICBDCB7QIBATANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCVVMxCzAJBgNV |
||||
BAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJBgNVBAoMAk1DMQ0wCwYDVQQLDARyb290 |
||||
MRMwEQYDVQQDDApwYXJ0bmVyMWNhMSYwJAYJKoZIhvcNAQkBFhdwYXJ0bmVyMWNh |
||||
QHBhcnRuZXIxLmNvbRcNMjEwNjA3MTcwNjAwWhcNMjIwNjA3MTcwNjAwWjAnMCUC |
||||
FGltgEkvXupxY562dERH8+uKOf89Fw0yMTA2MDcxNzA2MDBaoA4wDDAKBgNVHRQE |
||||
AwIBADANBgkqhkiG9w0BAQsFAAOCAQEABF/7Kq+byYi/bRoftL8xqgSGcaLVuCOF |
||||
BZVZXDKjyYfISwBqbvPSqtIvnFO1ewicgD7dNIZwWcQ9Kx7OOz4BA6Pe8YPtiBfp |
||||
HZMabT8BS2eLePvViGumY7PTo3oIk3yXylOtzMDo59WQhCH/0vp5xjzJC+VFex/W |
||||
p/an5ii1y3Q1FpEZNer6jpU0xJEJ2mCaGT/zuj6Mg1awWqmmYce3BahZeCNj8Wyx |
||||
GIy8bGUjOdJyp99rAF9euCZ45pAjI12sg9lhPIVkp3Wnoy3La4Yj219Elc3MbJvF |
||||
8GEFEmZ0Lm5Ze/EG5VyLB+wRpggeSJTc20i/eGWdaWg8AEukCgMdCg== |
||||
-----END X509 CRL----- |
||||
-----BEGIN X509 CRL----- |
||||
MIICLDCCARQCAQEwDQYJKoZIhvcNAQELBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD |
||||
VQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9v |
||||
dDETMBEGA1UEAwwKcGFydG5lcjJjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcjJj |
||||
YUBwYXJ0bmVyMi5jb20XDTIxMDYwNzE3MDYwMFoXDTIyMDYwNzE3MDYwMFowTjAl |
||||
AhRpbYBJL17qcWOetnRER/Prijn/PRcNMjEwNjA3MTcwNjAwWjAlAhR+2Aa1zeVQ |
||||
jbXFGnXFu53h4vZEahcNMjEwNjA3MTcwNjAwWqAOMAwwCgYDVR0UBAMCAQEwDQYJ |
||||
KoZIhvcNAQELBQADggEBAFXQOMk+6FDP8bm9TGK079IHojhooipo+9x3I1y/kUhH |
||||
XY7xuyTXOvzv14//xenDuryIjSAC8pyqbls+DcUXkmGZ/nIWugtMykGLNgqqo/Oe |
||||
pfoUSXRJP7CtvfHa4ejfr3q1t5MXfM3nqBQumu65slWjDFtE6mZF4ANcsIlsNQ10 |
||||
GTkDIdDHgUWxmZlBzTkoofvYspixuUptpJfl5eei9SDA+T1uADKnjARkxVv8xeYi |
||||
QwTp6jVYq6YKc9z0l1UMadnFQz8osk7QNypWnsrD0+iBB1if8ikJwy+8BWayTkgQ |
||||
tWLFT4n/c1m/wYzSclvZUUOxkkkE4Q9fZ3ReCADC+bQ= |
||||
-----END X509 CRL----- |
||||
Binary file not shown.
Binary file not shown.
@ -1,6 +0,0 @@ |
||||
|
||||
name = NSScrypto-partner2client1 |
||||
nssSecmodDirectory = ./src/test/resources/keystore/partner2client1/nssdb |
||||
nssDbMode = readOnly |
||||
nssModule = keystore |
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -1 +0,0 @@ |
||||
test123 |
||||
@ -1,70 +0,0 @@ |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID8DCCAtigAwIBAgIUNniG6StciHezbAqX+uNMciPW7jswDQYJKoZIhvcNAQEL |
||||
BQAweDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRAwDgYDVQQDDAdpbnRlcmNhMSAwHgYJ |
||||
KoZIhvcNAQkBFhFpbnRlcmNhQGFkbWluLmNvbTAgFw0yMTA2MDcxNzA1NDlaGA8y |
||||
MTIxMDUxNDE3MDU0OVowgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoG |
||||
A1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDETMBEGA1UEAwwK |
||||
cGFydG5lcjJjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcjJjYUBwYXJ0bmVyMi5j |
||||
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLvHvIuFFYmNYEA6P2 |
||||
/RB3LBDpxbnjl7SU4KCWcfBxQ1guw3aG/HzjenKt3m6UmmESFSh0k4/a/s9m4z/M |
||||
ubVqrm0ll2HvyodetFL40jLgSCIbP3taCIhLptaOCB2P6keYEfjGdb5YTNMgCqYk |
||||
NYA+dgXtw1VMJvI7aRpmVOIPtQx/nqncigYzxykGlTbeusSPAGp7CAmxTZSJUFLI |
||||
ig0ReaKSopiQE2j/ljJXFK26sMlkq3Lw41E4fPju+PBeubeb6eT8fzhn0IaCgTeO |
||||
cZgKzVUv3MsrrKfDHXUhGAspKBGDkqkrogZ6UYcvyCLfnRM0vVGc1L7oaFnMMZ1m |
||||
NYRpAgMBAAGjZjBkMB0GA1UdDgQWBBSsXIVGVfgo124o7djQsYtrkYPWYzAfBgNV |
||||
HSMEGDAWgBT8BlnPk8BS8+JHlIEoCp3sO8jDDjASBgNVHRMBAf8ECDAGAQH/AgEA |
||||
MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABSHI1SgQ1FBWmPRZ |
||||
nXDspyvbvPsjk/p6erUVGGuDyy/F2rJldz7musNCL5ijAmlQfYPNMNoLU1BR+fAl |
||||
WSYfdjL1mMygXtj/KlaNqM5hQMUfyYa4Yk1ODaScl+wfIsSmzTSl/j4fMf58GYpr |
||||
9rssVveQrFAipeWhxgGqQNJooAbqmZKE4tePhKzrsH+B2hDEUnFptkasnQEkQQEZ |
||||
rSzJlU72U8p3Gwq9t9rKYoBLSr0yoBbh4fdFcPsuN/mZS6TNEu1Uc4ui9eWheGTM |
||||
RCNGehiXAczfIhf9WfMfyNhp5/pZc2nTeV/LsSjuCFXUdoL5rAESPcHBc56vXtcV |
||||
1ywC0A== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID6jCCAtKgAwIBAgIUTwPfI+2FxYq0V6uukemLf67qANowDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEQMA4GA1UE |
||||
AwwHaW50ZXJjYTEgMB4GCSqGSIb3DQEJARYRaW50ZXJjYUBhZG1pbi5jb20wggEi |
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxuUWq2F6MFQLeFVBB800pjiJv |
||||
pqrpMb8lv5aEOX87slRRkIVe0M/6mSlNvJSSclGindIhsWxaYD4Kend+o+ODhMqT |
||||
Jl7zvVTTluGg8SK22kyJ8DTWHnhnFhpoKVLc5qjgvglOf0h7S9F/tL5AkpGoBq7t |
||||
PkbOJPxKR7bvn34Iux3HgS1uzwZqHSYBcNHuYB6PSgyQJiNLIrA/019YqqUI5R+W |
||||
V/Nb/kkrnsUS+hU6ntAtewus0irO+4fJzBlpN+bvbEBdVHeVmIYhF6ILxtCGWX5l |
||||
lOlDrYNXiff0ksKtEvyUV/NFOASixEBMQ88Un7NGHR8y1NW3fCGiVkOhvaprAgMB |
||||
AAGjZjBkMB0GA1UdDgQWBBT8BlnPk8BS8+JHlIEoCp3sO8jDDjAfBgNVHSMEGDAW |
||||
gBTj0UDC6u67VvpJ2NmXE7vz77nHHTASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud |
||||
DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAZYQg0VUOQ1DGoU0y0TsTzAZ4 |
||||
IEy5xavV7Nma9AJI0ZVFpqGEBjTXjxi7r/co1EREN3bi7QnZfJhU4SGVZ0T7wq+p |
||||
/S3x16DEPEufa3JmP+brBPOOP/5EJX5+2BXMUWuDcY7MAokaAIAudjmVk32FoZgy |
||||
54FkZ+YRillU++7k0ie8EEYE8pN2ABIqNCdHxGEhwEc0wVwB6bBONmcEssYmipUh |
||||
DQH6+sfKBcd+sUMGG3qd79sE7BF9w8bAHhKcBm5eTdEks9jh6H1o0PgBvFP8fFzF |
||||
q89KGuLw7T0n/Khkmrv5cifwmTpg42Ivorv8qk02aeiOAGiMyFFJ38BQtH64LQ== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID2zCCAsOgAwIBAgIURc832yfuirkVrhWhC4O1uBfTZXAwDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEVMBMGA1UE |
||||
AwwMcm9vdGNhLmFkbWluMR8wHQYJKoZIhvcNAQkBFhByb290Y2FAYWRtaW4uY29t |
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKd0JrZR3N0A3C7Gp7sT |
||||
zLurt0pVjAIBh3N+5NsyY7eAHJWA7wRR+JpG4q6MxmYVWsk4MjsnWB0ViCCm+fTY |
||||
a9tFms6lmsjM4fJgIs8/DP+zBEOien7sD3kfddmI4ClODynNv3ODbJKyhzKQEOZ8 |
||||
sdf61yWYuFzayEfNoon6BlqroPv9B0eAsgOFDndPo6vbqAFlrYAyVXx+7hmH7Hv6 |
||||
8RWDaSr0uI62uhvAQeK4a+p9aTSwLcHRh1/7NezW9rzI0/7yzP3w/RS7tevDuacU |
||||
XMr3sH5xEUahGF72qYUVejUlP48fPLrdGK76QZk0M8K2EOyvuNq66P+UMialx+83 |
||||
NwIDAQABo1MwUTAdBgNVHQ4EFgQU49FAwuruu1b6SdjZlxO78++5xx0wHwYDVR0j |
||||
BBgwFoAU49FAwuruu1b6SdjZlxO78++5xx0wDwYDVR0TAQH/BAUwAwEB/zANBgkq |
||||
hkiG9w0BAQsFAAOCAQEADfrsmYBaeV4/MTRVazsey/o0ZhBoLJ+3RFYC6+M2lYB1 |
||||
yT92tbAT3787aHTw/SdFvA11oT+lMDEmBWowzZ1bp/J7tqlqMcmwL4QyhZjp0gmK |
||||
eqDXy2Jui/fOTRzWQ1ka7mR6OTWxxVoIjKVvJ/AysqGCTFMXZXrMthtCuQDG+b85 |
||||
B3ALz6/j0ZFqgKzftCIuY0UnBtDEuKkAa0QkDMHLvcMAw7V/etpQPypCXqmwnc2e |
||||
vvL6cSvakEVE7rErhIeeL+1m2TBSWNrPVIvggLMv655meqkhGQn9uYyiGw6i/2V/ |
||||
ngBAs4gYDvk20Cyg0kxQONmzreAdFzArud+k7FofZw== |
||||
-----END CERTIFICATE----- |
||||
@ -1,126 +0,0 @@ |
||||
-----BEGIN PRIVATE KEY----- |
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDGcHX9nWsO3oQy |
||||
9HlcTQAA9RxCpVqi5MmBG2HuTipppBdXphGyhQggpD1rL5I26vdq1FIuPBlFI1pg |
||||
Hd/hw7FOr5HuQ12GZpmmPW5KIbEzeY0MVJNXOw+iUuoaQNHLQSKtV5ZOmIJURIWE |
||||
0tjicDOewW/yR9MMStOQladn7WICwwfpgLQeX9EkZqko4iOK9K6ZKUeyRf9kI/86 |
||||
2M7/DAi0pxvaBGcW0F9XmBlqQu7Ma6q0fyR1qf2q3OZL3mSWuNV8S4hYyPqgKAce |
||||
s5w7zzRSNaeGX644RWU1XY8ze6Zik61aRLI2clHrI8wta8HDCdV1GvHvPj1Y7kqB |
||||
xDg0yBqpAgMBAAECggEBAJ2ipshSLcKBFylXNbUR4efgzpNOwaJW9o+eDfx9kYmb |
||||
9YMGBFb5AMzVS4kDIDaKDwOJKMNbsINQozFpafjxOL+WDunkD759cJ8ze5JeE2Md |
||||
suNRqD4KR9Ad56P1S/MXihGDW36R/i4sxJgP2oR+tzLs3R3s2oWQR2I6z+JqG4qu |
||||
tf4gDP6UIrJOirkn7TQD1VQi+8HMWx1BSER6yR86tKKTnwIlgVh0mowWXKXsB5aS |
||||
Y38Kfu+OG8FWAkCaVjFZdvg6xQcjI8MEmRqumPPf3OETrE/D6u4+qvpy1D7b8nsf |
||||
utYgv1mKYqkU0wvdDt6WTrPn/0fteLw6yMaoPmhim1ECgYEA9eFj889HojPzF7fx |
||||
67yWICah9vqd9OPYIPOtQ5rrgnTkiSxk1QyAG6i2Jl15sr8lGuVcVhTyXk/M75Ct |
||||
4gWanwbUI6khDKOM3kVN1nx/kvYFrzSuWkswB55OBEbDY/qhGu73ERNaIJdJVrY+ |
||||
p5wn1sbT5I1fqAuKwpj2A5B++x0CgYEAzps6ZujBOq896QoiR4MmLEI6rzqprIsL |
||||
LHCWnGtwn4SJhPwSUD3yDbyjA5rpodjWatLtX/MV7hWlWARj/ERSOLZlU2rCPNwO |
||||
gRgGnpGcSZYhVs7WSa675OEhjmhdUmqcl88pO+14+WLN9Bj8ECqkxyD+srUe5zxo |
||||
IisJYBK/e/0CgYADI+bH5VzP2IQBSIshbJ4qOPQWmGrOBt7qxNHwrBjX6LBGhDeh |
||||
dPBp6gSxhr4YJ1LM/iLowom55KEEaj+eRF4OK+MntXBDng8dg5sT4zEp6lR2QWD8 |
||||
rDsnzcDHUzQJodjO5EBpimq7QdNg9SDluRvVJWLtZ1TSa5tREu0JbJ4CjQKBgADK |
||||
kWexfoP2BdutoUH625uRyV3AcMPraGiMKdeBhdXmkQxEVuGdyx6IWWt7HWf0R6Xz |
||||
FtumN7BIvvBeW++sZ1A2Sp8OKp5HDXsrF2NmFV4myAvoEOQJWkjfH9zGw4y8QctH |
||||
DNZg63SxDy7fJZ/+OdFVbARNM0gZcCCpX4jRqZAVAoGBALz0ELUMj1s42+G6UAZ3 |
||||
toBHOBI7o/4R7hRoim21dmpmyz1XJrL17wIZO4vvftNxYI4n/0U0QMFopaakMrCi |
||||
E0/I9sU9R/4MyOK0VCPtkeuxznp3xkX8zoNeewK+9EGiEZFcOpsbyRSmwjLCyTKU |
||||
G8HIMfRI71A7qj+5Me3q62K2 |
||||
-----END PRIVATE KEY----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIIEyDCCA7CgAwIBAgIUftgGtc3lUI21xRp1xbud4eL2RGkwDQYJKoZIhvcNAQEL |
||||
BQAwgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoGA1UEBwwDU0ZPMQsw |
||||
CQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDETMBEGA1UEAwwKcGFydG5lcjJjYTEm |
||||
MCQGCSqGSIb3DQEJARYXcGFydG5lcjJjYUBwYXJ0bmVyMi5jb20wIBcNMjEwNjA3 |
||||
MTcwNTQ5WhgPMjEyMTA1MTQxNzA1NDlaMIGLMQswCQYDVQQGEwJVUzELMAkGA1UE |
||||
CAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMxDTALBgNVBAsMBHJvb3Qx |
||||
GDAWBgNVBAMMD3BhcnRuZXIyY2xpZW50MTErMCkGCSqGSIb3DQEJARYccGFydG5l |
||||
cjJjbGllbnQxQHBhcnRuZXIyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC |
||||
AQoCggEBAMZwdf2daw7ehDL0eVxNAAD1HEKlWqLkyYEbYe5OKmmkF1emEbKFCCCk |
||||
PWsvkjbq92rUUi48GUUjWmAd3+HDsU6vke5DXYZmmaY9bkohsTN5jQxUk1c7D6JS |
||||
6hpA0ctBIq1Xlk6YglREhYTS2OJwM57Bb/JH0wxK05CVp2ftYgLDB+mAtB5f0SRm |
||||
qSjiI4r0rpkpR7JF/2Qj/zrYzv8MCLSnG9oEZxbQX1eYGWpC7sxrqrR/JHWp/arc |
||||
5kveZJa41XxLiFjI+qAoBx6znDvPNFI1p4ZfrjhFZTVdjzN7pmKTrVpEsjZyUesj |
||||
zC1rwcMJ1XUa8e8+PVjuSoHEODTIGqkCAwEAAaOCASgwggEkMBEGCWCGSAGG+EIB |
||||
AQQEAwIGwDAdBgNVHQ4EFgQUojh+oPjTK6xgPMtbz+XEy4tl7iwwCQYDVR0TBAIw |
||||
ADAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC |
||||
MIG1BgNVHSMEga0wgaqAFKxchUZV+CjXbijt2NCxi2uRg9ZjoXykejB4MQswCQYD |
||||
VQQGEwJVUzELMAkGA1UECAwCQ0ExDDAKBgNVBAcMA1NGTzELMAkGA1UECgwCTUMx |
||||
DTALBgNVBAsMBHJvb3QxEDAOBgNVBAMMB2ludGVyY2ExIDAeBgkqhkiG9w0BCQEW |
||||
EWludGVyY2FAYWRtaW4uY29tghQ2eIbpK1yId7NsCpf640xyI9buOzANBgkqhkiG |
||||
9w0BAQsFAAOCAQEAbhEisOmfG5/Ks7MHu9cl17R9ISIFbMVv4wBiztLt2tWv5o5P |
||||
ul9DG2s9tBuOzs3xB4v2aZg7H2kPnUPDaTe7z5Ulc5+IyHDGSdsBzBqONH3sElue |
||||
HyZo1cOXU6nBIineYGYc0Bs9QnLRA0dmaYWZyjqB5S5GCs9Z5mk/JWzA1d110uio |
||||
RzStTpbSFlYvBpLTPShLREfFp56SMHDEaHBIoVERzfULvQwZLDsIAyqE/W+WE0FF |
||||
Lxhz3jxvztoOE6Sr5cmOp7nuwo3ALlWOjFCHOZRs/1qDDnIgXFnPKsZohtvVK2TG |
||||
a+/zW8wRyAAo4FgBTfqICXpOtK+Yg479Aj2GbQ== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID8DCCAtigAwIBAgIUNniG6StciHezbAqX+uNMciPW7jswDQYJKoZIhvcNAQEL |
||||
BQAweDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRAwDgYDVQQDDAdpbnRlcmNhMSAwHgYJ |
||||
KoZIhvcNAQkBFhFpbnRlcmNhQGFkbWluLmNvbTAgFw0yMTA2MDcxNzA1NDlaGA8y |
||||
MTIxMDUxNDE3MDU0OVowgYExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEMMAoG |
||||
A1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDETMBEGA1UEAwwK |
||||
cGFydG5lcjJjYTEmMCQGCSqGSIb3DQEJARYXcGFydG5lcjJjYUBwYXJ0bmVyMi5j |
||||
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLvHvIuFFYmNYEA6P2 |
||||
/RB3LBDpxbnjl7SU4KCWcfBxQ1guw3aG/HzjenKt3m6UmmESFSh0k4/a/s9m4z/M |
||||
ubVqrm0ll2HvyodetFL40jLgSCIbP3taCIhLptaOCB2P6keYEfjGdb5YTNMgCqYk |
||||
NYA+dgXtw1VMJvI7aRpmVOIPtQx/nqncigYzxykGlTbeusSPAGp7CAmxTZSJUFLI |
||||
ig0ReaKSopiQE2j/ljJXFK26sMlkq3Lw41E4fPju+PBeubeb6eT8fzhn0IaCgTeO |
||||
cZgKzVUv3MsrrKfDHXUhGAspKBGDkqkrogZ6UYcvyCLfnRM0vVGc1L7oaFnMMZ1m |
||||
NYRpAgMBAAGjZjBkMB0GA1UdDgQWBBSsXIVGVfgo124o7djQsYtrkYPWYzAfBgNV |
||||
HSMEGDAWgBT8BlnPk8BS8+JHlIEoCp3sO8jDDjASBgNVHRMBAf8ECDAGAQH/AgEA |
||||
MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEABSHI1SgQ1FBWmPRZ |
||||
nXDspyvbvPsjk/p6erUVGGuDyy/F2rJldz7musNCL5ijAmlQfYPNMNoLU1BR+fAl |
||||
WSYfdjL1mMygXtj/KlaNqM5hQMUfyYa4Yk1ODaScl+wfIsSmzTSl/j4fMf58GYpr |
||||
9rssVveQrFAipeWhxgGqQNJooAbqmZKE4tePhKzrsH+B2hDEUnFptkasnQEkQQEZ |
||||
rSzJlU72U8p3Gwq9t9rKYoBLSr0yoBbh4fdFcPsuN/mZS6TNEu1Uc4ui9eWheGTM |
||||
RCNGehiXAczfIhf9WfMfyNhp5/pZc2nTeV/LsSjuCFXUdoL5rAESPcHBc56vXtcV |
||||
1ywC0A== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID6jCCAtKgAwIBAgIUTwPfI+2FxYq0V6uukemLf67qANowDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEQMA4GA1UE |
||||
AwwHaW50ZXJjYTEgMB4GCSqGSIb3DQEJARYRaW50ZXJjYUBhZG1pbi5jb20wggEi |
||||
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxuUWq2F6MFQLeFVBB800pjiJv |
||||
pqrpMb8lv5aEOX87slRRkIVe0M/6mSlNvJSSclGindIhsWxaYD4Kend+o+ODhMqT |
||||
Jl7zvVTTluGg8SK22kyJ8DTWHnhnFhpoKVLc5qjgvglOf0h7S9F/tL5AkpGoBq7t |
||||
PkbOJPxKR7bvn34Iux3HgS1uzwZqHSYBcNHuYB6PSgyQJiNLIrA/019YqqUI5R+W |
||||
V/Nb/kkrnsUS+hU6ntAtewus0irO+4fJzBlpN+bvbEBdVHeVmIYhF6ILxtCGWX5l |
||||
lOlDrYNXiff0ksKtEvyUV/NFOASixEBMQ88Un7NGHR8y1NW3fCGiVkOhvaprAgMB |
||||
AAGjZjBkMB0GA1UdDgQWBBT8BlnPk8BS8+JHlIEoCp3sO8jDDjAfBgNVHSMEGDAW |
||||
gBTj0UDC6u67VvpJ2NmXE7vz77nHHTASBgNVHRMBAf8ECDAGAQH/AgEBMA4GA1Ud |
||||
DwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAZYQg0VUOQ1DGoU0y0TsTzAZ4 |
||||
IEy5xavV7Nma9AJI0ZVFpqGEBjTXjxi7r/co1EREN3bi7QnZfJhU4SGVZ0T7wq+p |
||||
/S3x16DEPEufa3JmP+brBPOOP/5EJX5+2BXMUWuDcY7MAokaAIAudjmVk32FoZgy |
||||
54FkZ+YRillU++7k0ie8EEYE8pN2ABIqNCdHxGEhwEc0wVwB6bBONmcEssYmipUh |
||||
DQH6+sfKBcd+sUMGG3qd79sE7BF9w8bAHhKcBm5eTdEks9jh6H1o0PgBvFP8fFzF |
||||
q89KGuLw7T0n/Khkmrv5cifwmTpg42Ivorv8qk02aeiOAGiMyFFJ38BQtH64LQ== |
||||
-----END CERTIFICATE----- |
||||
-----BEGIN CERTIFICATE----- |
||||
MIID2zCCAsOgAwIBAgIURc832yfuirkVrhWhC4O1uBfTZXAwDQYJKoZIhvcNAQEL |
||||
BQAwfDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQwwCgYDVQQHDANTRk8xCzAJ |
||||
BgNVBAoMAk1DMQ0wCwYDVQQLDARyb290MRUwEwYDVQQDDAxyb290Y2EuYWRtaW4x |
||||
HzAdBgkqhkiG9w0BCQEWEHJvb3RjYUBhZG1pbi5jb20wIBcNMjEwNjA3MTcwNTQ3 |
||||
WhgPMjEyMTA1MTQxNzA1NDdaMHwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEM |
||||
MAoGA1UEBwwDU0ZPMQswCQYDVQQKDAJNQzENMAsGA1UECwwEcm9vdDEVMBMGA1UE |
||||
AwwMcm9vdGNhLmFkbWluMR8wHQYJKoZIhvcNAQkBFhByb290Y2FAYWRtaW4uY29t |
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzKd0JrZR3N0A3C7Gp7sT |
||||
zLurt0pVjAIBh3N+5NsyY7eAHJWA7wRR+JpG4q6MxmYVWsk4MjsnWB0ViCCm+fTY |
||||
a9tFms6lmsjM4fJgIs8/DP+zBEOien7sD3kfddmI4ClODynNv3ODbJKyhzKQEOZ8 |
||||
sdf61yWYuFzayEfNoon6BlqroPv9B0eAsgOFDndPo6vbqAFlrYAyVXx+7hmH7Hv6 |
||||
8RWDaSr0uI62uhvAQeK4a+p9aTSwLcHRh1/7NezW9rzI0/7yzP3w/RS7tevDuacU |
||||
XMr3sH5xEUahGF72qYUVejUlP48fPLrdGK76QZk0M8K2EOyvuNq66P+UMialx+83 |
||||
NwIDAQABo1MwUTAdBgNVHQ4EFgQU49FAwuruu1b6SdjZlxO78++5xx0wHwYDVR0j |
||||
BBgwFoAU49FAwuruu1b6SdjZlxO78++5xx0wDwYDVR0TAQH/BAUwAwEB/zANBgkq |
||||
hkiG9w0BAQsFAAOCAQEADfrsmYBaeV4/MTRVazsey/o0ZhBoLJ+3RFYC6+M2lYB1 |
||||
yT92tbAT3787aHTw/SdFvA11oT+lMDEmBWowzZ1bp/J7tqlqMcmwL4QyhZjp0gmK |
||||
eqDXy2Jui/fOTRzWQ1ka7mR6OTWxxVoIjKVvJ/AysqGCTFMXZXrMthtCuQDG+b85 |
||||
B3ALz6/j0ZFqgKzftCIuY0UnBtDEuKkAa0QkDMHLvcMAw7V/etpQPypCXqmwnc2e |
||||
vvL6cSvakEVE7rErhIeeL+1m2TBSWNrPVIvggLMv655meqkhGQn9uYyiGw6i/2V/ |
||||
ngBAs4gYDvk20Cyg0kxQONmzreAdFzArud+k7FofZw== |
||||
-----END CERTIFICATE----- |
||||
Binary file not shown.
Binary file not shown.
@ -1 +0,0 @@ |
||||
mock-maker-inline |
||||
Loading…
Reference in new issue