diff --git a/.github/workflows/maven-release.yml b/.github/workflows/maven-release.yml deleted file mode 100644 index 8915dfbd..00000000 --- a/.github/workflows/maven-release.yml +++ /dev/null @@ -1,30 +0,0 @@ -# This workflow will build a package using Maven and then publish it to GitHub packages when a release is created -# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path - -name: Publish to GitHub Packages Apache Maven (Maven repository) - -on: - release: - types: [created] - -jobs: - publish: - - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - - steps: - - uses: actions/checkout@v4 - - name: Set up JDK 17 - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - settings-path: ${{ github.workspace }} # location for the settings.xml file - - - name: Publish to GitHub Packages Apache Maven - run: mvn deploy -s $GITHUB_WORKSPACE/settings.xml - env: - GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml deleted file mode 100644 index c79af90e..00000000 --- a/.github/workflows/maven.yml +++ /dev/null @@ -1,64 +0,0 @@ -# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time -# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven - -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -name: Build cdoc2-java-ref-impl with CI - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -env: - ACTIONS_STEP_DEBUG: true - -jobs: - fork_setup: - runs-on: ubuntu-latest - if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true }} - outputs: - base_repo: ${{ steps.base_repo.outputs.name }} - is_fork: ${{ steps.is_fork.outputs.is_fork }} - - steps: - - id: base_repo - run: echo "name=${{github.event.pull_request.base.repo.full_name}}" >> "$GITHUB_OUTPUT" - - id: is_fork - run: echo "is_fork=true" >> "$GITHUB_OUTPUT" - - build: - runs-on: ubuntu-latest - needs: fork_setup - - steps: - - uses: actions/checkout@v4 - - name: Set up JDK 17 - uses: actions/setup-java@v4 - - with: - java-version: '17' - distribution: 'temurin' - overwrite-settings: true #generate settings.xml - cache: maven - - - name: Build with Maven - run: | - echo "Debug env vars: is_fork=$IS_FORK base_repo=$BASE_REPO MAVEN_REPO=$MAVEN_REPO" - mvn help:active-profiles - echo "Using Maven repo=$(mvn help:evaluate -Dexpression=github_ci.maven_repo -q -DforceStdout)" - mvn -B package --file pom.xml - env: - GITHUB_TOKEN: ${{ github.token }} # GITHUB_TOKEN is the default env for the password - IS_FORK: ${{needs.fork_setup.outputs.is_fork}} - BASE_REPO: ${{needs.fork_setup.outputs.base_repo}} - - - - # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive - #- name: Update dependency graph - # uses: advanced-security/maven-dependency-submission-action@571e99aab1055c2e71a1e2309b9691de18d6b7d6 diff --git a/.gitignore b/.gitignore index 943a337b..2f5eabec 100644 --- a/.gitignore +++ b/.gitignore @@ -29,4 +29,9 @@ hs_err_pid* /doc/ +/cdoc20-server/src/main/resources/keystore/cdoc20server.p12 +/cdoc20-server/src/main/resources/keystore/servertruststore.jks +/cdoc20-client/src/test/resources/test.properties + +/cdoc20-server/src/test/resources/test.properties /test/testvectors/zipbomb.cdoc diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index a0ebc76e..00000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,151 +0,0 @@ -variables: - DOCKER_TLS_CERTDIR: "" - DOCKER_HOST: "tcp://docker:2375" - -stages: - - test - - coverage - - publish - -test: - stage: test - image: maven:3.8.8-eclipse-temurin-17 -# services: -# - name: docker:25.0.3-dind -# alias: docker -# tags: -# - dind - script: - - mvn clean verify -s $MAVEN_SETTINGS -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository - - shopt -s globstar - - awk -F"," '{ instructions += $4 + $5; covered += $5 } END { print covered, "/", instructions, " instructions covered"; print "Total", 100*covered/instructions, "% covered" }' /builds/**/target/site/jacoco/jacoco.csv - - cd test/bats - - source install_bats.sh - - source variables.sh - - $BATS_HOME/bats-core/bin/bats --gather-test-outputs-in target/reports -x --report-formatter junit --output target/ cdoc2_tests.bats -# following will fail because docker-compose-plugin is not available from Jammy repository -# - apt-get update && apt-get install -y docker.io docker-compose-plugin -# - source ../config/shares-server/export-env.sh ../config/shares-server/.env.cyber -# - bash run-shares-server-bats-tests.sh - - 'for file in target/reports/*; do echo "## $file ##" >> target/bats-test.log; cat "$file" >> target/bats-test.log; done' - coverage: /Total \d+\.\d+ %/ - artifacts: - when: always - reports: - junit: - - "**/target/surefire-reports/*.xml" - - "**/target/report.xml" - paths: - - "**/target/site/jacoco" - - "**/target/bats-test.log" - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - when: on_success - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: on_success - - when: never - cache: - key: "$CI_COMMIT_REF_NAME" - paths: - - .m2/repository - -test_with_servers: - # this will fail as docker image is based on alpine linux and flatc installation fails - # use build from previous stage? - stage: test - image: docker:25.0.3 - services: - - name: docker:25.0.3-dind - alias: docker - tags: - - dind - before_script: - # Install Java - - apk add --no-cache openjdk17 - # Install Maven - - apk add --no-cache maven - # Verify installations - - java -version - - mvn -version - - docker compose version - script: - - mvn clean verify -s $MAVEN_SETTINGS -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository - - shopt -s globstar - - awk -F"," '{ instructions += $4 + $5; covered += $5 } END { print covered, "/", instructions, " instructions covered"; print "Total", 100*covered/instructions, "% covered" }' /builds/**/target/site/jacoco/jacoco.csv - - cd test/bats - - source install_bats.sh - - source variables.sh - - source ../config/shares-server/export-env.sh ../config/shares-server/.env.cyber - - BATS_OPTS="--gather-test-outputs-in target/reports -x --report-formatter junit --output target/" bash run-shares-server-bats-tests.sh - - 'for file in target/reports/*; do echo "## $file ##" >> target/bats-test.log; cat "$file" >> target/bats-test.log; done' - coverage: /Total \d+\.\d+ %/ - artifacts: - when: always - reports: - junit: - - "**/target/surefire-reports/*.xml" - - "**/target/report.xml" - paths: - - "**/target/site/jacoco" - - "**/target/bats-test.log" - rules: -# disabled for now -# - if: $CI_PIPELINE_SOURCE == "merge_request_event" -# when: on_success -# - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' -# when: on_success - - when: never - cache: - key: "$CI_COMMIT_REF_NAME" - paths: - - .m2/repository - - -coverage: - stage: coverage - image: mcr.microsoft.com/dotnet/sdk:8.0 - rules: - - if: $CI_PIPELINE_SOURCE == "merge_request_event" - when: on_success - - when: never - script: - - export PATH="$PATH:/root/.dotnet/tools" - - dotnet tool restore - - dotnet tool install dotnet-reportgenerator-globaltool --global - - | - for src in $(find /builds -type f -name 'jacoco.xml' | sed -r 's|/target/site/jacoco/[^/]+$||' | sort -u ) - do - sourcedirs="$src/src/main/" - for i in $(find $src -type f -name '*.java' | sed -r 's|/[^/]+$||' |sort -u) - do - sourcedirs="${sourcedirs};${i}" - done - reportgenerator \ - -reports:$src/**/jacoco.xml \ - -targetdir:$src/target/reports \ - -reporttypes:Cobertura \ - -sourcedirs:$sourcedirs - sed -i 's|filename=\"'"$src"'/src/main/java/|filename=\"|g' $src/target/reports/Cobertura.xml - done - artifacts: - paths: - - "$CI_PROJECT_DIR/**/Cobertura.xml" - reports: - coverage_report: - coverage_format: cobertura - path: "$CI_PROJECT_DIR/**/Cobertura.xml" - -publish: - stage: publish - image: maven:3.8.8-eclipse-temurin-17 - script: mvn deploy -s $MAVEN_SETTINGS - cache: - key: "$CI_COMMIT_REF_NAME" - paths: - - .m2/repository - rules: - - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - when: on_success - - if: '$CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH && $CI_PIPELINE_SOURCE != "merge_request_event"' - when: manual - - when: never diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties deleted file mode 100644 index 0f7e194e..00000000 --- a/.mvn/wrapper/maven-wrapper.properties +++ /dev/null @@ -1,19 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -wrapperVersion=3.3.2 -distributionType=only-script -distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.4/apache-maven-3.8.4-bin.zip diff --git a/CHANGELOG.md b/CHANGELOG.md index 244a4989..6a31f888 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,275 +1,19 @@ # Changelog -## [3.4.1] - -### Improvements -* Improve re-encryption error messages -* Improve error messages for missing services needed for SID/MID -* Improve decryption time -* Remove unused properties from rp-server configuration -* Improve error messages for encryption and decryption with SiD/MiD - -### Maven package versions: -``` -cdoc2 3.4.1 -cdoc2-schema 2.1.0 -cdoc2-lib 3.6.1 -cdoc2-client 2.2.3 -cdoc2-cli 1.9.1 -``` - -## [3.4.0] - -### Improvements -* Support for legacy MID accounts with RSA certificates - -### Maven package versions: -``` -cdoc2 3.4.0 -cdoc2-schema 2.1.0 -cdoc2-lib 3.6.0 -cdoc2-client 2.2.2 -cdoc2-cli 1.9.0 -``` - -## [3.3.0] Updates for Mobile-ID (2026-05-18) - -### Bug Fixes -* Fix file not being deleted if the decryption fails on windows - -### Internal -* MID interaction changed to use Cdoc2RpClient, MobileIdClient removed -* HTTP signatures from rp-server forwarded to shares server on GET /key-shares/{shareId} requests - -### Maven package versions: -``` -cdoc2 3.3.0 -cdoc2-schema 2.1.0 -cdoc2-lib 3.5.0 -cdoc2-client 2.2.2 -cdoc2-cli 1.9.0 -``` - -## [3.2.0] Support for updated Smart-ID usage (2026-04-29) - -### Internal -* Created new client Cdoc2AuthClient for the cdoc2 authentication server. -* Created new client Cdoc2RpClient for cdoc2 rp server -* SID interaction changed to use Cdoc2RpClient, SmartIdClient removed -* Auth token signature implementation in SIDAuthJWSSigner changed to use SID RPv3 protocol. -* Session token creation and usage -* Auth token certificate header `x-cdoc2-auth-x5c` format changed from single-line PEM with header - and footer to Base64Url-encoded DER - -### Maven package versions: -``` -cdoc2 3.2.0 -cdoc2-schema 2.1.0 -cdoc2-lib 3.4.0 -cdoc2-client 2.2.1 -cdoc2-cli 1.9.0 -``` - -## [3.1.2] Adding support for `secp521r1` elliptic curve (2026-03-06) - -### Features -* Implement support for `secp521r1` elliptic curve. - -### Bug Fixes -* Fixed a bug causing key alias to be ignored for RSA crypto sticks -* Add support for Zetes LDAP - -### Maven package versions: -``` -cdoc2 3.1.2 -cdoc2-schema 2.1.0 -cdoc2-lib 3.3.0 -cdoc2-client 2.1.0 -cdoc2-cli 1.9.0 -``` - -## [3.1.1] Bug fixes (2026-03-02) -* Fixed a bug causing the DirectPKCS11Wrapper to fail on Windows. -* Do not require application.properties for offline RSA decryption. - -## [3.1.0] Adding support for RSA based crypto sticks (2026-01-30) - -### Features -* Implement support for RSA based crypto sticks. - -### Bug Fixes -* Add the `--crypto-stick` option to the cdoc2-cli commands `list` and `re-encrypt`. - -### Internal -* Improve the cdoc2-cli [README.md](cdoc2-cli/README.md). -* Add attentional unit tests to cdoc2-cli for `secp256r1` elliptic curve support. -* Add bats tests for `secp256r1` elliptic curve support. -* Upgraded Spring boot 3.3.3 -> 4.0.1 + other third-party dependency updates. -* Censor the file name in the logs. - -### Maven package versions: -``` -cdoc2 2.0.0 -cdoc2-schema 2.0.0 -cdoc2-lib 3.2.1 -cdoc2-client 2.0.1 -cdoc2-cli 1.8.0 -``` - -## [3.0.0] Adding support for `secp256r1` elliptic curves (2025-12-01) - -### Features - -* Implement support for `secp256r1` elliptic curves, used by crypto sticks. - -### Maven package versions: -``` -cdoc2 2.0.0 -cdoc2-schema 2.0.0 -cdoc2-lib 3.1.0 -cdoc2-client 2.0.0 -cdoc2-cli 1.7.0 -``` - -## [2.0.1] Use .cdoc2 for file extension (2025-XX-XX) - -### Internal -* Change all mentions of `cdoc` file extension to `cdoc2` in README-s, `cdoc2-cli` commands - description and bats tests. -* Change `cdoc2-lib` version to 3.0.1-SNAPSHOT. - - -## [2.0.0] Version update (2025-02-26) - -### Maven package versions: -``` -cdoc2 2.0.0 -cdoc2-schema 1.4.0 -cdoc2-lib 3.0.0 -cdoc2-client 2.0.0 -cdoc2-cli 1.6.0 -``` - -## [2.0.0-RC] Support for Smart-ID and Mobile-ID - -### Features - -* CDOC2 encryption/decryption with symmetric key from/to N-of-N shares (Smart-ID/Mobile-ID) - -### Internal - -* cdoc2-cli bats tests for Smart-ID/Mobile-ID using SK test env and `docker compose` - -### Maven package versions: -``` -cdoc2 2.0.0-SNAPSHOT -cdoc2-schema 1.4.0-SNAPSHOT -cdoc2-lib 3.0.0-SNAPSHOT -cdoc2-client 2.0.0-SNAPSHOT -cdoc2-cli 1.6.0-SNAPSHOT -``` - -## [1.4.1] Bug fixes, documentation, tests improvements (2024-09-19) - -### Bug Fixes -* Fix `cdoc2-cli decrypt` crash, when using server scenario -* Fix Junit tests on Windows -* Fix pkcs11 (smart-card) test properties loading from filesystem - -### Internal -* Added [cdoc2-lib Usage Guide](cdoc2-lib/README.md) -* cdoc2-cli bats tests for server scenario (using docker compose) -* Update cdoc2-example-app to use `cdoc2-lib:2.0.0` - -## [1.4.0] Key label formatting (2024-09-02) - -### Features - -* Support for [machine-readable KeyLabel format](https://open-eid.github.io/CDOC2/1.1/02_protocol_and_cryptography_spec/appendix_d_keylabel/) - - When encrypting, then this formatted key label is enabled by default. Can be disabled by setting `ee.cyber.cdoc2.key-label.machine-readable-format.enabled=false` system property (`-D`) - - When decrypting, then both formatted and unformatted key label field versions are supported. - -### Bug Fixes - -* Fix cdoc2-cli encrypting functionality for SymmetricKey (`--secret` parameter). Bug was introduced with 1.1.0 release - - Rewrote symmetric key (secret) and password handling in cdoc2-cli/cdoc2-lib - - Bumped cdoc2-lib major version to `2.0.0`, as broken classes (`FormattedOptionParts`) were removed and replaced with a new ones (`LabeledPassword` and `LabeledSecret`) - - cdoc2-lib was not broken, when using `EncryptionKeyMaterial#fromSecret(SecretKey,String)` directly (without `FormattedOptionParts`) - - broken example cdoc2 files were removed from `test/testvectors` and replaced with a correct ones -* Fix cdoc2-client ApiClient timeouts (`cdoc2.client.server.*-timeout` were not working) -* Allow loading [pkcs11 (smart-card) test properties](README.md#pkcs11-tests) from file system (previously only classpath was working) - -### Internal - -* Third-party dependency updates to latest -* Added GitHub workflows for building and releasing -* Resolve issues reported by SonarCloud/SonarQube -* Update client and server certificates used for unit-tests. Add scripts for future updates - -## [1.3.0] '/key-capsules' OAS v2.1.0 support (2024-07-02) - -### Features - -* Support for '/key-capsules' OAS v2.1.0 in cdoc2-client and cdoc2-cli (added `-exp` option) -* cli: Improvements to interactive password asking (Don't ask password twice for decrypt). - Label is not required, when CDOC2 file contains single password recipient. -* Add example project to demonstrate usage of cdoc2-java-ref-impl with cdoc4j (convert cdoc -> cdoc2) - -## [1.2.0] Repository split and maintenance (2024-05-30) - -### Features - -* Expose Prometheus metrics endpoint for servers - -### Internal - -* Split repository into cdoc2-java-ref-impl and cdoc2-capsule-server -* Upgraded Spring 2.7.5 -> 3.2.5 + other third-party dependency updates -* Use 'cdoc2' instead of 'cdoc20' everywhere (packages, documents etc). Salt strings remain unchanged (cdoc20kek, cdoc20cek and so) -* Fix jacoco test coverage reports (broken previously) -* Add gitlab CI build files -* Added scripts for making releases and managing versions (see VERSIONS.md) -* Refactoring required to build cdoc2-capsule-server repo without cdoc2-lib dependency (cdoc2-lib dependency is still needed for running tests ) -* Upload/consume cdoc2-key-capsule-openapi.yaml as maven artifact -* Added bats tests to check backward compatibility of CDOC2 format with previous releases - -### Bugfixes - -* With rename cdoc20-cdoc2 salts values were also incorrectly changed. Broke backward compatibility. Fixed before release 1.2.0 - - -## [1.1.0] Version update (2024-03-26) - -### Features - -* Added possibility to encrypt and decrypt CDOC2 container with password. -* Removed an option for Symmetric Key creation from plain text, left only Base64 encoded format. -* Added CDOC2 container re-encryption functionality for long-term cryptography. -* Added Bats tests automatic installation. - -### Bug Fixes - -* Fixed CDOC2 container decryption failure with few files inside. - - -## [1.0.0] Version update (2024-01-23) -No changes, only version update in all components. - ## [0.5.0] Jenkins pipeline updates (2023-01-31) ### Features -* Added Jenkins pipeline for uploading CDOC2 jar artifacts to RIA Nexus repository -* Update and run key server instances also on cdoc2-keyserver-02.dev.riaint.ee host - +* Added Jenkins pipeline for uploading cdoc2.0 jar to artifact repository +* Update and run key server also on second server instance ## [0.4.0] ChaCha Poly1305 MAC is checked before other errors are reported (2023-01-30) ### Features * Rewrite tar processing/ChaCha decryption so that Poly1305 MAC is always checked (even when zlib/tar processing errors happen) -* Added sample CDOC2 containers with keys and configuration files +* Added sample CDOC 2.0 containers with keys and configuration files * Added Unicode Right-To-Left Override (U+202E) to forbidden characters ### Bug Fixes @@ -283,7 +27,7 @@ No changes, only version update in all components. ### Features * client authenticate certificate revocation checks (OCSP) for get-server -* enable monitoring endpoints, see cdoc2-server/admin-guide.md +* enable monitoring endpoints, see cdoc20-server/admin-guide.md * only tls v1.3 is supported by servers * remove deprecated ecc-details API * gatling-tests updates @@ -336,15 +80,15 @@ Switch to semantic versioning ### Features * Added support for RSA keys in key server -* Added support for 2 key server instances when using cdoc2-cli +* Added support for 2 key server instances when using cdoc20-cli * Added key server administration manual ## [0.0.9] RSA-OAEP support (2022-11-02) ### Features * Support for creating and decrypting CDOC2 documents with RSA keys -* Improved Recipient.KeyLabel field support in cdoc2-lib (PublicKey used for encryption is paired with keyLabel) -* Removed cdoc2-cli -ZZ hidden feature (disable compression for payload) +* Improved Recipient.KeyLabel field support in cdoc20-lib (PublicKey used for encryption is paired with keyLabel) +* Removed cdoc20-cli -ZZ hidden feature (disable compression for payload) * Added additional EC infinity point (X: null, Y: null) checks and tests @@ -396,4 +140,4 @@ Switch to semantic versioning ### Features -* Create/decrypt Cdoc2 files with software generated EC keys +* Create/decrypt Cdoc2.0 files with software generated EC keys diff --git a/LICENSE b/LICENSE index 61048d85..f2253383 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2024 Open Electronic Identity +Copyright (c) 2023 Open Electronic Identity Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. \ No newline at end of file +SOFTWARE. diff --git a/README.md b/README.md index a4f1c355..31cdba71 100644 --- a/README.md +++ b/README.md @@ -1,25 +1,17 @@ -# CDOC2 reference implementation (Java) +# cdoc20_java -[CDOC2](https://open-eid.github.io/CDOC2/) reference implementation (Java) +[CDOC 2.0](https://installer.id.ee/media/cdoc/cdoc_2_0_spetsifikatsioon_d-19-12_v1.9.pdf) reference implementation (Java) -CDOC stands for 'Crypto Digidoc', encrypted file transmission format used in the [Estonian eID](https://github.com/open-eid) ecosystem +CDOC 2.0 is a new version of [CDOC](https://www.id.ee/wp-content/uploads/2020/06/sk-cdoc-1.0-20120625_en.pdf) (CDOC lib [cdoc4j](https://github.com/open-eid/cdoc4j)), featuring additional security measures with optional server backend. CDoc version are not compatible. Additional background info can be found in [CDOC 2.0](https://www.ria.ee/media/2340/download). -CDOC2 is a new version of [CDOC](https://www.id.ee/wp-content/uploads/2020/06/sk-cdoc-1.0-20120625_en.pdf) (CDOC lib [cdoc4j](https://github.com/open-eid/cdoc4j)), featuring additional security -measures with optional server backend. CDOC version are not compatible. +Current CDoc 2.0 supports five scenarios -Additional background info can be found in [RIA CDOC2 presentation](https://www.youtube.com/watch?v=otrO2A6TuGQ) -and [id.ee CDOC 2.0 article](https://www.id.ee/artikkel/cdoc-2-0/) +## CDoc 2.0 ECDH scenario -End-user software to create/decrypt CDOC2: https://github.com/open-eid/DigiDoc4-Client +**Warning**: This description is simplification to give general idea, details and **final truth is in +[CDOC 2.0 specification](https://installer.id.ee/media/cdoc/cdoc_2_0_spetsifikatsioon_d-19-12_v1.9.pdf)**. -## Implemented scenarios - -**Warning**: Following scenario descriptions are simplification to give general idea, details and **final truth is in -[CDOC2 specification](https://open-eid.github.io/CDOC2/)**. - -### CDOC2 ECDH scenario - -1. Sender downloads recipient's certificate from SK or Zetes LDAP using recipient id (isikukood). Recipient certificate contains +1. Sender downloads recipient's certificate from SK LDAP using recipient id (isikukood). Recipient certificate contains EC public key. 2. Sender generates EC (elliptic curve) key pair using the same EC curve as in recipient EC public key [^1] 3. Sender derives key encryption key (KEK) using ECDH (from sender EC private key and recipient EC public key) @@ -37,13 +29,13 @@ End-user software to create/decrypt CDOC2: https://github.com/open-eid/DigiDoc4- 14. Recipient calculates hmac and checks it against hmac in CDoc 15. Recipient decrypts content using CEK -[^1]: Current specification defines only SecP384R1 Elliptic Curve for key agreement, but in future other EC curves or algorithms can be added, see flatbuffers schemas in cdoc2-schema +[^1]: Current specification defines only SecP384R1 Elliptic Curve for key agreement, but in future other EC curves or algorithms can be added, see flatbuffers schemas in cdoc20-schema -[^2]: Header structure is defined in flatbuffers schema, see cdoc2-schema +[^2]: Header structure is defined in flatbuffers schema, see cdoc20-schema [^3]: Content is zlib compressed tar archive -### CDOC2 ECDH server scenario +## CDoc 2.0 ECDH server scenario 1. *Follow steps from previous scenario 1-6* 2. Sender chooses key transaction server (preconfigured list) @@ -60,17 +52,17 @@ End-user software to create/decrypt CDOC2: https://github.com/open-eid/DigiDoc4- Key transfer server benefits: * After the key has been deleted from the key transfer server, the document cannot be decrypted even when keys on recipient's id-kaart have been compromised. -* Other scenarios can be implemented like expiring CDoc2 documents by deleting expired keys from key transfer server. +* Other scenarios can be implemented like expiring CDoc2.0 documents by deleting expired keys from key transfer server. -[^4]: key transfer server protocol is defined in cdoc2-openapi module +[^4]: key transfer server protocol is defined in cdoc20-openapi module -### CDOC2 RSA-OAEP +## CDoc 2.0 RSA-OAEP RSA-OAEP is similar to ECDH scenario, with difference that KEK is generated from secure random (not ECDH) and KEK is encrypted with recipient RSA public key and included into CDOC header (instead of sender public key). -1. Sender acquires recipient's certificate from SK or Zetes LDAP using recipient id or by some other means. +1. Sender acquires recipient's certificate from SK LDAP using recipient id or by some other means. Recipient certificate contains recipient RSA public key. 2. Sender generates file master key (FMK) using HKDF extract algorithm. 3. Sender generates encryption key (KEK) using secure random. @@ -88,7 +80,7 @@ sender public key). 15. Recipient calculates hmac and checks it against hmac in CDoc. 16. Recipient decrypts content using CEK. -### CDOC2 RSA-OAEP with server scenario +## CDoc 2.0 RSA-OAEP with server scenario 1. *Follow steps from RSA-OAEP scenario 1-6* 2. Sender chooses key capsule server (by providing server configuration) @@ -103,13 +95,12 @@ sender public key). capsule that contains encrypted KEK 11. *Follow steps from RSA-OAEP scenario steps 12-15* -### CDOC2 with symmetric key from secret +## CDoc 2.0 with symmetric key Similar to ECDH scenario, but KEK is derived from symmetric key (secret) identified by key_label using HKDF algorithm. 1. Sender and recipient have a pre shared secret identified by key_label -2. Sender derives key encryption key (KEK) from symmetric key, key_label and salt (generated - using secure random) using HKDF algorithm +2. Sender derives key encryption key (KEK) from secret, key_label and salt (generated using secure random) using HKDF algorithm 3. *Follow steps from ECDH scenario 4-6* 4. Sender adds encrypted FMK with key_label to CDoc header 5. *Follow steps from ECDH scenario 8-10* @@ -118,168 +109,35 @@ Similar to ECDH scenario, but KEK is derived from symmetric key (secret) identif 8. Recipient decrypts FMK using KEK. 9. *Follow steps from ECDH scenario 13-15* -cdoc2-java-ref-impl does not provide solution for securely storing the secret, but most password managers +cdoc20_java does not provide solution for securely storing the secret, but most password managers can do that. -### CDOC2 with symmetric key from password - -Similar to Symmetric Key scenario, but symmetric key is derived from password and salt using PBKDF2 algorithm. - -1. Sender and recipient have a pre shared password identified by key_label -2. Symmetric key is created from password and salt (generated using secure random) using PBKDF2 algorithm -3. Sender derives key encryption key (KEK) from symmetric key and previously generated salt using HKDF algorithm -4. *Follow steps from ECDH scenario 4-6* -5. Sender adds encrypted FMK with key_label to CDoc header -6. *Follow steps from ECDH scenario 8-10* -7. Recipient searches CDoc header for key_label and finds salt and encrypted FMK -8. Recipient derives encryption key (KEK) from salt, key_label and pre-shared symmetric key (password) -9. Recipient decrypts FMK using KEK. -10. *Follow steps from ECDH scenario 13-15* - -cdoc2-java-ref-impl does not provide solution for securely storing the password, but most password managers -can do that. - -### CDOC2 with symmetric key from/to N-of-N shares (Smart-ID/Mobile-ID) - -1. Sender knows recipient id-code and assumes that recipient might have Smart-ID or Mobile-ID account. - _Note:_ No way to check if recipient has existing Smart-ID or Mobile-ID account. -2. Sender [generates file master key (FMK)](https://github.com/open-eid/cdoc2-java-ref-impl/blob/main/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Crypto.java#L94) - (FMK) using HKDF extract algorithm `HKDF_Extract(Static_FMK_Salt, CSRNG())`. -3. Sender [generates encryption key (KEK)] using HKDF `HKDF_Expand(KEK_i_pm, "CDOC2kek" + FMKEncryptionMethod.XOR + RecipientInfo_i, 32)`, - where `KEK_i_pm = HKDF_Extract(CSRNG(256), CSRNG(256))` and `RecipientInfo_i` is a recipient - identifier `etsi/PNOEE-48010010101`. -4. Sender splits `KEK` into `N` shares. `N` equals to configured servers quantity in CDOC2 - client configuration. - ```java - public static List splitKek(byte[] kek, int numOfShares) { - ArrayList shares = new ArrayList<>(numOfShares); - shares.add(kek); - - for (int i=1; i < numOfShares; i++) { - byte[] share = new byte[kek.length]; - sRnd.nextBytes(share); - shares.add(share); - shares.set(0, xor(shares.get(0), share)); - } - return shares; - } - ``` -5. Sender uploads each `share` and recipient `etsi_identifier` to each CDOC2 shares server - (each CDOC2 server will receive a different share). CDOC2 servers are configured in client configuration. - Sender gets `shareID` for each share. [^1] FBS and OAS -6. Sender [derives content encryption key](https://github.com/open-eid/cdoc2-java-ref-impl/blob/4fa3028298e7f1ea5414e3215dbfd8b0e9b49409/cdoc20-lib/src/main/java/ee/cyber/cdoc20/crypto/Crypto.java#L100) (CEK) `HKDF_Expand(FMK,"CDOC20cek")`and hmac key - (HHK) `HKDF_Expand(FMK,"CDOC20hmac")` from FMK using HKDF expand algorithm. -7. Sender encrypts FMK with KEK (xor) and gets `encrypted_FMK` -8. Sender adds `encrypted FMK` and [KeySharesCapsule](https://github.com/open-eid/cdoc2-java-ref-impl/blob/a2dbe6711d88d2442e23d4ca80494f285f4d00cd/cdoc2-schema/src/main/fbs/recipients.fbs#L92) - containing recipient_id `etsi_identifier` with list of `server:shareId` into CDOC2 header. -9. Sender calculates header hmac using hmac key (HHK) and adds calculated hmac to CDOC2 -10. Sender encrypts content with CEK (ChaCha20-Poly1305 with AAD) -11. Sender sends CDOC2 document to Recipient -12. Recipient will choose Smart-ID or Mobile-ID decryption method (depending on what auth means he owns) and - enters/chooses his/her identity code. - For Mobile-ID, user needs to enter mobile phone number additionally to identity code. -13. Recipient finds `KeySharesCapsule` record from CDOC2 header where `recipient_id` matches - recipients entered identity code. -14. Recipient [prepares](https://open-eid.github.io/CDOC2/2.0-Draft/03_system_architecture/ch06_ID_authentication_protocol/#overview-of-the-generic-authentication-protocol) - auth token by creating `nonce` for each share in [shares](https://github.com/open-eid/cdoc2-java-ref-impl/blob/a2dbe6711d88d2442e23d4ca80494f285f4d00cd/cdoc2-schema/src/main/fbs/recipients.fbs#L93). - `nonce` is created by using [`/key-shares/{shareId}/nonce`](https://github.com/open-eid/cdoc2-openapi/blob/55a0b02adae0d8c61f2589a47555a93e4cf31971/cdoc2-key-shares-openapi.yaml#L105) - endpoint in each `cdoc2-shares-server`. -15. Recipient finishes creation of auth token by signing it with supported auth means (currently Smart-ID/Mobile-ID authentication certificate). -16. Recipient downloads all `share` objects by presenting [auth token](https://github.com/open-eid/cdoc2-auth?tab=readme-ov-file#cdoc2auth-tokenv1-examples) - and certificate using '/key-shares/{shareId}' [endpoint](https://github.com/open-eid/cdoc2-openapi/blob/55a0b02adae0d8c61f2589a47555a93e4cf31971/cdoc2-key-shares-openapi.yaml#L32). -17. Recipient [combines](https://github.com/open-eid/cdoc2-java-ref-impl/blob/a2dbe6711d88d2442e23d4ca80494f285f4d00cd/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/Crypto.java#L376) - downloaded `share` [objects](https://github.com/open-eid/cdoc2-openapi/blob/55a0b02adae0d8c61f2589a47555a93e4cf31971/cdoc2-key-shares-openapi.yaml#L144) into `KEK` -18. *Follow steps from ECDH scenario 13-15* - ## Structure -[![CDOC2 Dependencies](./cdoc2-docs/img/deps.drawio.png)](https://viewer.diagrams.net/?tags=%7B%7D&lightbox=1&highlight=0000ff&edit=_blank&layers=1&nav=1#R%3Cmxfile%3E%3Cdiagram%20id%3D%22cR2MIER7KRh0lRtEKnlR%22%20name%3D%22Page-1%22%3E3VjbcpswEP0aP9rDJRD86EucTifteOKZtOmbAjIoEYgIYZt8fSUjgriY0DQNHT9ZOtpdSWcvWjMyF%2BHhmoI4%2BEY8iEeG5h1G5nJkGLplG%2FxHIFmOOLaTAz5FnhQqgQ16gRLUJJoiDyYVQUYIZiiugi6JIuiyCgYoJfuq2Jbg6q4x8OWOWglsXIBhQ%2BwH8lggUV1TxL9A5Adya8eSCyEohCWQBMAjewUyr0bmghLC8lF4WEAsyCt4yfVWJ1ZfD0ZhxPooPN4%2Fb%2BB0%2B7RazuaPaTzzV7d4rNvycCwrbgw9ToCcEsoC4pMI4KsSnVOSRh4UZjU%2BK2VuCIk5qHPwETKWSW%2BClBEOBSzEchUeEPupjO%2BFqYklZ8uDtHycZHISEeUIR80mAZKThKTUlbf5lVpIu%2F66eFnDG%2FP5ln1%2FuEvHMiYZoD5kHXJWLicYUTaQ9F5DEkJGMy5AIQYM7aohA2Tk%2Ba9ypXP4QPrnT3zlDOkrbWJPFXfpnc7iHqGZqiXmQm2sTTSnAErd4%2By0p4XtNaSI8wipqlMHPzQkWp1gDxUSXafeAZzKnTB6aEQJrzyxGIbES49BATDyIw5guOV3nScxcFHk3xxnS0NTJFxOpGB3voOUIV4WZ3KBifCZ7wPE4IarC%2FN7%2FgJUY%2BekO4Q1eOgksFi9lHeU74cpq%2BleKcZFLQ6UOlyU4Q%2Bn3GxQPjJsLGj00I4PfTEkMYxAjIoVvpGyeNb%2BMbShHWQ1HJS4AQzBWdFuXmiDpUX743QxxOP0zqag9QZmz6bA%2BK%2BagmY5cjE6r1B%2FM9Knnxnodhvh4nbnxHm9quvG4PXFHKK%2BqH2spfaxZdfau4dt61eV5vpSba4n2kV3f93SEL%2B%2F8tk9K5%2F50ZVPqq4JEvlTBF894%2FVpLajyC0mtWly9HqNXqG3Q3Rbs3ZWz1FY0A8H64ellXGRLmeE8MIKzyu96%2B6Drn5jfraS3tdX1fI%2B8mfiiIwjEIEmQW%2BWlmu1t3xj6%2Fmk9nel6M9X%2F%2FR%2FRrih9MxkVj1odDv3bnDVqr7TTL2ebhi5rhsyaoZyYdyQ%2Fn5Yf23Lx8pOlefUb%3C%2Fdiagram%3E%3C%2Fmxfile%3E) -- cdoc2-schema - flatbuffers schemas and code generation -- cdoc2-lib - CDOC2 creation and processing library -- cdoc2-client - Code generation for `cdoc2-capsule-server` and `cdoc2-shares-server` clients -- cdoc2-cli - Command line utility to create/process CDOC2 files -- test - Sample CDOC2 containers (with script to create and decrypt them) - and automated end-to-end (bats) tests for CLI -- cdoc2-example-app - Example, how to use `cdoc2-java-ref-impl` and `cdoc4j` together - -Other CDOC2 repositories: -- https://github.com/open-eid/cdoc2-openapi CDOC2 OpenAPI specifications -- https://github.com/open-eid/cdoc2-capsule-server CDOC2 Capsule Server (server scenarios with id-card) -- https://github.com/open-eid/cdoc2-shares-server CDOC2 Shares Server (encryption/decryption Smart-ID/Mobile-ID scenarios) -- https://github.com/open-eid/cdoc2-auth CDOC2 auth token implementation (used for Smart-ID/Mobile-ID scenarios) -- https://github.com/open-eid/cdoc2-gatling-tests Gatling tests for CDOC2 Capsule Server and CDOC2 Shares Server -- https://github.com/open-eid/CDOC2 Source for open-eid.github.io/CDOC2/ documentation site - -## Using - -Refer [cdoc2-lib/README.md](cdoc2-lib/README.md) and see [cdoc2-example-app](cdoc2-example-app) +- cdoc20-schema - flatbuffers schemas and code generation +- cdoc20-lib - CDOC 2.0 creation and processing library +- cdoc20-cli - Command line utility to create/process CDOC 2.0 files +- cdoc20-openapi - OpenAPI definitions for server and client generation +- cdoc20-server - Optional server backend for securely exchanging key capsules +- cdoc20-client - Optional client for server backend +- gatling-tests - Functional and load tests for cdoc20-server +- test - Sample CDOC 2.0 containers (with script to create and decrypt them) ## Preconditions for building * Java 17 * Maven 3.8.x - -## Maven dependencies - -Depends on: -- https://github.com/open-eid/cdoc2-openapi OpenAPI specifications for client stub generation -- https://github.com/open-eid/cdoc2-auth CDOC2 auth token used by Smart-ID/Mobile-ID scenario - -Configure github package repo access -https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry#authenticating-with-a-personal-access-token - -Add repository url to `` section of your PC local file `~/.m2/settings.xml` for using cdoc2 -dependencies: -```xml - - github - - - central - https://repo1.maven.org/maven2 - - - github - https://maven.pkg.github.com/open-eid/cdoc2-openapi - - - -``` - -Note: When pulling, the [GitHub package index is based on the organization level](https://stackoverflow.com/questions/63041402/github-packages-single-maven-repository-for-github-organization) -, not the repository level. - -So defining any Maven package repo from `open-eid` is enough for pulling cdoc2-* dependencies. -All packages published under `open-eid` can be found https://github.com/orgs/open-eid/packages - -Test that you have configured your Maven `settings.xml` for `github` correctly -(run from `cdoc2-java-ref-impl` root): - -``` -./mvnw dependency::get -Dartifact=ee.cyber.cdoc2:cdoc2-lib:2.0.0 -``` +* Docker available and running (required for running tests) ## Building -[![Java CI with Maven](https://github.com/open-eid/cdoc2-java-ref-impl/actions/workflows/maven.yml/badge.svg)](https://github.com/open-eid/cdoc2-java-ref-impl/actions/workflows/maven.yml) - -CDOC2 has been tested with JDK 17 and Maven 3.8.8 +CDOC 2.0 has been tested with JDK 17 and Maven 3.8.4 ``` mvn clean install ``` -### GitHub workflow build - -Maven build is executed for GH event `pull_request` an and `push` to 'master'. - -GH build workflow configures Maven repository automatically. For fork based pull_requests -Maven repo value will be set to `github.event.pull_request.base.repo.full_name`. It can be overwritten -by [defining repository variable](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/variables#creating-configuration-variables-for-a-repository) -`MAVEN_REPO` - - ## Testing -By default, tests that require smart-card are excluded from running. To execute all tests enable allTests maven profile +By default tests that require smart-card are excluded from running. To execute all tests enable allTests maven profile ``` mvn -PallTests test ``` @@ -298,25 +156,14 @@ To run the tests using a physical PKCS11 device (smart card or usb token), execu mvn test -Dtests=pkcs11 ``` -The pkcs11 device configuration (PKCS11 library, slot, pin, etc) can be specified using -`cdoc2.pkcs11.conf-file` system property, for example run with configuration file from filesystem -from the root of the project: +The pkcs11 device configuration (PKCS11 library, slot, pin, etc) can be specified using `cdoc2.pkcs11.conf-file` system property, for example: ``` -mvn test -Dtests=pkcs11 -Dcdoc2.pkcs11.conf-file=src/test/resources/pkcs11-test-safenet.properties -``` -or -``` -mvn test -Dtests=pkcs11 -Dcdoc2.pkcs11.conf-file=src/test/resources/pkcs11-test-idcard.properties +mvn test -Dtests=pkcs11 -Dcdoc2.pkcs11.conf-file=pkcs11-test-safenet.properties ``` By default, the pkcs11 configuration is read from the file `pkcs11-test-idcard.properties`. -### Bats tests (end to end) - -Additional tests using [Bats](https://github.com/bats-core/bats-core) and `cdoc2-cli`. -Refer [test/README.md](test/README.md) - ### Entropy In case the tests run slowly (probably due to waiting on entropy generation), using an entropy source (e.g `haveged`) may help on Linux: @@ -329,36 +176,23 @@ service haveged start ## Running -See [cdoc2-cli/README.md](cdoc2-cli/README.md) +See `cdoc20-cli/README.md` -## Releasing and version management +## Releasing -See [VERSIONING.md](VERSIONING.md) +First update CHANGELOG.md - follow semantic versioning -### Creating SBOM (Software Bill of Materials) - -The SBOM report will be automatically generated at build time. - -To manually create the SBOM report, run: +Will update version numbers in pom.xml files and create tag with version v{x.y.z} in git ``` -mvn cyclonedx:makeAggregateBom +mvn clean +mvn --batch-mode -Dtag=v{x.y.z} release:prepare -DreleaseVersion={x.y.z} -DdevelopmentVersion={x.y+1.z}-SNAPSHOT +mvn release:perform -Darguments="-Dmaven.deploy.skip=true" ``` -The generated reports (`target/bom.json` and `target/bom.xml`) include dependencies from all submodules. - -## Publishing - -### GitHub +Verify that git repositories are synced (master points to same commit) and the tag is pushed (using `git push v{x.y.z}`). -Create release on tag done by VERSIONING.md process. It will trigger `maven-release.yml` workflow that -will deploy Maven packages to GitHub Maven package repository. +As maven repository doesn't exist yet, then maven deploy is not performed -### Manual - -Since build uses `exists-maven-plugin` then `altDeploymentRepository` doesn't work as it only works -for `deploy` plugin. Set `project.distributionManagement` user properties instead: -``` -mvn deploy -Dproject.distributionManagement.repository.id=github \ --Dproject.distributionManagement.repository.url=https://maven.pkg.github.com/open-eid/cdoc2-java-ref-impl` -``` +For more info, see +[Maven Non-interactive Release](https://maven.apache.org/maven-release/maven-release-plugin/examples/non-interactive-release.html) diff --git a/VERSIONING.md b/VERSIONING.md deleted file mode 100644 index 3e37bce0..00000000 --- a/VERSIONING.md +++ /dev/null @@ -1,95 +0,0 @@ -# Versioning guidelines for CDOC2 project - -CDOC2 modules are split between two repositories (or more in future). As all modules are not in the -same repository, then version management becomes necessity. - -To help with version management, this document describes some ways to manage module versions. - -CDOC2 project tries to follow [semantic versioning](https://semver.org/) - -## Development without release (inc_version.sh) - -* Create feature branch _ -* Make changes - -Before opening merge request, run `inc_versions.sh -d` (dry-run) and `inc_versions.sh` - -This, will scan modules and increase module version only for changed modules that are not already on -"-SNAPSHOT" version. Changes are detected only for current branch and won't work for main branch. - -* `git diff` to verify changes -* Commit, push -* Create MR - -`inc_version.sh -d` will print out changed modules, but doesn't change any files. - -The script is not perfect, for example if you only change README in a module, then module is still -considered changed although no code changes. - -## Using latest version of modules (use_latest_snapshot.sh) - -After creating new version Maven module or artifact, install it locally - -`mvn install` -`mvn -f install` - -### Update cdoc2 dependencies for single module - -* `mvn -f versions:use-latest-versions -Dincludes=ee.cyber.cdoc2:* -DexcludeReactor=false -DallowSnapshots=true` - -Example: `mvn -f get-server versions:use-latest-versions -Dincludes=ee.cyber.cdoc2:* -DexcludeReactor=false -DallowSnapshots=true` - - -### Update cdoc2 dependencies for all modules in repository - -* Run `use_latest_snapshot.sh` to update all modules -* `git diff` to verify changes - -## Releases (prepare_release.sh and make_release.sh) - -General release procedure: - -* Checkout clean branch (usually 'master') -* `prepare_release.sh` (changes versions to RELEASE versions and runs tests) -* Verify changes (`git diff`) -* Edit CHANGELOG.md -* `make_release.sh -d` (`git commit; git push` to RELEASE branch) - -This will change -SNAPSHOT version to release version, update dependencies in all modules to latest -non-SNAPSHOT version. Build, test, create release branch, push changes, deploy maven artifacts. - -Without parameters `prepare_release.sh` will use version (with -SNAPSHOT removed) from parent pom. -To specify custom release version use `-v`, example `prepare_release.sh -v 1.2.3`. This will update -version in parent pom before changing other versions. - -If everything went well, then -* release branch was created with name 'release_v' -* original branch is checked out ('master' usually) -* Nothing is commited to main branch ('master') - -To finish create squash merge from release branch to main branch -```bash -git merge --squash $RELEASE_BRANCH -git commit -m "Squashed commit from $RELEASE_BRANCH" -git push $GIT_REMOTE $GIT_BRANCH -``` - -or create GitHub PR (recommended) from release branch and merge from GitHub. - -Finish by [publishing](README.md#publishing) deliverables from a release tag. - -### Release cdoc2-java-ref-impl and cdoc2-capsule-server - -Since test code for cdoc2-capsule-server depends on cdoc2-java-ref-impl `cdoc2-lib` module and -transiently `cdoc2-client` module, then for bigger releases following procedure is recommended: - -* Checkout both repositories -* Run `prepare_release.sh` in `cdoc2-java-ref-impl` and then in `cdoc2-capsule-server`. That installs - `cdoc2-lib` into local maven repository and `cdoc2-capsule-server` will use it during testing - ('mvn verify') -* Update CHANGELOGs in both repositories -* Run `make_release.sh` in `cdoc2-java-ref-impl` and then in `cdoc2-capsule-server` - -### make_release.sh without deploy - -`make_release.sh -d` will create release branch, but will not deploy Maven artifacts. diff --git a/cdoc2-cli/README.md b/cdoc2-cli/README.md deleted file mode 100644 index a4b8f380..00000000 --- a/cdoc2-cli/README.md +++ /dev/null @@ -1,512 +0,0 @@ -# Building & Running - -To run without building, download latest version of cdoc2-cli.jar from https://github.com/orgs/open-eid/packages - -## Building -Run from cdoc2-java-ref-impl parent directory -``` -mvn clean package -``` - -Will create `cdoc2-cli/target/cdoc2-cli-.jar` - -## Running -Run from cdoc2-cli directory - -Latest help can be seen by running: -``` -java -jar target/cdoc2-cli-.jar -``` - -where `` must be replaced with the latest version built. Example `0.0.12-SNAPSHOT` - -Sample generated CDOC2 documents are located at `cdoc2-java-ref-impl/test/testvectors` - -Commands for creating and decrypting sample files using cdoc2-cli are in `cdoc2-java-ref-impl/test/generate_documents.sh` - - -### Encryption -To create: -- Output file `/tmp/mydoc.cdoc` -- with generated private key -- to recipient `keys/bob_pub.pem` -- to encrypt file 'README.md' - -``` -java -jar target/cdoc2-cli-*.jar create --file /tmp/mydoc.cdoc2 -p keys/bob_pub.pem README.md -``` - -### Encryption with server scenario -Server must be running, see cdoc2-capsule-server/README.md for starting the server - -To store keys in key server, specify addition `--server` option: - -When encrypting for est-eid card, `-r` can be used -``` -java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc2 -r 38001085718 README.md -``` - -Optionally cdoc2-cli also supports encrypting with "soft" key or certificate - -Public key (`-p`) -``` -java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc2 -p keys/cdoc2client_pub.key README.md -``` - -Certificate (`-c` option): -``` -java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc2 -c keys/cdoc2client-certificate.pem README.md -``` - -Key capsule expiration date can be requested when adding expiry duration: -``` --exp P365D -``` -Default expiration duration will be used if it is not requested by the client. Default and max -expiration durations are configurable values in put-server and get-server. - - -### Encryption with symmetric key and password - -Generate key with openssl (minimum length 32 bytes): -``` -openssl rand -base64 32 -`HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=` -``` - -Base64 encoded keys must be prefixed with 'base64,', so that key becomes "base64,HHeUrHfo+bCZd//gGmEOU2nA5cgQolQ/m18UO/dN1tE=" - -Encrypt with generated key and label 'label_b64secret': -``` -java -jar target/cdoc2-cli-*.jar create --secret "label_b64secret:base64,aejUgxxSQXqiiyrxSGACfMiIRBZq5KjlCwr/xVNY/B0=" -f /tmp/symmetric.cdoc2 README.md -``` - -Or secret read from file (so that secret is not exposed through process list) -``` -java -jar target/cdoc2-cli-*.jar create @keys/b64secret.option -f /tmp/symmetric.cdoc2 README.md -``` - -``` -cat keys/b64secret.option --secret "label_b64secret:base64,aejUgxxSQXqiiyrxSGACfMiIRBZq5KjlCwr/xVNY/B0=" -``` - -Or encrypt with password clear text (note, that password also can be encoded to base64 format, as secret): -``` -java -jar target/cdoc2-cli-*.jar create --password "passwordlabel:myPlainTextPassword" -f /tmp/password.cdoc2 README.md -``` - -Decryption is done with the same label and key used for encryption -``` -java -jar target/cdoc2-cli-*.jar decrypt @keys/b64secret.option -f /tmp/symmetric.cdoc2 -o /tmp -``` - -Or with the same label and password used for encryption: -``` -java -jar target/cdoc2-cli-*.jar decrypt --password "passwordlabel:myPlainTextPassword" -f /tmp/password.cdoc2 --output /tmp -``` - -If cdoc2 file contains only one password, then specifying label is not required and label can be omitted: -``` -java -jar target/cdoc2-cli-*.jar decrypt --password ":myPlainTextPassword" -f /tmp/password.cdoc2 --output /tmp -``` - - -Or with the same label and secret used for encryption: -``` -java -jar target/cdoc2-cli-*.jar decrypt --secret "label_b64secret:base64,aejUgxxSQXqiiyrxSGACfMiIRBZq5KjlCwr/xVNY/B0=" -f /tmp/symmetric.cdoc2 --output /tmp -``` - -Key and label can be safely stored in a password manager. - - -### Encryption with Smart ID - -Current encryption/decryption implementation of cdoc2 container with Smart ID supports only Estonian -personal ID codes. - -``` -java \ - -Dkey-shares.properties=config/localhost/key-shares.properties \ - -jar target/cdoc2-cli-*.jar \ - create \ - --smart-id=40504040001 \ - -f /tmp/smartid.cdoc2 \ - README.md -``` - -Multiple ID codes are allowed to be sent for encryption: - -``` -java -jar target/cdoc2-cli-*.jar create -sid=38001085718 -sid=47101010033 \ - -f /tmp/smartid.cdoc2 README.md -``` - -Key shares properties can be sent externally by adding following options (the same -for decryption): - -`-Dkey-shares.properties=config/localhost/key-shares.properties` - - -### Encryption with Mobile ID - -Current encryption/decryption implementation of cdoc2 container with Mobile ID supports only -Estonian personal ID codes. - -``` -java -jar target/cdoc2-cli-*.jar create --mobile-id=51307149560 -f /tmp/mobileid.cdoc2 README.md -``` - -Multiple ID codes are allowed to be sent for encryption: - -``` -java \ - `-Dkey-shares.properties=config/localhost/key-shares.properties` \ - -jar target/cdoc2-cli-*.jar create -mid=51307149560 -mid=60001017869 \ - -f /tmp/mobileid.cdoc2 README.md -``` - -Key shares properties can be sent externally by adding following options (the same -for decryption): - -`-Dkey-shares.properties=config/localhost/key-shares.properties` - - -### Decryption -To decrypt: -- CDOC2 file `/tmp/mydoc.cdoc2` -- with decryption private EC key `keys/bob.pem` -- to output directory `/tmp` - -``` -java -jar target/cdoc2-cli-*.jar decrypt --file /tmp/mydoc.cdoc2 -k keys/bob.pem --output /tmp -``` - -or with Smart-ID for Estonian personal ID code: - -``` -java \ - -Dkey-shares.properties=config/localhost/key-shares.properties \ - -Dauth-server.properties=config/localhost/auth-server.properties \ - -Drp-server.properties=config/localhost/rp-server.properties \ - -jar target/cdoc2-cli-*.jar \ - decrypt \ - -sid=40504040001 \ - -f /tmp/smartid.cdoc2 \ - --output /tmp -``` - -or with Mobile-ID for Estonian personal ID code and Estonian phone number with country code `+372`: - -``` -java \ - -Dkey-shares.properties=config/localhost/key-shares.properties \ - -Dauth-server.properties=config/localhost/auth-server.properties \ - -Drp-server.properties=config/localhost/rp-server.properties \ - -jar target/cdoc2-cli-*.jar \ - decrypt \ - -mid=51307149560 -mid-phone=+37269930366 \ - -f /tmp/mobileid.cdoc2 \ - --output /tmp -``` - -### Decrypting with server scenario -Server must be running, see cdoc2-capsule-server/README.md for starting the server - -To decrypt CDOC2 document that has its keys distributed through key server, cdoc2-cli must have `--server` option: - -Configuration for id-card (certificate for mutual TLS and private key is read from smart-card) -``` -java -jar target/cdoc2-cli-*.jar decrypt --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc2 -o /tmp/ -``` - -It is also possible to decrypt documents created with "soft" keys, but configuration for mutual TLS (properties file) and -key (read separately from a file) must match. Also, server must be configured to trust client certificate used for -mutual TLS. -``` -java -jar target/cdoc2-cli-*.jar decrypt --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc2 -k keys/cdoc2client_priv.key -o /tmp/ -``` - - -### Re-encryption with password for long time storage - -First encrypt the document: -``` -java -jar target/cdoc2-cli-*.jar create --secret "mylongpasswd:longstringthatIcanremember,butothersdon'tknow" -f /tmp/symmetric.cdoc2 README.md -``` - -Create different directory for re-encrypted container: -``` -mkdir -p /tmp/cdoc2 -``` - -Then re-encrypt it with password for long-term storage: -``` -java -jar target/cdoc2-cli-*.jar re-encrypt --encpassword "passwordlabel:myPlainTextPassword" --secret "mylongpasswd:longstringthatIcanremember,butothersdon'tknow" -f /tmp/symmetric.cdoc2 --output /tmp/cdoc2 -``` - -For testing decryption ensure the correct re-encrypted container location: -``` -java -jar target/cdoc2-cli-*.jar decrypt --password "passwordlabel:myPlainTextPassword" -f /tmp/cdoc2/symmetric.cdoc2 --output /tmp/cdoc2 -``` - -### List - -``` -java -jar target/cdoc2-cli-*.jar list --file /tmp/mydoc.cdoc2 -k keys/bob.pem -``` - -or with server scenario: - -``` -java -jar target/cdoc2-cli-*.jar list --server=config/localhost/localhost_pkcs12.properties -f /tmp/localhost.cdoc2 -k keys/cdoc2client_priv.key -``` - -or with password: -``` -java -jar target/cdoc2-cli-*.jar list --file /tmp/symmetric.cdoc2 --password "passwordlabel:myPlainTextPassword" -``` - -or with secret: -``` -java -jar target/cdoc2-cli-*.jar list --file /tmp/symmetric.cdoc2 --secret "label_b64secret:base64,aejUgxxSQXqiiyrxSGACfMiIRBZq5KjlCwr/xVNY/B0=" -``` - -### List recipients - -List recipients. Prints recipient types and key labels from CDOC2 header. - -``` -java -jar target/cdoc2-cli-*.jar info -f /tmp/id.cdoc2 -``` - - -## ID-kaart (Est-id secure card) - - -### Encrypting for ID-card owner - -cdoc2-cli can download authentication certificate (Isikutuvastus PIN1) from SK and Zetes LDAP directory -https://github.com/SK-EID/LDAP/wiki/Knowledge-Base - -To create cdoc for recipient with id code 37101010021 use: -``` -java -jar target/cdoc2-cli-*.jar create --file /tmp/mydoc.cdoc2 -r 37101010021 README.md -``` - -[TODO: Onece the SK LDAP is updated, remove this section]: # -> **NOTE:** Currently the SK LDAP service is using TLS_RSA_WITH_AES_256_GCM_SHA384 which is -> disabled by some Java Development Kit (JDK). -> -> If the encryption gives `javax.naming.CommunicationException: simple bind failed: esteid.ldap.sk.ee:636` error, -> then in the `jdk/conf/security/java.security` remove the `TLS_RSA_*` in the `jdk.tls.disabledAlgorithms`. -> -> A script to do it automatically: -> ``` -> sed -i '/^jdk\.tls\.disabledAlgorithms=/{:loop; /\\$/{N; b loop}; s/TLS_RSA_\*,[ \t]*//g}' /usr/lib/jvm/java-17-openjdk-amd64/conf/security/java.security -> ``` - - -### Decrypting with ID-card - -To decrypt: -- CDOC file mydoc.cdoc2 -- use private key from ID-card slot 0 (Isikutuvastus PIN1) -- Decrypt files from cdoc2 file into current directory -``` -java -jar target/cdoc2-cli-*.jar decrypt -f mydoc.cdoc2 -``` - -### Certificate extraction - -* Run DigiDoc4 client -* Crypto -> Add file (choose random file) -* Recipients -> Certificate from card -> click on certificate -> Show Certificate -> Save - -Saved certificate will be .cer file (same as der) - -or - -* Run DigiDoc4 client -* Crypto -> Add file (choose random file) -* Recipients -> Enter personal code -> Search -> Show Certificate -> Save - - -### Encrypting documents with certificate - -To create: -- Output file `/tmp/mydoc.cdoc2` -- with generated private key -- to recipient with certificate `keys/cdoc2client-certificate.pem` (DER or PEM formats are supported) -- to encrypt file 'README.md' - -``` -java -jar target/cdoc2-cli-*.jar create --file /tmp/mydoc.cdoc2 -c keys/cdoc2client-certificate.pem README.md -``` - -Decrypt created container with private key: -``` -java -jar target/cdoc2-cli-*.jar decrypt -f /tmp/mydoc.cdoc2 -k keys/cdoc2client_priv.key --output /tmp -``` - -### Troubleshooting ID-card - -Verify that DigiDoc4 client is running and can access ID-card - -cdoc2-cli will try to configure itself automatically. If OpenSC library is installed to non-standard location, then -specify its location by setting 'pkcs11-library' property: - -``` -java -jar target/cdoc2-cli-*.jar decrypt -Dpkcs11-library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -f mydoc.cdoc2 -``` - -More tips for debugging ID-card related issues are provided in cdoc2-lib/pkcs11.README file - - -## Other configuration options - -Set with -D option - -``` -java -jar target/cdoc2-cli-*.jar decrypt -Dee.cyber.cdoc2.overwrite=false -f mydoc.cdoc2 -``` - -#### pkcs11-library -PKCS11 library location. Default is platform specific - -Common OpenSC library locations: - -* For Windows, it could be C:\Windows\SysWOW64\opensc-pkcs11.dll -* For Linux, it could be /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -* For OSX, it could be /usr/local/lib/opensc-pkcs11.so - -## SafeNet eToken support - -Requirements: -* OpenSC is installed -* SafeNet Authentication Client (provides the pkcs11 library) is installed. - See https://knowledge.digicert.com/generalinformation/INFO1982.html for details. - -To find the slot for the SafeNet eToken, execute: - -``` -pkcs11-tool --module /usr/lib/libeToken.so -L -``` - -List entries on the eToken device: - -``` -keytool -providerclass sun.security.pkcs11.SunPKCS11 -providerarg opensc-safenet.cfg -storetype PKCS11 -storepass YOUR-SAFENET-PIN -list -``` - -Export Certificate from the SafeNet eToken device: - -``` -keytool -providerclass sun.security.pkcs11.SunPKCS11 -providerarg opensc-safenet.cfg -storetype PKCS11 -storepass YOUR-SAFENET-PIN -alias YOUR_ENTRY_ALIAS -exportcert -rfc -file etoken-cert.pem -``` - -Encrypt certificate as described in the "Encrypting documents with certificate" section. - -List files encrypted for the eToken device by specifying pkcs11 library, slot and key alias: - -``` -java -jar target/cdoc2-cli-*.jar list -f file-for-etoken.cdoc2 -Dpkcs11-library=/usr/lib/libeToken.so -a cdoc2-test --slot 1 --crypto-stick SECP256R1 -``` - -Decrypt files encrypted for the eToken device by specifying pkcs11 library, slot and key alias: - -``` -java -jar target/cdoc2-cli-*.jar decrypt -f file-for-etoken.cdoc2 -Dpkcs11-library=/usr/lib/libeToken.so -a cdoc2-test --slot 1 --crypto-stick SECP256R1 -``` - -The java PKCS#11 interface does not support the OAEP padding, -so the implementation uses the `sun.security.pkcs11.wrapper` private methods to directly communicate with the crypto stick. -For this, it is necessary to add these to the java classpath with `--add-exports`. - -List files encrypted for the RSA eToken device by specifying pkcs11 library, slot and key alias: - -``` -java \ - --add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED \ - --add-opens=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED \ - -jar target/cdoc2-cli-*.jar \ - list \ - --server=config/localhost/localhost.properties \ - -f /tmp/localhost.cdoc2 \ - -Dpkcs11-library=/usr/lib/libeToken.so \ - -a cdoc2-test \ - --slot 1 \ - --crypto-stick RSA4096 -``` - -Decrypt files encrypted for the RSA eToken device by specifying pkcs11 library, slot and key alias: - -``` -java \ - --add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED \ - --add-opens=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED \ - -jar target/cdoc2-cli-*.jar \ - decrypt \ - -Dpkcs11-library=/usr/lib/libeToken.so \ - --server=config/localhost/localhost.properties \ - -f /tmp/localhost.cdoc2 \ - -o /tmp \ - -a cdoc2-test \ - --slot 1 \ - --crypto-stick RSA4096 -``` - -#### ee.cyber.cdoc2.overwrite -When decrypting, is overwriting files allowed. Default is false - -#### ee.cyber.cdoc2.maxDiskUsagePercentage -default 98.0 - -Decrypting will be stopped if disk usage is over maxDiskUsagePercentage - - -#### ee.cyber.cdoc2.tarEntriesThreshold -default 1000 - -Decrypting will be stopped if container contains over tarEntriesThreshold entries (files) - - -#### ee.cyber.cdoc2.compressionThreshold -default 10.0 - -Decrypting will be stopped if compressed file compression ratio is over compressionThreshold - -#### ee.cyber.cdoc2.key-label.machine-readable-format.enabled -default true - -Key label format can be defined while encrypting. Machine parsable format is enabled by default -and free text format is allowed if the property disabled. -Machine-readable format is following, where `` is the key label value: -``` -data:[][;base64], -``` - -#### ee.cyber.cdoc2.key-label.file-name.added -default true - -Key label `` field contains different parameters. File name is one of them. For security -purpose it can be hidden in configuration. File name is added by default. - -#### ee.cyber.key-shares.properties -CLI option which indicates the path to key capsule client key-shares properties file. -- ##### ee.cyber.key-shares.urls - Key shares servers URL-s, separated by comma `","` -- ##### ee.cyber.key-shares.min_num - Minimum quantity of key shares servers -- ##### ee.cyber.key-shares.algorithm - Key shares algorithm - -#### ee.cyber.smart-id.properties -CLI option which indicates the path to smart-id properties file. -- ##### ee.cyber.smartid.client.hostUrl - Smart ID client host URL -- ##### ee.cyber.smartid.client.relyingPartyUuid - Smart ID client relying party UUID -- ##### ee.cyber.smartid.client.relyingPartyName - Smart ID client relying party name -- ##### ee.cyber.smartid.client.ssl.trust-store-password - Smart ID client SSL trust store password diff --git a/cdoc2-cli/config/localhost/README.md b/cdoc2-cli/config/localhost/README.md deleted file mode 100644 index 50e8bc0b..00000000 --- a/cdoc2-cli/config/localhost/README.md +++ /dev/null @@ -1,39 +0,0 @@ -For testing server scenarios with cdoc2 capsule servers running on localhost. - -TLS (POST) -https://localhost:8443 - -mTLS (GET) -https://localhost:8444 - -## Running server - -Prerequisites: [docker compose](https://docs.docker.com/compose/install/) is installed -``` -cd cdoc2-java-ref-impl/test/config/server -docker compose up -``` - -## Id-card - -Requirements: -* [id-card (pkcs11) drivers](https://www.id.ee/) are installed - -Run from cdoc2-cli directory - -### Encrypt for id-card -``` -java -jar target/cdoc2-cli-*.jar create --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc2 -r 38001085718 README.md -``` -Replace `3800108571` with your id code - -### Decrypting with id-card -``` -java -jar target/cdoc2-cli-*.jar decrypt --server=config/localhost/localhost.properties -f /tmp/localhost.cdoc2 -o /tmp -``` - -If Pkcs11 driver is not found from default location, then alternative location can be provided with -`-Dpkcs11-library=` option, for example -``` -java -jar target/cdoc2-cli-*.jar decrypt -Dpkcs11-library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -``` diff --git a/cdoc2-cli/config/localhost/auth-server.properties b/cdoc2-cli/config/localhost/auth-server.properties deleted file mode 100644 index 15807c77..00000000 --- a/cdoc2-cli/config/localhost/auth-server.properties +++ /dev/null @@ -1,3 +0,0 @@ -auth-server.client.hostUrl=https://localhost:7500 -auth-server.client.ssl.trust-store=config/localhost/clienttruststore.jks -auth-server.client.ssl.trust-store-password=passwd \ No newline at end of file diff --git a/cdoc2-cli/config/localhost/clienttruststore.jks b/cdoc2-cli/config/localhost/clienttruststore.jks deleted file mode 100644 index a50bf00b..00000000 Binary files a/cdoc2-cli/config/localhost/clienttruststore.jks and /dev/null differ diff --git a/cdoc2-cli/config/localhost/key-shares.properties b/cdoc2-cli/config/localhost/key-shares.properties deleted file mode 100644 index 3aca769c..00000000 --- a/cdoc2-cli/config/localhost/key-shares.properties +++ /dev/null @@ -1,8 +0,0 @@ -key-shares.servers.urls=https://localhost:8442, https://localhost:8443 -key-shares.servers.min_num=2 -key-shares.algorithm=n-of-n - -# trusted certificates by client -cdoc2.key-shares.client.ssl.trust-store=config/localhost/clienttruststore.jks -cdoc2.key-shares.client.ssl.trust-store.type=JKS -cdoc2.key-shares.client.ssl.trust-store-password=passwd \ No newline at end of file diff --git a/cdoc2-cli/config/localhost/localhost.properties b/cdoc2-cli/config/localhost/localhost.properties deleted file mode 100644 index 95b1bcce..00000000 --- a/cdoc2-cli/config/localhost/localhost.properties +++ /dev/null @@ -1,33 +0,0 @@ -# Client configuration where keys and certificates are read from smart-card (PKCS11 configuration) -# java -jar target/cdoc2-cli-0.0.12-SNAPSHOT.jar create --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc2 -r 38001085718 README.md - -# java -jar target/cdoc2-cli-0.0.10-SNAPSHOT.jar decrypt --server=config/localhost/localhost.properties -f /tmp/localhost_id-card.cdoc2 -o /tmp/ - -cdoc2.client.server.id=localhost -# capsules created over TLS (no client auth required) -cdoc2.client.server.base-url.post=https://localhost:8443 -# Querying capsules requires mTLS -cdoc2.client.server.base-url.get=https://localhost:8444 -cdoc2.client.server.debug=true -cdoc2.client.server.connect-timeout=2000 -cdoc2.client.server.read-timeout=5000 - -# trusted certificates by client -cdoc2.client.ssl.trust-store.type=JKS -# specify trust store jks as file in classpath -# cdoc2.client.ssl.trust-store=classpath:keystore/clienttruststore.jks -# or path (full or relative) -cdoc2.client.ssl.trust-store=config/localhost/clienttruststore.jks -cdoc2.client.ssl.trust-store-password=passwd - -# mutual TLS with cert from smart-card (EST-ID certificates are trusted by the server) -# Only required for get server -cdoc2.client.ssl.client-store.type=PKCS11 -# if ssl.client-store-password.prompt is set, then ask user interactively -cdoc2.client.ssl.client-store-password.prompt=PIN1 -# otherwise use password value -#cdoc2.client.ssl.client-store-password=3471 - -# if pkcs11 library is not found from default location, use -# -Dpkcs11-library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -# cli option to specify pkcs11-library location diff --git a/cdoc2-cli/config/localhost/localhost_pkcs12.properties b/cdoc2-cli/config/localhost/localhost_pkcs12.properties deleted file mode 100644 index 0a69f5a6..00000000 --- a/cdoc2-cli/config/localhost/localhost_pkcs12.properties +++ /dev/null @@ -1,25 +0,0 @@ -# key server listening on localhost, mutual TLS with private key/certificate (P12) read from file -# See cdoc2-capsule-server/README.md how to start the server - -# server.id is written to cdoc header. Must have configuration on recipient side -cdoc2.client.server.id=localhost -# capsules can be created over TLS (no client auth required) -cdoc2.client.server.base-url.post=https://localhost:8443 -# Quering capsules requires mTLS -cdoc2.client.server.base-url.get=https://localhost:8444 - -cdoc2.client.server.debug=true -cdoc2.client.server.connect-timeout=1000 -cdoc2.client.server.read-timeout=1000 - -# trusted certificates by client -cdoc2.client.ssl.trust-store.type=JKS -cdoc2.client.ssl.trust-store=config/localhost/clienttruststore.jks -cdoc2.client.ssl.trust-store-password=passwd - - -# client private key and certificate for mutual TLS (if required by server) -# This key should be trusted by server and added to server trusted key store -cdoc2.client.ssl.client-store.type=PKCS12 -cdoc2.client.ssl.client-store=keys/cdoc2client.p12 -cdoc2.client.ssl.client-store-password=passwd diff --git a/cdoc2-cli/config/localhost/localhost_pkcs12_rsa.properties b/cdoc2-cli/config/localhost/localhost_pkcs12_rsa.properties deleted file mode 100644 index bcb5324c..00000000 --- a/cdoc2-cli/config/localhost/localhost_pkcs12_rsa.properties +++ /dev/null @@ -1,22 +0,0 @@ -# localhost client configuration for RSA keys -# java -jar target/cdoc2-cli-0.0.12-SNAPSHOT.jar create --server=config/localhost/localhost_pkcs12_rsa.properties -f /tmp/localhost_rsa.cdoc2 -c ../cdoc2-capsule-server/keys/rsa/client-rsa-2048-cert.pem README.md -# java -jar target/cdoc2-cli-0.0.12-SNAPSHOT.jar decrypt --server=config/localhost/localhost_pkcs12_rsa.properties -f /tmp/localhost_rsa.cdoc2 -p12 ../cdoc2-capsule-server/keys/rsa/client-rsa-2048.p12:passwd -o /tmp/ - -# server.id is written to cdoc header. Must have configuration on recipient side -cdoc2.client.server.id=localhost -# capsules can be created over TLS (no client auth required) -cdoc2.client.server.base-url.post=https://localhost:8443 -# Quering capsules requires mTLS -cdoc2.client.server.base-url.get=https://localhost:8444 -cdoc2.client.server.debug=true - -# trusted certificates by client -cdoc2.client.ssl.trust-store.type=JKS -cdoc2.client.ssl.trust-store=config/localhost/clienttruststore.jks -cdoc2.client.ssl.trust-store-password=passwd - - -# client private key and certificate for mutual TLS -cdoc2.client.ssl.client-store.type=PKCS12 -cdoc2.client.ssl.client-store=keys/rsa/client-rsa-2048.p12 -cdoc2.client.ssl.client-store-password=passwd diff --git a/cdoc2-cli/config/localhost/rp-server.properties b/cdoc2-cli/config/localhost/rp-server.properties deleted file mode 100644 index 401a29d6..00000000 --- a/cdoc2-cli/config/localhost/rp-server.properties +++ /dev/null @@ -1,7 +0,0 @@ -rp-server.client.hostUrl=https://localhost:7600 -rp-server.client.certificateLevel=QUALIFIED - -rp-server.client.ssl.trust-store=config/localhost/clienttruststore.jks -rp-server.client.ssl.trust-store-password=passwd - -cdoc2.client.server.debug=true diff --git a/cdoc2-cli/config/mobile-id/RIA_ROOT_CA_2018.pem b/cdoc2-cli/config/mobile-id/RIA_ROOT_CA_2018.pem deleted file mode 100644 index cb2a224e..00000000 --- a/cdoc2-cli/config/mobile-id/RIA_ROOT_CA_2018.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5zCCA8+gAwIBAgIIciltck00n8UwDQYJKoZIhvcNAQEMBQAwbTELMAkGA1UE -BhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRob3JpdHkxHDAa -BgNVBAMME1JJQSBST09UIENBIDIwMTggRzExGTAXBgkqhkiG9w0BCQEWCnBraUBy -aWEuZWUwHhcNMTgwMzE1MTExMjExWhcNMzgwMTE5MTExMjExWjBtMQswCQYDVQQG -EwJFRTElMCMGA1UECgwcSW5mb3JtYXRpb24gU3lzdGVtIEF1dGhvcml0eTEcMBoG -A1UEAwwTUklBIFJPT1QgQ0EgMjAxOCBHMTEZMBcGCSqGSIb3DQEJARYKcGtpQHJp -YS5lZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbR/9a97hZszVcL -+J2bvORbTRximHdwMz/UdmaXCJvUwCirfwmt8wXqNTkU93XYheoOs85NaznCDXnj -kpfZKNsQiA2/GhXoOgWk4pTpgGXyfWGyPQdkvadLyqanWaxHFayYdluNjU0KUX4E -E2w9cBC56d4H/OhMcc7f6I6gipY9G+BH3Tp1pA0TmB/Cmbw2IgE8l4N+SVZme7TQ -+CrouHs6stR1JlpRHFxpO0qJDcPr/oA1aGAEEMfNVttR4/bg5MERSxNblm8yDoih -buLOz8VuxXcATURV9qt22Ny85BGQRR7tsqyPU3oezfmGFYGd3YCjjHs6E6rc2C7D -X6ooS1MuJkm34LOd3hiFK0+d8vmOFNCj53j6MAffqtLHrYfTKPDSgzbdmvYG+AYi -G8norpQ5hRM4xAMQM7JaCdyNpFfZK6DhuMqSYY50lwHkv4/MUWl35r4s9g653Yqc -T2+hLxbyAqYk1oq33ZdzvMehaUaRKViwfjE2G8OGl0J77bxkGRofxkuBN/02vzKR -eRzMoAgx/PB78kC8G7oLctKU6GcYKABCXPWmM9185rJQYy6friCQs9ocmxTVT7Ly -tpGn/DTtECJCEjpy3SZ1ZaYpExw0E2aPkQvqHoKUJoc6m1E2tmTG7te08XUlPyN8 -xu8YBDeT6CWsY1vc2FxUOETlqgg9AgMBAAGjgYowgYcwDwYDVR0TAQH/BAUwAwEB -/zBFBgNVHSUEPjA8BggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF -BQcDCQYIKwYBBQUHAwEGCCsGAQUFBwMIMB0GA1UdDgQWBBRypgFOU6MkMj9DBZoW -VPhqA2uenzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggIBAHYKaXi9 -+D+sUJRZ8tLESVrVtU80hMjNLfb4hyGcoU3NlC319Oo3j6fQ6no31P7RGPgoTV6C -3Gr99RTwf6D6NucB4BVcpvanPKfBEwrKCyq1CDaRnxG2RF2rte1m4tXwvk2ggt12 -TtC5yknPQATel5nkqB6bhPovmFO9cfYVDIKY61B+DSglXFQ1wuKJL2e3KAW1HhiC -4ktQCMSTDjWQcrVfsqAaYwjGfRZcYig3sIGuq4jRDNvT2AuaBs2siOr9zO3LOeiP -JmmrS24IgY8zTfF1jLpRC8Trnx3cL3yYTHeYOSaYTmEcO277GWQFnRiXbroASX38 -ABEWVBe9lO9A98ZSKmrmPnSWLzK0fK4sDkFP13YQdcDjNcceugOp6in8XO0wf2mg -vPtGtEk82pGTrwGMjNkrUTYTD82I/8Tdrt7TRgxkgp5ju73hf3G2H3QzGS2gfY0q -h5wmbriFo2KvR8fp4Vmb9BLlpV2VEaU5LAQNCl4PPKULlBkbVR9qGAKYgfGekBha -wfuHHGYx7pdrJTp59xN5aQ04Fd2C+ZNN8AkYBwXLz4aAfqyeUiB3HbK7L6yY4crz -uIGjdko9pKSSH69sqlUUj8PDrT9Hv92PWO3276ceLGPb9x1gQiaLvNgkXd0pXQPP -NUjXTJ+xYtwhEb95mb35idSv+ZLqTGU71rCV ------END CERTIFICATE----- \ No newline at end of file diff --git a/cdoc2-cli/config/mobile-id/TEST_EID-Q_2021E.pem.crt b/cdoc2-cli/config/mobile-id/TEST_EID-Q_2021E.pem.crt deleted file mode 100644 index d924f45d..00000000 --- a/cdoc2-cli/config/mobile-id/TEST_EID-Q_2021E.pem.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDozCCAwWgAwIBAgIQU+FdGn4AyGFg9rok5E6z7DAKBggqhkjOPQQDAzBuMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEpMCcGA1UEAwwgVEVTVCBvZiBTSyBJRCBTb2x1dGlv -bnMgUk9PVCBHMUUwHhcNMjEwNzIwMTE1NzIzWhcNMzYwNzIwMTE1NzIzWjBxMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEsMCoGA1UEAwwjVEVTVCBvZiBTSyBJRCBTb2x1dGlv -bnMgRUlELVEgMjAyMUUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT0wf3NUdjxWoIe -dN+ZK4hTPhTuwv03xhWhp34p4qGIZIaM+XxZc4/3dScM4CtnHniCOZoUgCysvkgb -GLh56xmMrmY/xy/3ZMk8M2JeU2NliKeZfeTAMObH6BtptPz00JSjggFjMIIBXzAf -BgNVHSMEGDAWgBTiHN5j3L74hH4BOy5LgLHhf9Xx5jAdBgNVHQ4EFgQUScfc7QYU -osdtnKbP11L9aOXoBBQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C -AQAwbAYIKwYBBQUHAQEEYDBeMCIGCCsGAQUFBzABhhZodHRwOi8vZGVtby5zay5l -ZS9vY3NwMDgGCCsGAQUFBzAChixodHRwOi8vYy5zay5lZS9URVNUX1NLX1JPT1Rf -RzFfMjAyMUUuZGVyLmNydDA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8vYy5zay5l -ZS9URVNUX1NLX1JPT1RfRzFfMjAyMUUuY3JsMFAGA1UdIARJMEcwRQYEVR0gADA9 -MDsGCCsGAQUFBwIBFi9odHRwczovL3d3dy5za2lkc29sdXRpb25zLmV1L2VuL3Jl -cG9zaXRvcnkvQ1BTLzAKBggqhkjOPQQDAwOBiwAwgYcCQgD8bAhs1OuTDgWPYHQj -22k67f4m2fgBWH1EBiN5fKNCKRf6m+zDjxiEBrVfEt1Ld1stFwSMUB43VP1AvW8P -4BwIIQJBCWQhLih0OjxBjd4vYRpkJYQF6YCv4uB6Y7/No/k8jOFaBFHCLX2uytuq -cWfH8kJRPSEtpBZacnFHoqFztE4786Q= ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/mobile-id/TEST_of_EID-SK_2016.pem.crt b/cdoc2-cli/config/mobile-id/TEST_of_EID-SK_2016.pem.crt deleted file mode 100644 index 99b6d300..00000000 --- a/cdoc2-cli/config/mobile-id/TEST_of_EID-SK_2016.pem.crt +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHCTCCBfGgAwIBAgIQVrOxHLphb7pfUJLPiYJRMzANBgkqhkiG9w0BAQwFADB9 -MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 -czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290 -IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMjAwOTAzMDY1MzAzWhcN -MzAxMjE3MjE1OTU5WjBoMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlm -aXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHDAaBgNV -BAMME1RFU1Qgb2YgRUlELVNLIDIwMTYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDqyjgcqyaktULCg+LV4apGWnzzHebH8XpuolWzAAByqbzrOCGtqF3U -rydhY6zJebM3k+JaR8s3xAszt58e6b0Syh7n4upTMDBo7UiOgyvAYh/c+y5vpDS7 -pzRXSIq9IT4o42yJI4PYsH2nkk/RYuedNi7Cu3boSrgpx+ztLjK0vzMpyeErQDRm -Nd19hbz1uKpK7W8LJoXTdAba6O9juv9zvtL256v8glrXEKwRr9/vFxAXQqh+Uv0b -dBLoCl+FJVcuZdEFHPCK4xrXTLK/Sg7b5lcJXn12CqC6pAu4LjBjlDX+mOAGBrD6 -n2OHRtzeWDaeRRwy+yDvd4e06UVd4Mkd/C4ibDx5OZxEuZnT5DbhJAsoNMxCiO7i -eC1LgW482T6doD+zzfCKovRj+1djQs/L1FTd1qR73LbH9AzL2XVeacai2OaI8n4T -LFOGjHBkkAPRCvBEtztcwStQ1vm7Y20I1BVtUiMApAdsqHxcYHvr782Rm77dlBjh -PKAC/PyczcYvRW40wG8nKxloBDENLDNXynPjrL6GksvZt2UBqYdPnW7KLkKZd5KS -b4wzM8cZKzKsXYZVTK3iyhgjDMSTABkBMFUuT/dzZ5s/FG5JnqJlCa9zawaOPlfS -+UuCsdb07w9Ke9sUWBcn4nyzo7PKrO5Ud8oZHAT0CO/BEasb99RVgwIDAQABo4IC -mDCCApQwHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wHQYDVR0OBBYE -FK6w6uE2+CarpcwLZlX+Oh0CvxK0MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E -CDAGAQH/AgEAMIHEBgNVHSAEgbwwgbkwPAYHBACL7EABAjAxMC8GCCsGAQUFBwIB -FiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzA8BgcEAIvsQAEA -MDEwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0v -Q1BTMDsGBgQAj3oBAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9y -ZXBvc2l0b29yaXVtL0NQUzAnBgNVHSUEIDAeBggrBgEFBQcDCQYIKwYBBQUHAwIG -CCsGAQUFBwMEMIGOBggrBgEFBQcBAQSBgTB/MCIGCCsGAQUFBzABhhZodHRwOi8v -ZGVtby5zay5lZS9vY3NwMFkGCCsGAQUFBzAChk1odHRwOi8vd3d3LnNrLmVlL3Vw -bG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3Rf -Q0EuZGVyLmNydDBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJQYIKwYBBQUHAQMEGTAXMBUG -CCsGAQUFBwsCMAkGBwQAi+xJAQEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cHM6Ly93 -d3cuc2suZWUvcmVwb3NpdG9yeS9jcmxzL3Rlc3RfZWVjY3JjYS5jcmwwDQYJKoZI -hvcNAQEMBQADggEBACawLCQnjAOtDCaNejt1AqMVc8IwWy03TAAvceJd7rRSG9w2 -Q69OxVMVhUpQ4+K+M+Fqtpkq5IWO9GFXYeYL5JwiL4rjKPk1MIunM4ZKr6f+NQBy -4A4oHL0ArF4QoQZuYnUS/jesjQs2HXEthcLjdSkFyaoAyfPH50c0WTMDhZj8eEIK -NWPEqGmGZPkAc4+ivFdl7zEC6ZaaJ6NdtihQKdFcisgv3Uyc4kuzmHK/6OtNAXpg -qaiLyf4L3ThQ2KA+EuDp6B97rOfV4JWC265HkAwxKd9/3fk7pwnfyMxIonW5MGcN -nrlYjNXNft5cr9xu2A8mPXh2ArMiZ1yif5NDvHI= ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/mobile-id/local-ria-ca.crt b/cdoc2-cli/config/mobile-id/local-ria-ca.crt deleted file mode 100644 index 8ce89f9c..00000000 --- a/cdoc2-cli/config/mobile-id/local-ria-ca.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB8TCCAZegAwIBAgIUKtFX4Bxjuvs2rpOMUSOi19lNcTkwCgYIKoZIzj0EAwQw -TjELMAkGA1UEBhMCRUUxEDAOBgNVBAcMB1RhbGxpbm4xEjAQBgNVBAoMCXJpYS1s -b2NhbDEZMBcGA1UEAwwQcmlhLWNhLmxvY2FsaG9zdDAeFw0yNDExMDYxMTU1NTBa -Fw0yNTExMDYxMTU1NTBaME4xCzAJBgNVBAYTAkVFMRAwDgYDVQQHDAdUYWxsaW5u -MRIwEAYDVQQKDAlyaWEtbG9jYWwxGTAXBgNVBAMMEHJpYS1jYS5sb2NhbGhvc3Qw -WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQDb4oBf3XbcbbgbHfwE92QpRB+OeYb -COgUpaeOIY4ONIP5KlGjHTHqNbe726s2BBjLPEntKvnNbU3PYTEUyMPfo1MwUTAd -BgNVHQ4EFgQU8aFyrSe80ebEICfaN7KV5FJCgmEwHwYDVR0jBBgwFoAU8aFyrSe8 -0ebEICfaN7KV5FJCgmEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBANIADBF -AiEAn+LOG2UoAmnbjiXtwiZ3rYUxeqo4DRTWfIUBno2s7HQCIHXhO6PxuI+H+alr -hekfexbP/3kD6E5acR8ag69SovW9 ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/mobile-id/mobileid_demo_server_trusted_ssl_certs.p12 b/cdoc2-cli/config/mobile-id/mobileid_demo_server_trusted_ssl_certs.p12 deleted file mode 100644 index 14c2cf0b..00000000 Binary files a/cdoc2-cli/config/mobile-id/mobileid_demo_server_trusted_ssl_certs.p12 and /dev/null differ diff --git a/cdoc2-cli/config/mobile-id/tsp-demo-sk-ee_2026.pem.cer b/cdoc2-cli/config/mobile-id/tsp-demo-sk-ee_2026.pem.cer deleted file mode 100644 index 7d9c4f29..00000000 --- a/cdoc2-cli/config/mobile-id/tsp-demo-sk-ee_2026.pem.cer +++ /dev/null @@ -1,38 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGujCCBaKgAwIBAgIQAvzLET/HKStz0GM6x/Dx9zANBgkqhkiG9w0BAQsFADBZ -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE -aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjYw -MTA2MDAwMDAwWhcNMjcwMjA2MjM1OTU5WjBVMQswCQYDVQQGEwJFRTEQMA4GA1UE -BxMHVGFsbGlubjEbMBkGA1UEChMSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQQD -Ew50c3AuZGVtby5zay5lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AL2uXO+8VCXz7P9c1E6SzbssRqMcTq3CFWgM2jTiJmN0271Y208GiPB2P6A/jOQu -/pbky7Y494OpCbGKgH82Kiox/NILRyKQZoEqWIKSFr9BoCb5i45ZZfBIdC7EtwvV -RtlILDFCetBOztc+XOBh8ZO8GBgrhZ0Osa55HHmdLQAetcfX9HvYe8XoH4doc6za -YZ7ocP4VFvyKoKpj32uVSNborgkOE04HS20/IHjYl4QQ/tbjHymZW1ENA6n0URxw -aHBev4GnF6BgoeNg1xbMf3l+Zan4jUT1xywr8Y3tCJd8TPWVA8s1+gY1PE+Wj3tC -MrhmGoTJBNrtJdLq5MmrPsECAwEAAaOCA4AwggN8MB8GA1UdIwQYMBaAFHSFgMBm -x9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBTaA9oJontGg5jKsb2uklqZzonBgTAZ -BgNVHREEEjAQgg50c3AuZGVtby5zay5lZTA+BgNVHSAENzA1MDMGBmeBDAECAjAp -MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P -AQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGfBgNVHR8EgZcwgZQwSKBG -oESGQmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExT -UlNBU0hBMjU2MjAyMENBMS0xLmNybDBIoEagRIZCaHR0cDovL2NybDQuZGlnaWNl -cnQuY29tL0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3Js -MIGHBggrBgEFBQcBAQR7MHkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj -ZXJ0LmNvbTBRBggrBgEFBQcwAoZFaHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t -L0RpZ2lDZXJ0R2xvYmFsRzJUTFNSU0FTSEEyNTYyMDIwQ0ExLTEuY3J0MAwGA1Ud -EwEB/wQCMAAwggF+BgorBgEEAdZ5AgQCBIIBbgSCAWoBaAB2AExj3JjlnB2riPYe -ij3ero+rRKM3e1+blMP7oZz8wb4mAAABm5OS2tQAAAQDAEcwRQIgRX1rOx5VdRnn -xRaRhIAaMH6MT8Oz3a//HQaKFLd29+8CIQC65BZeeJ7ciGmNjuEdvqH6xWM3j0Rx -+UwR32DQkzfY1AB2AByfaCzp+vBFaVD4G5aKh93bMhDYTObIsuOCUkrEz1mfAAAB -m5OS2uwAAAQDAEcwRQIgF8Wy26uMM+m385qW7AL8OmkdjN7h8F1AM+IWaEy+EQEC -IQCOaJ9LwiI6vI+wC0SGm/8OQwQ/ZMgTCXwYpc0QKe17lwB2AGBMmq96f3dfAdQG -/JINyJnrCxx9+MlSG/r6F3c7l4vJAAABm5OS26UAAAQDAEcwRQIhAN1H0YZN65bC -WArSxO3VtDSJ1ZgEr/6BoCbLYeB3DsxFAiAROHFeImcLvLeRNxhP4fXRKlrOLaqg -tHlK9xhlVjX0cjANBgkqhkiG9w0BAQsFAAOCAQEAIWJFR5AmbX48i1AYltc0Misk -g7NPwa7wbjm0yzELKZlHGaEZ+K9EzVQSVsCSIUwizrStD3NBfJ5nVABpErpBervu -w0cfP+xyie/rHUPt/KnCvrUHCj+FJQYLJ0Vx0VPoE279qPpVETy03mtyUExLxABR -ujN6+MHtH5rTIwcaWWaFvcUBBvP27il5dgr0/qBQlZO+JvbkQBUC2uNdCwAwv3As -YjA5paaVAF6xAt5TtGeBR4KC+xfTbtL/FO09jSq7ivG7B8Dcz6ZJa+hmArOiFVp0 -MM6cni+f0eGON0L6r+XQF+jyUsghrb1XKb9T6t9TIeY4G6h+ubNU1af8KmZQMA== ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/mobile-id/tsp_demo_sk_ee_2025.pem.cer b/cdoc2-cli/config/mobile-id/tsp_demo_sk_ee_2025.pem.cer deleted file mode 100644 index e7f123a4..00000000 --- a/cdoc2-cli/config/mobile-id/tsp_demo_sk_ee_2025.pem.cer +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGxTCCBa2gAwIBAgIQBrRXB/cwOQn5PdLZWym2lTANBgkqhkiG9w0BAQsFADBZ -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE -aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjUw -MTE0MDAwMDAwWhcNMjYwMTI4MjM1OTU5WjBVMQswCQYDVQQGEwJFRTEQMA4GA1UE -BxMHVGFsbGlubjEbMBkGA1UEChMSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQQD -Ew50c3AuZGVtby5zay5lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AL2uXO+8VCXz7P9c1E6SzbssRqMcTq3CFWgM2jTiJmN0271Y208GiPB2P6A/jOQu -/pbky7Y494OpCbGKgH82Kiox/NILRyKQZoEqWIKSFr9BoCb5i45ZZfBIdC7EtwvV -RtlILDFCetBOztc+XOBh8ZO8GBgrhZ0Osa55HHmdLQAetcfX9HvYe8XoH4doc6za -YZ7ocP4VFvyKoKpj32uVSNborgkOE04HS20/IHjYl4QQ/tbjHymZW1ENA6n0URxw -aHBev4GnF6BgoeNg1xbMf3l+Zan4jUT1xywr8Y3tCJd8TPWVA8s1+gY1PE+Wj3tC -MrhmGoTJBNrtJdLq5MmrPsECAwEAAaOCA4swggOHMB8GA1UdIwQYMBaAFHSFgMBm -x9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBTaA9oJontGg5jKsb2uklqZzonBgTAZ -BgNVHREEEjAQgg50c3AuZGVtby5zay5lZTA+BgNVHSAENzA1MDMGBmeBDAECAjAp -MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0f -BIGXMIGUMEigRqBEhkJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRH -bG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9j -cmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAy -MENBMS0xLmNybDCBhwYIKwYBBQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8v -b2NzcC5kaWdpY2VydC5jb20wUQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRp -Z2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0x -LmNydDAMBgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgAO -V5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWsYcVOIQAAAZRkob9NAAAEAwBHMEUC -IHtG4374bJEaXDLucqLUwyFvZm7YnC61MBwjz6L8CGaWAiEA0ZGSXktrvJ11LHl8 -e9Fy5/cmetJU3dxXcimSGh7vbNcAdwBkEcRspBLsp4kcogIuALyrTygH1B41J6vq -/tUDyX3N8AAAAZRkob+VAAAEAwBIMEYCIQDQQ1CJgvgdSj2rU/KezhUytJmAzRhP -RERkHSRmtk9ldQIhAL47+EWVay1oTn7Dnf2Zq3fLc4z6c55W0RLjoCe4j1X0AHYA -SZybad4dfOz8Nt7Nh2SmuFuvCoeAGdFVUvvp6ynd+MMAAAGUZKG/nQAABAMARzBF -AiEAxuhpjC3o/Bj9ZXk0UO8zjoIRzDGmNJ/wjuSb5PuGscwCIG6ofmTxDs6wQFvg -4OYocjpovQgGbGfGubLMTmjbc30KMA0GCSqGSIb3DQEBCwUAA4IBAQAybE9EgQws -4MNFSVtskonyU9C9RZXqgJQ2vASABF+X9P4haqTtpqJJTdWYUXHMPrRoa7YAgVTd -bDgxG9K7w+sAE5ir3A+fb+MISmD3UN7iqKrpO9wiPZ/L2kXhImhzdLcYGcYMI6LW -nAzjkMcWMKMSzi45M2EE9yk9FFl/2tfqmuT+Sc7ZMefBPc5x0AtO3vh6VNk8eawq -E742/UGRIrMmE4BF1UztXuNJ3zRRV/BCM9JRARKHYPF4GCTmOO0SrNmu8rBnFVhB -ODCbhk3CKcvKr/evOeS9y+r5Jxi7mZ3tXQA91NzVtDX4ZzAr105IE/vqt21oMOq7 -OpjbClffJ1cp ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/ria-dev/README.md b/cdoc2-cli/config/ria-dev/README.md deleted file mode 100644 index 865f0dc0..00000000 --- a/cdoc2-cli/config/ria-dev/README.md +++ /dev/null @@ -1,59 +0,0 @@ - -This directory contains cdoc2-cli config for RIA-dev servers - -TLS (POST) -https://cdoc2-keyserver.dev.riaint.ee:8443 - -mTLS (GET) -https://cdoc2-keyserver.dev.riaint.ee:8444 - -## Id-card -Run from cdoc2-cli directory - -### Encrypt for id-card -``` -java -jar target/cdoc2-cli-*.jar create --server=config/ria-dev/ria-dev.properties -f /tmp/ria.cdoc2 -r 38001085718 README.md -``` - -### Decrypting with id-card -``` -java -jar target/cdoc2-cli-*.jar decrypt --server=config/ria-dev/ria-dev.properties -f /tmp/ria.cdoc2 -``` - -## General EC secp384 key pair - -Client certificate must be trusted by server - -### Encrypt -``` -java -jar target/cdoc2-cli-*.jar create --server=config/ria-dev/ria-dev_pkcs12.properties -f /tmp/ria_p12.cdoc2 -p keys/cdoc2client_pub.key README.md -``` - -### Decrypt - -``` -java -jar target/cdoc2-cli-*.jar decrypt --server=config/ria-dev/ria-dev_pkcs12.properties -p12 keys/cdoc2client.p12:passwd -f /tmp/ria_p12.cdoc2 -o /tmp -``` - -### Encrypt for Smart-ID - -``` -java -jar target/cdoc2-cli-*.jar create \ --Dkey-shares.properties=config/ria-dev/key-shares.properties \ ---smart-id=40504040001 \ --f /tmp/40504040001.cdoc2 \ -README.md -``` - -### Decrypt with Smart-ID - -``` -java \ --Dkey-shares.properties=config/ria-dev/key-shares.properties \ --Dauth-server.properties=config/ria-dev/auth-server.properties \ --Drp-server.properties=config/ria-dev/rp-server.properties \ --jar target/cdoc2-cli-*.jar decrypt \ --sid=40504040001 \ --f /tmp/40504040001.cdoc2 \ ---output /tmp -``` diff --git a/cdoc2-cli/config/ria-dev/RIA-ECC-Issuing-CA-G3.crt.pem b/cdoc2-cli/config/ria-dev/RIA-ECC-Issuing-CA-G3.crt.pem deleted file mode 100644 index e71b111c..00000000 --- a/cdoc2-cli/config/ria-dev/RIA-ECC-Issuing-CA-G3.crt.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDbTCCAvOgAwIBAgIUGFf6XbmYnOpDYOFCPJPVxMAXuNQwCgYIKoZIzj0EAwMw -VDELMAkGA1UEBhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRo -b3JpdHkxHjAcBgNVBAMMFVJJQSBFQ0MgSXNzdWluZyBDQSBHMzAeFw0yNDExMTUx -MTEwMjlaFw0yNTExMTUxMTEwMjhaMIGCMQswCQYDVQQGEwJFRTEVMBMGA1UECAwM -SGFyanUgQ291bnR5MRAwDgYDVQQHDAdUYWxsaW5uMSUwIwYDVQQKDBxJbmZvcm1h -dGlvbiBTeXN0ZW0gQXV0aG9yaXR5MSMwIQYDVQQDDBpjZG9jMi1zaGFyZXMuZGV2 -LnJpYWludC5lZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABFviiV8kX87fX4bMXRtR -2SHbsxU3YEyf2nlX0c0BzX/uQW+BQgBAvKpHCDFQktK8BDW99Xx+WRG+Q1OsukDJ -dwNrpSuCohfI3E58lREXRFm8NEN2r32PqGCXeLFJDVmz6KOCAVUwggFRMAwGA1Ud -EwEB/wQCMAAwHwYDVR0jBBgwFoAUDKbd00Egr7fmuxMViIIUNzkWB0QwbQYIKwYB -BQUHAQEEYTBfMDoGCCsGAQUFBzAChi5odHRwczovL2NlcnRzLnJpYS5lZS9yaWFf -ZWNjX2lzc3VpbmdfY2FfZzMuY3J0MCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5y -aWFpbnQuZWUwYwYDVR0RBFwwWoIaY2RvYzItc2hhcmVzLmRldi5yaWFpbnQuZWWC -HWNkb2MyLXNoYXJlcy0wMS5kZXYucmlhaW50LmVlgh1jZG9jMi1zaGFyZXMtMDIu -ZGV2LnJpYWludC5lZTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYD -VR0OBBYEFA3EmTv1lf0od/CrIxKU8U1cNev7MA4GA1UdDwEB/wQEAwIHgDAKBggq -hkjOPQQDAwNoADBlAjB96G5FKWoIMs78kQzVcih57VeKy12QTK6m547O4naMHK4Y -xkMeIu9s9I8h/ZPKKSsCMQDmMszXk/+r76Z+LKlRe/fM7DS3WoN/AEp5CJomwKh3 -GAGRdy0uUkVn0KDx67TWBF0= ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/ria-dev/auth-server.properties b/cdoc2-cli/config/ria-dev/auth-server.properties deleted file mode 100644 index 2c643970..00000000 --- a/cdoc2-cli/config/ria-dev/auth-server.properties +++ /dev/null @@ -1,5 +0,0 @@ -auth-server.client.hostUrl=https://cdoc2-auth-01.dev.riaint.ee -auth-server.client.ssl.trust-store=config/ria-dev/clienttruststore_ria-dev.jks -auth-server.client.ssl.trust-store-password=passwd - -cdoc2.client.server.debug=true \ No newline at end of file diff --git a/cdoc2-cli/config/ria-dev/cdoc2-shares-dev-riaint.crt b/cdoc2-cli/config/ria-dev/cdoc2-shares-dev-riaint.crt deleted file mode 100644 index 343606dd..00000000 --- a/cdoc2-cli/config/ria-dev/cdoc2-shares-dev-riaint.crt +++ /dev/null @@ -1,69 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 18:57:fa:5d:b9:98:9c:ea:43:60:e1:42:3c:93:d5:c4:c0:17:b8:d4 - Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = EE, O = Information System Authority, CN = RIA ECC Issuing CA G3 - Validity - Not Before: Nov 15 11:10:29 2024 GMT - Not After : Nov 15 11:10:28 2025 GMT - Subject: C = EE, ST = Harju County, L = Tallinn, O = Information System Authority, CN = cdoc2-shares.dev.riaint.ee - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (384 bit) - pub: - 04:5b:e2:89:5f:24:5f:ce:df:5f:86:cc:5d:1b:51: - d9:21:db:b3:15:37:60:4c:9f:da:79:57:d1:cd:01: - cd:7f:ee:41:6f:81:42:00:40:bc:aa:47:08:31:50: - 92:d2:bc:04:35:bd:f5:7c:7e:59:11:be:43:53:ac: - ba:40:c9:77:03:6b:a5:2b:82:a2:17:c8:dc:4e:7c: - 95:11:17:44:59:bc:34:43:76:af:7d:8f:a8:60:97: - 78:b1:49:0d:59:b3:e8 - ASN1 OID: secp384r1 - NIST CURVE: P-384 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Authority Key Identifier: - 0C:A6:DD:D3:41:20:AF:B7:E6:BB:13:15:88:82:14:37:39:16:07:44 - Authority Information Access: - CA Issuers - URI:https://certs.ria.ee/ria_ecc_issuing_ca_g3.crt - OCSP - URI:http://ocsp.riaint.ee - X509v3 Subject Alternative Name: - DNS:cdoc2-shares.dev.riaint.ee, DNS:cdoc2-shares-01.dev.riaint.ee, DNS:cdoc2-shares-02.dev.riaint.ee - X509v3 Extended Key Usage: - TLS Web Client Authentication, TLS Web Server Authentication - X509v3 Subject Key Identifier: - 0D:C4:99:3B:F5:95:FD:28:77:F0:AB:23:12:94:F1:4D:5C:35:EB:FB - X509v3 Key Usage: critical - Digital Signature - Signature Algorithm: ecdsa-with-SHA384 - Signature Value: - 30:65:02:30:7d:e8:6e:45:29:6a:08:32:ce:fc:91:0c:d5:72: - 28:79:ed:57:8a:cb:5d:90:4c:ae:a6:e7:8e:ce:e2:76:8c:1c: - ae:18:c6:43:1e:22:ef:6c:f4:8f:21:fd:93:ca:29:2b:02:31: - 00:e6:32:cc:d7:93:ff:ab:ef:a6:7e:2c:a9:51:7b:f7:cc:ec: - 34:b7:5a:83:7f:00:4a:79:08:9a:26:c0:a8:77:18:01:91:77: - 2d:2e:52:45:67:d0:a0:f1:eb:b4:d6:04:5d ------BEGIN CERTIFICATE----- -MIIDbTCCAvOgAwIBAgIUGFf6XbmYnOpDYOFCPJPVxMAXuNQwCgYIKoZIzj0EAwMw -VDELMAkGA1UEBhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRo -b3JpdHkxHjAcBgNVBAMMFVJJQSBFQ0MgSXNzdWluZyBDQSBHMzAeFw0yNDExMTUx -MTEwMjlaFw0yNTExMTUxMTEwMjhaMIGCMQswCQYDVQQGEwJFRTEVMBMGA1UECAwM -SGFyanUgQ291bnR5MRAwDgYDVQQHDAdUYWxsaW5uMSUwIwYDVQQKDBxJbmZvcm1h -dGlvbiBTeXN0ZW0gQXV0aG9yaXR5MSMwIQYDVQQDDBpjZG9jMi1zaGFyZXMuZGV2 -LnJpYWludC5lZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABFviiV8kX87fX4bMXRtR -2SHbsxU3YEyf2nlX0c0BzX/uQW+BQgBAvKpHCDFQktK8BDW99Xx+WRG+Q1OsukDJ -dwNrpSuCohfI3E58lREXRFm8NEN2r32PqGCXeLFJDVmz6KOCAVUwggFRMAwGA1Ud -EwEB/wQCMAAwHwYDVR0jBBgwFoAUDKbd00Egr7fmuxMViIIUNzkWB0QwbQYIKwYB -BQUHAQEEYTBfMDoGCCsGAQUFBzAChi5odHRwczovL2NlcnRzLnJpYS5lZS9yaWFf -ZWNjX2lzc3VpbmdfY2FfZzMuY3J0MCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5y -aWFpbnQuZWUwYwYDVR0RBFwwWoIaY2RvYzItc2hhcmVzLmRldi5yaWFpbnQuZWWC -HWNkb2MyLXNoYXJlcy0wMS5kZXYucmlhaW50LmVlgh1jZG9jMi1zaGFyZXMtMDIu -ZGV2LnJpYWludC5lZTAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwHQYD -VR0OBBYEFA3EmTv1lf0od/CrIxKU8U1cNev7MA4GA1UdDwEB/wQEAwIHgDAKBggq -hkjOPQQDAwNoADBlAjB96G5FKWoIMs78kQzVcih57VeKy12QTK6m547O4naMHK4Y -xkMeIu9s9I8h/ZPKKSsCMQDmMszXk/+r76Z+LKlRe/fM7DS3WoN/AEp5CJomwKh3 -GAGRdy0uUkVn0KDx67TWBF0= ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/ria-dev/cdoc2-sharesexternal-dev-riaint.crt b/cdoc2-cli/config/ria-dev/cdoc2-sharesexternal-dev-riaint.crt deleted file mode 100644 index 78424581..00000000 --- a/cdoc2-cli/config/ria-dev/cdoc2-sharesexternal-dev-riaint.crt +++ /dev/null @@ -1,70 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 6d:82:b1:e9:44:2f:27:e6:be:13:e6:3b:86:37:6e:11:6a:9d:a0:76 - Signature Algorithm: ecdsa-with-SHA384 - Issuer: C = EE, O = Information System Authority, CN = RIA ECC Issuing CA G3 - Validity - Not Before: Nov 15 11:10:33 2024 GMT - Not After : Nov 15 11:10:32 2025 GMT - Subject: C = EE, ST = Harju County, L = Tallinn, O = Information System Authority, CN = cdoc2-sharesexternal.dev.riaint.ee - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (384 bit) - pub: - 04:f7:13:23:92:d6:1d:98:6c:64:c5:e0:89:17:f3: - cc:d4:01:f6:ed:bc:9a:f0:b9:48:25:e9:a3:60:ff: - 1e:d8:0a:6e:cb:ef:c8:64:25:26:64:ca:20:9a:7f: - 32:d5:13:52:4c:f0:57:c8:71:e0:2d:4c:b9:4a:8f: - 8b:97:46:17:15:7f:4e:86:9c:26:a0:53:72:ea:f1: - 04:57:62:99:33:19:76:f2:6b:8f:72:a3:0a:e8:e8: - e5:99:a9:ae:f7:7f:df - ASN1 OID: secp384r1 - NIST CURVE: P-384 - X509v3 extensions: - X509v3 Basic Constraints: critical - CA:FALSE - X509v3 Authority Key Identifier: - 0C:A6:DD:D3:41:20:AF:B7:E6:BB:13:15:88:82:14:37:39:16:07:44 - Authority Information Access: - CA Issuers - URI:https://certs.ria.ee/ria_ecc_issuing_ca_g3.crt - OCSP - URI:http://ocsp.riaint.ee - X509v3 Subject Alternative Name: - DNS:cdoc2-sharesexternal.dev.riaint.ee, DNS:cdoc2-sharesexternal-01.dev.riaint.ee, DNS:cdoc2-sharesexternal-02.dev.riaint.ee - X509v3 Extended Key Usage: - TLS Web Client Authentication, TLS Web Server Authentication - X509v3 Subject Key Identifier: - 5B:B6:A3:6F:74:4A:B5:20:09:13:F8:2D:BB:89:28:5A:1D:31:92:1E - X509v3 Key Usage: critical - Digital Signature - Signature Algorithm: ecdsa-with-SHA384 - Signature Value: - 30:65:02:30:4c:5c:78:4f:9c:2f:82:bf:ba:28:8f:20:44:29: - b3:40:b4:0d:ea:9a:9b:11:b8:d4:d2:1e:e9:5f:39:d8:57:3a: - b2:10:01:0d:74:c0:63:d0:e5:aa:d9:e1:22:d7:79:de:02:31: - 00:fc:cc:28:b0:a1:d7:35:9e:e7:e4:66:05:1a:63:9d:4d:d6: - 45:d8:e7:3f:92:17:2c:b9:24:e7:32:5c:2e:e8:12:a4:3f:3d: - c8:d1:30:ca:b8:00:30:a8:bd:4d:7f:8d:a0 ------BEGIN CERTIFICATE----- -MIIDjTCCAxOgAwIBAgIUbYKx6UQvJ+a+E+Y7hjduEWqdoHYwCgYIKoZIzj0EAwMw -VDELMAkGA1UEBhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRo -b3JpdHkxHjAcBgNVBAMMFVJJQSBFQ0MgSXNzdWluZyBDQSBHMzAeFw0yNDExMTUx -MTEwMzNaFw0yNTExMTUxMTEwMzJaMIGKMQswCQYDVQQGEwJFRTEVMBMGA1UECAwM -SGFyanUgQ291bnR5MRAwDgYDVQQHDAdUYWxsaW5uMSUwIwYDVQQKDBxJbmZvcm1h -dGlvbiBTeXN0ZW0gQXV0aG9yaXR5MSswKQYDVQQDDCJjZG9jMi1zaGFyZXNleHRl -cm5hbC5kZXYucmlhaW50LmVlMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9xMjktYd -mGxkxeCJF/PM1AH27bya8LlIJemjYP8e2Apuy+/IZCUmZMogmn8y1RNSTPBXyHHg -LUy5So+Ll0YXFX9OhpwmoFNy6vEEV2KZMxl28muPcqMK6Ojlmamu93/fo4IBbTCC -AWkwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQMpt3TQSCvt+a7ExWIghQ3ORYH -RDBtBggrBgEFBQcBAQRhMF8wOgYIKwYBBQUHMAKGLmh0dHBzOi8vY2VydHMucmlh -LmVlL3JpYV9lY2NfaXNzdWluZ19jYV9nMy5jcnQwIQYIKwYBBQUHMAGGFWh0dHA6 -Ly9vY3NwLnJpYWludC5lZTB7BgNVHREEdDBygiJjZG9jMi1zaGFyZXNleHRlcm5h -bC5kZXYucmlhaW50LmVlgiVjZG9jMi1zaGFyZXNleHRlcm5hbC0wMS5kZXYucmlh -aW50LmVlgiVjZG9jMi1zaGFyZXNleHRlcm5hbC0wMi5kZXYucmlhaW50LmVlMB0G -A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQUW7ajb3RKtSAJ -E/gtu4koWh0xkh4wDgYDVR0PAQH/BAQDAgeAMAoGCCqGSM49BAMDA2gAMGUCMExc -eE+cL4K/uiiPIEQps0C0DeqamxG41NIe6V852Fc6shABDXTAY9DlqtnhItd53gIx -APzMKLCh1zWe5+RmBRpjnU3WRdjnP5IXLLkk5zJcLugSpD89yNEwyrgAMKi9TX+N -oA== ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/ria-dev/clienttruststore_ria-dev.jks b/cdoc2-cli/config/ria-dev/clienttruststore_ria-dev.jks deleted file mode 100644 index db7a1ea6..00000000 Binary files a/cdoc2-cli/config/ria-dev/clienttruststore_ria-dev.jks and /dev/null differ diff --git a/cdoc2-cli/config/ria-dev/clienttruststore_ria-dev.jks.README b/cdoc2-cli/config/ria-dev/clienttruststore_ria-dev.jks.README deleted file mode 100644 index b88004a9..00000000 --- a/cdoc2-cli/config/ria-dev/clienttruststore_ria-dev.jks.README +++ /dev/null @@ -1 +0,0 @@ -keytool -import -trustcacerts -file tls-issuer.crt.pem -alias klass3-ria_2018_ecc_g3 -storepass passwd -keystore clienttruststore_ria-dev.jks diff --git a/cdoc2-cli/config/ria-dev/key-shares.properties b/cdoc2-cli/config/ria-dev/key-shares.properties deleted file mode 100644 index 8ca8dc13..00000000 --- a/cdoc2-cli/config/ria-dev/key-shares.properties +++ /dev/null @@ -1,10 +0,0 @@ -key-shares.servers.urls=https://cdoc2-shares.dev.riaint.ee, https://cdoc2-sharesexternal.dev.riaint.ee -key-shares.servers.min_num=2 -key-shares.algorithm=n-of-n - -# trusted certificates by client -cdoc2.key-shares.client.ssl.trust-store=config/ria-dev/clienttruststore_ria-dev.jks -cdoc2.key-shares.client.ssl.trust-store.type=JKS -cdoc2.key-shares.client.ssl.trust-store-password=passwd - -cdoc2.client.server.debug=true \ No newline at end of file diff --git a/cdoc2-cli/config/ria-dev/ria-dev.properties b/cdoc2-cli/config/ria-dev/ria-dev.properties deleted file mode 100644 index d1c0e3ec..00000000 --- a/cdoc2-cli/config/ria-dev/ria-dev.properties +++ /dev/null @@ -1,21 +0,0 @@ -# ria-dev, mutual TLS establishment with private key from id-cards (for reading key-capsule from the server) -cdoc2.client.server.id=ria-dev -cdoc2.client.server.base-url.post=https://cdoc2-keyserver.dev.riaint.ee:8443 -cdoc2.client.server.base-url.get=https://cdoc2-keyserver.dev.riaint.ee:8444 - -# trusted certificates by client -cdoc2.client.ssl.trust-store.type=JKS -# path (full or relative) -cdoc2.client.ssl.trust-store=config/ria-dev/clienttruststore_ria-dev.jks -cdoc2.client.ssl.trust-store-password=passwd - -# mutual TLS with cert from smart-card (EST-ID certificates are trusted by the server) -cdoc2.client.ssl.client-store.type=PKCS11 -# if ssl.client-store-password.prompt is set, then ask user interactively -cdoc2.client.ssl.client-store-password.prompt=PIN1 -# otherwise use password value -#cdoc2.client.ssl.client-store-password=3471 - -# if pkcs11 library is not found from default location, use -# -Dpkcs11-library=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -# cli option to specify pkcs11-library location diff --git a/cdoc2-cli/config/ria-dev/ria-dev_pkcs12.properties b/cdoc2-cli/config/ria-dev/ria-dev_pkcs12.properties deleted file mode 100644 index 30adb93e..00000000 --- a/cdoc2-cli/config/ria-dev/ria-dev_pkcs12.properties +++ /dev/null @@ -1,21 +0,0 @@ -# ria-dev, mutual TLS establishment with private key from PKCS12 store (for reading key-capsule from the server) -# public key part of servers trusted certs. See cdoc2-capsule-server/keys/README.md -cdoc2.client.server.id=ria-dev -cdoc2.client.server.base-url.post=https://cdoc2-keyserver.dev.riaint.ee:8443 -cdoc2.client.server.base-url.get=https://cdoc2-keyserver.dev.riaint.ee:8444 - -cdoc2.client.server.debug=true -cdoc2.client.server.connect-timeout=1000 -cdoc2.client.server.read-timeout=1000 - -# trusted certificates by client -cdoc2.client.ssl.trust-store.type=JKS -# path (full or relative) -cdoc2.client.ssl.trust-store=config/ria-dev/clienttruststore_ria-dev.jks -cdoc2.client.ssl.trust-store-password=passwd - -# Client private key and certificate for mutual TLS. Only required for decrypt or list commands -# Example configuration for pkcs12 based client configuration, update cdoc2.client.ssl.client-store to correct path -cdoc2.client.ssl.client-store.type=PKCS12 -cdoc2.client.ssl.client-store=keys/cdoc2client.p12 -cdoc2.client.ssl.client-store-password=passwd diff --git a/cdoc2-cli/config/ria-dev/ria-dev_pkcs12_rsa.properties b/cdoc2-cli/config/ria-dev/ria-dev_pkcs12_rsa.properties deleted file mode 100644 index 59bdaea6..00000000 --- a/cdoc2-cli/config/ria-dev/ria-dev_pkcs12_rsa.properties +++ /dev/null @@ -1,16 +0,0 @@ -# This configuration is untested, after 03.07.24 certificate change and load balancer activation -cdoc2.client.server.id=ria-dev -cdoc2.client.server.base-url.post=https://cdoc2-keyserver-01.dev.riaint.ee:8443 -cdoc2.client.server.base-url.get=https://cdoc2-keyserver-01.dev.riaint.ee:8444 -cdoc2.client.server.debug=true - -# trusted certificates by client -cdoc2.client.ssl.trust-store.type=JKS -cdoc2.client.ssl.trust-store=config/ria-dev/clienttruststore_ria-dev.jks -cdoc2.client.ssl.trust-store-password=passwd - - -# client private key and certificate for mutual TLS -cdoc2.client.ssl.client-store.type=PKCS12 -cdoc2.client.ssl.client-store=keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12 -cdoc2.client.ssl.client-store-password=passwd diff --git a/cdoc2-cli/config/ria-dev/rp-server.properties b/cdoc2-cli/config/ria-dev/rp-server.properties deleted file mode 100644 index 6faddf2b..00000000 --- a/cdoc2-cli/config/ria-dev/rp-server.properties +++ /dev/null @@ -1,7 +0,0 @@ -rp-server.client.hostUrl=https://cdoc2-rp.dev.riaint.ee -rp-server.client.certificateLevel=QUALIFIED - -rp-server.client.ssl.trust-store=config/ria-dev/clienttruststore_ria-dev.jks -rp-server.client.ssl.trust-store-password=passwd - -cdoc2.client.server.debug=true diff --git a/cdoc2-cli/config/ria-dev/tls-issuer.crt.pem b/cdoc2-cli/config/ria-dev/tls-issuer.crt.pem deleted file mode 100644 index 70e90b50..00000000 --- a/cdoc2-cli/config/ria-dev/tls-issuer.crt.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICvTCCAmOgAwIBAgIIEwktMxn8tjIwCgYIKoZIzj0EAwQwcTELMAkGA1UEBhMC -RUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRob3JpdHkxIDAeBgNV -BAMMF1JJQSBST09UIENBIDIwMTggRUNDIEcyMRkwFwYJKoZIhvcNAQkBFgpwa2lA -cmlhLmVlMB4XDTIwMDgxODEwMDU1M1oXDTM4MDkyMDIwNDIxOFowdjELMAkGA1UE -BhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRob3JpdHkxHzAd -BgNVBAsMFkNlcnRpZmljYXRpb24gU2VydmljZXMxHzAdBgNVBAMMFktMQVNTMy1S -SUEgMjAxOCBFQ0MgRzMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT3VfEDD3qs -NO5cTGmJHeUdgWKMVOKwFunKmUf5fx82waWthh/XgcZXBxg6wMpc05x/wsVjhEtz -q4Ll6UeFwiJDo4HfMIHcMBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAU -UCFh01APe/+6Mb/XVsMuezIYCEIwdgYIKwYBBQUHAQEEajBoMEMGCCsGAQUFBzAC -hjdodHRwOi8vd3d3LnJpYS5lZS9jZXJ0cy9SSUFfUk9PVF9DQV8yMDE4X0VDQ19H -Mi5kZXIuY3J0MCEGCCsGAQUFBzABhhVodHRwOi8vb2NzcC5yaWEuZWUvQ0EwHQYD -VR0OBBYEFFcaZmPOL66vUw4v7g888ZdZ3c7EMA4GA1UdDwEB/wQEAwIBxjAKBggq -hkjOPQQDBANIADBFAiEAipQ0yy53GLNbYFuMyxSHBKmEchGxZojuxsV62rS7C/gC -IF7PshKqti26zdo/0JuwYXIohUdiSpbIPTcZgU1Su9Wo ------END CERTIFICATE----- \ No newline at end of file diff --git a/cdoc2-cli/config/smart-id/RIA_ROOT_CA_2018.pem b/cdoc2-cli/config/smart-id/RIA_ROOT_CA_2018.pem deleted file mode 100644 index cb2a224e..00000000 --- a/cdoc2-cli/config/smart-id/RIA_ROOT_CA_2018.pem +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF5zCCA8+gAwIBAgIIciltck00n8UwDQYJKoZIhvcNAQEMBQAwbTELMAkGA1UE -BhMCRUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRob3JpdHkxHDAa -BgNVBAMME1JJQSBST09UIENBIDIwMTggRzExGTAXBgkqhkiG9w0BCQEWCnBraUBy -aWEuZWUwHhcNMTgwMzE1MTExMjExWhcNMzgwMTE5MTExMjExWjBtMQswCQYDVQQG -EwJFRTElMCMGA1UECgwcSW5mb3JtYXRpb24gU3lzdGVtIEF1dGhvcml0eTEcMBoG -A1UEAwwTUklBIFJPT1QgQ0EgMjAxOCBHMTEZMBcGCSqGSIb3DQEJARYKcGtpQHJp -YS5lZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPbR/9a97hZszVcL -+J2bvORbTRximHdwMz/UdmaXCJvUwCirfwmt8wXqNTkU93XYheoOs85NaznCDXnj -kpfZKNsQiA2/GhXoOgWk4pTpgGXyfWGyPQdkvadLyqanWaxHFayYdluNjU0KUX4E -E2w9cBC56d4H/OhMcc7f6I6gipY9G+BH3Tp1pA0TmB/Cmbw2IgE8l4N+SVZme7TQ -+CrouHs6stR1JlpRHFxpO0qJDcPr/oA1aGAEEMfNVttR4/bg5MERSxNblm8yDoih -buLOz8VuxXcATURV9qt22Ny85BGQRR7tsqyPU3oezfmGFYGd3YCjjHs6E6rc2C7D -X6ooS1MuJkm34LOd3hiFK0+d8vmOFNCj53j6MAffqtLHrYfTKPDSgzbdmvYG+AYi -G8norpQ5hRM4xAMQM7JaCdyNpFfZK6DhuMqSYY50lwHkv4/MUWl35r4s9g653Yqc -T2+hLxbyAqYk1oq33ZdzvMehaUaRKViwfjE2G8OGl0J77bxkGRofxkuBN/02vzKR -eRzMoAgx/PB78kC8G7oLctKU6GcYKABCXPWmM9185rJQYy6friCQs9ocmxTVT7Ly -tpGn/DTtECJCEjpy3SZ1ZaYpExw0E2aPkQvqHoKUJoc6m1E2tmTG7te08XUlPyN8 -xu8YBDeT6CWsY1vc2FxUOETlqgg9AgMBAAGjgYowgYcwDwYDVR0TAQH/BAUwAwEB -/zBFBgNVHSUEPjA8BggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF -BQcDCQYIKwYBBQUHAwEGCCsGAQUFBwMIMB0GA1UdDgQWBBRypgFOU6MkMj9DBZoW -VPhqA2uenzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEMBQADggIBAHYKaXi9 -+D+sUJRZ8tLESVrVtU80hMjNLfb4hyGcoU3NlC319Oo3j6fQ6no31P7RGPgoTV6C -3Gr99RTwf6D6NucB4BVcpvanPKfBEwrKCyq1CDaRnxG2RF2rte1m4tXwvk2ggt12 -TtC5yknPQATel5nkqB6bhPovmFO9cfYVDIKY61B+DSglXFQ1wuKJL2e3KAW1HhiC -4ktQCMSTDjWQcrVfsqAaYwjGfRZcYig3sIGuq4jRDNvT2AuaBs2siOr9zO3LOeiP -JmmrS24IgY8zTfF1jLpRC8Trnx3cL3yYTHeYOSaYTmEcO277GWQFnRiXbroASX38 -ABEWVBe9lO9A98ZSKmrmPnSWLzK0fK4sDkFP13YQdcDjNcceugOp6in8XO0wf2mg -vPtGtEk82pGTrwGMjNkrUTYTD82I/8Tdrt7TRgxkgp5ju73hf3G2H3QzGS2gfY0q -h5wmbriFo2KvR8fp4Vmb9BLlpV2VEaU5LAQNCl4PPKULlBkbVR9qGAKYgfGekBha -wfuHHGYx7pdrJTp59xN5aQ04Fd2C+ZNN8AkYBwXLz4aAfqyeUiB3HbK7L6yY4crz -uIGjdko9pKSSH69sqlUUj8PDrT9Hv92PWO3276ceLGPb9x1gQiaLvNgkXd0pXQPP -NUjXTJ+xYtwhEb95mb35idSv+ZLqTGU71rCV ------END CERTIFICATE----- \ No newline at end of file diff --git a/cdoc2-cli/config/smart-id/TEST_EID-NQ_2021E.pem.crt b/cdoc2-cli/config/smart-id/TEST_EID-NQ_2021E.pem.crt deleted file mode 100644 index ae2033e6..00000000 --- a/cdoc2-cli/config/smart-id/TEST_EID-NQ_2021E.pem.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDpTCCAwagAwIBAgIQTiO7d7Wr6Flg+BPaeYgVHDAKBggqhkjOPQQDAzBuMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEpMCcGA1UEAwwgVEVTVCBvZiBTSyBJRCBTb2x1dGlv -bnMgUk9PVCBHMUUwHhcNMjEwNzIxMTIzMjI2WhcNMzYwNzIxMTIzMjI2WjByMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEtMCsGA1UEAwwkVEVTVCBvZiBTSyBJRCBTb2x1dGlv -bnMgRUlELU5RIDIwMjFFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEBn6bE+DVXUwO -8gYWoA6tu2gb4ou3Gk55ge6jYehcxehS5RO3GaknTrc2YrLcq6nwrcBoIrkVlDOd -Bfub4oea3zL7VlA/ADQ8PTYexu+0zxk1TEtsj0KHH9lh8f7FR1awo4IBYzCCAV8w -HwYDVR0jBBgwFoAU4hzeY9y++IR+ATsuS4Cx4X/V8eYwHQYDVR0OBBYEFLNZ0LWq -a/mBsLQHo63DzpXv8Y5GMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ -AgEAMGwGCCsGAQUFBwEBBGAwXjAiBggrBgEFBQcwAYYWaHR0cDovL2RlbW8uc2su -ZWUvb2NzcDA4BggrBgEFBQcwAoYsaHR0cDovL2Muc2suZWUvVEVTVF9TS19ST09U -X0cxXzIwMjFFLmRlci5jcnQwOQYDVR0fBDIwMDAuoCygKoYoaHR0cDovL2Muc2su -ZWUvVEVTVF9TS19ST09UX0cxXzIwMjFFLmNybDBQBgNVHSAESTBHMEUGBFUdIAAw -PTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuc2tpZHNvbHV0aW9ucy5ldS9lbi9y -ZXBvc2l0b3J5L0NQUy8wCgYIKoZIzj0EAwMDgYwAMIGIAkIBsJ6X9zwyHP3b28br -WIsid0vqWxOzPFU4GFTH/AqXW71V9WLNBJHsbuBg2VNi4k7CKUW7MpRqL8UI8QX7 -/X7jFxMCQgF+IPUDMXMsV99sgqo/Y6VkZYqiakayHkvECkJCncUfmpqVYUlcAxeZ -zRlYIOz3F5AvYJTrtMP0TR3yASD1GtYs4A== ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/TEST_SK_ROOT_G1_2021E.pem.crt b/cdoc2-cli/config/smart-id/TEST_SK_ROOT_G1_2021E.pem.crt deleted file mode 100644 index 054743a0..00000000 --- a/cdoc2-cli/config/smart-id/TEST_SK_ROOT_G1_2021E.pem.crt +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICxDCCAiagAwIBAgIQGjWemJjC5ORg6CkyNQ5DzTAKBggqhkjOPQQDBDBuMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEpMCcGA1UEAwwgVEVTVCBvZiBTSyBJRCBTb2x1dGlv -bnMgUk9PVCBHMUUwHhcNMjEwNzA5MTA0NzE0WhcNNDEwNzA5MTA0NzE0WjBuMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEpMCcGA1UEAwwgVEVTVCBvZiBTSyBJRCBTb2x1dGlv -bnMgUk9PVCBHMUUwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACGx6ye24WAORL1 -8N0SquoI3TTJ3dd2EcZLs+wZY0XWYzPa0S4o8BKZQTCDbXz9O2x94hpdAjZ4S3Q2 -N7DAvQ0FfAHmM2JotR4UnYvxYv4JxJHpoRvrQoXOXdqO/wMymiPKTXHPFQz6nxxa -ORjy8xsrQeIdrTLj3c+HDVBRA5yE/IXed6NjMGEwDwYDVR0TAQH/BAUwAwEB/zAO -BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFOIc3mPcvviEfgE7LkuAseF/1fHmMB8G -A1UdIwQYMBaAFOIc3mPcvviEfgE7LkuAseF/1fHmMAoGCCqGSM49BAMEA4GLADCB -hwJBNDZ3R6qmJqL5bQf01oT369DEGcLhr2vA00nRZSqeaaLMfq+RQW8aYl0njfIZ -JAC6q6IJklpH5IyYrcZ29tcBrxECQgFH5aw8ZORororrLDPl1yY2RgsCO1SFoDh5 -eMEaKVtRKNSG1jLzfgiZJOdtIj/h/l/4oDc5DrDDY6kbAnl4M5pDKw== ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/TEST_of_EE_Certification_Centre_Root_CA.pem.crt b/cdoc2-cli/config/smart-id/TEST_of_EE_Certification_Centre_Root_CA.pem.crt deleted file mode 100644 index a7526114..00000000 --- a/cdoc2-cli/config/smart-id/TEST_of_EE_Certification_Centre_Root_CA.pem.crt +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEEzCCAvugAwIBAgIQc/jtqiMEFERMtVvsSsH7sjANBgkqhkiG9w0BAQUFADB9 -MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 -czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290 -IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIhgPMjAxMDEwMDcxMjM0NTZa -GA8yMDMwMTIxNzIzNTk1OVowfTELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNl -cnRpZml0c2VlcmltaXNrZXNrdXMxMDAuBgNVBAMMJ1RFU1Qgb2YgRUUgQ2VydGlm -aWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVl -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1gGpqCtDmNNEHUjC8LXq -xRdC1kpjDgkzOTxQynzDxw/xCjy5hhyG3xX4RPrW9Z6k5ZNTNS+xzrZgQ9m5U6uM -ywYpx3F3DVgbdQLd8DsLmuVOz02k/TwoRt1uP6xtV9qG0HsGvN81q3HvPR/zKtA7 -MmNZuwuDFQwsguKgDR2Jfk44eKmLfyzvh+Xe6Cr5+zRnsVYwMA9bgBaOZMv1TwTT -VNi9H1ltK32Z+IhUX8W5f2qVP33R1wWCKapK1qTX/baXFsBJj++F8I8R6+gSyC3D -kV5N/pOlWPzZYx+kHRkRe/oddURA9InJwojbnsH+zJOa2VrNKakNv2HnuYCIonzu -pwIDAQABo4GKMIGHMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G -A1UdDgQWBBS1NAqdpS8QxechDr7EsWVHGwN2/jBFBgNVHSUEPjA8BggrBgEFBQcD -AgYIKwYBBQUHAwEGCCsGAQUFBwMDBggrBgEFBQcDBAYIKwYBBQUHAwgGCCsGAQUF -BwMJMA0GCSqGSIb3DQEBBQUAA4IBAQAj72VtxIw6p5lqeNmWoQ48j8HnUBM+6mI0 -I+VkQr0EfQhfmQ5KFaZwnIqxWrEPaxRjYwV0xKa1AixVpFOb1j+XuVmgf7khxXTy -Bmd8JRLwl7teCkD1SDnU/yHmwY7MV9FbFBd+5XK4teHVvEVRsJ1oFwgcxVhyoviR -SnbIPaOvk+0nxKClrlS6NW5TWZ+yG55z8OCESHaL6JcimkLFjRjSsQDWIEtDvP4S -tH3vIMUPPiKdiNkGjVLSdChwkW3z+m0EvAjyD9rnGCmjeEm5diLFu7VMNVqupsbZ -SfDzzBLc5+6TqgQTOG7GaZk2diMkn03iLdHGFrh8ML+mXG9SjEPI ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/TEST_of_EID-SK_2016.pem.crt b/cdoc2-cli/config/smart-id/TEST_of_EID-SK_2016.pem.crt deleted file mode 100644 index 99b6d300..00000000 --- a/cdoc2-cli/config/smart-id/TEST_of_EID-SK_2016.pem.crt +++ /dev/null @@ -1,40 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIHCTCCBfGgAwIBAgIQVrOxHLphb7pfUJLPiYJRMzANBgkqhkiG9w0BAQwFADB9 -MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1 -czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290 -IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMjAwOTAzMDY1MzAzWhcN -MzAxMjE3MjE1OTU5WjBoMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlm -aXRzZWVyaW1pc2tlc2t1czEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHDAaBgNV -BAMME1RFU1Qgb2YgRUlELVNLIDIwMTYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw -ggIKAoICAQDqyjgcqyaktULCg+LV4apGWnzzHebH8XpuolWzAAByqbzrOCGtqF3U -rydhY6zJebM3k+JaR8s3xAszt58e6b0Syh7n4upTMDBo7UiOgyvAYh/c+y5vpDS7 -pzRXSIq9IT4o42yJI4PYsH2nkk/RYuedNi7Cu3boSrgpx+ztLjK0vzMpyeErQDRm -Nd19hbz1uKpK7W8LJoXTdAba6O9juv9zvtL256v8glrXEKwRr9/vFxAXQqh+Uv0b -dBLoCl+FJVcuZdEFHPCK4xrXTLK/Sg7b5lcJXn12CqC6pAu4LjBjlDX+mOAGBrD6 -n2OHRtzeWDaeRRwy+yDvd4e06UVd4Mkd/C4ibDx5OZxEuZnT5DbhJAsoNMxCiO7i -eC1LgW482T6doD+zzfCKovRj+1djQs/L1FTd1qR73LbH9AzL2XVeacai2OaI8n4T -LFOGjHBkkAPRCvBEtztcwStQ1vm7Y20I1BVtUiMApAdsqHxcYHvr782Rm77dlBjh -PKAC/PyczcYvRW40wG8nKxloBDENLDNXynPjrL6GksvZt2UBqYdPnW7KLkKZd5KS -b4wzM8cZKzKsXYZVTK3iyhgjDMSTABkBMFUuT/dzZ5s/FG5JnqJlCa9zawaOPlfS -+UuCsdb07w9Ke9sUWBcn4nyzo7PKrO5Ud8oZHAT0CO/BEasb99RVgwIDAQABo4IC -mDCCApQwHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wHQYDVR0OBBYE -FK6w6uE2+CarpcwLZlX+Oh0CvxK0MA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8E -CDAGAQH/AgEAMIHEBgNVHSAEgbwwgbkwPAYHBACL7EABAjAxMC8GCCsGAQUFBwIB -FiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzA8BgcEAIvsQAEA -MDEwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0v -Q1BTMDsGBgQAj3oBAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9y -ZXBvc2l0b29yaXVtL0NQUzAnBgNVHSUEIDAeBggrBgEFBQcDCQYIKwYBBQUHAwIG -CCsGAQUFBwMEMIGOBggrBgEFBQcBAQSBgTB/MCIGCCsGAQUFBzABhhZodHRwOi8v -ZGVtby5zay5lZS9vY3NwMFkGCCsGAQUFBzAChk1odHRwOi8vd3d3LnNrLmVlL3Vw -bG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3Rf -Q0EuZGVyLmNydDBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAA -AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJQYIKwYBBQUHAQMEGTAXMBUG -CCsGAQUFBwsCMAkGBwQAi+xJAQEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cHM6Ly93 -d3cuc2suZWUvcmVwb3NpdG9yeS9jcmxzL3Rlc3RfZWVjY3JjYS5jcmwwDQYJKoZI -hvcNAQEMBQADggEBACawLCQnjAOtDCaNejt1AqMVc8IwWy03TAAvceJd7rRSG9w2 -Q69OxVMVhUpQ4+K+M+Fqtpkq5IWO9GFXYeYL5JwiL4rjKPk1MIunM4ZKr6f+NQBy -4A4oHL0ArF4QoQZuYnUS/jesjQs2HXEthcLjdSkFyaoAyfPH50c0WTMDhZj8eEIK -NWPEqGmGZPkAc4+ivFdl7zEC6ZaaJ6NdtihQKdFcisgv3Uyc4kuzmHK/6OtNAXpg -qaiLyf4L3ThQ2KA+EuDp6B97rOfV4JWC265HkAwxKd9/3fk7pwnfyMxIonW5MGcN -nrlYjNXNft5cr9xu2A8mPXh2ArMiZ1yif5NDvHI= ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/TEST_of_ESTEID2018.pem.crt b/cdoc2-cli/config/smart-id/TEST_of_ESTEID2018.pem.crt deleted file mode 100644 index 506dc254..00000000 --- a/cdoc2-cli/config/smart-id/TEST_of_ESTEID2018.pem.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFfDCCBN2gAwIBAgIQNhjzSfd2UEpbkO14EY4ORTAKBggqhkjOPQQDBDBiMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgw -HhcNMTgwOTA2MDkwMzUyWhcNMzMwODMwMTI0ODI4WjBgMQswCQYDVQQGEwJFRTEb -MBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0 -NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MIGbMBAGByqGSM49AgEG -BSuBBAAjA4GGAAQBxYug4cEqwmIj+3TVaUlhfxCV9FQgfuglC2/0Ux1Ieqw11mDj -NvnGJhkWxaLbWJi7QtthMG5R104l7Np7lBevrBgBDtfgja9e3MLTQkY+cFS+UQxj -t9ZihTUJVsR7lowYlaGEiqqsGbEhlwfu27Xsm8b2rhSiTOvNdjTtG57NnwVAX+ij -ggMyMIIDLjAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDAdBgNVHQ4E -FgQUwISZKcROnzsCNPaZ4QpWAAgpPnswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB -/wQIMAYBAf8CAQAwggHNBgNVHSAEggHEMIIBwDAIBgYEAI96AQIwCQYHBACL7EAB -AjAyBgsrBgEEAYORIQECATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5l -ZS9DUFMwDQYLKwYBBAGDkSEBAgIwDQYLKwYBBAGDkX8BAgEwDQYLKwYBBAGDkSEB -AgUwDQYLKwYBBAGDkSEBAgYwDQYLKwYBBAGDkSEBAgcwDQYLKwYBBAGDkSEBAgMw -DQYLKwYBBAGDkSEBAgQwDQYLKwYBBAGDkSEBAggwDQYLKwYBBAGDkSEBAgkwDQYL -KwYBBAGDkSEBAgowDQYLKwYBBAGDkSEBAgswDQYLKwYBBAGDkSEBAgwwDQYLKwYB -BAGDkSEBAg0wDQYLKwYBBAGDkSEBAg4wDQYLKwYBBAGDkSEBAg8wDQYLKwYBBAGD -kSEBAhAwDQYLKwYBBAGDkSEBAhEwDQYLKwYBBAGDkSEBAhIwDQYLKwYBBAGDkSEB -AhMwDQYLKwYBBAGDkSEBAhQwDQYLKwYBBAGDkX8BAgIwDQYLKwYBBAGDkX8BAgMw -DQYLKwYBBAGDkX8BAgQwDQYLKwYBBAGDkX8BAgUwDQYLKwYBBAGDkX8BAgYwKgYD -VR0lAQH/BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDB3BggrBgEF -BQcBAQRrMGkwLgYIKwYBBQUHMAGGImh0dHA6Ly9haWEuZGVtby5zay5lZS9lZS1n -b3ZjYTIwMTgwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRUUt -R292Q0EyMDE4LmRlci5jcnQwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATA4BgNV -HR8EMTAvMC2gK6AphidodHRwOi8vYy5zay5lZS9UZXN0X29mX0VFLUdvdkNBMjAx -OC5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIBIF+LqytyaV4o5wUSm30VysB8LdWt -oOrzNq2QhB6tGv4slg5z+CR58e60eRFqNxT7eccA/HgoPWs0B1Z+L067qtUCQgCB -8OP0kHx/j1t7htN2CXjpSjGFZw5TTI4s1eGyTbe0UJRBXEkUKfFbZVmzGPFPprwU -dSPi8PpO7+xGBYlFHA4z+Q== ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/TEST_of_SK_ID_Solutions_EID-Q_2024E.pem.crt b/cdoc2-cli/config/smart-id/TEST_of_SK_ID_Solutions_EID-Q_2024E.pem.crt deleted file mode 100644 index 5ca038c0..00000000 --- a/cdoc2-cli/config/smart-id/TEST_of_SK_ID_Solutions_EID-Q_2024E.pem.crt +++ /dev/null @@ -1,23 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDxzCCAymgAwIBAgIUIJ92Wg42THMIC1QSOpWpxv3+22AwCgYIKoZIzj0EAwMw -bjELMAkGA1UEBhMCRUUxGzAZBgNVBAoMElNLIElEIFNvbHV0aW9ucyBBUzEXMBUG -A1UEYQwOTlRSRUUtMTA3NDcwMTMxKTAnBgNVBAMMIFRFU1Qgb2YgU0sgSUQgU29s -dXRpb25zIFJPT1QgRzFFMB4XDTI0MDYwMzEzMDEyMloXDTM5MDUzMTEzMDEyMVow -cTEsMCoGA1UEAwwjVEVTVCBvZiBTSyBJRCBTb2x1dGlvbnMgRUlELVEgMjAyNEUx -FzAVBgNVBGEMDk5UUkVFLTEwNzQ3MDEzMRswGQYDVQQKDBJTSyBJRCBTb2x1dGlv -bnMgQVMxCzAJBgNVBAYTAkVFMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE9tnu4Hr6 -oZ3virQ52FkQ8zgSnRLjSpbr7y6hjaI5ZtvFTssL3aOgvULxOvV5x+HtOmcGVfmh -vy9YtoJENq/E3pFFOkofrkX3O/RVLdtPpiVahYa89HCgqoEVDln5ILMWo4IBgzCC -AX8wEgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBTiHN5j3L74hH4BOy5L -gLHhf9Xx5jBsBggrBgEFBQcBAQRgMF4wOAYIKwYBBQUHMAKGLGh0dHA6Ly9jLnNr -LmVlL1RFU1RfU0tfUk9PVF9HMV8yMDIxRS5kZXIuY3J0MCIGCCsGAQUFBzABhhZo -dHRwOi8vZGVtby5zay5lZS9vY3NwMHAGA1UdIARpMGcwBgYEVR0gADBdBgNVHSAw -VjBUBggrBgEFBQcCARZIaHR0cHM6Ly93d3cuc2tpZHNvbHV0aW9ucy5ldS9yZXNv -dXJjZXMvY2VydGlmaWNhdGlvbi1wcmFjdGljZS1zdGF0ZW1lbnQvMDkGA1UdHwQy -MDAwLqAsoCqGKGh0dHA6Ly9jLnNrLmVlL1RFU1RfU0tfUk9PVF9HMV8yMDIxRS5j -cmwwHQYDVR0OBBYEFLAkFxmI42b4zShYZXtNFNiSZk9rMA4GA1UdDwEB/wQEAwIB -BjAKBggqhkjOPQQDAwOBiwAwgYcCQXIdNKdyvEhtB+48QZEXi2dgXiAjYD7O0D4f -4Y2KPajqrRcwd9KEYr/yFjK0JWYHqRFN47tMdYhisy7aFySEWmKcAkIBUbTJeSbo -XAKBT9+j2zQduKv8Eqb/AIQybcVXyP23w+1ujNkcQZMkok41nGOH2YNRP7aGsCZa -7Wy8pf2lw6EcfyU= ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/eidprx-ddwebapp-test-riaint.crt b/cdoc2-cli/config/smart-id/eidprx-ddwebapp-test-riaint.crt deleted file mode 100644 index 1d1d8bf0..00000000 --- a/cdoc2-cli/config/smart-id/eidprx-ddwebapp-test-riaint.crt +++ /dev/null @@ -1,66 +0,0 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 1922246471639173865 (0x1aad30fb40cd0ae9) - Signature Algorithm: ecdsa-with-SHA512 - Issuer: C = EE, O = Information System Authority, OU = Certification Services, CN = KLASS3-RIA 2018 ECC G3 - Validity - Not Before: Sep 23 11:06:33 2022 GMT - Not After : Sep 22 11:06:32 2027 GMT - Subject: C = EE, ST = Harju County, L = Tallinn, O = Information System Authority, CN = eidprx-ddwebapp.test.riaint.ee - Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey - Public-Key: (384 bit) - pub: - 04:a6:a3:eb:ea:66:fd:ae:86:87:36:2c:b6:e3:d1: - 53:38:0d:af:c6:02:75:2c:1b:66:a2:73:c4:5b:99: - 7a:b4:8a:28:3e:f7:1b:8e:3c:e4:48:30:2e:cb:6d: - 63:c0:1d:90:cf:13:96:9d:4d:d2:81:e6:4b:30:01: - 29:9a:7a:ec:6f:fe:f3:30:08:1a:9a:12:f0:75:8e: - b5:67:f3:d3:a2:1d:76:7a:e2:05:15:3e:fe:53:0b: - 7c:31:b2:62:98:51:cb - ASN1 OID: secp384r1 - NIST CURVE: P-384 - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Authority Key Identifier: - 57:1A:66:63:CE:2F:AE:AF:53:0E:2F:EE:0F:3C:F1:97:59:DD:CE:C4 - Authority Information Access: - CA Issuers - URI:http://www.ria.ee/certs/KLASS3-RIA_CA_2018_ECC_G2.der.crt - OCSP - URI:http://ocsp.ria.ee/ssl - X509v3 Subject Alternative Name: - DNS:eidprx-ddwebapp.test.riaint.ee, DNS:eidprx-ddwebapp-01.test.riaint.ee, DNS:eidprx-ddwebapp-02.test.riaint.ee - X509v3 Extended Key Usage: - TLS Web Client Authentication, TLS Web Server Authentication - X509v3 Subject Key Identifier: - 28:AC:D9:12:33:FB:20:79:85:B4:E8:67:9A:79:20:78:A4:66:95:61 - X509v3 Key Usage: critical - Digital Signature, Key Encipherment - Signature Algorithm: ecdsa-with-SHA512 - Signature Value: - 30:46:02:21:00:ab:1d:b1:f1:f3:82:66:c9:d8:4e:19:46:40: - bb:1c:7c:a5:19:1c:c0:b7:83:96:2c:41:a3:2c:7d:dc:d3:06: - 3d:02:21:00:cb:aa:6f:a1:48:64:8c:bf:f1:81:4a:40:20:6e: - 21:15:c8:92:c7:69:1f:15:6a:30:c8:2b:28:ff:96:63:c3:73 ------BEGIN CERTIFICATE----- -MIIDfTCCAyKgAwIBAgIIGq0w+0DNCukwCgYIKoZIzj0EAwQwdjELMAkGA1UEBhMC -RUUxJTAjBgNVBAoMHEluZm9ybWF0aW9uIFN5c3RlbSBBdXRob3JpdHkxHzAdBgNV -BAsMFkNlcnRpZmljYXRpb24gU2VydmljZXMxHzAdBgNVBAMMFktMQVNTMy1SSUEg -MjAxOCBFQ0MgRzMwHhcNMjIwOTIzMTEwNjMzWhcNMjcwOTIyMTEwNjMyWjCBhjEL -MAkGA1UEBhMCRUUxFTATBgNVBAgMDEhhcmp1IENvdW50eTEQMA4GA1UEBwwHVGFs -bGlubjElMCMGA1UECgwcSW5mb3JtYXRpb24gU3lzdGVtIEF1dGhvcml0eTEnMCUG -A1UEAwweZWlkcHJ4LWRkd2ViYXBwLnRlc3QucmlhaW50LmVlMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAEpqPr6mb9roaHNiy249FTOA2vxgJ1LBtmonPEW5l6tIooPvcb -jjzkSDAuy21jwB2QzxOWnU3SgeZLMAEpmnrsb/7zMAgamhLwdY61Z/PToh12euIF -FT7+Uwt8MbJimFHLo4IBajCCAWYwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBRXGmZj -zi+ur1MOL+4PPPGXWd3OxDB5BggrBgEFBQcBAQRtMGswRQYIKwYBBQUHMAKGOWh0 -dHA6Ly93d3cucmlhLmVlL2NlcnRzL0tMQVNTMy1SSUFfQ0FfMjAxOF9FQ0NfRzIu -ZGVyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AucmlhLmVlL3NzbDBvBgNV -HREEaDBmgh5laWRwcngtZGR3ZWJhcHAudGVzdC5yaWFpbnQuZWWCIWVpZHByeC1k -ZHdlYmFwcC0wMS50ZXN0LnJpYWludC5lZYIhZWlkcHJ4LWRkd2ViYXBwLTAyLnRl -c3QucmlhaW50LmVlMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNV -HQ4EFgQUKKzZEjP7IHmFtOhnmnkgeKRmlWEwDgYDVR0PAQH/BAQDAgWgMAoGCCqG -SM49BAMEA0kAMEYCIQCrHbHx84JmydhOGUZAuxx8pRkcwLeDlixBoyx93NMGPQIh -AMuqb6FIZIy/8YFKQCBuIRXIksdpHxVqMMgrKP+WY8Nz ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/local-ria-ca.crt b/cdoc2-cli/config/smart-id/local-ria-ca.crt deleted file mode 100644 index 8ce89f9c..00000000 --- a/cdoc2-cli/config/smart-id/local-ria-ca.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB8TCCAZegAwIBAgIUKtFX4Bxjuvs2rpOMUSOi19lNcTkwCgYIKoZIzj0EAwQw -TjELMAkGA1UEBhMCRUUxEDAOBgNVBAcMB1RhbGxpbm4xEjAQBgNVBAoMCXJpYS1s -b2NhbDEZMBcGA1UEAwwQcmlhLWNhLmxvY2FsaG9zdDAeFw0yNDExMDYxMTU1NTBa -Fw0yNTExMDYxMTU1NTBaME4xCzAJBgNVBAYTAkVFMRAwDgYDVQQHDAdUYWxsaW5u -MRIwEAYDVQQKDAlyaWEtbG9jYWwxGTAXBgNVBAMMEHJpYS1jYS5sb2NhbGhvc3Qw -WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQDb4oBf3XbcbbgbHfwE92QpRB+OeYb -COgUpaeOIY4ONIP5KlGjHTHqNbe726s2BBjLPEntKvnNbU3PYTEUyMPfo1MwUTAd -BgNVHQ4EFgQU8aFyrSe80ebEICfaN7KV5FJCgmEwHwYDVR0jBBgwFoAU8aFyrSe8 -0ebEICfaN7KV5FJCgmEwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDBANIADBF -AiEAn+LOG2UoAmnbjiXtwiZ3rYUxeqo4DRTWfIUBno2s7HQCIHXhO6PxuI+H+alr -hekfexbP/3kD6E5acR8ag69SovW9 ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/sid.demo.sk.ee.2024.pem.crt b/cdoc2-cli/config/smart-id/sid.demo.sk.ee.2024.pem.crt deleted file mode 100644 index 7ae6d9c8..00000000 --- a/cdoc2-cli/config/smart-id/sid.demo.sk.ee.2024.pem.crt +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGxTCCBa2gAwIBAgIQB//0m9ljohCn8LB5KDcE1jANBgkqhkiG9w0BAQsFADBZ -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE -aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjQx -MDAzMDAwMDAwWhcNMjUxMDE0MjM1OTU5WjBVMQswCQYDVQQGEwJFRTEQMA4GA1UE -BxMHVGFsbGlubjEbMBkGA1UEChMSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQQD -Ew5zaWQuZGVtby5zay5lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AKAyy0yvjRCrATznThIwCu/wPCU5mV5UZIzNWl9KXx+gQiBp92SXfTOokkfiikBH -09HI+yVr3zI2U6FR8Tj21GiFE3bttmpCw8tJLmTe/P0Xah1D6vVkymbBt69N24ur -RqhW9in84WdkPc30vGJ+TdIj3jIePAbK3hHbpm+BfeyUhM48xXRgW+cBA//6R1C9 -lUaF9Ycylf+g/P7FpmzHRk2HF3bPyWziBVOhIADtqMyVEJk20dl0SWGsCmAJuAhM -mOPc87zpXYzlAlY24XgsTyQdDnqmJn8ZukDahIt9ybKH/WPLkZfw6xBnsQKXdG0J -HBqBsgQdPDFsrsY45o4ek0kCAwEAAaOCA4swggOHMB8GA1UdIwQYMBaAFHSFgMBm -x9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBSK7cmy40mto6zFVpcvnOyggb6YnzAZ -BgNVHREEEjAQgg5zaWQuZGVtby5zay5lZTA+BgNVHSAENzA1MDMGBmeBDAECAjAp -MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0f -BIGXMIGUMEigRqBEhkJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRH -bG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9j -cmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAy -MENBMS0xLmNybDCBhwYIKwYBBQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8v -b2NzcC5kaWdpY2VydC5jb20wUQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRp -Z2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0x -LmNydDAMBgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdwAS -8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAAAZJR+i+zAAAEAwBIMEYC -IQC7tPwb72Mur1ljtCP8g1/BkS6nJV0QeueW3eSa2L+PkwIhAPCJOyx++Vg5mE5D -6S0ctqbVRQsM5XGKYrBzAyzh0QHaAHYAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65 -Ay/ZDowuebgAAAGSUfovdQAABAMARzBFAiEA6ifcmc/Si0vOqT4JTAMqervuE7Uz -iYGZIIZI09BYINICICeJuQZrqP7aHqn9+0iyvl5ptJl2cZ5YyqF3Km9f6vu4AHYA -5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlAAAAGSUfovjAAABAMARzBF -AiEAkdK3dAY6ABFtaE1bTjIlYAF5cFT8N2pvxL0mA79LlDwCIFGZJ3EYJfxVbj9m -S/8FynieG/02iMF6xzmmrU58La0pMA0GCSqGSIb3DQEBCwUAA4IBAQCnq3OnD4uw -uvt75qYIBgFNN+nIMslacl8iQYSOswr+K90QzL/yf+lLafDX0QMtDL5b2t1a834R -8efjlEuISfp+YjTdtnNV1jZ7nnkHcFMP1MGbv/JQigPO8AgL+oxGHiRCp6FNJTwt -FtvHkqd5rDJUU988LdND4aYtmKYmGKj06sSqhpl9xmbIxdXPvaJGoHC/gEpM8AKw -oL4afke2q3FpjQ1eDT+37pjsEjQi6nT0/cSNoyxy4QbqWBgGclmb9ZAfOFkaO5U3 -bhRopdPzRSrQROUF0ovPk4aC+b74KAV/oxtQjPTdpdxTVBwjfn2tpes5q+TZUGSZ -AyP23gCAvmuj ------END CERTIFICATE----- diff --git a/cdoc2-cli/config/smart-id/smartid_demo_server_trusted_ssl_certs.jks b/cdoc2-cli/config/smart-id/smartid_demo_server_trusted_ssl_certs.jks deleted file mode 100644 index edf73763..00000000 Binary files a/cdoc2-cli/config/smart-id/smartid_demo_server_trusted_ssl_certs.jks and /dev/null differ diff --git a/cdoc2-cli/config/smart-id/tsp_demo_sk_ee_2025.pem.cer b/cdoc2-cli/config/smart-id/tsp_demo_sk_ee_2025.pem.cer deleted file mode 100644 index e7f123a4..00000000 --- a/cdoc2-cli/config/smart-id/tsp_demo_sk_ee_2025.pem.cer +++ /dev/null @@ -1,39 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGxTCCBa2gAwIBAgIQBrRXB/cwOQn5PdLZWym2lTANBgkqhkiG9w0BAQsFADBZ -MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMTMwMQYDVQQDEypE -aWdpQ2VydCBHbG9iYWwgRzIgVExTIFJTQSBTSEEyNTYgMjAyMCBDQTEwHhcNMjUw -MTE0MDAwMDAwWhcNMjYwMTI4MjM1OTU5WjBVMQswCQYDVQQGEwJFRTEQMA4GA1UE -BxMHVGFsbGlubjEbMBkGA1UEChMSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQQD -Ew50c3AuZGVtby5zay5lZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB -AL2uXO+8VCXz7P9c1E6SzbssRqMcTq3CFWgM2jTiJmN0271Y208GiPB2P6A/jOQu -/pbky7Y494OpCbGKgH82Kiox/NILRyKQZoEqWIKSFr9BoCb5i45ZZfBIdC7EtwvV -RtlILDFCetBOztc+XOBh8ZO8GBgrhZ0Osa55HHmdLQAetcfX9HvYe8XoH4doc6za -YZ7ocP4VFvyKoKpj32uVSNborgkOE04HS20/IHjYl4QQ/tbjHymZW1ENA6n0URxw -aHBev4GnF6BgoeNg1xbMf3l+Zan4jUT1xywr8Y3tCJd8TPWVA8s1+gY1PE+Wj3tC -MrhmGoTJBNrtJdLq5MmrPsECAwEAAaOCA4swggOHMB8GA1UdIwQYMBaAFHSFgMBm -x9833s+9KTeqAx2+7c0XMB0GA1UdDgQWBBTaA9oJontGg5jKsb2uklqZzonBgTAZ -BgNVHREEEjAQgg50c3AuZGVtby5zay5lZTA+BgNVHSAENzA1MDMGBmeBDAECAjAp -MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0P -AQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCBnwYDVR0f -BIGXMIGUMEigRqBEhkJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRH -bG9iYWxHMlRMU1JTQVNIQTI1NjIwMjBDQTEtMS5jcmwwSKBGoESGQmh0dHA6Ly9j -cmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAy -MENBMS0xLmNybDCBhwYIKwYBBQUHAQEEezB5MCQGCCsGAQUFBzABhhhodHRwOi8v -b2NzcC5kaWdpY2VydC5jb20wUQYIKwYBBQUHMAKGRWh0dHA6Ly9jYWNlcnRzLmRp -Z2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbEcyVExTUlNBU0hBMjU2MjAyMENBMS0x -LmNydDAMBgNVHRMBAf8EAjAAMIIBfwYKKwYBBAHWeQIEAgSCAW8EggFrAWkAdgAO -V5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWsYcVOIQAAAZRkob9NAAAEAwBHMEUC -IHtG4374bJEaXDLucqLUwyFvZm7YnC61MBwjz6L8CGaWAiEA0ZGSXktrvJ11LHl8 -e9Fy5/cmetJU3dxXcimSGh7vbNcAdwBkEcRspBLsp4kcogIuALyrTygH1B41J6vq -/tUDyX3N8AAAAZRkob+VAAAEAwBIMEYCIQDQQ1CJgvgdSj2rU/KezhUytJmAzRhP -RERkHSRmtk9ldQIhAL47+EWVay1oTn7Dnf2Zq3fLc4z6c55W0RLjoCe4j1X0AHYA -SZybad4dfOz8Nt7Nh2SmuFuvCoeAGdFVUvvp6ynd+MMAAAGUZKG/nQAABAMARzBF -AiEAxuhpjC3o/Bj9ZXk0UO8zjoIRzDGmNJ/wjuSb5PuGscwCIG6ofmTxDs6wQFvg -4OYocjpovQgGbGfGubLMTmjbc30KMA0GCSqGSIb3DQEBCwUAA4IBAQAybE9EgQws -4MNFSVtskonyU9C9RZXqgJQ2vASABF+X9P4haqTtpqJJTdWYUXHMPrRoa7YAgVTd -bDgxG9K7w+sAE5ir3A+fb+MISmD3UN7iqKrpO9wiPZ/L2kXhImhzdLcYGcYMI6LW -nAzjkMcWMKMSzi45M2EE9yk9FFl/2tfqmuT+Sc7ZMefBPc5x0AtO3vh6VNk8eawq -E742/UGRIrMmE4BF1UztXuNJ3zRRV/BCM9JRARKHYPF4GCTmOO0SrNmu8rBnFVhB -ODCbhk3CKcvKr/evOeS9y+r5Jxi7mZ3tXQA91NzVtDX4ZzAr105IE/vqt21oMOq7 -OpjbClffJ1cp ------END CERTIFICATE----- diff --git a/cdoc2-cli/keys/38001085718_cert.pem b/cdoc2-cli/keys/38001085718_cert.pem deleted file mode 100644 index e1d12a8d..00000000 --- a/cdoc2-cli/keys/38001085718_cert.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEDjCCA2+gAwIBAgIQaLfRQQSV3nMFgzOBgc5eKjAKBggqhkjOPQQDBDBgMQsw -CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh -DA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4X -DTIzMTEyOTA3MTYwOVoXDTI4MTEyODIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAo -BgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UE -BAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5P -RUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASrgI6qFJh+LloJ -pNRwTL+89OVYygtOHVFuKpAuf7ZcLPnsaAnynvUTn9I8AvSzLnR7pzRVPDir+tTe -k2Hp9IzwF067hOf8NKp3WbkaGk74Gdcd9RGPLfzDi+YcTj9zniWjggHNMIIByTAJ -BgNVHRMEAjAAMB8GA1UdIwQYMBaAFMCEmSnETp87AjT2meEKVgAIKT57MHMGCCsG -AQUFBwEBBGcwZTA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9F -U1RFSUQyMDE4LmRlci5jcnQwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5z -ay5lZS9lc3RlaWQyMDE4MB8GA1UdEQQYMBaBFDM4MDAxMDg1NzE4QGVlc3RpLmVl -MEcGA1UdIARAMD4wMgYLKwYBBAGDkSEBAQEwIzAhBggrBgEFBQcCARYVaHR0cHM6 -Ly93d3cuc2suZWUvQ1BTMAgGBgQAj3oBAjAgBgNVHSUBAf8EFjAUBggrBgEFBQcD -AgYIKwYBBQUHAwQwawYIKwYBBQUHAQMEXzBdMAgGBgQAjkYBATBRBgYEAI5GAQUw -RzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3It -dXNlLW9mLWNlcnRpZmljYXRlcy8TAmVuMB0GA1UdDgQWBBS4o0jDfX8kNdQdsOqq -S3Yvx0vk2jAOBgNVHQ8BAf8EBAMCA4gwCgYIKoZIzj0EAwQDgYwAMIGIAkIA52jr -H5u3U+KQ8gWuXFi+3hqsR6O0NG5hoFQN6Qk1P3xH1U9WEYrzBrfMTRAxAGHGh6JX -jxjGyHAwiMVBnD4UBWUCQgFU4YC4yybxs6lsWp9h8pvLb72eqibkq50Jjb19bwhk -mPaHamWsjrX1071PHqk7W4szaKrxy49qBuoiouLtjug9hQ== ------END CERTIFICATE----- diff --git a/cdoc2-cli/keys/cdoc2client-256-certificate.pem b/cdoc2-cli/keys/cdoc2client-256-certificate.pem deleted file mode 100644 index fca7cc7b..00000000 --- a/cdoc2-cli/keys/cdoc2client-256-certificate.pem +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBvDCCAWGgAwIBAgIUeh6QtqoneaXam9hrc45NqKFvZcwwCgYIKoZIzj0EAwIw -QTELMAkGA1UEBhMCRUUxFzAVBgNVBAoMDkN5YmVybmV0aWNhIEFTMRkwFwYDVQQD -DBBjZG9jMi1jbGllbnQtMjU2MB4XDTI1MTIwOTA5MjY1M1oXDTM1MTIwNzA5MjY1 -M1owQTELMAkGA1UEBhMCRUUxFzAVBgNVBAoMDkN5YmVybmV0aWNhIEFTMRkwFwYD -VQQDDBBjZG9jMi1jbGllbnQtMjU2MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE -HAE8+XM5zCVTE78un9B/VYaFaRYmPcnnk5J8l9Atlb4H0N4SyJAn7CR4C+DwGxqk -C+kvUQt3Gwub2yL75PP/5aM3MDUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1Ud -DgQWBBQmBOousur5p1XRUO6+IPoKoc/zgjAKBggqhkjOPQQDAgNJADBGAiEAxCKM -h+9lqQVLKVMg21IrWOWfcXPN5QrEgjN6XtmXOHoCIQCBORI7vs7qcdWd9RBgdtqh -NWo9HE8pmDCDm+p8OgQhhQ== ------END CERTIFICATE----- diff --git a/cdoc2-cli/keys/cdoc2client-certificate.pem b/cdoc2-cli/keys/cdoc2client-certificate.pem deleted file mode 100644 index 868c51f8..00000000 --- a/cdoc2-cli/keys/cdoc2client-certificate.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICVTCCAdygAwIBAgIIJkGb9aO/rHQwCgYIKoZIzj0EAwQwczELMAkGA1UEBhMC -RUUxEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xFzAVBgNVBAoT -DkN5YmVybmV0aWNhIEFTMRAwDgYDVQQLEwdVbmtub3duMRUwEwYDVQQDEwxjZG9j -Mi1jbGllbnQwHhcNMjQwODA5MTI0MzE2WhcNMzQwODA3MTI0MzE2WjBzMQswCQYD -VQQGEwJFRTEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEXMBUG -A1UEChMOQ3liZXJuZXRpY2EgQVMxEDAOBgNVBAsTB1Vua25vd24xFTATBgNVBAMT -DGNkb2MyLWNsaWVudDB2MBAGByqGSM49AgEGBSuBBAAiA2IABCdUFlDBrYlsWLsh -venBl8MfdsAuLgab0m6Gyja1vZ3czlNc+1vKg4GYVFB6cxBeOBYTv+86JCCsb5Fn -PYxFapfy+r995ZJ4n0fb/zu48Sg0rCslvrtnymv8aQlnM36VDKM9MDswHQYDVR0O -BBYEFBDO/vmkajznwVReDa4EXoVS098XMBoGA1UdEQQTMBGHBH8AAAGCCWxvY2Fs -aG9zdDAKBggqhkjOPQQDBANnADBkAjBvuj4xfDHQiwiYUFojROonwdSIFlzDy8bh -wuOZ48KyQmXeg6qcZ26gstrBkYL/eIECMCnwm75rA7VydL4SiH70qdu5May1tm0g -tc9VikmIarZX+d6rHJmCQ0eo6Vi1U8BYXg== ------END CERTIFICATE----- diff --git a/cdoc2-cli/keys/cdoc2client.p12 b/cdoc2-cli/keys/cdoc2client.p12 deleted file mode 100644 index 6818a1f3..00000000 Binary files a/cdoc2-cli/keys/cdoc2client.p12 and /dev/null differ diff --git a/cdoc2-cli/keys/cdoc2client_256_priv.key b/cdoc2-cli/keys/cdoc2client_256_priv.key deleted file mode 100644 index c8fbe1a8..00000000 --- a/cdoc2-cli/keys/cdoc2client_256_priv.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIC1hS10zPbvxGwvtR3G0q4M4sVtX15toe8hWor31nt3EoAoGCCqGSM49 -AwEHoUQDQgAEHAE8+XM5zCVTE78un9B/VYaFaRYmPcnnk5J8l9Atlb4H0N4SyJAn -7CR4C+DwGxqkC+kvUQt3Gwub2yL75PP/5Q== ------END EC PRIVATE KEY----- diff --git a/cdoc2-cli/keys/cdoc2client_256_pub.key b/cdoc2-cli/keys/cdoc2client_256_pub.key deleted file mode 100644 index e1114373..00000000 --- a/cdoc2-cli/keys/cdoc2client_256_pub.key +++ /dev/null @@ -1,4 +0,0 @@ ------BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHAE8+XM5zCVTE78un9B/VYaFaRYm -Pcnnk5J8l9Atlb4H0N4SyJAn7CR4C+DwGxqkC+kvUQt3Gwub2yL75PP/5Q== ------END PUBLIC KEY----- diff --git a/cdoc2-cli/keys/cdoc2client_priv.key b/cdoc2-cli/keys/cdoc2client_priv.key deleted file mode 100644 index d3125599..00000000 --- a/cdoc2-cli/keys/cdoc2client_priv.key +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MIGkAgEBBDDaHrkmfvP3MVnpwjmYd2HZVIJNs8XZX8uqaDsx2LGYNudRGvImLZ41 -V7QMCd44fhGgBwYFK4EEACKhZANiAAQnVBZQwa2JbFi7Ib3pwZfDH3bALi4Gm9Ju -hso2tb2d3M5TXPtbyoOBmFRQenMQXjgWE7/vOiQgrG+RZz2MRWqX8vq/feWSeJ9H -2/87uPEoNKwrJb67Z8pr/GkJZzN+lQw= ------END EC PRIVATE KEY----- diff --git a/cdoc2-cli/keys/cdoc2client_pub.key b/cdoc2-cli/keys/cdoc2client_pub.key deleted file mode 100644 index 41ec5e0b..00000000 --- a/cdoc2-cli/keys/cdoc2client_pub.key +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN PUBLIC KEY----- -MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJ1QWUMGtiWxYuyG96cGXwx92wC4uBpvS -bobKNrW9ndzOU1z7W8qDgZhUUHpzEF44FhO/7zokIKxvkWc9jEVql/L6v33lknif -R9v/O7jxKDSsKyW+u2fKa/xpCWczfpUM ------END PUBLIC KEY----- diff --git a/cdoc2-cli/keys/extract_client_keys.sh b/cdoc2-cli/keys/extract_client_keys.sh deleted file mode 100644 index af78be44..00000000 --- a/cdoc2-cli/keys/extract_client_keys.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bash - -cd ../.. -PROJECT_DIR=$(pwd) -KEYS_DIR=${PROJECT_DIR}/cdoc2-cli/keys - -# fetching updated client certificate and key store (have to be commited at source remote repository) -git remote add source "$REMOTE_REPOSITORY" -echo "# Fetching source..." -git fetch source -echo "# Checkout source branch $SOURCE_BRANCH_NAME/keys" -git checkout source/"$SOURCE_BRANCH_NAME" -- keys -echo "# Got following files in keys directory:" -git status --branch --short - -echo "# Checkout destination branch $DESTINATION_BRANCH_NAME" -git checkout -b "$DESTINATION_BRANCH_NAME" -echo "# Moving client key store cdoc2client.p12 to cdoc2-cli/keys..." -mv keys/cdoc2client.p12 cdoc2-cli/keys -echo "# Moving client certificate client-certificate.pem to cdoc2-cli/keys..." -mv keys/ca_certs/client-certificate.pem cdoc2-cli/keys -echo "# Renaming client certificate to cdoc2client-certificate.pem..." -mv cdoc2-cli/keys/client-certificate.pem cdoc2-cli/keys/cdoc2client-certificate.pem -echo "# Removing unnecessary fetched files..." -rm -rf keys - -git remote remove source "$REMOTE_REPOSITORY" -cd "$KEYS_DIR" || exit - - -# Extract private key from pkcs12 format keystore -echo "# Beginning to extract private and public keys..." -openssl pkcs12 -in cdoc2client.p12 -nodes -nocerts -passin pass:passwd -out temp_all_keys.key -awk -vwant=cdoc2-client '/friendlyName:/{sel=($2==want)} /^-----BEGIN/,/^-----END/{if(sel)print}' temp_all_keys.key > cdoc2client_priv.key -rm temp_all_keys.key -# Convert it to EC PRIVATE KEY using below command: -openssl ec -in cdoc2client_priv.key -out cdoc2client_priv.key -passin pass:passwd -echo "# Private key is extracted." - -# Extract public key from certificate -openssl x509 -inform pem -in cdoc2client-certificate.pem -pubkey -out temp_public.key -awk '/^-----BEGIN PUBLIC KEY/,/^-----END PUBLIC KEY/' temp_public.key > cdoc2client_pub.key -rm temp_public.key -echo "# Public key is extracted." diff --git a/cdoc2-cli/keys/remote_repository.sh b/cdoc2-cli/keys/remote_repository.sh deleted file mode 100644 index 95fd5180..00000000 --- a/cdoc2-cli/keys/remote_repository.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -# Set up remote repository and required branches manually before running extract_client_keys.sh script -export REMOTE_REPOSITORY= # git@:cdoc2/cdoc2-capsule-server.git -export SOURCE_BRANCH_NAME= -export DESTINATION_BRANCH_NAME= \ No newline at end of file diff --git a/cdoc2-cli/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12 b/cdoc2-cli/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12 deleted file mode 100644 index b901be39..00000000 Binary files a/cdoc2-cli/keys/sk-signed-test-certs/cdoc2-rsa-test-sk.p12 and /dev/null differ diff --git a/cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/DecryptionKeyExclusiveArgument.java b/cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/DecryptionKeyExclusiveArgument.java deleted file mode 100644 index 4278d724..00000000 --- a/cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/DecryptionKeyExclusiveArgument.java +++ /dev/null @@ -1,89 +0,0 @@ -package ee.cyber.cdoc2.cli; - -import picocli.CommandLine; - -import java.io.File; - -import ee.cyber.cdoc2.cli.util.CliConstants; -import ee.cyber.cdoc2.cli.util.LabeledPasswordParam; -import ee.cyber.cdoc2.cli.util.LabeledPasswordParamConverter; -import ee.cyber.cdoc2.cli.util.LabeledSecretConverter; -import ee.cyber.cdoc2.crypto.keymaterial.LabeledSecret; - - -/** - * Optional group of mutually exclusive arguments, only one of the arguments in the group can - * appear on the command line - */ -public class DecryptionKeyExclusiveArgument { - - @CommandLine.Option(names = {"-k", "--key"}, - paramLabel = "PEM", description = "EC private key PEM used to decrypt") - private File privKeyFile; - - @CommandLine.Option(names = {"-p12"}, - paramLabel = ".p12", description = "Load private key from .p12 file (FILE.p12:password)") - private String p12; - - @CommandLine.Option(names = {"-s", "--secret"}, paramLabel = "