From 46a77c4fd3e09da81985fa4a980d9347e2a44a12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Margus=20H=C3=A4rm?= Date: Mon, 24 Mar 2025 11:56:11 +0200 Subject: [PATCH 1/3] Update test environment truststore --- .../ria-test/clienttruststore_ria-test.jks | Bin 1110 -> 3110 bytes .../clienttruststore_ria-test.jks.README | 4 ++++ 2 files changed, 4 insertions(+) diff --git a/cdoc2-cli/config/ria-test/clienttruststore_ria-test.jks b/cdoc2-cli/config/ria-test/clienttruststore_ria-test.jks index 65abdf02e8cbed9a2e4dd55db64c91e957aad25d..9d51ef3dd1786001d5dd99846119865c0f1bc4c1 100644 GIT binary patch delta 3067 zcmV9#_RZg~EFms6sEj)~oyLbjIJ1k=Rc-ok_9#vuX)3l@g0sdZ(9#&Tt z&Xo&z{V%mnm%da5dKTj>KZZ$Hx2$DxS`l+jN+-W*9VsGxXD^F3>!`}cIc-0G!T1_S z2$vt-m>hUj{^u@_$+7;Eii{!uS`LmG^EbVxi1^ga51dtBAyHXhp7)B-%r zBE9``?6lRv(*Z&cH>yMN%MU->;|IGdN4}IEFYxyg%rFUOq3}Qbu=RuQ;UavQvGq|p z%R+99Z`NqIiO867cWbq+bU2KEx>o%jm?aX^E3IpvoD0{Y6P^ZA{!KXI!JO`1?s=e4 zIxpr7j7CY2Ir56(R2<8Z1NbGV;Y7ZOt{ zkH88W3wA-F-vz5k8tKb|&{NN#5MgG&Wndyki^;|n!9bPf^N7p=zXP;KNNH6B5Uu4H7<)fOpnrk5wdj_Al z&7T;rV=?BftK3ncILdK<*HST;Cjy#m5ZVwL<8-&I3quiZ9=Jn36?k7_gITfRo#>mKDwARh!`bW{@#Fd-s;W?pa=-b*k&(?W+d zLWQ(2VTEgS{e6%IKko5k2CZkptTwp=_dGYJd-Q`fOmUheS*kaz22bddbA9?ca0uzb ztE&2}vo8I+oMFt-p2aX0?Pc4JGX~^mVGgx#E*V0L4CK%|JP4)>=LL*BlOa6pF7&v} z0KbEC@VMM_?2(0kM#pSgQ&e;|cTMX3`mDpE4NwARu1FwySF)$ygp`2~L#oRWiSbP( zaV}+J&Y@%EAaa|Q)Nyo$P7ekSR`F9;*|ZG6<0%(^rf`1TZ9UDdBs zxX@V#h`?Ounz?!jvV$@FfxoeRq# z4r<>>(P91d9YUbVygRx~J{Bz*Hsw5uU2*(@@%Nb%@Ef|`0@XU{d9<87v!+_2F|5=g zbvs>6^annFrrH0=M?MHP%9G`DH=o5V(pln3jhHe9B@RFZx(ri)UZh{ir|s0&A9fXi5g2bN$oFhn z%n#%5;jt;XV)mi7#X$JjLm;6N;w2yY9kn)ex}~H3!()SUGo;*)cgKu@+1RR9okjfE zIsBz%^fz##hW7X~GjTD}U-_7JBxINDB#+O1hT{f3p7QP>Xk@n-{iU2-tTJ>NKl*fE zcXJ(o1o;fjkxa|Nx5lamLpz8__C5Cb3tyy9LQC~5?tmz;e7YjuP}?`he4F}H4Z?BK z2t5FgDgEaxq)ij;S@+C1=oo9t_N;K}<&5RE^o5lC%tkYLnGQ2uD`;tvIOs zBPyk}GIde{^!VH!KV0u^ko))8BrQjksQ(#&^uD9HEB435hS#OKtf**nZG!3>dnWYp z_=j%9!SAXfLh;E9T1gxTsdIuoAp40YfZ{h7luEEnwyXaFPjJyyzv1q+^`t6)y*UQv zo1KbFk5~e$1h+GVEfJ~xm6uMQhKJDmhQmf$R+l|Tw1;S@My?`+JSIdnglQXB*GgN- z0jb#(_t`1H`aZ?i@a_oHBrF^v9AzrcE~c;dlU z6Y)lo6U-_~6_$>t%R|1+hN^o_CrFjjyw&KY&GBC>YU%#GhPyQlV3+6g zH{1nj@5=}XkzGqo4ZeNR&{`X^0i2hGh103vwEQ-0Sw%uC&)oA#Ji#)5Q^o;YY4!e- zC`d|ywQ-RPOgzzZf~s#jIh>cjAjmJsd!Uw+lhM&9E8xdRxdVvm-joqXvm=L>MJ0i&OSkUoPsV?{N{wx1&aodcJP5O~YbX6bC zKzGYOgJt1jRBEhWHv_4%^Cl*OY_lY%X9Fax=(v;RIM z2)BdvW%q@x-!bdy7J!}VOoe!<#*rC=;4~E>VF@DXB0o@`lzoyF+&ra*LiC8H?-YCi4i%lpTaW$iLTVw{(ernPmLm0~fCQMc>VQ z5s#MOU+6I;=wj__J8Xm{UBi4`d=W*sSEaqLNndD?)m&697cTJJznUsri`|?i5p=xB zT;?6j2UQkyVJ&BZo>Tvsq37WL5shjkn=!aPg(liNhK-3R8xRgE4RS7tL6Z2SXOYBJ zRiXSdZeNN!{`gIQB0CWgf~@eJTV%}vA*pWO5F!39YSC8yLPVne3YZ~Y={Hhq)UkDR z{3~Uu`OtnCNba0BI2bP7!Dk!a-IJBx2;jZBQUTw#wc0~xSw6SIA1crrWN%q(ZoYPq zI36%zu494r|;bfQMkZ9WrrX%-_=!kJ-v|p+|dv+equ(PnOc&fsf|Oljl41 zcGT$WY;lg+Q=uc#x86|7By}|ENt?w?+%{hoZh4Fm2@x_=I!|M7r5l8sjbB0+*%g1{ z!~{u=rP_UcqH|k1hj!Ai6>HRuhE1pO8j`XyL5=$v?+HeRKNH?pQKTU*GtufLZ+oPO zsYBQO0Jsi+dQoGFjGm(+`Y;q`l=eqX+l^mLvr8isa!%ATtq~J%-VBC&#x_@+ItQH= zz&v{j*hHJAjvo#2_%NB8kYovsZfz=#ka&obqX;lfFflL<1_@w>NC9O71OfpC00bbT zfcZ|_MmAUxxoKCA()&LOd+KE7R=diJJ8sQhS!^;I1QZ{F&(_$@N7^rW=3aM*Cah-7 J8n6NaClId$z{>yt delta 1051 zcmV+$1myds7}f|tFoFb90s#Xsf&=^p2`Yw2hW8Bt2LYgh1MLKY1L-h=1LZJ+1K|b< zDuzgg_YDCD2B3li(lCMp&H@1dFoFZekw7aHVY>@51F3$6<|nC8VwFN@QADyLk$)tA z95B3H9AW1#>L3V27F|PSckXUs$EoP#G&l5@A4W#CPFD@F--gN z9u4W=fXYtsD}g^y0KGcd%#3PV*39E>@wZiMK%fwuy-qJzBsz6S`LCnQBz{RA40JPA z4mW0eo>AhZTQ!n4HaL=Wu#>-NHZ4nk#0gg#uS2S?O(`ev4DQ4(Vhtsp$;B}qqAiE< zolq|QPxCOgd(X|NSalMu5a6M`DV;Scp3~m2k)7;e@i2>r0I^X$Pp8cXREm-I|}r1qUQ?R-=>#LajPipuCfh8eBNd8=s+0#*L)QH z571xQ`&izXi}-?}4*3^pt{e&8x%mCeF3Tj}IjhcUaXDh91_K%&`R9xSD<{*g6X&U= z#bLg*Kc*7FiJ$-oEom>}f|Ig;hreD~Iv+;pK`{N6mDwXEol?Qn9sw!QN;h37DOS z7Ne~&S^?I;O0m{3;ZREM!}CI)y27Wr&v-b)=2H5dV)csgtF27@*!PVF5 zYewQ%Vg@l3UnlPy+oAh^brHG*=E;u3L3Nk+@Bt`l_TL)PmOC($k%MujN>0c9n2048 z$3W_c{X9T+2m_{o6C%*C1*N}UKlM7Nf(nH{y8T<7VA*XTWP16j>Lch@*JpE&xM2T+T<29q`LTqc$MS``z<@Oc$AmewY)TOFzPC zu!E}vcz zNC9O71OfpC00ba9r(afKhHh}R8`c46_Bb>gEQdbVP+p7L{-XL#YXvv&1Qf1P&do5b VpJavcQC;VNe6E*kSM>q{ClHu&?>GPe diff --git a/cdoc2-cli/config/ria-test/clienttruststore_ria-test.jks.README b/cdoc2-cli/config/ria-test/clienttruststore_ria-test.jks.README index 7c428806..2c4d5079 100644 --- a/cdoc2-cli/config/ria-test/clienttruststore_ria-test.jks.README +++ b/cdoc2-cli/config/ria-test/clienttruststore_ria-test.jks.README @@ -1 +1,5 @@ keytool -import -trustcacerts -file tls-issuer.crt.pem -alias klass3-ria_2018_ecc_g3 -storepass passwd -keystore clienttruststore_ria-test.jks + +keytool -import -file cdoc2-shares_test_riaint_ee.crt.pem -storepass passwd -keystore clienttruststore_ria-test.jks -alias share1 + +keytool -import -file cdoc2-sharesexternal_test_riaint_ee.crt.pem -storepass passwd -keystore clienttruststore_ria-test.jks -alias share2 From ab8835594b370f37c589b23f9bf44f901bc210c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Margus=20H=C3=A4rm?= Date: Mon, 24 Mar 2025 12:19:11 +0200 Subject: [PATCH 2/3] Missing certificates added --- .../cdoc2-shares_test_riaint_ee.crt.pem | 21 ++++++++++++++++++ ...doc2-sharesexternal_test_riaint_ee.crt.pem | 22 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 cdoc2-cli/config/ria-test/cdoc2-shares_test_riaint_ee.crt.pem create mode 100644 cdoc2-cli/config/ria-test/cdoc2-sharesexternal_test_riaint_ee.crt.pem diff --git a/cdoc2-cli/config/ria-test/cdoc2-shares_test_riaint_ee.crt.pem b/cdoc2-cli/config/ria-test/cdoc2-shares_test_riaint_ee.crt.pem new file mode 100644 index 00000000..31d5f78e --- /dev/null +++ b/cdoc2-cli/config/ria-test/cdoc2-shares_test_riaint_ee.crt.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcDCCAvegAwIBAgIUYo8/tb2tdSncQ80GSCWlwZJUR7kwCgYIKoZIzj0EAwMw +VDELMAkGA1UEBhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRo +b3JpdHkxHjAcBgNVBAMMFVJJQSBFQ0MgSXNzdWluZyBDQSBHMzAeFw0yNDExMTUx +MTEwMzhaFw0yNTExMTUxMTEwMzdaMIGDMQswCQYDVQQGEwJFRTEVMBMGA1UECAwM +SGFyanUgQ291bnR5MRAwDgYDVQQHDAdUYWxsaW5uMSUwIwYDVQQKDBxJbmZvcm1h +dGlvbiBTeXN0ZW0gQXV0aG9yaXR5MSQwIgYDVQQDDBtjZG9jMi1zaGFyZXMudGVz +dC5yaWFpbnQuZWUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAThWtE6TiUpYOOL79OF +et7YSFv07VFCt1zdjCK0KtiOW2uP1kGXXtsCsvdujFdnWG3PWSarEpiMt1c34wZd +IfhxA0mGk7CehpQ7UvlZpjVSZt/Fb/bBCdI8OR3+E/t0EVijggFYMIIBVDAMBgNV +HRMBAf8EAjAAMB8GA1UdIwQYMBaAFAym3dNBIK+35rsTFYiCFDc5FgdEMG0GCCsG +AQUFBwEBBGEwXzA6BggrBgEFBQcwAoYuaHR0cHM6Ly9jZXJ0cy5yaWEuZWUvcmlh +X2VjY19pc3N1aW5nX2NhX2czLmNydDAhBggrBgEFBQcwAYYVaHR0cDovL29jc3Au +cmlhaW50LmVlMGYGA1UdEQRfMF2CG2Nkb2MyLXNoYXJlcy50ZXN0LnJpYWludC5l +ZYIeY2RvYzItc2hhcmVzLTAxLnRlc3QucmlhaW50LmVlgh5jZG9jMi1zaGFyZXMt +MDIudGVzdC5yaWFpbnQuZWUwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB +MB0GA1UdDgQWBBQd1xMil7f8QRLEQy+1JIqaCOK+ajAOBgNVHQ8BAf8EBAMCB4Aw +CgYIKoZIzj0EAwMDZwAwZAIwa1IwSfVCbuj7n6M6ANItgvJ+18huZD4yWcUQmEdm +9k7Ri/je7UC2DCLEZYyAEg5NAjBv3ftuQeMbqQMusZFrSyNODZ8n1LGC2nHoLc+X +VT2z6Uu68hwobx4UfHzoB1kInXw= +-----END CERTIFICATE----- diff --git a/cdoc2-cli/config/ria-test/cdoc2-sharesexternal_test_riaint_ee.crt.pem b/cdoc2-cli/config/ria-test/cdoc2-sharesexternal_test_riaint_ee.crt.pem new file mode 100644 index 00000000..24e79b09 --- /dev/null +++ b/cdoc2-cli/config/ria-test/cdoc2-sharesexternal_test_riaint_ee.crt.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDkjCCAxegAwIBAgIUXHljAOOYbmy1VNnxY3Ycu7eXWrcwCgYIKoZIzj0EAwMw +VDELMAkGA1UEBhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRo +b3JpdHkxHjAcBgNVBAMMFVJJQSBFQ0MgSXNzdWluZyBDQSBHMzAeFw0yNDExMTUx +MTEwNDJaFw0yNTExMTUxMTEwNDFaMIGLMQswCQYDVQQGEwJFRTEVMBMGA1UECAwM +SGFyanUgQ291bnR5MRAwDgYDVQQHDAdUYWxsaW5uMSUwIwYDVQQKDBxJbmZvcm1h +dGlvbiBTeXN0ZW0gQXV0aG9yaXR5MSwwKgYDVQQDDCNjZG9jMi1zaGFyZXNleHRl +cm5hbC50ZXN0LnJpYWludC5lZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMIKa3fW +wt+T4XpIauH8zJrVUFugnvNTiXxBvFyl96inkA9sXEgANhWa/AdB9CdcSg56X2VG +zFs1FbGH975V6NQDMjAYZ+EglWryvw8EKsHQjl9futS/NjyOvUjhzgASQKOCAXAw +ggFsMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUDKbd00Egr7fmuxMViIIUNzkW +B0QwbQYIKwYBBQUHAQEEYTBfMDoGCCsGAQUFBzAChi5odHRwczovL2NlcnRzLnJp +YS5lZS9yaWFfZWNjX2lzc3VpbmdfY2FfZzMuY3J0MCEGCCsGAQUFBzABhhVodHRw +Oi8vb2NzcC5yaWFpbnQuZWUwfgYDVR0RBHcwdYIjY2RvYzItc2hhcmVzZXh0ZXJu +YWwudGVzdC5yaWFpbnQuZWWCJmNkb2MyLXNoYXJlc2V4dGVybmFsLTAxLnRlc3Qu +cmlhaW50LmVlgiZjZG9jMi1zaGFyZXNleHRlcm5hbC0wMi50ZXN0LnJpYWludC5l +ZTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYDVR0OBBYEFPBqMM1D +haU6HmMjVOBEB59NfReUMA4GA1UdDwEB/wQEAwIHgDAKBggqhkjOPQQDAwNpADBm +AjEAikyhv65eLFSHGZ0pJ0LXGhX+LjnLJQLVCwAqussjvs7HZ96a+lrqmDS3CCug +wiUzAjEAvpJiMhXyq4+cGenJbzTp+r++WYIVmkNLevJvqG8mHAOmR/Yj7LLFvih5 +2IkPLbws +-----END CERTIFICATE----- From 099486e068a855152f9a0d98d03488e7ecfb159e Mon Sep 17 00:00:00 2001 From: Dento55 Date: Tue, 25 Mar 2025 14:57:11 +0200 Subject: [PATCH 3/3] Update key-shares.properties Share server urls changed according to certificates --- cdoc2-cli/config/ria-test/key-shares.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cdoc2-cli/config/ria-test/key-shares.properties b/cdoc2-cli/config/ria-test/key-shares.properties index 6be1c3c2..7b875d4f 100644 --- a/cdoc2-cli/config/ria-test/key-shares.properties +++ b/cdoc2-cli/config/ria-test/key-shares.properties @@ -1,8 +1,8 @@ -key-shares.servers.urls=https://cdoc2-shares-02.test.riaint.ee:8443, https://cdoc2-sharesexternal-02.test.riaint.ee:8443 +key-shares.servers.urls=https://cdoc2-shares.test.riaint.ee:8443, https://cdoc2-sharesexternal.test.riaint.ee:8443 key-shares.servers.min_num=2 key-shares.algorithm=n-of-n # trusted certificates by client cdoc2.key-shares.client.ssl.trust-store=config/ria-test/clienttruststore_ria-test.jks cdoc2.key-shares.client.ssl.trust-store.type=JKS -cdoc2.key-shares.client.ssl.trust-store-password=passwd \ No newline at end of file +cdoc2.key-shares.client.ssl.trust-store-password=passwd