diff --git a/Docker/xrd-dev-stack/tools/deploy.sh b/Docker/xrd-dev-stack/tools/deploy.sh index e9df2f5ec7..9960b99282 100755 --- a/Docker/xrd-dev-stack/tools/deploy.sh +++ b/Docker/xrd-dev-stack/tools/deploy.sh @@ -1,5 +1,7 @@ #!/bin/bash +: ${XROAD_HOME:?"XROAD_HOME is not set"} + deploy_module() { local module_name=$1 shift @@ -15,6 +17,7 @@ deploy_module() { ;; "messagelog-addon") jar_path="$XROAD_HOME/src/addons/messagelog/messagelog-addon/build/libs/messagelog-addon.jar" + target_path="/usr/share/xroad/jlib/addon/proxy/" service_name="xroad-proxy" ;; "hwtoken-addon") @@ -66,14 +69,18 @@ deploy_module() { done } -set -o xtrace +set -o xtrace -o errexit case $1 in "proxy" | "messagelog-addon" | "metaservice-addon" | "proxy-ui-api" | "configuration-client" | "op-monitor-daemon") - deploy_module "$1" "ss0" "ss1" + hosts=("ss0" "ss1") + if [[ $# > 1 ]]; then hosts=("${@:2}"); fi + deploy_module "$1" "${hosts[@]}" ;; "signer" | "hwtoken-addon") - deploy_module "$1" "ss0" "ss1" "cs" + hosts=("ss0" "ss1" "cs") + if [[ $# > 1 ]]; then hosts=("${@:2}"); fi + deploy_module "$1" "${hosts[@]}" ;; "cs-admin-service" | "cs-management-service" | "cs-registration-service") deploy_module "$1" "cs" diff --git a/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogManager.java b/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogManager.java index 8b568b80f7..2b6c04a39c 100644 --- a/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogManager.java +++ b/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogManager.java @@ -31,6 +31,7 @@ import ee.ria.xroad.common.DiagnosticsUtils; import ee.ria.xroad.common.conf.globalconf.GlobalConfProvider; import ee.ria.xroad.common.conf.serverconf.ServerConfProvider; +import ee.ria.xroad.common.message.AttachmentStream; import ee.ria.xroad.common.messagelog.AbstractLogManager; import ee.ria.xroad.common.messagelog.LogMessage; import ee.ria.xroad.common.messagelog.MessageLogProperties; @@ -44,6 +45,7 @@ import lombok.extern.slf4j.Slf4j; import org.apache.commons.io.input.BoundedInputStream; +import java.io.InputStream; import java.time.Duration; import java.time.Instant; import java.time.temporal.ChronoUnit; @@ -190,11 +192,11 @@ private TimestampRecord timestampImmediately(MessageRecord logRecord) throws Exc private static MessageRecord createMessageRecord(SoapLogMessage message) throws Exception { log.trace("createMessageRecord()"); - String loggedMessage = new MessageBodyManipulator().getLoggableMessageText(message); + var manipulator = new MessageBodyManipulator(); MessageRecord messageRecord = new MessageRecord( message.getQueryId(), - loggedMessage, + manipulator.getLoggableMessageText(message), message.getSignature().getSignatureXml(), message.isResponse(), message.isClientSide() ? message.getClient() : message.getService().getClientId(), @@ -205,12 +207,38 @@ private static MessageRecord createMessageRecord(SoapLogMessage message) throws if (message.getSignature().isBatchSignature()) { messageRecord.setHashChainResult(message.getSignature().getHashChainResult()); messageRecord.setHashChain(message.getSignature().getHashChain()); + } else if (manipulator.isBodyLogged(message)) { + // log attachments for non-batch signatures + if (MAX_LOGGABLE_BODY_SIZE > 0) { + messageRecord.setAttachmentStreams(message.getAttachments() + .stream().map(LogManager::boundedAttachmentStream).toList()); + } + } messageRecord.setSignatureHash(signatureHash(message.getSignature().getSignatureXml())); return messageRecord; } + private static AttachmentStream boundedAttachmentStream(AttachmentStream attachment) { + return new AttachmentStream() { + @Override + public InputStream getStream() { + if (attachment.getSize() > MAX_LOGGABLE_BODY_SIZE && !TRUNCATED_BODY_ALLOWED) { + throw new CodedException(X_LOGGING_FAILED_X, "Message attachment size exceeds maximum loggable size"); + } + final BoundedInputStream body = new BoundedInputStream(attachment.getStream(), MAX_LOGGABLE_BODY_SIZE); + body.setPropagateClose(false); + return body; + } + + @Override + public long getSize() { + return attachment.getSize(); + } + }; + } + private static MessageRecord createMessageRecord(RestLogMessage message) throws Exception { log.trace("createMessageRecord()"); diff --git a/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogRecordManager.java b/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogRecordManager.java index 19e4105273..5dc0db6eba 100644 --- a/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogRecordManager.java +++ b/src/addons/messagelog/messagelog-addon/src/main/java/ee/ria/xroad/proxy/messagelog/LogRecordManager.java @@ -27,6 +27,7 @@ import ee.ria.xroad.common.db.HibernateUtil; import ee.ria.xroad.common.identifier.ClientId; +import ee.ria.xroad.common.message.AttachmentStream; import ee.ria.xroad.common.messagelog.AbstractLogRecord; import ee.ria.xroad.common.messagelog.LogRecord; import ee.ria.xroad.common.messagelog.MessageRecord; @@ -39,14 +40,12 @@ import jakarta.persistence.criteria.Root; import lombok.extern.slf4j.Slf4j; import org.hibernate.Session; -import org.hibernate.query.Query; +import org.hibernate.query.MutationQuery; -import java.io.InputStream; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.SQLException; import java.util.Arrays; -import java.util.Date; import java.util.List; import java.util.function.Function; @@ -73,20 +72,6 @@ public final class LogRecordManager { private LogRecordManager() { } - /** - * Returns a log record for a given message Query Id, start and end time. - * @param queryId the message query id. - * @param startTime the start time. - * @param endTime the end time. - * @return the log record or null, if log record is not found in database. - * @throws Exception if an error occurs while communicating with database. - */ - static LogRecord getByQueryId(String queryId, Date startTime, Date endTime) throws Exception { - log.trace(GET_BY_QUERY_ID_LOG_FORMAT, queryId, startTime, endTime); - - return doInTransaction(session -> getMessageRecord(session, queryId, startTime, endTime)); - } - /** * Returns a log record for a given message Query Id and sender Client Id. * @param queryId the message query id. @@ -149,10 +134,11 @@ static void saveMessageRecord(MessageRecord messageRecord) throws Exception { encryption.prepareEncryption(messageRecord); } - InputStream is = messageRecord.getAttachmentStream(); - if (is != null) { - messageRecord.setAttachment( - session.getLobHelper().createBlob(is, messageRecord.getAttachmentStreamSize())); + int attachmentNo = 0; + for (AttachmentStream attachmentStream : messageRecord.getAttachmentStreams()) { + attachmentNo++; + messageRecord.addAttachment(attachmentNo, // attachment numbering starts from one as in asic container + session.getLobHelper().createBlob(attachmentStream.getStream(), attachmentStream.getSize())); } save(session, messageRecord); @@ -168,7 +154,7 @@ static void saveMessageRecord(MessageRecord messageRecord) throws Exception { @SuppressWarnings("JpaQlInspection") static void updateMessageRecordSignature(MessageRecord messageRecord, String oldHash) throws Exception { doInTransaction(session -> { - final Query query = session.createQuery("update MessageRecord m " + final MutationQuery query = session.createMutationQuery("update MessageRecord m " + "set m.signature = :signature, m.signatureHash = :hash " + "where m.id = :id and m.timestampRecord is null and m.signatureHash = :oldhash"); @@ -207,11 +193,11 @@ static void saveTimestampRecord(TimestampRecord timestampRecord, Long[] */ static void save(Session session, LogRecord logRecord) { log.trace("save({})", logRecord.getClass()); - session.save(logRecord); + session.persist(logRecord); } static long getNextRecordId(Session session) { - return ((Number) session.createNativeQuery("SELECT nextval('logrecord_sequence')").getSingleResult()).longValue(); + return session.createNativeQuery("SELECT nextval('logrecord_sequence')", Long.class).getSingleResult(); } /** @@ -276,19 +262,6 @@ private static LogRecord getLogRecord(Session session, Long number) { return session.get(AbstractLogRecord.class, number); } - private static MessageRecord getMessageRecord(Session session, String queryId, Date startTime, Date endTime) { - final CriteriaBuilder cb = session.getCriteriaBuilder(); - final CriteriaQuery query = cb.createQuery(MessageRecord.class); - final Root m = query.from(MessageRecord.class); - - query.select(m) - .where(cb.and( - cb.equal(m.get("queryId"), queryId), - cb.between(m.get("time"), startTime.getTime(), endTime.getTime()) - )); - return session.createQuery(query).setMaxResults(1).uniqueResult(); - } - private static MessageRecord getMessageRecord(Session session, String queryId, ClientId clientId, Boolean isResponse) { final CriteriaQuery query = createRecordCriteria(session, queryId, clientId, isResponse); diff --git a/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/AbstractMessageLogTest.java b/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/AbstractMessageLogTest.java index 15c3b47f80..eab456ad2e 100644 --- a/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/AbstractMessageLogTest.java +++ b/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/AbstractMessageLogTest.java @@ -29,6 +29,7 @@ import ee.ria.xroad.common.cert.CertChainFactory; import ee.ria.xroad.common.conf.globalconf.GlobalConfProvider; import ee.ria.xroad.common.conf.serverconf.ServerConfProvider; +import ee.ria.xroad.common.message.AttachmentStream; import ee.ria.xroad.common.message.RestRequest; import ee.ria.xroad.common.message.SoapMessageImpl; import ee.ria.xroad.common.messagelog.AbstractLogManager; @@ -52,6 +53,7 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.List; import static ee.ria.xroad.proxy.messagelog.TestUtil.getGlobalConf; import static ee.ria.xroad.proxy.messagelog.TestUtil.getServerConf; @@ -129,7 +131,13 @@ private void signalTimestampingStatus(SetTimestampingStatusMessage.Status status } protected void log(SoapMessageImpl message, SignatureData signature) throws Exception { - logManager.log(new SoapLogMessage(message, signature, true)); + log(message, signature, List.of()); + } + + protected void log(SoapMessageImpl message, SignatureData signature, List attachments) throws Exception { + var attachmentStreamList = attachments.stream() + .map(attachment -> AttachmentStream.fromInputStream(new ByteArrayInputStream(attachment), attachment.length)).toList(); + logManager.log(new SoapLogMessage(message, signature, attachmentStreamList, true, message.getQueryId())); } protected void log(RestRequest message, SignatureData signatureData, byte[] body) diff --git a/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageBodyManipulatorTest.java b/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageBodyManipulatorTest.java index 076ca22478..9c4e360dfd 100644 --- a/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageBodyManipulatorTest.java +++ b/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageBodyManipulatorTest.java @@ -196,7 +196,7 @@ private void assertNodeEmptinessAfterManipulation(SoapMessageImpl query, String elementName, boolean keepBody) throws Exception { String loggableMessage = new TestableMessageBodyManipulator(keepBody) - .getLoggableMessageText(new SoapLogMessage(query, null, clientSide)); + .getLoggableMessageText(new SoapLogMessage(query, null, List.of(), clientSide, null)); log.debug("loggable message with body" + (keepBody ? " intact: " : " removed: ") + loggableMessage); diff --git a/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageLogTest.java b/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageLogTest.java index 67f9f20a70..d62606daf2 100644 --- a/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageLogTest.java +++ b/src/addons/messagelog/messagelog-addon/src/test/java/ee/ria/xroad/proxy/messagelog/MessageLogTest.java @@ -53,9 +53,12 @@ import jakarta.persistence.criteria.CriteriaBuilder; import jakarta.persistence.criteria.CriteriaQuery; import jakarta.persistence.criteria.Root; +import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import org.apache.commons.io.IOUtils; import org.apache.commons.io.filefilter.RegexFileFilter; +import org.assertj.core.api.Assertions; +import org.hibernate.Hibernate; import org.junit.After; import org.junit.Before; import org.junit.Rule; @@ -66,6 +69,7 @@ import java.io.ByteArrayInputStream; import java.io.File; import java.io.FileFilter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; @@ -129,14 +133,13 @@ public void timestampingForced() throws Exception { log("02-04-2014 12:34:56.100", createMessage("forced")); assertTaskQueueSize(1); - MessageRecord record = (MessageRecord) findByQueryId("forced", "02-04-2014 12:34:50.100", - "02-04-2014 12:34:59.100"); + MessageRecord record = findByQueryId("forced"); assertMessageRecord(record, "forced"); TimestampRecord timestamp = timestamp(record); assertNotNull(timestamp); - record = (MessageRecord) findByQueryId("forced", "02-04-2014 12:34:50.100", "02-04-2014 12:34:59.100"); + record = findByQueryId("forced"); assertEquals(timestamp, record.getTimestampRecord()); assertTaskQueueSize(0); @@ -154,8 +157,7 @@ public void timestampingDouble() throws Exception { log("02-04-2014 12:34:56.100", createMessage("forced")); assertTaskQueueSize(1); - MessageRecord record = (MessageRecord) findByQueryId("forced", "02-04-2014 12:34:50.100", - "02-04-2014 12:34:59.100"); + MessageRecord record = findByQueryId("forced"); assertMessageRecord(record, "forced"); TimestampRecord timestamp1 = timestamp(record); @@ -208,18 +210,37 @@ public void logRestMessage() throws Exception { final Instant atDate = TimeUtils.now(); final byte[] body = "\"test message body\"".getBytes(StandardCharsets.UTF_8); log(atDate, message, createSignature(), body); - final MessageRecord logRecord = (MessageRecord) findByQueryId(message.getQueryId(), atDate.minusMillis(1), - atDate.plusMillis(1)); + final MessageRecord logRecord = findByQueryId(message.getQueryId(), ClientId.Conf.create("XRD", "Class", "Member", "SubSystem")); MessageRecordEncryption.getInstance().prepareDecryption(logRecord); assertEquals(logRecord.getXRequestId(), requestId); assertEquals(logRecord.getQueryId(), message.getQueryId()); final AsicContainer asic = logRecord.toAsicContainer(); assertArrayEquals(asic.getMessage().getBytes(StandardCharsets.UTF_8), message.getMessageBytes()); - final byte[] attachment = IOUtils.readFully(asic.getAttachment(), body.length); + final byte[] attachment = IOUtils.readFully(asic.getAttachments().getFirst(), body.length); assertArrayEquals(body, attachment); } + @Test + public void logSoapWithAttachments() throws Exception { + final String requestId = UUID.randomUUID().toString(); + final var message = createMessage(requestId); + var attachment1 = "ONE".getBytes(StandardCharsets.UTF_8); + var attachment2 = "TWO".getBytes(StandardCharsets.UTF_8); + + log(message, createSignature(), List.of(attachment1, attachment2)); + + final MessageRecord logRecord = findByQueryId(message.getQueryId()); + MessageRecordEncryption.getInstance().prepareDecryption(logRecord); + assertEquals(logRecord.getXRequestId(), requestId); + assertEquals(logRecord.getQueryId(), message.getQueryId()); + + final AsicContainer asic = logRecord.toAsicContainer(); + assertEquals(asic.getMessage(), message.getXml()); + var attachments = asic.getAttachments().stream().map(MessageLogTest::readAllBytes).toList(); + Assertions.assertThat(attachments).containsExactly(attachment1, attachment2); + } + /** * Test for system property timestamp-records-limit */ @@ -426,17 +447,16 @@ public void findByQueryId() throws Exception { log("02-04-2014 12:34:57.100", createMessage("message2")); log("02-04-2014 12:34:58.100", createMessage("message3")); - LogRecord message1 = findByQueryId("message1", "02-04-2014 12:34:50.100", "02-04-2014 12:34:59.100"); + LogRecord message1 = findByQueryId("message1"); assertMessageRecord(message1, "message1"); - LogRecord message2 = findByQueryId("message2", "02-04-2014 12:34:50.100", "02-04-2014 12:34:59.100"); + LogRecord message2 = findByQueryId("message2"); assertMessageRecord(message2, "message2"); - LogRecord message3 = findByQueryId("message3", "02-04-2014 12:34:50.100", "02-04-2014 12:34:59.100"); + LogRecord message3 = findByQueryId("message3"); assertMessageRecord(message3, "message3"); - assertNull(findByQueryId("message1", "02-04-2014 12:34:56.200", "02-04-2014 12:34:59.100")); - assertNull(findByQueryId("foo", "02-04-2014 12:34:56.100", "02-04-2014 12:34:59.100")); + assertNull(findByQueryId("foo")); } /** @@ -499,9 +519,8 @@ private void initLastHashStep() throws Exception { ArchiveDigest digest = new ArchiveDigest(ClientId.Conf.create("XRD", "BUSINESS", "consumer").toShortString(), lastArchive); doInTransaction(session -> { - session.createQuery(getLastEntryDeleteQuery()).executeUpdate(); - session.save(digest); - + session.createMutationQuery(getLastEntryDeleteQuery()).executeUpdate(); + session.persist(digest); return null; }); } @@ -554,12 +573,13 @@ protected void log(Instant instant, RestRequest message, SignatureData signature logManager.log(logMessage); } - protected LogRecord findByQueryId(String queryId, String startTime, String endTime) throws Exception { - return LogRecordManager.getByQueryId(queryId, getDate(startTime), getDate(endTime)); + protected MessageRecord findByQueryId(String queryId) throws Exception { + ClientId clientId = ClientId.Conf.create("EE", "BUSINESS", "consumer"); + return LogRecordManager.getByQueryIdUnique(queryId, clientId, false, MessageLogTest::initializeAttachments); } - protected LogRecord findByQueryId(String queryId, Instant startTime, Instant endTime) throws Exception { - return LogRecordManager.getByQueryId(queryId, Date.from(startTime), Date.from(endTime)); + protected MessageRecord findByQueryId(String queryId, ClientId clientId) throws Exception { + return LogRecordManager.getByQueryIdUnique(queryId, clientId, false, MessageLogTest::initializeAttachments); } private String getLastEntryDeleteQuery() { @@ -618,11 +638,11 @@ private void assertArchiveHashChain() throws Exception { } private static String getLastHashStepInDatabase() throws Exception { - return doInTransaction(session -> (String) session - .createQuery(getLastDigestQuery()) + return doInTransaction(session -> session + .createQuery(getLastDigestQuery(), String.class) .setMaxResults(1) .list() - .get(0)); + .getFirst()); } private static String getLastDigestQuery() { @@ -670,4 +690,16 @@ private static int getNumberOfRecords(final boolean archived) throws Exception { }); } + private static MessageRecord initializeAttachments(MessageRecord messageRecord) { + if (messageRecord != null) { + Hibernate.initialize(messageRecord.getAttachments()); + } + return messageRecord; + } + + @SneakyThrows + private static byte[] readAllBytes(InputStream is) { + return is.readAllBytes(); + } + } diff --git a/src/addons/messagelog/messagelog-archiver/src/main/java/ee/ria/xroad/messagelog/archiver/LogCleaner.java b/src/addons/messagelog/messagelog-archiver/src/main/java/ee/ria/xroad/messagelog/archiver/LogCleaner.java index ce5dc71cb2..7529c33643 100644 --- a/src/addons/messagelog/messagelog-archiver/src/main/java/ee/ria/xroad/messagelog/archiver/LogCleaner.java +++ b/src/addons/messagelog/messagelog-archiver/src/main/java/ee/ria/xroad/messagelog/archiver/LogCleaner.java @@ -30,7 +30,7 @@ import ee.ria.xroad.messagelog.database.MessageLogDatabaseCtx; import lombok.extern.slf4j.Slf4j; -import org.hibernate.query.Query; +import org.hibernate.query.MutationQuery; import org.quartz.Job; import org.quartz.JobExecutionContext; @@ -67,7 +67,7 @@ protected long handleClean() throws Exception { int removed; do { removed = MessageLogDatabaseCtx.doInTransaction(session -> { - final Query query = session.getNamedQuery("delete-logrecords"); + final MutationQuery query = session.createNamedMutationQuery("delete-logrecords"); query.setParameter("time", time); query.setParameter("limit", CLEAN_BATCH_LIMIT); return query.executeUpdate(); diff --git a/src/addons/messagelog/messagelog-db/build.gradle b/src/addons/messagelog/messagelog-db/build.gradle index d20757fe3e..8f1bbaf228 100644 --- a/src/addons/messagelog/messagelog-db/build.gradle +++ b/src/addons/messagelog/messagelog-db/build.gradle @@ -1,5 +1,6 @@ dependencies { implementation(project(':common:common-db')) + implementation(project(':common:common-message')) implementation(project(':common:common-messagelog')) implementation libs.bouncyCastle.bcpkix implementation libs.slf4j.api diff --git a/src/addons/messagelog/messagelog-db/src/main/java/ee/ria/xroad/messagelog/database/MessageRecordEncryption.java b/src/addons/messagelog/messagelog-db/src/main/java/ee/ria/xroad/messagelog/database/MessageRecordEncryption.java index d9eb10461d..93ff230cc7 100644 --- a/src/addons/messagelog/messagelog-db/src/main/java/ee/ria/xroad/messagelog/database/MessageRecordEncryption.java +++ b/src/addons/messagelog/messagelog-db/src/main/java/ee/ria/xroad/messagelog/database/MessageRecordEncryption.java @@ -26,6 +26,8 @@ */ package ee.ria.xroad.messagelog.database; +import ee.ria.xroad.common.message.AttachmentStream; +import ee.ria.xroad.common.messagelog.MessageAttachment; import ee.ria.xroad.common.messagelog.MessageLogProperties; import ee.ria.xroad.common.messagelog.MessageRecord; @@ -50,21 +52,27 @@ import java.security.Key; import java.security.KeyException; import java.security.KeyStore; +import java.util.ArrayList; import java.util.Collections; import java.util.Enumeration; import java.util.HashMap; +import java.util.List; import java.util.Map; /** * Helper class for applying message log encryption/decryption to a message record. - * + *

* Implementation note: * The cipher used is AES-CTR, column keys are deterministically derived from the master key * using HKDF (RFC 5869) and the CTR initial counter value (iv) is derived from message record id * (database primary key); first 64 bits are id (big endian) and the rest are initially zero. * Since there can not be two message records with the same id in the database, the (key, counter) pair is * unique (as required by AES-CTR security) as long as each message is shorter than ~2^68 bytes. - * + *

+ * For message attachments, separate master key is derived using the same HKDF method. The iv is derived from + * the message record id and the attachment number, using 64 + 32 bits in total, leaving 32 bits for the counter. + * This allows up to ~2^34 bytes for each attachment. + *

* The implementation is a bit convoluted, mostly due to JPA and Blob (large object) handling. */ @Slf4j @@ -159,15 +167,17 @@ public boolean encryptionEnabled() { */ public MessageRecord prepareDecryption(MessageRecord messageRecord) throws GeneralSecurityException { if (messageRecord != null && messageRecord.getKeyId() != null) { - final Cipher messageCipher = createCipher(Cipher.DECRYPT_MODE, messageRecord.getId(), + final Cipher messageCipher = createCipher(Cipher.DECRYPT_MODE, messageRecord.getKeyId(), - messageKeys); - final Cipher attachmentCipher = createCipher(Cipher.DECRYPT_MODE, messageRecord.getId(), - messageRecord.getKeyId(), - attachmentKeys); - + messageKeys, messageIv(messageRecord.getId())); messageRecord.setMessageCipher(messageCipher); - messageRecord.setAttachmentCipher(attachmentCipher); + + for (MessageAttachment attachment : messageRecord.getAttachments()) { + final Cipher attachmentCipher = createCipher(Cipher.DECRYPT_MODE, + messageRecord.getKeyId(), + attachmentKeys, attachmentIv(messageRecord.getId(), attachment.getAttachmentNo())); + attachment.setAttachmentCipher(attachmentCipher); + } } return messageRecord; } @@ -192,22 +202,23 @@ public MessageRecord prepareEncryption(MessageRecord messageRecord) throws Gener messageRecord.setKeyId(keyId); final int mode = Cipher.ENCRYPT_MODE; - final Cipher messageCipher = createCipher(mode, messageRecord.getId(), keyId, messageKeys); + final Cipher messageCipher = createCipher(mode, keyId, messageKeys, messageIv(messageRecord.getId())); messageRecord.setCipherMessage( messageCipher.doFinal(messageRecord.getMessage().getBytes(StandardCharsets.UTF_8))); - if (messageRecord.getAttachmentStream() != null) { - final Cipher attachmentCipher = createCipher(mode, messageRecord.getId(), keyId, attachmentKeys); - messageRecord.setAttachmentStream( - new CipherInputStream(messageRecord.getAttachmentStream(), attachmentCipher), - //CTR mode does not change the message length. - messageRecord.getAttachmentStreamSize()); + if (!messageRecord.getAttachmentStreams().isEmpty()) { + List cipherAttachmentStreams = new ArrayList<>(); + for (int i = 0; i < messageRecord.getAttachmentStreams().size(); i++) { + Cipher attachmentCipher = createCipher(mode, keyId, attachmentKeys, attachmentIv(messageRecord.getId(), i + 1)); + cipherAttachmentStreams.add(new CipherAttachmentStream(messageRecord.getAttachmentStreams().get(i), attachmentCipher)); + } + messageRecord.setAttachmentStreams(cipherAttachmentStreams); } return messageRecord; } - private Cipher createCipher(int mode, long recordId, String keyId, Map keys) + private Cipher createCipher(int mode, String keyId, Map keys, IvParameterSpec iv) throws GeneralSecurityException { final SecretKeySpec keySpec = keys.get(keyId); @@ -216,15 +227,33 @@ private Cipher createCipher(int mode, long recordId, String keyId, Map - - + + + + @@ -43,7 +45,17 @@ + + + + + + + + + diff --git a/src/addons/op-monitoring/src/main/java/ee/ria/xroad/proxy/serverproxy/OpMonitoringServiceHandlerImpl.java b/src/addons/op-monitoring/src/main/java/ee/ria/xroad/proxy/serverproxy/OpMonitoringServiceHandlerImpl.java index d2f9bdc072..6e30201815 100644 --- a/src/addons/op-monitoring/src/main/java/ee/ria/xroad/proxy/serverproxy/OpMonitoringServiceHandlerImpl.java +++ b/src/addons/op-monitoring/src/main/java/ee/ria/xroad/proxy/serverproxy/OpMonitoringServiceHandlerImpl.java @@ -32,9 +32,7 @@ import ee.ria.xroad.common.opmonitoring.OpMonitoringDaemonEndpoints; import ee.ria.xroad.common.opmonitoring.OpMonitoringData; import ee.ria.xroad.common.opmonitoring.OpMonitoringSystemProperties; -import ee.ria.xroad.common.util.AbstractHttpSender; import ee.ria.xroad.common.util.HttpSender; -import ee.ria.xroad.common.util.MimeUtils; import ee.ria.xroad.common.util.RequestWrapper; import ee.ria.xroad.common.util.TimeUtils; import ee.ria.xroad.proxy.protocol.ProxyMessage; @@ -147,11 +145,10 @@ private void sendRequest(RequestWrapper servletRequest, ProxyMessage proxyReques log.info("Sending request to {}", opMonitorUri); - try (InputStream in = proxyRequestMessage.getSoapContent()) { + try { opMonitoringData.setRequestOutTs(getEpochMillisecond()); - sender.doPost(opMonitorUri, in, AbstractHttpSender.CHUNKED_LENGTH, - servletRequest.getHeaders().get(MimeUtils.HEADER_ORIGINAL_CONTENT_TYPE)); + sender.doPost(opMonitorUri, new ProxyMessageSoapEntity(proxyRequestMessage)); opMonitoringData.setResponseInTs(getEpochMillisecond()); } catch (Exception ex) { diff --git a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainer.java b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainer.java index c562f8086e..3b7e33d08c 100644 --- a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainer.java +++ b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainer.java @@ -30,6 +30,7 @@ import ee.ria.xroad.common.util.MimeTypes; import lombok.Getter; +import lombok.NonNull; import java.io.ByteArrayInputStream; import java.io.InputStream; @@ -37,6 +38,7 @@ import java.nio.charset.StandardCharsets; import java.util.Date; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.zip.ZipOutputStream; @@ -66,16 +68,16 @@ public class AsicContainer { /** Holds the entries in the container. */ private final Map entries = new HashMap<>(); - private final InputStream attachment; @Getter - private final byte[] attachmentDigest; + private final List attachments; + private final Map attachmentDigests; @Getter private final long creationTime; - AsicContainer(Map entries, byte[] attachmentDigest) throws Exception { + AsicContainer(Map entries, @NonNull Map attachmentDigests) throws Exception { this.entries.putAll(entries); - this.attachment = null; - this.attachmentDigest = attachmentDigest; + this.attachments = List.of(); + this.attachmentDigests = Map.copyOf(attachmentDigests); this.creationTime = new Date().getTime(); verifyContents(); } @@ -83,23 +85,23 @@ public class AsicContainer { /** * Creates an AsicContainer containing given message, signature and timestamp. - * Attempts to verify it's contents. + * Attempts to verify its contents. * @param message content of the signed message * @param signature signature of the message * @param timestamp timestamp data of the message - * @param attachment optional rest message body + * @param attachments message attachments. For Rest messages, the first attachment is message body. * @param time logrecord creation time * @throws Exception if container content verification fails */ public AsicContainer(String message, SignatureData signature, - TimestampData timestamp, InputStream attachment, long time) throws Exception { + TimestampData timestamp, List attachments, long time) throws Exception { put(ENTRY_MIMETYPE, MIMETYPE); put(ENTRY_MESSAGE, message); put(ENTRY_SIGNATURE, signature.getSignatureXml()); put(ENTRY_SIG_HASH_CHAIN_RESULT, signature.getHashChainResult()); put(ENTRY_SIG_HASH_CHAIN, signature.getHashChain()); - this.attachment = attachment; - this.attachmentDigest = null; + this.attachments = attachments; + this.attachmentDigests = Map.of(); this.creationTime = time; if (timestamp != null) { @@ -201,6 +203,10 @@ public String getEntryAsString(String fileName) { return get(AsicHelper.stripSlash(fileName)); } + public byte[] getAttachmentDigest(String fileName) { + return attachmentDigests.get(AsicHelper.stripSlash(fileName)); + } + /** * Create a ASiC container from the given input stream. * @param is the stream containing the container ZIP data @@ -239,8 +245,10 @@ private void createOpenDocumentManifest() { b.addFile(entryName, MimeTypes.TEXT_XML); // assume files are XML } - if (attachment != null) { - b.addFile(ENTRY_ATTACHMENT + "1", MimeTypes.BINARY); + if (attachments != null) { + for (int i = 1; i <= attachments.size(); i++) { + b.addFile(ENTRY_ATTACHMENT + i, MimeTypes.BINARY); + } } put(ENTRY_MANIFEST, b.build()); @@ -303,8 +311,4 @@ void put(String entryName, String data) { this.entries.put(entryName, data); } } - - public InputStream getAttachment() { - return attachment; - } } diff --git a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerEntries.java b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerEntries.java index f5c11525c5..24808b5823 100644 --- a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerEntries.java +++ b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerEntries.java @@ -102,6 +102,15 @@ public final class AsicContainerEntries { ENTRY_TIMESTAMP, }; + /** + * True if the given file is an attachment. + * @param fileName the file to check + * @return true if the given file is an attachment, false otherwise + */ + public static boolean isAttachment(String fileName) { + return fileName.startsWith(ENTRY_ATTACHMENT); + } + private AsicContainerEntries() { } diff --git a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java index 1b5713bbb5..9ed0cafce0 100644 --- a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java +++ b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicContainerVerifier.java @@ -42,12 +42,14 @@ import ee.ria.xroad.common.signature.SignatureData; import ee.ria.xroad.common.signature.SignatureVerifier; import ee.ria.xroad.common.signature.TimestampVerifier; +import ee.ria.xroad.common.util.EncoderUtils; import ee.ria.xroad.common.util.MessageFileNames; import ee.ria.xroad.common.util.MimeTypes; import lombok.AccessLevel; import lombok.Getter; import lombok.RequiredArgsConstructor; +import org.apache.xml.security.signature.XMLSignatureDigestInput; import org.apache.xml.security.signature.XMLSignatureInput; import org.apache.xml.security.signature.XMLSignatureStreamInput; import org.apache.xml.security.utils.resolver.ResourceResolverContext; @@ -80,6 +82,7 @@ import static ee.ria.xroad.common.util.EncoderUtils.encodeHex; import static ee.ria.xroad.common.util.MessageFileNames.MESSAGE; import static ee.ria.xroad.common.util.MessageFileNames.SIG_HASH_CHAIN_RESULT; +import static ee.ria.xroad.common.util.MessageFileNames.isAttachment; import static java.nio.charset.StandardCharsets.UTF_8; /** @@ -114,7 +117,7 @@ public class AsicContainerVerifier { /** * Constructs a new ASiC container verifier for the ZIP file with the - * given filename. Attempts to verify it's contents. + * given filename. Attempts to verify its contents. * * @param globalConfProvider global conf provider * @param filename name of the ASiC container ZIP file @@ -182,14 +185,20 @@ private void configureResourceResolvers(SignatureVerifier verifier) { attachmentHashes.clear(); verifier.setSignatureResourceResolver(new ResourceResolverSpi() { + @Override public boolean engineCanResolveURI(ResourceResolverContext context) { + if (isAttachment(context.attr.getValue())) { + return asic.getAttachmentDigest(context.attr.getValue()) != null; + } return asic.hasEntry(context.attr.getValue()); } @Override - public XMLSignatureInput engineResolveURI(ResourceResolverContext context) - throws ResourceResolverException { + public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException { + if (isAttachment(context.attr.getValue())) { + return new XMLSignatureDigestInput(EncoderUtils.encodeBase64(asic.getAttachmentDigest(context.attr.getValue()))); + } return new XMLSignatureStreamInput(asic.getEntry(context.attr.getValue())); } }); @@ -198,7 +207,7 @@ public XMLSignatureInput engineResolveURI(ResourceResolverContext context) } private void logUnresolvableHash(String uri, byte[] digestValue) { - boolean verified = uri.equals("/attachment1") && Arrays.equals(digestValue, asic.getAttachmentDigest()); + boolean verified = isAttachment(uri) && Arrays.equals(digestValue, asic.getAttachmentDigest(uri)); attachmentHashes.add(String.format("The digest for \"%s\" is: %s", uri, encodeHex(digestValue)) + (verified ? " (verified)" : " (unverified)")); } diff --git a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicHelper.java b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicHelper.java index 4daa5141ee..a850c139a6 100644 --- a/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicHelper.java +++ b/src/asic-util/src/main/java/ee/ria/xroad/common/asic/AsicHelper.java @@ -64,6 +64,7 @@ import static ee.ria.xroad.common.asic.AsicContainerEntries.ENTRY_TS_HASH_CHAIN; import static ee.ria.xroad.common.asic.AsicContainerEntries.ENTRY_TS_HASH_CHAIN_RESULT; import static ee.ria.xroad.common.asic.AsicContainerEntries.MIMETYPE; +import static ee.ria.xroad.common.asic.AsicContainerEntries.isAttachment; import static ee.ria.xroad.common.util.EncoderUtils.decodeBase64; import static ee.ria.xroad.common.util.EncoderUtils.encodeBase64; import static org.apache.commons.lang3.StringUtils.isBlank; @@ -80,7 +81,7 @@ static AsicContainer read(InputStream is) throws Exception { Map entries = new HashMap<>(); ZipInputStream zip = new ZipInputStream(is); ZipEntry zipEntry; - byte[] attachmentDigest = null; + Map attachmentDigests = new HashMap<>(); while ((zipEntry = zip.getNextEntry()) != null) { for (Object expectedEntry : AsicContainerEntries.getALL_ENTRIES()) { @@ -96,17 +97,17 @@ static AsicContainer read(InputStream is) throws Exception { entries.put(zipEntry.getName(), data); break; - } else if (matches(ENTRY_ATTACHMENT + "1", zipEntry.getName())) { + } else if (isAttachment(zipEntry.getName())) { final DigestCalculator digest = Digests.createDigestCalculator(Digests.DEFAULT_DIGEST_ALGORITHM); IOUtils.copy(zip, digest.getOutputStream()); - attachmentDigest = digest.getDigest(); + attachmentDigests.put(zipEntry.getName(), digest.getDigest()); break; } } } - return new AsicContainer(entries, attachmentDigest); + return new AsicContainer(entries, attachmentDigests); } static void write(AsicContainer asic, ZipOutputStream zip) throws Exception { @@ -140,13 +141,15 @@ static void write(AsicContainer asic, ZipOutputStream zip) throws Exception { } } - if (asic.getAttachment() != null) { - try (InputStream is = asic.getAttachment()) { - final ZipEntry e = new ZipEntry(ENTRY_ATTACHMENT + "1"); - e.setLastModifiedTime(FileTime.from(time, TimeUnit.MILLISECONDS)); - zip.putNextEntry(e); - IOUtils.copy(is, zip); - zip.closeEntry(); + if (asic.getAttachments() != null) { + for (int i = 0; i < asic.getAttachments().size(); i++) { + try (InputStream is = asic.getAttachments().get(i)) { + final ZipEntry e = new ZipEntry(ENTRY_ATTACHMENT + (i + 1)); + e.setLastModifiedTime(FileTime.from(time, TimeUnit.MILLISECONDS)); + zip.putNextEntry(e); + IOUtils.copy(is, zip); + zip.closeEntry(); + } } } } diff --git a/src/asic-util/src/test/java/ee/ria/xroad/common/asic/AsicContainerTest.java b/src/asic-util/src/test/java/ee/ria/xroad/common/asic/AsicContainerTest.java index bdf49c7a19..b45ed79456 100644 --- a/src/asic-util/src/test/java/ee/ria/xroad/common/asic/AsicContainerTest.java +++ b/src/asic-util/src/test/java/ee/ria/xroad/common/asic/AsicContainerTest.java @@ -55,6 +55,7 @@ public class AsicContainerTest { @Parameters(name = "{index}: verify(\"{0}\") should throw \"{1}\"") public static Collection data() { return Arrays.asList(new Object[][]{ + {"valid-signed-message-with-attachments.asice", null}, {"valid-signed-message.asice", null}, {"no-mimetype.asice", X_ASIC_MIME_TYPE_NOT_FOUND}, {"no-message.asice", X_ASIC_MESSAGE_NOT_FOUND}, diff --git a/src/asic-util/src/test/resources/valid-signed-message-with-attachments.asice b/src/asic-util/src/test/resources/valid-signed-message-with-attachments.asice new file mode 100644 index 0000000000..2dd7a5d706 Binary files /dev/null and b/src/asic-util/src/test/resources/valid-signed-message-with-attachments.asice differ diff --git a/src/asicverifier/src/test/java/ee/ria/xroad/asicverifier/AsicContainerVerifierTest.java b/src/asicverifier/src/test/java/ee/ria/xroad/asicverifier/AsicContainerVerifierTest.java index 6f9fb7a211..3f0445e3d1 100644 --- a/src/asicverifier/src/test/java/ee/ria/xroad/asicverifier/AsicContainerVerifierTest.java +++ b/src/asicverifier/src/test/java/ee/ria/xroad/asicverifier/AsicContainerVerifierTest.java @@ -27,21 +27,20 @@ import ee.ria.xroad.common.ExpectedCodedException; import ee.ria.xroad.common.SystemProperties; -import ee.ria.xroad.common.TestCertUtil; import ee.ria.xroad.common.asic.AsicContainerVerifier; +import ee.ria.xroad.common.asic.AsicUtils; import ee.ria.xroad.common.conf.globalconf.GlobalConfProvider; import ee.ria.xroad.common.conf.globalconf.TestGlobalConfImpl; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.junit.BeforeClass; -import org.junit.Ignore; import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; import org.junit.runners.Parameterized.Parameters; -import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Collection; @@ -53,9 +52,10 @@ /** * Tests to verify correct ASiC container verifier behavior. */ +@Slf4j @RunWith(Parameterized.class) @RequiredArgsConstructor -@Ignore(value = "Test data must be updated to conform to the latest changes in X-Road message headers") +//@Ignore(value = "Test data must be updated to conform to the latest changes in X-Road message headers") public class AsicContainerVerifierTest { private static GlobalConfProvider globalConfProvider; @@ -70,16 +70,11 @@ public class AsicContainerVerifierTest { */ @BeforeClass public static void setUpConf() { - System.setProperty(SystemProperties.CONFIGURATION_PATH, "../common/common-globalconf/src/test/resources/globalconf_good"); + System.setProperty(SystemProperties.CONFIGURATION_PATH, "../common/common-globalconf/src/test/resources/globalconf_good2_v3"); System.setProperty(SystemProperties.CONFIGURATION_ANCHOR_FILE, "../common/common-globalconf/src/test/resources/configuration-anchor1.xml"); - globalConfProvider = new TestGlobalConfImpl() { - @Override - public X509Certificate getCaCert(String instanceIdentifier, X509Certificate memberCert) throws Exception { - return TestCertUtil.getCaCert(); - } - }; + globalConfProvider = new TestGlobalConfImpl(); } /** @@ -89,6 +84,8 @@ public X509Certificate getCaCert(String instanceIdentifier, X509Certificate memb public static Collection data() { return Arrays.asList(new Object[][]{ {"valid-signed-message.asice", null}, + {"valid-non-batch-rest.asice", null}, + {"valid-non-batch-soap-attachments.asice", null}, {"valid-signed-hashchain.asice", null}, {"valid-batch-ts.asice", null}, {"wrong-message.asice", X_INVALID_SIGNATURE_VALUE}, @@ -116,7 +113,16 @@ public void test() throws Exception { } private static void verify(String fileName) throws Exception { - AsicContainerVerifier verifier = new AsicContainerVerifier(globalConfProvider, "src/test/resources/" + fileName); - verifier.verify(); + log.info("Verifying ASiC container \"" + fileName + "\" ..."); + + try { + AsicContainerVerifier verifier = new AsicContainerVerifier(globalConfProvider, "src/test/resources/" + fileName); + verifier.verify(); + + log.info(AsicUtils.buildSuccessOutput(verifier)); + } catch (Exception e) { + log.error(AsicUtils.buildFailureOutput(e)); + throw e; + } } } diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/manifest.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/manifest.xml index 8d0dffc0ae..12d813bc27 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/manifest.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/manifest.xml @@ -1,4 +1,5 @@ - - - + + + + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/signatures.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/signatures.xml index cf97659874..0e965c8edc 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/signatures.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-digest/META-INF/signatures.xml @@ -1,49 +1,46 @@ - + - + -y/aBXPHn1Y+2SYNZJiRbNG0cjZOBMcoQgZ84IqUdFolcS5nWX7Q4SDCSl/KOU0p9a6ux1+z0LATr -UKzKkODz5A== +h+nCF0uWI2EuFjZb5dycNBDrUwG/Xz2grwnagMmJ3q4AIomSLWUg6LJbZJpEnh5tJgPUZijguou3 +BDTFnXSaFA== - + -IHOat5CxhC06rGh5at8kYTD6azEaW7O5vP9LTEjf0zDigs6/7wCZojspGv6VhCMr2oIxCaFGItfR -jplXJfA7wg== +8t/k/DPwL4TF8YJmya4gnRW/7uZ+MXv+bQxUwzY+jP7GeAx++mTMVJfhSRFY2c+NYTb8YiL3XQuO +EdsQmfg1jg== -TWRmZxErnWYK8QsDtNO+o6DSxRi9BLQU2Mzyol3Xb7P/rxwMrKv9BttRXtE1j5EmyfGqSrnn0t0m -kdvu2a/uBE5nThvL5AyBMHL3WdY3eGEivQkAdHrooCGZXE/y5vAAnCHP4qVtOEHGwTgOOf1USQrM -jfs5DFA+lVKVMXWvAyFZ4JaUXtfm2DjkBsyRSHCyUBCTT8OCxldcAWMBLXmO6mjkNie5SmdCqRb7 -KEEK2bZNDf4oHhUhMqNPqYLDIGFaSlKd1PyJuGHft5uWLOBqCYrCFMxjkChcVedpC0oz5B3CE/ve -5pfveGE/Z2olPq3fVIT8jADkrpmczXU2NAZoaQ== +ZS+9m7OdP16V6UK4gMIT2UyORAKYaz6jnOgeO++HA8VJp0bJa+rgD/NIzqYru4S4EiMt7RHhC/itVdY29CFzlTgquR8sLoIDep3ziBUh6gLB0LAwwjSJlfqbg+wL4t4ZGET59RalF7H2aGYDjEpHYLdy7+vCVp9r2X70/2EuZPdVX59lQauqI9yBjzmH9BlKbDtc0rlwIbg16QZrO5OrcJChH8SnZ6QUUAopgPrTerFgNKnvt4f467spiH1iCX0UkcS0FPG9qQLfVC3eUrqA66Sj8cplTSVB1FhknCB1NoODD/8pDhgMuX4FlVfu45Fhkmepe0zLhXdhfPFPePWbsg== -MIIDiDCCAnCgAwIBAgIIW99Q5VUloqswDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D -QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTIwOTI4MTgxNzM5WhcN -MTQwOTI4MTgxNzM5WjATMREwDwYDVQQDDAhjb25zdW1lcjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAILY5AcoHHeoHIYqrrjaadQJwJlwMFN8mT/txE4/oKUWecvikwk1RNJNH0s+D9iU -oCsCYqlU7PXbIXIelkH08ehgsdi5OmNAiG0fxEIouPDDOg5L5c4wxOm1/vVf0H+yBrv1OWUfEnCw -siRmqRN1JU9LH1GkVulPdqCMbicqlbidTTfYcFwf4R7RfOFeHrrNJSBvRev+TUt+JnwbO4vHFxhG -DBXMLwiNZdedhE9NO3zUorWPEiVNapp/u0agMXAv3RmJsIGeVJerGFay7Eb9RbhTcHOePGl1IetV -7J3A9L14OqauMShaFJQUnTXSqS8ldcge/JfgSiWTqE0TjVc0pYMCAwEAAaOBuzCBuDBYBggrBgEF -BQcBAQRMMEowSAYIKwYBBQUHMAGGPGh0dHA6Ly9pa3MyLXVidW50dS5jeWJlci5lZTo4MDgwL2Vq -YmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQU25SlUgQRwFCiraz2euhPUBqpvj0w -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3LYkuA7b9+NJlOTE1ItBGGujSCTAOBgNVHQ8BAf8E -BAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAFFWRyInsq/jKrW20BKzRr2KAAnE2nDVmZLFfcv7ZwrL -OOJYkHxdPEfkcXcwJy4B1KJdvm0+1FlgfoKgDiUjTRbXraXmyUwAL5s5yMr9wFwu9N9JL6IwchMN -T6S5zwA+iioLMQbHAMfwXXSS/Vp7aUxmejK4XbNtehsukalD7S3ILAK7dtamPr0YvRqUBbj4k9zD -60gVU13jmACr/JuSXI4JxyoiFdUNDdtQbiiGOsrOuLmc/WbzXNo7iN/zhwEMJNJThtyGYthhiYeZ -KT+0B5Yy/sARkinWqLpUwddf+plfH+4HP2akrt8uoHSZXKKOmN8IlXgN89LPVBC+oSltnhY= +MIIEQTCCAimgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQD +DAdUZXN0IENBMB4XDTI0MTIwNTA3MDMzMFoXDTQ0MTEzMDA3MDMzMFowSDELMAkGA1UEBhMCRkkx +FDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvc3MyL0NP +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHKk1EqJ0GAr8AXZsGzhRcr6F7UuXIu +sXXzD3UuHFDpnBdZuB7oMK4XIiuzwuJ9bRpQEKh+FnncJjQTCz9V4ZkCirwZcHDBETKdcJfMIsmC +NluHjJyKY4fqYMzupnhPfJDCYUossfuPPSDdwK7w9mg7KQcpJJ8nJc2wb9NLdG1ds5cgupPVVVXy +GB/h3n5+8JpfAwp1Jd4KN3p8dvt1DNiunVoHVofdENvtuuy2Tv1y8Sk2wW29zQ4HjT0oC3Ls/O6G +yZVjqstr44qyXituHdK0mNLmQTSlv1FLj/DDERl17/iL0CYTjakq0s2kU/QeH4NDM20KU5sJxThw +NwwZjy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFGFC+sQB +UOb+A6j8v4nmOyWUYWujMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3 +DQEBCwUAA4ICAQASJrJAu65+prtEOB1qJ/n5FjgSJ698WynMnOoF0oLHWlrdzOK+FbtpsLmpzB9N +CYA5NgRFc0hWqLr6VfeUw8z3+pimJT4aMbND9ZxT3vNl1mzNTNqeUeKFtoSPxJgpQzZZkhylWaJg +Mv6KnmNElX9S7ckZWBFPvvhe7+4uRNh5SHTRaez5pUxN0GRFrfVej05sIZwqn1j7wBu7H2p9UKRa +oRj9zMzG7oRgjYvXlKUn1O6PCzn0McH6mt2BYCaGG9kOZklLg75VRKcLBN4ebNxRkLk3qa1rcXOI +AsomDBEGU/0tbP+tSlaQXu8JKyD70dVjpYol/qUIV5+8OpH+hTb9779WmAZ/dLshXYA6trE5IIWR +QzeHSpLcKZAKX1aSO1/T2a7YfqmgLzEgeCDkAtNlQIsvJAUf8VNaNcnRZMF04zd3NyZYuh6xel80 +IC9IWUiAroEF5kFv+fu0xM0/ID21YjM8NckNCC672/2icKK9hlMPLsliEw6Zb587PTnPjpUXLntP +FiSSDbmXIsF6DtSL3rmoPHmj3e6UEj1Fe364J6Fl3wrykTzN2SlpDoUmOqY1NoHxIO/4YXBX+s5/ +S1gRfsUrC7UWQf3cjtDdr69nCcQDmRlhkJij0SkJjdXrdONptFQVwy+JcT/CiwkNk5yf3VvyHOP9 +HtZtkTx9cL+tPg== - - - -2014-07-01T12:07:56.153ZYS16cctCB+L01PCP/PTgCfhEI+4FtQP8bGNSbQ2RFYjLBSgBtM3ypXyB+BTABFe8GF+sI5v8RbInvXMJLK/JHQ==C=SE,O=EJBCA Sample,CN=AdminCA16620098923164181163text/xmlMIAGCSqGSIb3DQEHAqCAMIACAQMxDzANBglghkgBZQMEAgEFADCABgsqhkiG9w0BCRABBKCABGAwXgIBAQYCKgMwMTANBglghkgBZQMEAgEFAAQg0eW0xg+Vn3BvTtHoUC2HyTqEpMutubxtBFMliqzg458CCFZZTCHq5ewhGA8yMDE0MDcwMTEyMTA1MFoCB2vHMdwxbPAAAAAAoIAwggLCMIIBqqADAgECAghv5E82aR8J1jANBgkqhkiG9w0BAQUFADA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTAeFw0xMjExMjkxMTUzMDZaFw0xNDExMjkxMTUzMDZaMBUxEzARBgNVBAMMCnRpbWVzdGFtcDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJvnk1UO0fOz3Wx+Vfd9q1lZRLr2vGTEMylwajp2gnthoqsIyvcFndmUNN8J0SixahxNxhd2bcI7wFeVm+GS8rIc3+GvRTMPRPyPyYFiird8aNNVMk4gbbJOzJP/fPd2lwzIYxbCyKo531NO0jwNxHZw69DOUuJX2HP+QH2Isl5JAgMBAAGjeDB2MB0GA1UdDgQWBBRt2a28ocJ7T6+Eo/5lxVSOZ/nD8DAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHctiS4Dtv340mU5MTUi0EYa6NIJMA4GA1UdDwEB/wQEAwIGQDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAQEAUncAngjhFN4wFaE3xEs9B0nNx3RVGn0VTJiGciRHrv2ddT5lsjJpA3Hf6E8huFw4wrGUoabQtwOeMcvgS4noZvTbu8XuZLAVtwo8z4vbfHZAu+5VxQSNxs/cpyb3dcJK7dEjvUkg0z5aKeNeR78I64XOExYlwtiPtLl0ZHnfJrQ2dJ/t2W5rkUsFGI4UDmRFZN+3pFwRbSMZnOxwvrBmf6Ef30iKGOqB3FXUbJ0v4GAMx+vJnOGX6HVa1PC/QGLkazzW/xSU1ROcIJ8u719q0fHzn+20VxcTK31JDN7c0ZxpHWLeTJm82KPMbcL6OtScn+UWzkBwiI8bQSbPqhkRiwAAMYIBiDCCAYQCAQEwQzA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRQIIb+RPNmkfCdYwDQYJYIZIAWUDBAIBBQCggZgwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xNDA3MDExMjEwNTBaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFAWhDuvbDNlnnkyFp4hIFF7x8AvqMC8GCSqGSIb3DQEJBDEiBCAOa4eOsFOW5/kzo+zu5/tiKFOjE+JyEoJO35S3L0+LzTANBgkqhkiG9w0BAQEFAASBgHm3OSqYgXXlfb8681Wj5IeRlFkTa1A40tDR5KJgyvhtAfd1+LlpnTqhRKWyFCn70T4m84ODTvSq8lP/wq/1iHANl6YUDe+6K3V/2aWVmHwStdCsrSIpFSeMThEGWC7eczTib8emqy0qhy4KDMYIpmLdAa7ELBc7rSCejnVVMFiGAAAAAAAAMIIBugoBAKCCAbMwggGvBgkrBgEFBQcwAQEEggGgMIIBnDCBhaEYMBYxFDASBgNVBAMMC09jc3AgU2lnbmVyGA8yMDE0MDcwMTEyMDc1NVowWDBWMEEwCQYFKw4DAhoFAAQUQUX4pczwfgHr8dItQKHik5Kx4C4EFHctiS4Dtv340mU5MTUi0EYa6NIJAghb31DlVSWiq4AAGA8yMDE0MDcwMjEyMDc1NVowDQYJKoZIhvcNAQEFBQADggEBAC7bOcGajfJHVP1EYMrGb2XTBsBpocbgmVcDeR9m8bQLHFjZ+HV9EiVtatqEgNTuWJ6v3khIH8qu9xr61mLPlgDx7Rd2U/wQZNuZuuEHeprxswwpY1aLyXFkruYNdeJ4hPW/md116Sj6evArIw75qyctZH/uvhQ5BG3xY9l+oNywY8sfa4QJGnvcH96dVAvkGGbG0hd4AJ6mbyY68alsq8T5Dfm5Sk24QDg9JT00ratyReLcaz74ptYxUYmEJrPZIjR5FDz4N6xvtKz2nX7/MA1jc0LDMrfE9RW6W5parB8LQPvGaSfTnBdeNOnulTkni8JNECu0AAzg4rsJAh8nPR4= +2024-12-05T13:16:11.061Z6NdJix+ZRZCMO+8d9QrlnHziCH8DOfPuO3q4DvYhRNQU1KLz+C0bwgx32X74qh+VfAloHSk4DQMbzlYgSYYT9Q==CN=Test CA,O=Test18urn:oid:1.3.6.1.4.1.3516.16.2Profile for High Performance Digital Signatures (version 1.2)BuO0EDNfkxSVlUbxCzmQPzX1AUF1/xx9ytWHk3/6SAOePxQiniEfDYk+90QeYb3lWpV3Izhuz9fKaYyE+lTcXw==https://repo.cyber.ee/dsig-profile-1.2.pdftext/xmlMIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQMxDzANBglghkgBZQMEAgEFADCBuAYLKoZIhvcNAQkQAQSggagEgaUwgaICAQEGBCoDBAEwTzALBglghkgBZQMEAgMEQBt9rZMBtSlYEABRUCvS+C7byEK6gDkwBlw8s7V6dMar4fpCovrLFnR4+zXaQ2+rOUif1du6YAq4ViPLMAZ0bv4CAQEYDzIwMjQxMjA1MTMxNjM1WjAKAgEBgAIB9IEBZKAmpCQwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0GgggUsMIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDUwNjA5NTA1NFoXDTQ0MDUwMTA5NTA1NFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgRFNOs/GwiiWs27YlIkficK82DOpD2fHlD40nLUWukarpG9cPEOGUPfTLY7Op9hcbtqWKEYXM1PRPo5ratfS9AEJwv6Hi7F4c/rRKg0bPo9bWBIdQJzzS4tKhUx02kB6lsuBI5kVRl4J0XVwK93IT7DH8fLJMqTy9Ts9XRPCmdEpksMWHnBChZ8c6rRupYDddY+sQTVnqDSx8ShEIG/lC2oohAP1BcGE3XWxBpU8dpZsmKe9AGkaFhqHSWcKjEf2ZoqoiUkMWfbXYtykgyeblXtHnf5QFaBNHmOEZTgrmOdaPH+EWisnuBKWyUgxp2e8LIovf9uNzdy/Gqjm1b4YiMVqGewYNcud4Zc64fNlOpSvJx+aUFuDwHbA5z68i++qgKoQ7ggfAFQ1GlnktElUX0lHMUM1yBELD7l9/DXjaKVr9ptiusGSDNq0IDT+N2Pf5acdwedTG6tRQuGZfhlSJL2oGoKwf06jnU88kxihCm6hQZfQvdorUh98xl39ckc1P6QHSXhRDtKOTaCLB1hK5MciXEjeaAoU4h16tsWmnaT9kQhLO5RY1fyTBanudT/bpsVVlj7FcV32ZkNshXJXjvvIgvxCrBBwD2ITx0jhJy2Eo+wHPceD8RrTIyiWPqMzDPKCcrWdslSlKsksxzCpWJ/eVtDgoqwlB7dXo5nVbqwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFF7UoEZQt68oD4VMfBBZ71YwISflMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBjzpaSJjIdSkeRWHQBmv/1DH9WjCmnqFXNKG92XSmIHywSVEyVY88lWid14v5X4zTc3ZFFdtfY7k8KK/7YFnDEpS79UO8vlk2gmvabiNx2bfABH+eHwql6IspDcSFHtWdDon0l6fCFptqeuT1KpYGV8ZGAn/w9j86BacxFMGOqyzMZqcjIZKmOB08W5n8IMYelTEtfD/Agb4J1NPcvJjXRcV8V1faxpR74VRdre0p1CEF/rY2GMdzvUIKGQXhRpyP7sj6Kp+pCqthNU6BNl9bc2M/0JXp+EQwokgLQ6zwBgnBwkB48nnphzyg0Ms2JOo9avDkrICG20XuxAUumpR2rHNO6tOY93rIwxAxiM8Jc50dHHWN3qYmDFxEiPfQrF4qEWA7PIZjs6njoyKVq16j7W4LEUnTBG/atoCpXyezwzTGAMOfT1Bl0B4MFhKJqczJamFSNZajlERLigJn8a3c+kmz1HgBeCfemjKpZKG1z0PixfcZSofCqk1BelXTBzqRsGGHQ45B4F2QiFw/s2slZ4gxq0kfHJFOp2/JXIz0G6aiYQVGa3ryrAsb7mGzL0EdT5AKnROhOhM4CH5mvUE/4RWx92rguyohi3CmmxhCL/4bgcLJ1hcH0MxdHRwTWPBDod8S6ZZ4Zjc38oASkub0iYndi1LPgaAJ6WmhIgS4eFzGCAuwwggLoAgEBMCYwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQQIBAjANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI0MTIwNTEzMTYzNVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhIbycL7EUf3QIk5EMSJoMJdgSdEwLwYJKoZIhvcNAQkEMSIEIFF2FwC6mbULb/bTRhH8cE7sul5jnAZXJrmDjt86DfqKMA0GCSqGSIb3DQEBAQUABIICAHbpudx0u3FX7/xXlu0Fg2ckIuXPb24VMmSbRqfZnTMxlsx9qkfM4Y26we/j54Jyz7KiBGxH/EcQqjC9fz6G52CZkgFntk3i31URrZ9EW0nkOhLRCQBt9s3xoZx3YZtBSrEbu2KQ7QgtCharHE3opHQRdCGI7qyUFcD3CwLs4S0+GOJtKU5Kq9Nf9pHtXxOq/Sd3vEbUPAScvJLnMOAPbYLp0s7dQel++SQgRhmTcYn4NIDeYG2/7iw7YcduHr3uaEDRRNsLHYXhAAWaFLhbAqggVHnxt2ReXLp81sSn78qcxFKUT7Q8KaSZV1gwz+GZoiu9CpmENv9+zB6R4lwE7BHrLyMF5j1Lx9F5s2bgtBZ0kJ7eIbxkqHpkS2AnfzqofYdoYKlSIOx5ENgfJWP+5om9kaKYeyjO0nH/32R6Tr0jxFL9ub5FEo8EySoACWIvYY5L77IXK01ZMfITrgWRf+52/cQIhZvnOASajAmrg1RC07M7C7i8ke+xFqQ1rdVXm0acDNJVLwnCqawUW0Zg+I6tboQ7mOL0c5fNIpdtM5ua1MsZwHU6WdbCtUGud5o2nyZLG7LJmcn4tCDnkTX+6b714ZLYCqZf4xUBUkvbHQwi6YQWG+/a4hCRY7n7vYNW2ny/Zvoe98fcfTCRc54qf6uGT3gZpXPdZSm39+0b+CmrMIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDEyMDUxMzEzMjZaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBEoAAGA8yMDI0MTIwNTEzMTMyNlowDQYJKoZIhvcNAQELBQADggIBAKE5UVfbrmqyekWMj0mutc9wb/zxIv39jS0XE7pcCmG8jjXwgXGlxsQBrOI4Za99xCzehUTM/Fu6C+298NbiB8itDl4zeqZRx6zZpOeLNyj1NLjmJGcgquXCrOwmFMUzAjcGWm8PV3a1lnn7fEx/E0iKchM7mZ2SjdMLrYnPFSkdZV+rBKje9ZPTSiSqNukE1iO6XJXwXnWETg3mmcchwDXwBYJPSIiLPBto9DUz9/JvOI/MIX2hIIaGLZTP1eBQDMV3hpyvT//gkaKqCGlKywEbZZl5zJy1Xz7llCA8nBL4G2KbjK0qoKbR8NLLJagtj8UfgzgRkysm1HE3VzbUabJezCyfDwohaSMq8+79fkfh+0BaDX4Ih0c3U2jMPGonNtuTtIC/xaSK+wGBJKx/xNoSQLxi8P8oWi5raXTTkQNmH72xrqUJps9qRYOQjaa1umcyVFXZRYbzmxh3au8XZ38LoaBpRPJ5nTDqeS0RadFm/+/fgZJdrqtAdfaO79CQWmb1XEAl4F5KFByRXuJpuL2bn5HUPfOfZwaOR3lI8e1SAHe1P8FiZYHW8V/0G5GJDo549CqoRYbuboUizSiHIvVNuE/LpVtQhRZgr+9gY+pX6/rQkTi6fQb/y/BdXyzHtyHist/mSnknE9QEdAJMSnIarQd1o+48GmODoxW2ddU9oIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-digest/message.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-digest/message.xml index 7c6b199e66..32744b14f5 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-digest/message.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-digest/message.xml @@ -1,25 +1,27 @@ + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - getState + DEV + COM + 1234 + TestService + getRandom + v1 - EE:PIN:abc4567 - 6289448e512292d17d54ef60ed2318e7 - + dd19fe68-7d37-41bd-b79c-8948ccdb36da + 4.0 - aäõ + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/manifest.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/manifest.xml index 7dc93a8575..c409502d0f 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/manifest.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/manifest.xml @@ -1,6 +1,7 @@ - - - - - + + + + + + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/signatures.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/signatures.xml index 0706c62b8c..7c0800dbd6 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/signatures.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/signatures.xml @@ -1,46 +1,46 @@ - + - + -qxwomeDSTNvGSB6IAD5ZSK+jmTLt9izxmkePwiknnLzfBqkwJCffQBKk5LjvnRoqWLYFtCjdXb/0 -zaFCvHDAbA== +q+Yew8cBTKofLdOd7kN3nTwA122c0krgFQ/2ey5mnvBWGAIuDe9MvWzyWOK87rrKs/u/14Vf9RAY +vL2oztYxzw== - + -BmW2/v76nk4RtsIfY++jv3BeC6Ub460n/R5nL/GFHeIIRfvI6IugLi4x6avYu4UzeJbrkHEmKf1d -B1xc5Bgn/A== +wHI+C5EEk2wiDrr3RDCCW5noua22x2ANndyt1cnn+cefgSvhgACBQCg6JiJoBLzoaDLWyXBmuPl2 +gU+dn+tvLg== -bfWEztln4+5tM2jYfX96siBWf6VxA77pNtIr3/ZZMNZ0E6uhQUTgYfAh8MXJB49onkdUI2MdiYFx -eRfh+VMqcW45m/FXbf5H/f1onigtHpoN8MjOLkgxXvzdn7q0k3yDm5AYn5TmRX0CR6AGHP3QU1au -FXnIvaRUVBY5TV8eKeIb+Fj+/eMcjeetRtp4FYzrHn58zD08w0TheZMulZVIg6QtnFVkbxVFDCQ8 -+4PLKRYP8EiZJzxGuJOcQAlCEECkzamzWwCytId9hJhhBj4DLUDlCZFuOZWqYUVrh0z41A61scvJ -tBZWXfofjh1D3C8zlqwuvRLIGGPNomuRr5sBzA== +gHc3d4Fcokud8tRRxSohFgXo4PNdniwVC6tPHXjECYUV1cypae52u3ID94Dcgf3Bf+3xE4Rs5tQ4yfohWsh3ICfMweayzeTLLlz7bgKTT7Li22dvhgYe2ISirOpxMoxd72eKscclR5KEAXCSYa8rM/36y0UV7wvevPjpKAigBw8ZsBgfLiRR8QrPv0mH7m8x5eYrzM0ejPDLVb/xEkVauFCRjhifqQFfIzJs29xvW7JVNasBvne8NSAQLIbU3G0mYV9b2rJO3Tl9jWWhVMfVzCl+dXa4TcoYkGybM+/6WmVgT/TYIqc6mi+4cPnBiwKgDXotlFaMIPN8p4KN+BgW5w== -MIIDiDCCAnCgAwIBAgIIW99Q5VUloqswDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D -QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTIwOTI4MTgxNzM5WhcN -MTQwOTI4MTgxNzM5WjATMREwDwYDVQQDDAhjb25zdW1lcjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAILY5AcoHHeoHIYqrrjaadQJwJlwMFN8mT/txE4/oKUWecvikwk1RNJNH0s+D9iU -oCsCYqlU7PXbIXIelkH08ehgsdi5OmNAiG0fxEIouPDDOg5L5c4wxOm1/vVf0H+yBrv1OWUfEnCw -siRmqRN1JU9LH1GkVulPdqCMbicqlbidTTfYcFwf4R7RfOFeHrrNJSBvRev+TUt+JnwbO4vHFxhG -DBXMLwiNZdedhE9NO3zUorWPEiVNapp/u0agMXAv3RmJsIGeVJerGFay7Eb9RbhTcHOePGl1IetV -7J3A9L14OqauMShaFJQUnTXSqS8ldcge/JfgSiWTqE0TjVc0pYMCAwEAAaOBuzCBuDBYBggrBgEF -BQcBAQRMMEowSAYIKwYBBQUHMAGGPGh0dHA6Ly9pa3MyLXVidW50dS5jeWJlci5lZTo4MDgwL2Vq -YmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQU25SlUgQRwFCiraz2euhPUBqpvj0w -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3LYkuA7b9+NJlOTE1ItBGGujSCTAOBgNVHQ8BAf8E -BAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAFFWRyInsq/jKrW20BKzRr2KAAnE2nDVmZLFfcv7ZwrL -OOJYkHxdPEfkcXcwJy4B1KJdvm0+1FlgfoKgDiUjTRbXraXmyUwAL5s5yMr9wFwu9N9JL6IwchMN -T6S5zwA+iioLMQbHAMfwXXSS/Vp7aUxmejK4XbNtehsukalD7S3ILAK7dtamPr0YvRqUBbj4k9zD -60gVU13jmACr/JuSXI4JxyoiFdUNDdtQbiiGOsrOuLmc/WbzXNo7iN/zhwEMJNJThtyGYthhiYeZ -KT+0B5Yy/sARkinWqLpUwddf+plfH+4HP2akrt8uoHSZXKKOmN8IlXgN89LPVBC+oSltnhY= +MIIEQTCCAimgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQD +DAdUZXN0IENBMB4XDTI0MTIwNTA3MDMzMFoXDTQ0MTEzMDA3MDMzMFowSDELMAkGA1UEBhMCRkkx +FDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvc3MyL0NP +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHKk1EqJ0GAr8AXZsGzhRcr6F7UuXIu +sXXzD3UuHFDpnBdZuB7oMK4XIiuzwuJ9bRpQEKh+FnncJjQTCz9V4ZkCirwZcHDBETKdcJfMIsmC +NluHjJyKY4fqYMzupnhPfJDCYUossfuPPSDdwK7w9mg7KQcpJJ8nJc2wb9NLdG1ds5cgupPVVVXy +GB/h3n5+8JpfAwp1Jd4KN3p8dvt1DNiunVoHVofdENvtuuy2Tv1y8Sk2wW29zQ4HjT0oC3Ls/O6G +yZVjqstr44qyXituHdK0mNLmQTSlv1FLj/DDERl17/iL0CYTjakq0s2kU/QeH4NDM20KU5sJxThw +NwwZjy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFGFC+sQB +UOb+A6j8v4nmOyWUYWujMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3 +DQEBCwUAA4ICAQASJrJAu65+prtEOB1qJ/n5FjgSJ698WynMnOoF0oLHWlrdzOK+FbtpsLmpzB9N +CYA5NgRFc0hWqLr6VfeUw8z3+pimJT4aMbND9ZxT3vNl1mzNTNqeUeKFtoSPxJgpQzZZkhylWaJg +Mv6KnmNElX9S7ckZWBFPvvhe7+4uRNh5SHTRaez5pUxN0GRFrfVej05sIZwqn1j7wBu7H2p9UKRa +oRj9zMzG7oRgjYvXlKUn1O6PCzn0McH6mt2BYCaGG9kOZklLg75VRKcLBN4ebNxRkLk3qa1rcXOI +AsomDBEGU/0tbP+tSlaQXu8JKyD70dVjpYol/qUIV5+8OpH+hTb9779WmAZ/dLshXYA6trE5IIWR +QzeHSpLcKZAKX1aSO1/T2a7YfqmgLzEgeCDkAtNlQIsvJAUf8VNaNcnRZMF04zd3NyZYuh6xel80 +IC9IWUiAroEF5kFv+fu0xM0/ID21YjM8NckNCC672/2icKK9hlMPLsliEw6Zb587PTnPjpUXLntP +FiSSDbmXIsF6DtSL3rmoPHmj3e6UEj1Fe364J6Fl3wrykTzN2SlpDoUmOqY1NoHxIO/4YXBX+s5/ +S1gRfsUrC7UWQf3cjtDdr69nCcQDmRlhkJij0SkJjdXrdONptFQVwy+JcT/CiwkNk5yf3VvyHOP9 +HtZtkTx9cL+tPg== -2014-05-26T09:30:07.637ZYS16cctCB+L01PCP/PTgCfhEI+4FtQP8bGNSbQ2RFYjLBSgBtM3ypXyB+BTABFe8GF+sI5v8RbInvXMJLK/JHQ==C=SE,O=EJBCA Sample,CN=AdminCA16620098923164181163application/hash-chain-resultMIIBugoBAKCCAbMwggGvBgkrBgEFBQcwAQEEggGgMIIBnDCBhaEYMBYxFDASBgNVBAMMC09jc3AgU2lnbmVyGA8yMDE0MDUyNjA5MzAwN1owWDBWMEEwCQYFKw4DAhoFAAQUQUX4pczwfgHr8dItQKHik5Kx4C4EFHctiS4Dtv340mU5MTUi0EYa6NIJAghb31DlVSWiq4AAGA8yMDE0MDUyNzA5MzAwN1owDQYJKoZIhvcNAQEFBQADggEBADcSGv3UU7figjsWO2KXL7KREmkOJDLEe4uKZ+9zwrj+x/qEzdDUyExXhYMTr2Z4ZD4yW4FHB5bYTxk7ymXWpMDVtRO7X+D07z+sf3kURf6hiO5oQisEoFroscIJTeBsoW0fNMnGidLKu7/nEsHDz0drGrYpcHU+g0nOxEt+OogmpyzaZImUialOLCExB9Lv3UWTOmA9DymI2EeY8X1yglql8tOvm4Q50aseojUgHm+99jqQhBS2MfAkse/WhpMOemEghNCQyjw5irBnLYKf8QNkNaVUS2t7+hc6QeOR4CY4pcYaMcBe1oDLK9dIplKGK0idaeGLlHioB5Ep9b6DX4E= +2024-12-05T12:37:37.117Z6NdJix+ZRZCMO+8d9QrlnHziCH8DOfPuO3q4DvYhRNQU1KLz+C0bwgx32X74qh+VfAloHSk4DQMbzlYgSYYT9Q==CN=Test CA,O=Test18urn:oid:1.3.6.1.4.1.3516.16.2Profile for High Performance Digital Signatures (version 1.2)BuO0EDNfkxSVlUbxCzmQPzX1AUF1/xx9ytWHk3/6SAOePxQiniEfDYk+90QeYb3lWpV3Izhuz9fKaYyE+lTcXw==https://repo.cyber.ee/dsig-profile-1.2.pdfapplication/hash-chain-resultMIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQMxDzANBglghkgBZQMEAgEFADCBuAYLKoZIhvcNAQkQAQSggagEgaUwgaICAQEGBCoDBAEwTzALBglghkgBZQMEAgMEQMGj4zKt+XBkKSGFwm+QBpMi2pZ/dgbkGlSn8XmmceGiWVMyzO8xsZuKPryHomHtr9xYg1t2WdxjjUWbPovXKyACAQEYDzIwMjQxMjA1MTIzNzUwWjAKAgEBgAIB9IEBZKAmpCQwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0GgggUsMIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDUwNjA5NTA1NFoXDTQ0MDUwMTA5NTA1NFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgRFNOs/GwiiWs27YlIkficK82DOpD2fHlD40nLUWukarpG9cPEOGUPfTLY7Op9hcbtqWKEYXM1PRPo5ratfS9AEJwv6Hi7F4c/rRKg0bPo9bWBIdQJzzS4tKhUx02kB6lsuBI5kVRl4J0XVwK93IT7DH8fLJMqTy9Ts9XRPCmdEpksMWHnBChZ8c6rRupYDddY+sQTVnqDSx8ShEIG/lC2oohAP1BcGE3XWxBpU8dpZsmKe9AGkaFhqHSWcKjEf2ZoqoiUkMWfbXYtykgyeblXtHnf5QFaBNHmOEZTgrmOdaPH+EWisnuBKWyUgxp2e8LIovf9uNzdy/Gqjm1b4YiMVqGewYNcud4Zc64fNlOpSvJx+aUFuDwHbA5z68i++qgKoQ7ggfAFQ1GlnktElUX0lHMUM1yBELD7l9/DXjaKVr9ptiusGSDNq0IDT+N2Pf5acdwedTG6tRQuGZfhlSJL2oGoKwf06jnU88kxihCm6hQZfQvdorUh98xl39ckc1P6QHSXhRDtKOTaCLB1hK5MciXEjeaAoU4h16tsWmnaT9kQhLO5RY1fyTBanudT/bpsVVlj7FcV32ZkNshXJXjvvIgvxCrBBwD2ITx0jhJy2Eo+wHPceD8RrTIyiWPqMzDPKCcrWdslSlKsksxzCpWJ/eVtDgoqwlB7dXo5nVbqwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFF7UoEZQt68oD4VMfBBZ71YwISflMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBjzpaSJjIdSkeRWHQBmv/1DH9WjCmnqFXNKG92XSmIHywSVEyVY88lWid14v5X4zTc3ZFFdtfY7k8KK/7YFnDEpS79UO8vlk2gmvabiNx2bfABH+eHwql6IspDcSFHtWdDon0l6fCFptqeuT1KpYGV8ZGAn/w9j86BacxFMGOqyzMZqcjIZKmOB08W5n8IMYelTEtfD/Agb4J1NPcvJjXRcV8V1faxpR74VRdre0p1CEF/rY2GMdzvUIKGQXhRpyP7sj6Kp+pCqthNU6BNl9bc2M/0JXp+EQwokgLQ6zwBgnBwkB48nnphzyg0Ms2JOo9avDkrICG20XuxAUumpR2rHNO6tOY93rIwxAxiM8Jc50dHHWN3qYmDFxEiPfQrF4qEWA7PIZjs6njoyKVq16j7W4LEUnTBG/atoCpXyezwzTGAMOfT1Bl0B4MFhKJqczJamFSNZajlERLigJn8a3c+kmz1HgBeCfemjKpZKG1z0PixfcZSofCqk1BelXTBzqRsGGHQ45B4F2QiFw/s2slZ4gxq0kfHJFOp2/JXIz0G6aiYQVGa3ryrAsb7mGzL0EdT5AKnROhOhM4CH5mvUE/4RWx92rguyohi3CmmxhCL/4bgcLJ1hcH0MxdHRwTWPBDod8S6ZZ4Zjc38oASkub0iYndi1LPgaAJ6WmhIgS4eFzGCAuwwggLoAgEBMCYwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQQIBAjANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI0MTIwNTEyMzc1MFowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhIbycL7EUf3QIk5EMSJoMJdgSdEwLwYJKoZIhvcNAQkEMSIEIAMAqshMa5p+LZkTWxAlfHlqYQHdq21bEOzRqSdFEfwoMA0GCSqGSIb3DQEBAQUABIICAFzEoYWinrNKREMes1CKgnv5J96fOgrVmSzAho1ZAxJJvrPIQuEolPvTKVz1XTzF4wrzux6fmZC1U49zRdKKg+Brf7K2+Fo6olyn6djuNfv+p5TgZ7LcWze8OJ/Mi8qKAeqUM3zEJK/9yiOKmOcL+TmZ37nlFVAD0/QJbj4m26E1LKTsztpgzk+qpDQATp4TXsclVL3TlOfbgJ5WBT8XUKSSrXa3MCQ54WpXwVNQ4M/L4vHA1qssQruFeFvyQSWJcSZ+AWUjtO0AeDsK44zJXXLGFZ7oHEKBjj2z98K6tPAzdPFgwX0QK4P32lQ9LhDBW6GlbzOIdDeSb0NpPsiAJPstP0obDUfD0+69/q/1pLQpnHyQT0iFwbzIerKoWrGb3wY8AZis4L9yleH3QcBd2lcqZU7TQRP7/XzwtzxIR9i2cK13VmQ70PdVyoFaTR361YBOAv/jf2BxXAWRMmEs7lKZoQ7JaPy6pvblCCCTo9EDvJ6kfWabHvicDJ3F5gfKDarlRK7AuOkKUB45eI5iGwRmqdCRHLntcHAze552YkXVomXy3DNq+ERsWb3mTS7w/op9UY4HXFt3VBjceOMsUQEQtmDlgCOUVUfZBmSq/I62PTJLwhPyLuDzZ/DqJH7pEaPPFsyAX6K7Smvd+pC+GqKEjZwu3Ry5r1SfOx/ljp05MIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDEyMDUxMjMzMjZaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBEoAAGA8yMDI0MTIwNTEyMzMyNlowDQYJKoZIhvcNAQELBQADggIBAEfXRVtoC3Chivmef/8KpAwFbFTzNQWM7lLw1VGrNpb1r9fq2YizKSzg5Ha3/P1CHTjWR4G/rSk3G/znsISKuQmJKIC42vgPm6FnlLQCEulWDK114sbCJ6wziuHPyu6bE0FwR9h6ZMRPIdW8MdRRc/nNyp9pmZHfI+8JfFuQ2QO7N/M8igCgUCh/Ki1U0VMoFlHifEHjB+Y/Q/sPkgVfr7gUKEbXBNBkHukGiHfHyvfLJxtqsSAzDJ9IF14cmtmwJHdM1ZLMolO1XXnFxG46Szm9TMWcwdxVp0M6eRd0vHbwOgogqyjlH3YxF9uJsO5j5yc7fHxb06K3bItKzKEO0E+9b9duR7wXkIel1fiyJSfszJRRIYmyD5taZOCi/e3RlIdNQge8BuCkwYYbiWS/QAZW8aF+5iXHL45WlqtydABhRDZePM9S0i9RuDBHy2BkIq+XcIyAcjVVApl0pnKE/rpgurh9kLPs4SyG1QFAnzE82CPIJAqoQIv8rChz930h/9DYoPrVJbpAH9jtn6SSEdwATssselQcXLOK04dkbOrPCJ5WcxRUB2DqPgIH8S8A+srMZThtcqa2c33UPOiGDu7GVnonvBCMzIO4A5WtM7jKCh179TwVl7Terhc2QplWgCcFyWEJc0rIWzQbkqsmmXJ4/TmsH3hBRY+WlYR3pR5GoIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ \ No newline at end of file diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/timestamp.tst b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/timestamp.tst deleted file mode 100644 index 5aeebef792..0000000000 Binary files a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/META-INF/timestamp.tst and /dev/null differ diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/hashchain.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/hashchain.xml deleted file mode 100644 index 2bf3dc3cc9..0000000000 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/hashchain.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - - - - MaABRWAlSJkYIvn00ERtuzrMHRBXsCVMQm5GoBMcl71XEQ/LOZQU1TFCpT2G0bHlR0TD+AfAKkpJGOq7fSDKBA== - - - ylyfi1WldaJ+fsUy5+h5Hfep7cM4z0f0Cua3zrCn8+rLrCRPuYym+9pMequYW0ZnQMqNUnZp0RFNqLEWnUWq2w== - - - diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/message.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/message.xml index c52274c2d3..55aa0a9889 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/message.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/message.xml @@ -1,25 +1,27 @@ + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - test + DEV + COM + 1234 + TestService + storeAttachments + v1 - EE37702211234 - 7113f3a6e47b76a91055d9d9a9ccaa87 - issue + 6354aea4-1f3e-4354-ad39-666f76e438c8 + 4.0 - I am hacked + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/messageX.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/messageX.xml index e33b3db11d..421955b2bd 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/messageX.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/messageX.xml @@ -1,25 +1,27 @@ + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - test + DEV + COM + 1234 + TestService + storeAttachments + v1 - EE37702211234 - 7113f3a6e47b76a91055d9d9a9ccaa87 - issue + modified + 4.0 - aä + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchain.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchain.xml index 2bf3dc3cc9..c59eaa345f 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchain.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchain.xml @@ -1,12 +1,12 @@ - + - MaABRWAlSJkYIvn00ERtuzrMHRBXsCVMQm5GoBMcl71XEQ/LOZQU1TFCpT2G0bHlR0TD+AfAKkpJGOq7fSDKBA== + ozsxpZTg6uGioahdgFLfuNr1QDzoziujzXynA4Agqe94Y60+Rocq/TzELpylgowAOjoyH1poIbbp8yDRitfPMA== - ylyfi1WldaJ+fsUy5+h5Hfep7cM4z0f0Cua3zrCn8+rLrCRPuYym+9pMequYW0ZnQMqNUnZp0RFNqLEWnUWq2w== + YoZ26aBCLuGV0W9J7CH6YtOXhkEsleUwu1GwIrQ+ZJw7GBAnTwRZF2s2n/z8h1iOkzLiFmO8p4f2VVz+F1DqYg== diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchainresult.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchainresult.xml index fbaf334a9b..1867262658 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchainresult.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-hashchain-modified-message/sig-hashchainresult.xml @@ -1,5 +1,5 @@ - + - XP9QXlQxMN3x4biFN+YH5eIBaJu+Hs05HwDk/t19ERjUZv1tQEhGDU/WZuKoE7fdl4HaE7RZBAiwMbMyYb6mwg== + LBOjNdtBOVpLkGFJC5JTBF3J68PSAchOuJUan5xsa4U8C2LZB0DasBB8eeTe27XWcjfjb5crfs5dvaKKYvfnZw== diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/manifest.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/manifest.xml index 8d0dffc0ae..12d813bc27 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/manifest.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/manifest.xml @@ -1,4 +1,5 @@ - - - + + + + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/signatures.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/signatures.xml index 4ea0d03c29..b296edfffb 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/signatures.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/signatures.xml @@ -1,46 +1,46 @@ - + - + -BGtNQlzp3XwQ3jy9qXxLEm/xiAqbZ8V0M4ptnRYMSLuJKlqvfvWp/zbUzpJFlzhEWVmsVY8EXqNk -2QkI0FyA4g== +h+nCF0uWI2EuFjZb5dycNBDrUwG/Xz2grwnagMmJ3q4AIomSLWUg6LJbZJpEnh5tJgPUZijguou3 +BDTFnXSaFA== - + -mH86rSIHxmWf+1gGJXrAPzDH+R6sbGnxqeXbI0OJPNG+jXcoMUUd1Zmu0EfjTvDslkjEL/UzJ/qD -M917Jo2Xhw== +8t/k/DPwL4TF8YJmya4gnRW/7uZ+MXv+bQxUwzY+jP7GeAx++mTMVJfhSRFY2c+NYTb8YiL3XQuO +EdsQmfg1jg== -na56uaVH1fXRxjnoftyKSnTVIMdUPWb7gOBWIY9jcO9uiS3KZkrnzryeaqaPpd1l/2dlPhok32As -nwvMOv1gDO1dGwLERJX+rFj0pZhKOddJHcghp3taxjjgzn9sfq+tiv828TvwziKZhy9WaViP6k65 -LpvBBWVFX3yhHsi0FDiMxj2id85ycaOmF3xtXH1ZFU2OeTV//tb80evuoCVhyLQ+zraNQHigxGb6 -aJVUZC6Vkr2BVc9AweXBmWP+42az8FN2gb4ULhB89DhLXeloW3oYXmC3aschIZiOtOM0n/rljRfV -ueONtUcevR1pyT7o2bDQ7Rfdu6d4NbvlFWtjSw== +ZS+9m7OdP16V6UK4gMIT2UyORAKYaz6jnOgeO++HA8VJp0bJa+rgD/NIzqYru4S4EiMt7RHhC/itVdY29CFzlTgquR8sLoIDep3ziBUh6gLB0LAwwjSJlfqbg+wL4t4ZGET59RalF7H2aGYDjEpHYLdy7+vCVp9r2X70/2EuZPdVX59lQauqI9yBjzmH9BlKbDtc0rlwIbg16QZrO5OrcJChH8SnZ6QUUAopgPrTerFgNKnvt4f467spiH1iCX0UkcS0FPG9qQLfVC3eUrqA66Sj8cplTSVB1FhknCB1NoODD/8pDhgMuX4FlVfu45Fhkmepe0zLhXdhfPFPePWbsg== -MIIDiDCCAnCgAwIBAgIIPl9RxHk9tEQwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D -QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTIwOTI4MTgxODIxWhcN -MTQwOTI4MTgxODIxWjATMREwDwYDVQQDDAhwcm9kdWNlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAL6kZcfiqsmviMOoPlZ70wiy8/W05Ks+OlbPE72LWFMjsxbV/LAnsR4NZhJSaWfK -LTkmjeAz+ZPE57gBfKDeLZePvI5UgXx8ICv335u5xZdGPQQdKI0jymU518KVYzQEvStJarkul/tP -BpJUAWLH8OWcHlWes107tb9pA0e8IAM3TzlPQTfqCYhEBBEuk3KelWB4OyN4vz2g/X8awEfDrdpn -D04M4V6dnFmqNJkzqH/NrG+8gs6KNpei0oyo6Oxzh34jD8dIxHGsyQlYcX+ojtAUSP8al87RJYo5 -R9lTZTo3VzzOZU8k7+9l87x09DjCBpsV+NrgFdMfN0yq8+fRHekCAwEAAaOBuzCBuDBYBggrBgEF -BQcBAQRMMEowSAYIKwYBBQUHMAGGPGh0dHA6Ly9pa3MyLXVidW50dS5jeWJlci5lZTo4MDgwL2Vq -YmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQUOSov6/KI/czxIZu50J/za2u8vPMw -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3LYkuA7b9+NJlOTE1ItBGGujSCTAOBgNVHQ8BAf8E -BAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAAah21Rhpo+MwvkJZI+sUu3CgejKGvLWNT4LEZQqFNl2 -QuKsFRlmV9nIo9SZND0jclp2GFj4i9uD+kuMZ2++5bq0tWqoF5GsBeILwxuNxwapaB8ZUGoyn2OZ -u17LzZhevlBP40NjuOW19L0meFsh7gxgbWhznR+lrzpZheprvEgRkaVoBcCLcMVh4DLGO935xQHU -StbyrKaCl+UDu+vBzCwes8oOrIPNU/TOoRzws9/NiIHeJxVBN2Jf0C3C7H58O3gmbqcBclfoBo5N -5nQaeAs8ASXASxcscVUoREaKExjoSIC+KMXhSESWdc7Prswii7i1i/l/ITMpNLr29O/0FPY= +MIIEQTCCAimgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQD +DAdUZXN0IENBMB4XDTI0MTIwNTA3MDMzMFoXDTQ0MTEzMDA3MDMzMFowSDELMAkGA1UEBhMCRkkx +FDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvc3MyL0NP +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHKk1EqJ0GAr8AXZsGzhRcr6F7UuXIu +sXXzD3UuHFDpnBdZuB7oMK4XIiuzwuJ9bRpQEKh+FnncJjQTCz9V4ZkCirwZcHDBETKdcJfMIsmC +NluHjJyKY4fqYMzupnhPfJDCYUossfuPPSDdwK7w9mg7KQcpJJ8nJc2wb9NLdG1ds5cgupPVVVXy +GB/h3n5+8JpfAwp1Jd4KN3p8dvt1DNiunVoHVofdENvtuuy2Tv1y8Sk2wW29zQ4HjT0oC3Ls/O6G +yZVjqstr44qyXituHdK0mNLmQTSlv1FLj/DDERl17/iL0CYTjakq0s2kU/QeH4NDM20KU5sJxThw +NwwZjy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFGFC+sQB +UOb+A6j8v4nmOyWUYWujMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3 +DQEBCwUAA4ICAQASJrJAu65+prtEOB1qJ/n5FjgSJ698WynMnOoF0oLHWlrdzOK+FbtpsLmpzB9N +CYA5NgRFc0hWqLr6VfeUw8z3+pimJT4aMbND9ZxT3vNl1mzNTNqeUeKFtoSPxJgpQzZZkhylWaJg +Mv6KnmNElX9S7ckZWBFPvvhe7+4uRNh5SHTRaez5pUxN0GRFrfVej05sIZwqn1j7wBu7H2p9UKRa +oRj9zMzG7oRgjYvXlKUn1O6PCzn0McH6mt2BYCaGG9kOZklLg75VRKcLBN4ebNxRkLk3qa1rcXOI +AsomDBEGU/0tbP+tSlaQXu8JKyD70dVjpYol/qUIV5+8OpH+hTb9779WmAZ/dLshXYA6trE5IIWR +QzeHSpLcKZAKX1aSO1/T2a7YfqmgLzEgeCDkAtNlQIsvJAUf8VNaNcnRZMF04zd3NyZYuh6xel80 +IC9IWUiAroEF5kFv+fu0xM0/ID21YjM8NckNCC672/2icKK9hlMPLsliEw6Zb587PTnPjpUXLntP +FiSSDbmXIsF6DtSL3rmoPHmj3e6UEj1Fe364J6Fl3wrykTzN2SlpDoUmOqY1NoHxIO/4YXBX+s5/ +S1gRfsUrC7UWQf3cjtDdr69nCcQDmRlhkJij0SkJjdXrdONptFQVwy+JcT/CiwkNk5yf3VvyHOP9 +HtZtkTx9cL+tPg== -2014-05-26T07:46:08.335ZAWocSK9lCjklGP96VcWGDMY92B7MCFF44/bIZmhGR51wWG8jZU3F3nO9y2Eth0PWo7iqds7X0PO7gDnQExd/gw==C=SE,O=EJBCA Sample,CN=AdminCA14494400857428571204text/xmlMIIBugoBAKCCAbMwggGvBgkrBgEFBQcwAQEEggGgMIIBnDCBhaEYMBYxFDASBgNVBAMMC09jc3AgU2lnbmVyGA8yMDE0MDUyNjA3NDYwOFowWDBWMEEwCQYFKw4DAhoFAAQUQUX4pczwfgHr8dItQKHik5Kx4C4EFHctiS4Dtv340mU5MTUi0EYa6NIJAgg+X1HEeT20RIAAGA8yMDE0MDUyNzA3NDYwOFowDQYJKoZIhvcNAQEFBQADggEBAElGlYmbQLbShnZ1Gq3OmNEAr/WCf/LWmoeWqq2vdET897BLizYitmIED3UdptJzgHEKlxkF3Ui8HCdi21taVDSEn4WUK9P89wqs+YSJ2ygRvfml4s0omNQ7ryzE6Locq1QMKJ7QFKeKaghPqyHHcNfkD6SigIr3e8JJd8wqzGnwGBYUXA2/TmRaz5rG/0em162HxUluOcLorvsA9BhYNjEP6CNH5DsGcntCkd17XfqDDOAK0N0uSxHnNq8m3k0aTA3NMg9INWQVXMUcIyZRcGOLF74hDy85YXNi09oN0Zmd9WHQNR7QFbK32EYUdQa65t/Vw7/B2SGCsAwg9bvrGa0= +2024-12-05T13:16:11.661Z6NdJix+ZRZCMO+8d9QrlnHziCH8DOfPuO3q4DvYhRNQU1KLz+C0bwgx32X74qh+VfAloHSk4DQMbzlYgSYYT9Q==CN=Test CA,O=Test18urn:oid:1.3.6.1.4.1.3516.16.2Profile for High Performance Digital Signatures (version 1.2)BuO0EDNfkxSVlUbxCzmQPzX1AUF1/xx9ytWHk3/6SAOePxQiniEfDYk+90QeYb3lWpV3Izhuz9fKaYyE+lTcXw==https://repo.cyber.ee/dsig-profile-1.2.pdftext/xmlMIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQMxDzANBglghkgBZQMEAgEFADCBuAYLKoZIhvcNAQkQAQSggagEgaUwgaICAQEGBCoDBAEwTzALBglghkgBZQMEAgMEQBt9rZMBtSlYEABRUCvS+C7byEK6gDkwBlw8s7V6dMar4fpCovrLFnR4+zXaQ2+rOUif1du6YAq4ViPLMAZ0bv4CAQEYDzIwMjQxMjA1MTMxNjM1WjAKAgEBgAIB9IEBZKAmpCQwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0GgggUsMIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDUwNjA5NTA1NFoXDTQ0MDUwMTA5NTA1NFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgRFNOs/GwiiWs27YlIkficK82DOpD2fHlD40nLUWukarpG9cPEOGUPfTLY7Op9hcbtqWKEYXM1PRPo5ratfS9AEJwv6Hi7F4c/rRKg0bPo9bWBIdQJzzS4tKhUx02kB6lsuBI5kVRl4J0XVwK93IT7DH8fLJMqTy9Ts9XRPCmdEpksMWHnBChZ8c6rRupYDddY+sQTVnqDSx8ShEIG/lC2oohAP1BcGE3XWxBpU8dpZsmKe9AGkaFhqHSWcKjEf2ZoqoiUkMWfbXYtykgyeblXtHnf5QFaBNHmOEZTgrmOdaPH+EWisnuBKWyUgxp2e8LIovf9uNzdy/Gqjm1b4YiMVqGewYNcud4Zc64fNlOpSvJx+aUFuDwHbA5z68i++qgKoQ7ggfAFQ1GlnktElUX0lHMUM1yBELD7l9/DXjaKVr9ptiusGSDNq0IDT+N2Pf5acdwedTG6tRQuGZfhlSJL2oGoKwf06jnU88kxihCm6hQZfQvdorUh98xl39ckc1P6QHSXhRDtKOTaCLB1hK5MciXEjeaAoU4h16tsWmnaT9kQhLO5RY1fyTBanudT/bpsVVlj7FcV32ZkNshXJXjvvIgvxCrBBwD2ITx0jhJy2Eo+wHPceD8RrTIyiWPqMzDPKCcrWdslSlKsksxzCpWJ/eVtDgoqwlB7dXo5nVbqwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFF7UoEZQt68oD4VMfBBZ71YwISflMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBjzpaSJjIdSkeRWHQBmv/1DH9WjCmnqFXNKG92XSmIHywSVEyVY88lWid14v5X4zTc3ZFFdtfY7k8KK/7YFnDEpS79UO8vlk2gmvabiNx2bfABH+eHwql6IspDcSFHtWdDon0l6fCFptqeuT1KpYGV8ZGAn/w9j86BacxFMGOqyzMZqcjIZKmOB08W5n8IMYelTEtfD/Agb4J1NPcvJjXRcV8V1faxpR74VRdre0p1CEF/rY2GMdzvUIKGQXhRpyP7sj6Kp+pCqthNU6BNl9bc2M/0JXp+EQwokgLQ6zwBgnBwkB48nnphzyg0Ms2JOo9avDkrICG20XuxAUumpR2rHNO6tOY93rIwxAxiM8Jc50dHHWN3qYmDFxEiPfQrF4qEWA7PIZjs6njoyKVq16j7W4LEUnTBG/atoCpXyezwzTGAMOfT1Bl0B4MFhKJqczJamFSNZajlERLigJn8a3c+kmz1HgBeCfemjKpZKG1z0PixfcZSofCqk1BelXTBzqRsGGHQ45B4F2QiFw/s2slZ4gxq0kfHJFOp2/JXIz0G6aiYQVGa3ryrAsb7mGzL0EdT5AKnROhOhM4CH5mvUE/4RWx92rguyohi3CmmxhCL/4bgcLJ1hcH0MxdHRwTWPBDod8S6ZZ4Zjc38oASkub0iYndi1LPgaAJ6WmhIgS4eFzGCAuwwggLoAgEBMCYwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQQIBAjANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI0MTIwNTEzMTYzNVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhIbycL7EUf3QIk5EMSJoMJdgSdEwLwYJKoZIhvcNAQkEMSIEIFF2FwC6mbULb/bTRhH8cE7sul5jnAZXJrmDjt86DfqKMA0GCSqGSIb3DQEBAQUABIICAHbpudx0u3FX7/xXlu0Fg2ckIuXPb24VMmSbRqfZnTMxlsx9qkfM4Y26we/j54Jyz7KiBGxH/EcQqjC9fz6G52CZkgFntk3i31URrZ9EW0nkOhLRCQBt9s3xoZx3YZtBSrEbu2KQ7QgtCharHE3opHQRdCGI7qyUFcD3CwLs4S0+GOJtKU5Kq9Nf9pHtXxOq/Sd3vEbUPAScvJLnMOAPbYLp0s7dQel++SQgRhmTcYn4NIDeYG2/7iw7YcduHr3uaEDRRNsLHYXhAAWaFLhbAqggVHnxt2ReXLp81sSn78qcxFKUT7Q8KaSZV1gwz+GZoiu9CpmENv9+zB6R4lwE7BHrLyMF5j1Lx9F5s2bgtBZ0kJ7eIbxkqHpkS2AnfzqofYdoYKlSIOx5ENgfJWP+5om9kaKYeyjO0nH/32R6Tr0jxFL9ub5FEo8EySoACWIvYY5L77IXK01ZMfITrgWRf+52/cQIhZvnOASajAmrg1RC07M7C7i8ke+xFqQ1rdVXm0acDNJVLwnCqawUW0Zg+I6tboQ7mOL0c5fNIpdtM5ua1MsZwHU6WdbCtUGud5o2nyZLG7LJmcn4tCDnkTX+6b714ZLYCqZf4xUBUkvbHQwi6YQWG+/a4hCRY7n7vYNW2ny/Zvoe98fcfTCRc54qf6uGT3gZpXPdZSm39+0b+CmrMIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDEyMDUxMzEzMjZaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBEoAAGA8yMDI0MTIwNTEzMTMyNlowDQYJKoZIhvcNAQELBQADggIBAKE5UVfbrmqyekWMj0mutc9wb/zxIv39jS0XE7pcCmG8jjXwgXGlxsQBrOI4Za99xCzehUTM/Fu6C+298NbiB8itDl4zeqZRx6zZpOeLNyj1NLjmJGcgquXCrOwmFMUzAjcGWm8PV3a1lnn7fEx/E0iKchM7mZ2SjdMLrYnPFSkdZV+rBKje9ZPTSiSqNukE1iO6XJXwXnWETg3mmcchwDXwBYJPSIiLPBto9DUz9/JvOI/MIX2hIIaGLZTP1eBQDMV3hpyvT//gkaKqCGlKywEbZZl5zJy1Xz7llCA8nBL4G2KbjK0qoKbR8NLLJagtj8UfgzgRkysm1HE3VzbUabJezCyfDwohaSMq8+79fkfh+0BaDX4Ih0c3U2jMPGonNtuTtIC/xaSK+wGBJKx/xNoSQLxi8P8oWi5raXTTkQNmH72xrqUJps9qRYOQjaa1umcyVFXZRYbzmxh3au8XZ38LoaBpRPJ5nTDqeS0RadFm/+/fgZJdrqtAdfaO79CQWmb1XEAl4F5KFByRXuJpuL2bn5HUPfOfZwaOR3lI8e1SAHe1P8FiZYHW8V/0G5GJDo549CqoRYbuboUizSiHIvVNuE/LpVtQhRZgr+9gY+pX6/rQkTi6fQb/y/BdXyzHtyHist/mSnknE9QEdAJMSnIarQd1o+48GmODoxW2ddU9oIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ \ No newline at end of file diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/timestamp.tst b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/timestamp.tst deleted file mode 100644 index c183cba885..0000000000 Binary files a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/META-INF/timestamp.tst and /dev/null differ diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/message.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/message.xml index d1edcc43c3..32744b14f5 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/message.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/message.xml @@ -1,27 +1,27 @@ + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - getState + DEV + COM + 1234 + TestService + getRandom + v1 - EE:PIN:abc4567 - c3b4df6e0fab6aacf5e6a3e3b3428c27 - + dd19fe68-7d37-41bd-b79c-8948ccdb36da + 4.0 - - aä - + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/hashchain.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/sig-hashchain.xml similarity index 100% rename from src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/hashchain.xml rename to src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/sig-hashchain.xml diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/hashchainresult.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/sig-hashchainresult.xml similarity index 62% rename from src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/hashchainresult.xml rename to src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/sig-hashchainresult.xml index ba1bdf2a91..a3b15a0045 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/hashchainresult.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-not-signed-hashchain/sig-hashchainresult.xml @@ -1,5 +1,5 @@ - + +OUG+0ewGfNJ47GuKe6OJOMCpQo8jOXozQ0/VajHJ7U= diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/manifest.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/manifest.xml index 7dc93a8575..c409502d0f 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/manifest.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/manifest.xml @@ -1,6 +1,7 @@ - - - - - + + + + + + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/signatures.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/signatures.xml index 0e6e98b28e..7c0800dbd6 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/signatures.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/signatures.xml @@ -1,46 +1,46 @@ - + - + -I3WrcrK/DGakJSQzi2T/U1SJUwOih0Imng4kPd1HPXbjfI7jKlVE68thYRUdKqhtTw/nui6WNKym -nOKvVAedOQ== +q+Yew8cBTKofLdOd7kN3nTwA122c0krgFQ/2ey5mnvBWGAIuDe9MvWzyWOK87rrKs/u/14Vf9RAY +vL2oztYxzw== - + -V9MNtLbG41STyzspzgN5LUMG527hGx/5c+CiE/6atcn5oK7A3w34d8gdBG8RCKm/WMpN0eA7Xwdm -u86zh6p6MA== +wHI+C5EEk2wiDrr3RDCCW5noua22x2ANndyt1cnn+cefgSvhgACBQCg6JiJoBLzoaDLWyXBmuPl2 +gU+dn+tvLg== -fbfJ4hmAJIlCqatpQJX5ENZh6T6jNYmsfpnsi5JYSIwy6fIRzvfEdnoyBt5gW7sGBuQbzpeKh21H -QJndVf7awRIH8m+AMeaHqcoK3VjqXAOcfaPCc5sMSzwkaoaGqGelYB8jpXY/s+d7JCHqRtrzETOC -jen2In1o4c4K2b13mBsnpvALaTyarr3XZP/CRu0oyHj+GvLnHBQhuDUc1BbJvTHbjs6NcU12/zo9 -5YlK488PhvoFgsRDBFExNZQnF87SnrERCHf4jUJr6l2jLOMp5a7ltEQISMBqk1j6zcVziYmccnM3 -lcuhe8trUpgk/JAonhIe5qzwf4xSaffrzfzEAw== +gHc3d4Fcokud8tRRxSohFgXo4PNdniwVC6tPHXjECYUV1cypae52u3ID94Dcgf3Bf+3xE4Rs5tQ4yfohWsh3ICfMweayzeTLLlz7bgKTT7Li22dvhgYe2ISirOpxMoxd72eKscclR5KEAXCSYa8rM/36y0UV7wvevPjpKAigBw8ZsBgfLiRR8QrPv0mH7m8x5eYrzM0ejPDLVb/xEkVauFCRjhifqQFfIzJs29xvW7JVNasBvne8NSAQLIbU3G0mYV9b2rJO3Tl9jWWhVMfVzCl+dXa4TcoYkGybM+/6WmVgT/TYIqc6mi+4cPnBiwKgDXotlFaMIPN8p4KN+BgW5w== -MIIDiDCCAnCgAwIBAgIIW99Q5VUloqswDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D -QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTIwOTI4MTgxNzM5WhcN -MTQwOTI4MTgxNzM5WjATMREwDwYDVQQDDAhjb25zdW1lcjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAILY5AcoHHeoHIYqrrjaadQJwJlwMFN8mT/txE4/oKUWecvikwk1RNJNH0s+D9iU -oCsCYqlU7PXbIXIelkH08ehgsdi5OmNAiG0fxEIouPDDOg5L5c4wxOm1/vVf0H+yBrv1OWUfEnCw -siRmqRN1JU9LH1GkVulPdqCMbicqlbidTTfYcFwf4R7RfOFeHrrNJSBvRev+TUt+JnwbO4vHFxhG -DBXMLwiNZdedhE9NO3zUorWPEiVNapp/u0agMXAv3RmJsIGeVJerGFay7Eb9RbhTcHOePGl1IetV -7J3A9L14OqauMShaFJQUnTXSqS8ldcge/JfgSiWTqE0TjVc0pYMCAwEAAaOBuzCBuDBYBggrBgEF -BQcBAQRMMEowSAYIKwYBBQUHMAGGPGh0dHA6Ly9pa3MyLXVidW50dS5jeWJlci5lZTo4MDgwL2Vq -YmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQU25SlUgQRwFCiraz2euhPUBqpvj0w -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3LYkuA7b9+NJlOTE1ItBGGujSCTAOBgNVHQ8BAf8E -BAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAFFWRyInsq/jKrW20BKzRr2KAAnE2nDVmZLFfcv7ZwrL -OOJYkHxdPEfkcXcwJy4B1KJdvm0+1FlgfoKgDiUjTRbXraXmyUwAL5s5yMr9wFwu9N9JL6IwchMN -T6S5zwA+iioLMQbHAMfwXXSS/Vp7aUxmejK4XbNtehsukalD7S3ILAK7dtamPr0YvRqUBbj4k9zD -60gVU13jmACr/JuSXI4JxyoiFdUNDdtQbiiGOsrOuLmc/WbzXNo7iN/zhwEMJNJThtyGYthhiYeZ -KT+0B5Yy/sARkinWqLpUwddf+plfH+4HP2akrt8uoHSZXKKOmN8IlXgN89LPVBC+oSltnhY= +MIIEQTCCAimgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQD +DAdUZXN0IENBMB4XDTI0MTIwNTA3MDMzMFoXDTQ0MTEzMDA3MDMzMFowSDELMAkGA1UEBhMCRkkx +FDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvc3MyL0NP +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHKk1EqJ0GAr8AXZsGzhRcr6F7UuXIu +sXXzD3UuHFDpnBdZuB7oMK4XIiuzwuJ9bRpQEKh+FnncJjQTCz9V4ZkCirwZcHDBETKdcJfMIsmC +NluHjJyKY4fqYMzupnhPfJDCYUossfuPPSDdwK7w9mg7KQcpJJ8nJc2wb9NLdG1ds5cgupPVVVXy +GB/h3n5+8JpfAwp1Jd4KN3p8dvt1DNiunVoHVofdENvtuuy2Tv1y8Sk2wW29zQ4HjT0oC3Ls/O6G +yZVjqstr44qyXituHdK0mNLmQTSlv1FLj/DDERl17/iL0CYTjakq0s2kU/QeH4NDM20KU5sJxThw +NwwZjy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFGFC+sQB +UOb+A6j8v4nmOyWUYWujMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3 +DQEBCwUAA4ICAQASJrJAu65+prtEOB1qJ/n5FjgSJ698WynMnOoF0oLHWlrdzOK+FbtpsLmpzB9N +CYA5NgRFc0hWqLr6VfeUw8z3+pimJT4aMbND9ZxT3vNl1mzNTNqeUeKFtoSPxJgpQzZZkhylWaJg +Mv6KnmNElX9S7ckZWBFPvvhe7+4uRNh5SHTRaez5pUxN0GRFrfVej05sIZwqn1j7wBu7H2p9UKRa +oRj9zMzG7oRgjYvXlKUn1O6PCzn0McH6mt2BYCaGG9kOZklLg75VRKcLBN4ebNxRkLk3qa1rcXOI +AsomDBEGU/0tbP+tSlaQXu8JKyD70dVjpYol/qUIV5+8OpH+hTb9779WmAZ/dLshXYA6trE5IIWR +QzeHSpLcKZAKX1aSO1/T2a7YfqmgLzEgeCDkAtNlQIsvJAUf8VNaNcnRZMF04zd3NyZYuh6xel80 +IC9IWUiAroEF5kFv+fu0xM0/ID21YjM8NckNCC672/2icKK9hlMPLsliEw6Zb587PTnPjpUXLntP +FiSSDbmXIsF6DtSL3rmoPHmj3e6UEj1Fe364J6Fl3wrykTzN2SlpDoUmOqY1NoHxIO/4YXBX+s5/ +S1gRfsUrC7UWQf3cjtDdr69nCcQDmRlhkJij0SkJjdXrdONptFQVwy+JcT/CiwkNk5yf3VvyHOP9 +HtZtkTx9cL+tPg== -2014-07-01T12:53:10.084ZYS16cctCB+L01PCP/PTgCfhEI+4FtQP8bGNSbQ2RFYjLBSgBtM3ypXyB+BTABFe8GF+sI5v8RbInvXMJLK/JHQ==C=SE,O=EJBCA Sample,CN=AdminCA16620098923164181163application/hash-chain-resultMIAGCSqGSIb3DQEHAqCAMIACAQMxDzANBglghkgBZQMEAgEFADCABgsqhkiG9w0BCRABBKCABGAwXgIBAQYCKgMwMTANBglghkgBZQMEAgEFAAQgD1LXCYvR6G1wh59ZcKUY0Ob1BN9MwiUrVz2torte/rICCBkvJKh2dNMlGA8yMDE0MDcwMTEyNTMyNVoCB2cWXm3vlgQAAAAAoIAwggLCMIIBqqADAgECAghv5E82aR8J1jANBgkqhkiG9w0BAQUFADA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTAeFw0xMjExMjkxMTUzMDZaFw0xNDExMjkxMTUzMDZaMBUxEzARBgNVBAMMCnRpbWVzdGFtcDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJvnk1UO0fOz3Wx+Vfd9q1lZRLr2vGTEMylwajp2gnthoqsIyvcFndmUNN8J0SixahxNxhd2bcI7wFeVm+GS8rIc3+GvRTMPRPyPyYFiird8aNNVMk4gbbJOzJP/fPd2lwzIYxbCyKo531NO0jwNxHZw69DOUuJX2HP+QH2Isl5JAgMBAAGjeDB2MB0GA1UdDgQWBBRt2a28ocJ7T6+Eo/5lxVSOZ/nD8DAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHctiS4Dtv340mU5MTUi0EYa6NIJMA4GA1UdDwEB/wQEAwIGQDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAQEAUncAngjhFN4wFaE3xEs9B0nNx3RVGn0VTJiGciRHrv2ddT5lsjJpA3Hf6E8huFw4wrGUoabQtwOeMcvgS4noZvTbu8XuZLAVtwo8z4vbfHZAu+5VxQSNxs/cpyb3dcJK7dEjvUkg0z5aKeNeR78I64XOExYlwtiPtLl0ZHnfJrQ2dJ/t2W5rkUsFGI4UDmRFZN+3pFwRbSMZnOxwvrBmf6Ef30iKGOqB3FXUbJ0v4GAMx+vJnOGX6HVa1PC/QGLkazzW/xSU1ROcIJ8u719q0fHzn+20VxcTK31JDN7c0ZxpHWLeTJm82KPMbcL6OtScn+UWzkBwiI8bQSbPqhkRiwAAMYIBiDCCAYQCAQEwQzA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRQIIb+RPNmkfCdYwDQYJYIZIAWUDBAIBBQCggZgwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xNDA3MDExMjUzMjVaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFAWhDuvbDNlnnkyFp4hIFF7x8AvqMC8GCSqGSIb3DQEJBDEiBCAXnX7JLqY1paYmbvj0ds4+qZ7VsJDKeRFTjntQvp1DqDANBgkqhkiG9w0BAQEFAASBgAFTEpCx30LW37B77dpa7evb16FS94s5tJIsH6uuZ8wNuUW7LNoevCzUWtYxvDLQmCQnScph1L+ew6KYo+6yFLVj6m3TL+uTskGE3RIbOvaxA6AXDj53Nn7ep3zKGSAExGPGs6bccwR97PHs0rTbgEMmdJ6sfRoNT7OnaEb/wdLuAAAAAAAAMIIBugoBAKCCAbMwggGvBgkrBgEFBQcwAQEEggGgMIIBnDCBhaEYMBYxFDASBgNVBAMMC09jc3AgU2lnbmVyGA8yMDE0MDcwMTEyNTMwOVowWDBWMEEwCQYFKw4DAhoFAAQUQUX4pczwfgHr8dItQKHik5Kx4C4EFHctiS4Dtv340mU5MTUi0EYa6NIJAghb31DlVSWiq4AAGA8yMDE0MDcwMjEyNTMwOVowDQYJKoZIhvcNAQEFBQADggEBAMYV0J4smQ/B7jkuaXSD8SrXWIMbBg6SG03+iMF6soQwQIKJRJ5s40sFp2UrzBvVKHpRZjmcecFnSMI0oZOiJy/ji7IBWISiRPC9F/RqEQ/w52j0V7gzL1DE3iRe3FA2rbZlFH+vTXSJ7+CLWnyImmHQe4043J/tMJ+mHPmozVkUvltCGkItxblkkpklLT1779ulVAZDlbVuyh6FUJdsWxuKSZIhC9mdmvwz3XWI+l+pE2yBfA1r9p5gOYXbWb0tXwQ6oYkelLK5ikeYXYkh9suQcbdrzoxx2XsT6/E1WuJogBfVeDMyKQx6JfQWDuqrzxlkmsJtKSFcChP7dKFZYLE= +2024-12-05T12:37:37.117Z6NdJix+ZRZCMO+8d9QrlnHziCH8DOfPuO3q4DvYhRNQU1KLz+C0bwgx32X74qh+VfAloHSk4DQMbzlYgSYYT9Q==CN=Test CA,O=Test18urn:oid:1.3.6.1.4.1.3516.16.2Profile for High Performance Digital Signatures (version 1.2)BuO0EDNfkxSVlUbxCzmQPzX1AUF1/xx9ytWHk3/6SAOePxQiniEfDYk+90QeYb3lWpV3Izhuz9fKaYyE+lTcXw==https://repo.cyber.ee/dsig-profile-1.2.pdfapplication/hash-chain-resultMIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQMxDzANBglghkgBZQMEAgEFADCBuAYLKoZIhvcNAQkQAQSggagEgaUwgaICAQEGBCoDBAEwTzALBglghkgBZQMEAgMEQMGj4zKt+XBkKSGFwm+QBpMi2pZ/dgbkGlSn8XmmceGiWVMyzO8xsZuKPryHomHtr9xYg1t2WdxjjUWbPovXKyACAQEYDzIwMjQxMjA1MTIzNzUwWjAKAgEBgAIB9IEBZKAmpCQwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0GgggUsMIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDUwNjA5NTA1NFoXDTQ0MDUwMTA5NTA1NFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgRFNOs/GwiiWs27YlIkficK82DOpD2fHlD40nLUWukarpG9cPEOGUPfTLY7Op9hcbtqWKEYXM1PRPo5ratfS9AEJwv6Hi7F4c/rRKg0bPo9bWBIdQJzzS4tKhUx02kB6lsuBI5kVRl4J0XVwK93IT7DH8fLJMqTy9Ts9XRPCmdEpksMWHnBChZ8c6rRupYDddY+sQTVnqDSx8ShEIG/lC2oohAP1BcGE3XWxBpU8dpZsmKe9AGkaFhqHSWcKjEf2ZoqoiUkMWfbXYtykgyeblXtHnf5QFaBNHmOEZTgrmOdaPH+EWisnuBKWyUgxp2e8LIovf9uNzdy/Gqjm1b4YiMVqGewYNcud4Zc64fNlOpSvJx+aUFuDwHbA5z68i++qgKoQ7ggfAFQ1GlnktElUX0lHMUM1yBELD7l9/DXjaKVr9ptiusGSDNq0IDT+N2Pf5acdwedTG6tRQuGZfhlSJL2oGoKwf06jnU88kxihCm6hQZfQvdorUh98xl39ckc1P6QHSXhRDtKOTaCLB1hK5MciXEjeaAoU4h16tsWmnaT9kQhLO5RY1fyTBanudT/bpsVVlj7FcV32ZkNshXJXjvvIgvxCrBBwD2ITx0jhJy2Eo+wHPceD8RrTIyiWPqMzDPKCcrWdslSlKsksxzCpWJ/eVtDgoqwlB7dXo5nVbqwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFF7UoEZQt68oD4VMfBBZ71YwISflMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBjzpaSJjIdSkeRWHQBmv/1DH9WjCmnqFXNKG92XSmIHywSVEyVY88lWid14v5X4zTc3ZFFdtfY7k8KK/7YFnDEpS79UO8vlk2gmvabiNx2bfABH+eHwql6IspDcSFHtWdDon0l6fCFptqeuT1KpYGV8ZGAn/w9j86BacxFMGOqyzMZqcjIZKmOB08W5n8IMYelTEtfD/Agb4J1NPcvJjXRcV8V1faxpR74VRdre0p1CEF/rY2GMdzvUIKGQXhRpyP7sj6Kp+pCqthNU6BNl9bc2M/0JXp+EQwokgLQ6zwBgnBwkB48nnphzyg0Ms2JOo9avDkrICG20XuxAUumpR2rHNO6tOY93rIwxAxiM8Jc50dHHWN3qYmDFxEiPfQrF4qEWA7PIZjs6njoyKVq16j7W4LEUnTBG/atoCpXyezwzTGAMOfT1Bl0B4MFhKJqczJamFSNZajlERLigJn8a3c+kmz1HgBeCfemjKpZKG1z0PixfcZSofCqk1BelXTBzqRsGGHQ45B4F2QiFw/s2slZ4gxq0kfHJFOp2/JXIz0G6aiYQVGa3ryrAsb7mGzL0EdT5AKnROhOhM4CH5mvUE/4RWx92rguyohi3CmmxhCL/4bgcLJ1hcH0MxdHRwTWPBDod8S6ZZ4Zjc38oASkub0iYndi1LPgaAJ6WmhIgS4eFzGCAuwwggLoAgEBMCYwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQQIBAjANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI0MTIwNTEyMzc1MFowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhIbycL7EUf3QIk5EMSJoMJdgSdEwLwYJKoZIhvcNAQkEMSIEIAMAqshMa5p+LZkTWxAlfHlqYQHdq21bEOzRqSdFEfwoMA0GCSqGSIb3DQEBAQUABIICAFzEoYWinrNKREMes1CKgnv5J96fOgrVmSzAho1ZAxJJvrPIQuEolPvTKVz1XTzF4wrzux6fmZC1U49zRdKKg+Brf7K2+Fo6olyn6djuNfv+p5TgZ7LcWze8OJ/Mi8qKAeqUM3zEJK/9yiOKmOcL+TmZ37nlFVAD0/QJbj4m26E1LKTsztpgzk+qpDQATp4TXsclVL3TlOfbgJ5WBT8XUKSSrXa3MCQ54WpXwVNQ4M/L4vHA1qssQruFeFvyQSWJcSZ+AWUjtO0AeDsK44zJXXLGFZ7oHEKBjj2z98K6tPAzdPFgwX0QK4P32lQ9LhDBW6GlbzOIdDeSb0NpPsiAJPstP0obDUfD0+69/q/1pLQpnHyQT0iFwbzIerKoWrGb3wY8AZis4L9yleH3QcBd2lcqZU7TQRP7/XzwtzxIR9i2cK13VmQ70PdVyoFaTR361YBOAv/jf2BxXAWRMmEs7lKZoQ7JaPy6pvblCCCTo9EDvJ6kfWabHvicDJ3F5gfKDarlRK7AuOkKUB45eI5iGwRmqdCRHLntcHAze552YkXVomXy3DNq+ERsWb3mTS7w/op9UY4HXFt3VBjceOMsUQEQtmDlgCOUVUfZBmSq/I62PTJLwhPyLuDzZ/DqJH7pEaPPFsyAX6K7Smvd+pC+GqKEjZwu3Ry5r1SfOx/ljp05MIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDEyMDUxMjMzMjZaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBEoAAGA8yMDI0MTIwNTEyMzMyNlowDQYJKoZIhvcNAQELBQADggIBAEfXRVtoC3Chivmef/8KpAwFbFTzNQWM7lLw1VGrNpb1r9fq2YizKSzg5Ha3/P1CHTjWR4G/rSk3G/znsISKuQmJKIC42vgPm6FnlLQCEulWDK114sbCJ6wziuHPyu6bE0FwR9h6ZMRPIdW8MdRRc/nNyp9pmZHfI+8JfFuQ2QO7N/M8igCgUCh/Ki1U0VMoFlHifEHjB+Y/Q/sPkgVfr7gUKEbXBNBkHukGiHfHyvfLJxtqsSAzDJ9IF14cmtmwJHdM1ZLMolO1XXnFxG46Szm9TMWcwdxVp0M6eRd0vHbwOgogqyjlH3YxF9uJsO5j5yc7fHxb06K3bItKzKEO0E+9b9duR7wXkIel1fiyJSfszJRRIYmyD5taZOCi/e3RlIdNQge8BuCkwYYbiWS/QAZW8aF+5iXHL45WlqtydABhRDZePM9S0i9RuDBHy2BkIq+XcIyAcjVVApl0pnKE/rpgurh9kLPs4SyG1QFAnzE82CPIJAqoQIv8rChz930h/9DYoPrVJbpAH9jtn6SSEdwATssselQcXLOK04dkbOrPCJ5WcxRUB2DqPgIH8S8A+srMZThtcqa2c33UPOiGDu7GVnonvBCMzIO4A5WtM7jKCh179TwVl7Terhc2QplWgCcFyWEJc0rIWzQbkqsmmXJ4/TmsH3hBRY+WlYR3pR5GoIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ \ No newline at end of file diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/timestamp.tst b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/timestamp.tst deleted file mode 100644 index 0e0bd78562..0000000000 Binary files a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/META-INF/timestamp.tst and /dev/null differ diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/message.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/message.xml index 53cd3b9783..55aa0a9889 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/message.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/message.xml @@ -1,25 +1,27 @@ + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - test + DEV + COM + 1234 + TestService + storeAttachments + v1 - EE37702211234 - 0d5867860017136646c67e98cb4eb8b1 - issue + 6354aea4-1f3e-4354-ad39-666f76e438c8 + 4.0 - aä + diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchain.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchain.xml index c380cb5c97..edc0d7e15e 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchain.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchain.xml @@ -1,12 +1,12 @@ - + - X3OpS1/FHEt3Sy89llX/JGXMqZoC8goYaTnzIXh6N6VrLGhh4H2PDk1Vpc58pW17O6ugShKyk4I/jDQPgT9p7A== + XET+G37YrRAMl92j7gxR95W/rAcOBRlWTrbeJMt7L7lMr+1EALnsNRpq4fH6sUMJNWSA1B2kpDL0NDVCjIQnnw== - ylyfi1WldaJ+fsUy5+h5Hfep7cM4z0f0Cua3zrCn8+rLrCRPuYym+9pMequYW0ZnQMqNUnZp0RFNqLEWnUWq2w== + YoZ26aBCLuGV0W9J7CH6YtOXhkEsleUwu1GwIrQ+ZJw7GBAnTwRZF2s2n/z8h1iOkzLiFmO8p4f2VVz+F1DqYg== diff --git a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchainresult.xml b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchainresult.xml index 3c276d655b..367db698d2 100644 --- a/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchainresult.xml +++ b/src/asicverifier/src/test/resources/asic-containers/invalid-signed-hashchain/sig-hashchainresult.xml @@ -1,5 +1,5 @@ - + - X8/FpC/o/0d/K5uwc7XtcqYrXkvCItytpaMjl7HC5OzvI/7baEzpTK57RJiBDtvrwOVKyYt/YSsVeBUoFruFcQ== + RMrOJhh5munNHgv/2wN0WOuxn8xeQ6d5CDOkUjifIlQCoK52NKJyGa8Gf6FpHZlU5VKM4VzOYMTFLJKxeEVNxg== diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/manifest.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/manifest.xml index 7dc93a8575..c409502d0f 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/manifest.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/manifest.xml @@ -1,6 +1,7 @@ - - - - - + + + + + + diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/signatures.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/signatures.xml index 0e6e98b28e..7c0800dbd6 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/signatures.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/signatures.xml @@ -1,46 +1,46 @@ - + - + -I3WrcrK/DGakJSQzi2T/U1SJUwOih0Imng4kPd1HPXbjfI7jKlVE68thYRUdKqhtTw/nui6WNKym -nOKvVAedOQ== +q+Yew8cBTKofLdOd7kN3nTwA122c0krgFQ/2ey5mnvBWGAIuDe9MvWzyWOK87rrKs/u/14Vf9RAY +vL2oztYxzw== - + -V9MNtLbG41STyzspzgN5LUMG527hGx/5c+CiE/6atcn5oK7A3w34d8gdBG8RCKm/WMpN0eA7Xwdm -u86zh6p6MA== +wHI+C5EEk2wiDrr3RDCCW5noua22x2ANndyt1cnn+cefgSvhgACBQCg6JiJoBLzoaDLWyXBmuPl2 +gU+dn+tvLg== -fbfJ4hmAJIlCqatpQJX5ENZh6T6jNYmsfpnsi5JYSIwy6fIRzvfEdnoyBt5gW7sGBuQbzpeKh21H -QJndVf7awRIH8m+AMeaHqcoK3VjqXAOcfaPCc5sMSzwkaoaGqGelYB8jpXY/s+d7JCHqRtrzETOC -jen2In1o4c4K2b13mBsnpvALaTyarr3XZP/CRu0oyHj+GvLnHBQhuDUc1BbJvTHbjs6NcU12/zo9 -5YlK488PhvoFgsRDBFExNZQnF87SnrERCHf4jUJr6l2jLOMp5a7ltEQISMBqk1j6zcVziYmccnM3 -lcuhe8trUpgk/JAonhIe5qzwf4xSaffrzfzEAw== +gHc3d4Fcokud8tRRxSohFgXo4PNdniwVC6tPHXjECYUV1cypae52u3ID94Dcgf3Bf+3xE4Rs5tQ4yfohWsh3ICfMweayzeTLLlz7bgKTT7Li22dvhgYe2ISirOpxMoxd72eKscclR5KEAXCSYa8rM/36y0UV7wvevPjpKAigBw8ZsBgfLiRR8QrPv0mH7m8x5eYrzM0ejPDLVb/xEkVauFCRjhifqQFfIzJs29xvW7JVNasBvne8NSAQLIbU3G0mYV9b2rJO3Tl9jWWhVMfVzCl+dXa4TcoYkGybM+/6WmVgT/TYIqc6mi+4cPnBiwKgDXotlFaMIPN8p4KN+BgW5w== -MIIDiDCCAnCgAwIBAgIIW99Q5VUloqswDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D -QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTIwOTI4MTgxNzM5WhcN -MTQwOTI4MTgxNzM5WjATMREwDwYDVQQDDAhjb25zdW1lcjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAILY5AcoHHeoHIYqrrjaadQJwJlwMFN8mT/txE4/oKUWecvikwk1RNJNH0s+D9iU -oCsCYqlU7PXbIXIelkH08ehgsdi5OmNAiG0fxEIouPDDOg5L5c4wxOm1/vVf0H+yBrv1OWUfEnCw -siRmqRN1JU9LH1GkVulPdqCMbicqlbidTTfYcFwf4R7RfOFeHrrNJSBvRev+TUt+JnwbO4vHFxhG -DBXMLwiNZdedhE9NO3zUorWPEiVNapp/u0agMXAv3RmJsIGeVJerGFay7Eb9RbhTcHOePGl1IetV -7J3A9L14OqauMShaFJQUnTXSqS8ldcge/JfgSiWTqE0TjVc0pYMCAwEAAaOBuzCBuDBYBggrBgEF -BQcBAQRMMEowSAYIKwYBBQUHMAGGPGh0dHA6Ly9pa3MyLXVidW50dS5jeWJlci5lZTo4MDgwL2Vq -YmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQU25SlUgQRwFCiraz2euhPUBqpvj0w -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3LYkuA7b9+NJlOTE1ItBGGujSCTAOBgNVHQ8BAf8E -BAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAFFWRyInsq/jKrW20BKzRr2KAAnE2nDVmZLFfcv7ZwrL -OOJYkHxdPEfkcXcwJy4B1KJdvm0+1FlgfoKgDiUjTRbXraXmyUwAL5s5yMr9wFwu9N9JL6IwchMN -T6S5zwA+iioLMQbHAMfwXXSS/Vp7aUxmejK4XbNtehsukalD7S3ILAK7dtamPr0YvRqUBbj4k9zD -60gVU13jmACr/JuSXI4JxyoiFdUNDdtQbiiGOsrOuLmc/WbzXNo7iN/zhwEMJNJThtyGYthhiYeZ -KT+0B5Yy/sARkinWqLpUwddf+plfH+4HP2akrt8uoHSZXKKOmN8IlXgN89LPVBC+oSltnhY= +MIIEQTCCAimgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQD +DAdUZXN0IENBMB4XDTI0MTIwNTA3MDMzMFoXDTQ0MTEzMDA3MDMzMFowSDELMAkGA1UEBhMCRkkx +FDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvc3MyL0NP +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHKk1EqJ0GAr8AXZsGzhRcr6F7UuXIu +sXXzD3UuHFDpnBdZuB7oMK4XIiuzwuJ9bRpQEKh+FnncJjQTCz9V4ZkCirwZcHDBETKdcJfMIsmC +NluHjJyKY4fqYMzupnhPfJDCYUossfuPPSDdwK7w9mg7KQcpJJ8nJc2wb9NLdG1ds5cgupPVVVXy +GB/h3n5+8JpfAwp1Jd4KN3p8dvt1DNiunVoHVofdENvtuuy2Tv1y8Sk2wW29zQ4HjT0oC3Ls/O6G +yZVjqstr44qyXituHdK0mNLmQTSlv1FLj/DDERl17/iL0CYTjakq0s2kU/QeH4NDM20KU5sJxThw +NwwZjy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFGFC+sQB +UOb+A6j8v4nmOyWUYWujMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3 +DQEBCwUAA4ICAQASJrJAu65+prtEOB1qJ/n5FjgSJ698WynMnOoF0oLHWlrdzOK+FbtpsLmpzB9N +CYA5NgRFc0hWqLr6VfeUw8z3+pimJT4aMbND9ZxT3vNl1mzNTNqeUeKFtoSPxJgpQzZZkhylWaJg +Mv6KnmNElX9S7ckZWBFPvvhe7+4uRNh5SHTRaez5pUxN0GRFrfVej05sIZwqn1j7wBu7H2p9UKRa +oRj9zMzG7oRgjYvXlKUn1O6PCzn0McH6mt2BYCaGG9kOZklLg75VRKcLBN4ebNxRkLk3qa1rcXOI +AsomDBEGU/0tbP+tSlaQXu8JKyD70dVjpYol/qUIV5+8OpH+hTb9779WmAZ/dLshXYA6trE5IIWR +QzeHSpLcKZAKX1aSO1/T2a7YfqmgLzEgeCDkAtNlQIsvJAUf8VNaNcnRZMF04zd3NyZYuh6xel80 +IC9IWUiAroEF5kFv+fu0xM0/ID21YjM8NckNCC672/2icKK9hlMPLsliEw6Zb587PTnPjpUXLntP +FiSSDbmXIsF6DtSL3rmoPHmj3e6UEj1Fe364J6Fl3wrykTzN2SlpDoUmOqY1NoHxIO/4YXBX+s5/ +S1gRfsUrC7UWQf3cjtDdr69nCcQDmRlhkJij0SkJjdXrdONptFQVwy+JcT/CiwkNk5yf3VvyHOP9 +HtZtkTx9cL+tPg== -2014-07-01T12:53:10.084ZYS16cctCB+L01PCP/PTgCfhEI+4FtQP8bGNSbQ2RFYjLBSgBtM3ypXyB+BTABFe8GF+sI5v8RbInvXMJLK/JHQ==C=SE,O=EJBCA Sample,CN=AdminCA16620098923164181163application/hash-chain-resultMIAGCSqGSIb3DQEHAqCAMIACAQMxDzANBglghkgBZQMEAgEFADCABgsqhkiG9w0BCRABBKCABGAwXgIBAQYCKgMwMTANBglghkgBZQMEAgEFAAQgD1LXCYvR6G1wh59ZcKUY0Ob1BN9MwiUrVz2torte/rICCBkvJKh2dNMlGA8yMDE0MDcwMTEyNTMyNVoCB2cWXm3vlgQAAAAAoIAwggLCMIIBqqADAgECAghv5E82aR8J1jANBgkqhkiG9w0BAQUFADA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTAeFw0xMjExMjkxMTUzMDZaFw0xNDExMjkxMTUzMDZaMBUxEzARBgNVBAMMCnRpbWVzdGFtcDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJvnk1UO0fOz3Wx+Vfd9q1lZRLr2vGTEMylwajp2gnthoqsIyvcFndmUNN8J0SixahxNxhd2bcI7wFeVm+GS8rIc3+GvRTMPRPyPyYFiird8aNNVMk4gbbJOzJP/fPd2lwzIYxbCyKo531NO0jwNxHZw69DOUuJX2HP+QH2Isl5JAgMBAAGjeDB2MB0GA1UdDgQWBBRt2a28ocJ7T6+Eo/5lxVSOZ/nD8DAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHctiS4Dtv340mU5MTUi0EYa6NIJMA4GA1UdDwEB/wQEAwIGQDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAQEAUncAngjhFN4wFaE3xEs9B0nNx3RVGn0VTJiGciRHrv2ddT5lsjJpA3Hf6E8huFw4wrGUoabQtwOeMcvgS4noZvTbu8XuZLAVtwo8z4vbfHZAu+5VxQSNxs/cpyb3dcJK7dEjvUkg0z5aKeNeR78I64XOExYlwtiPtLl0ZHnfJrQ2dJ/t2W5rkUsFGI4UDmRFZN+3pFwRbSMZnOxwvrBmf6Ef30iKGOqB3FXUbJ0v4GAMx+vJnOGX6HVa1PC/QGLkazzW/xSU1ROcIJ8u719q0fHzn+20VxcTK31JDN7c0ZxpHWLeTJm82KPMbcL6OtScn+UWzkBwiI8bQSbPqhkRiwAAMYIBiDCCAYQCAQEwQzA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRQIIb+RPNmkfCdYwDQYJYIZIAWUDBAIBBQCggZgwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xNDA3MDExMjUzMjVaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFAWhDuvbDNlnnkyFp4hIFF7x8AvqMC8GCSqGSIb3DQEJBDEiBCAXnX7JLqY1paYmbvj0ds4+qZ7VsJDKeRFTjntQvp1DqDANBgkqhkiG9w0BAQEFAASBgAFTEpCx30LW37B77dpa7evb16FS94s5tJIsH6uuZ8wNuUW7LNoevCzUWtYxvDLQmCQnScph1L+ew6KYo+6yFLVj6m3TL+uTskGE3RIbOvaxA6AXDj53Nn7ep3zKGSAExGPGs6bccwR97PHs0rTbgEMmdJ6sfRoNT7OnaEb/wdLuAAAAAAAAMIIBugoBAKCCAbMwggGvBgkrBgEFBQcwAQEEggGgMIIBnDCBhaEYMBYxFDASBgNVBAMMC09jc3AgU2lnbmVyGA8yMDE0MDcwMTEyNTMwOVowWDBWMEEwCQYFKw4DAhoFAAQUQUX4pczwfgHr8dItQKHik5Kx4C4EFHctiS4Dtv340mU5MTUi0EYa6NIJAghb31DlVSWiq4AAGA8yMDE0MDcwMjEyNTMwOVowDQYJKoZIhvcNAQEFBQADggEBAMYV0J4smQ/B7jkuaXSD8SrXWIMbBg6SG03+iMF6soQwQIKJRJ5s40sFp2UrzBvVKHpRZjmcecFnSMI0oZOiJy/ji7IBWISiRPC9F/RqEQ/w52j0V7gzL1DE3iRe3FA2rbZlFH+vTXSJ7+CLWnyImmHQe4043J/tMJ+mHPmozVkUvltCGkItxblkkpklLT1779ulVAZDlbVuyh6FUJdsWxuKSZIhC9mdmvwz3XWI+l+pE2yBfA1r9p5gOYXbWb0tXwQ6oYkelLK5ikeYXYkh9suQcbdrzoxx2XsT6/E1WuJogBfVeDMyKQx6JfQWDuqrzxlkmsJtKSFcChP7dKFZYLE= +2024-12-05T12:37:37.117Z6NdJix+ZRZCMO+8d9QrlnHziCH8DOfPuO3q4DvYhRNQU1KLz+C0bwgx32X74qh+VfAloHSk4DQMbzlYgSYYT9Q==CN=Test CA,O=Test18urn:oid:1.3.6.1.4.1.3516.16.2Profile for High Performance Digital Signatures (version 1.2)BuO0EDNfkxSVlUbxCzmQPzX1AUF1/xx9ytWHk3/6SAOePxQiniEfDYk+90QeYb3lWpV3Izhuz9fKaYyE+lTcXw==https://repo.cyber.ee/dsig-profile-1.2.pdfapplication/hash-chain-resultMIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQMxDzANBglghkgBZQMEAgEFADCBuAYLKoZIhvcNAQkQAQSggagEgaUwgaICAQEGBCoDBAEwTzALBglghkgBZQMEAgMEQMGj4zKt+XBkKSGFwm+QBpMi2pZ/dgbkGlSn8XmmceGiWVMyzO8xsZuKPryHomHtr9xYg1t2WdxjjUWbPovXKyACAQEYDzIwMjQxMjA1MTIzNzUwWjAKAgEBgAIB9IEBZKAmpCQwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0GgggUsMIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDUwNjA5NTA1NFoXDTQ0MDUwMTA5NTA1NFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgRFNOs/GwiiWs27YlIkficK82DOpD2fHlD40nLUWukarpG9cPEOGUPfTLY7Op9hcbtqWKEYXM1PRPo5ratfS9AEJwv6Hi7F4c/rRKg0bPo9bWBIdQJzzS4tKhUx02kB6lsuBI5kVRl4J0XVwK93IT7DH8fLJMqTy9Ts9XRPCmdEpksMWHnBChZ8c6rRupYDddY+sQTVnqDSx8ShEIG/lC2oohAP1BcGE3XWxBpU8dpZsmKe9AGkaFhqHSWcKjEf2ZoqoiUkMWfbXYtykgyeblXtHnf5QFaBNHmOEZTgrmOdaPH+EWisnuBKWyUgxp2e8LIovf9uNzdy/Gqjm1b4YiMVqGewYNcud4Zc64fNlOpSvJx+aUFuDwHbA5z68i++qgKoQ7ggfAFQ1GlnktElUX0lHMUM1yBELD7l9/DXjaKVr9ptiusGSDNq0IDT+N2Pf5acdwedTG6tRQuGZfhlSJL2oGoKwf06jnU88kxihCm6hQZfQvdorUh98xl39ckc1P6QHSXhRDtKOTaCLB1hK5MciXEjeaAoU4h16tsWmnaT9kQhLO5RY1fyTBanudT/bpsVVlj7FcV32ZkNshXJXjvvIgvxCrBBwD2ITx0jhJy2Eo+wHPceD8RrTIyiWPqMzDPKCcrWdslSlKsksxzCpWJ/eVtDgoqwlB7dXo5nVbqwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFF7UoEZQt68oD4VMfBBZ71YwISflMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBjzpaSJjIdSkeRWHQBmv/1DH9WjCmnqFXNKG92XSmIHywSVEyVY88lWid14v5X4zTc3ZFFdtfY7k8KK/7YFnDEpS79UO8vlk2gmvabiNx2bfABH+eHwql6IspDcSFHtWdDon0l6fCFptqeuT1KpYGV8ZGAn/w9j86BacxFMGOqyzMZqcjIZKmOB08W5n8IMYelTEtfD/Agb4J1NPcvJjXRcV8V1faxpR74VRdre0p1CEF/rY2GMdzvUIKGQXhRpyP7sj6Kp+pCqthNU6BNl9bc2M/0JXp+EQwokgLQ6zwBgnBwkB48nnphzyg0Ms2JOo9avDkrICG20XuxAUumpR2rHNO6tOY93rIwxAxiM8Jc50dHHWN3qYmDFxEiPfQrF4qEWA7PIZjs6njoyKVq16j7W4LEUnTBG/atoCpXyezwzTGAMOfT1Bl0B4MFhKJqczJamFSNZajlERLigJn8a3c+kmz1HgBeCfemjKpZKG1z0PixfcZSofCqk1BelXTBzqRsGGHQ45B4F2QiFw/s2slZ4gxq0kfHJFOp2/JXIz0G6aiYQVGa3ryrAsb7mGzL0EdT5AKnROhOhM4CH5mvUE/4RWx92rguyohi3CmmxhCL/4bgcLJ1hcH0MxdHRwTWPBDod8S6ZZ4Zjc38oASkub0iYndi1LPgaAJ6WmhIgS4eFzGCAuwwggLoAgEBMCYwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQQIBAjANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI0MTIwNTEyMzc1MFowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhIbycL7EUf3QIk5EMSJoMJdgSdEwLwYJKoZIhvcNAQkEMSIEIAMAqshMa5p+LZkTWxAlfHlqYQHdq21bEOzRqSdFEfwoMA0GCSqGSIb3DQEBAQUABIICAFzEoYWinrNKREMes1CKgnv5J96fOgrVmSzAho1ZAxJJvrPIQuEolPvTKVz1XTzF4wrzux6fmZC1U49zRdKKg+Brf7K2+Fo6olyn6djuNfv+p5TgZ7LcWze8OJ/Mi8qKAeqUM3zEJK/9yiOKmOcL+TmZ37nlFVAD0/QJbj4m26E1LKTsztpgzk+qpDQATp4TXsclVL3TlOfbgJ5WBT8XUKSSrXa3MCQ54WpXwVNQ4M/L4vHA1qssQruFeFvyQSWJcSZ+AWUjtO0AeDsK44zJXXLGFZ7oHEKBjj2z98K6tPAzdPFgwX0QK4P32lQ9LhDBW6GlbzOIdDeSb0NpPsiAJPstP0obDUfD0+69/q/1pLQpnHyQT0iFwbzIerKoWrGb3wY8AZis4L9yleH3QcBd2lcqZU7TQRP7/XzwtzxIR9i2cK13VmQ70PdVyoFaTR361YBOAv/jf2BxXAWRMmEs7lKZoQ7JaPy6pvblCCCTo9EDvJ6kfWabHvicDJ3F5gfKDarlRK7AuOkKUB45eI5iGwRmqdCRHLntcHAze552YkXVomXy3DNq+ERsWb3mTS7w/op9UY4HXFt3VBjceOMsUQEQtmDlgCOUVUfZBmSq/I62PTJLwhPyLuDzZ/DqJH7pEaPPFsyAX6K7Smvd+pC+GqKEjZwu3Ry5r1SfOx/ljp05MIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDEyMDUxMjMzMjZaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBEoAAGA8yMDI0MTIwNTEyMzMyNlowDQYJKoZIhvcNAQELBQADggIBAEfXRVtoC3Chivmef/8KpAwFbFTzNQWM7lLw1VGrNpb1r9fq2YizKSzg5Ha3/P1CHTjWR4G/rSk3G/znsISKuQmJKIC42vgPm6FnlLQCEulWDK114sbCJ6wziuHPyu6bE0FwR9h6ZMRPIdW8MdRRc/nNyp9pmZHfI+8JfFuQ2QO7N/M8igCgUCh/Ki1U0VMoFlHifEHjB+Y/Q/sPkgVfr7gUKEbXBNBkHukGiHfHyvfLJxtqsSAzDJ9IF14cmtmwJHdM1ZLMolO1XXnFxG46Szm9TMWcwdxVp0M6eRd0vHbwOgogqyjlH3YxF9uJsO5j5yc7fHxb06K3bItKzKEO0E+9b9duR7wXkIel1fiyJSfszJRRIYmyD5taZOCi/e3RlIdNQge8BuCkwYYbiWS/QAZW8aF+5iXHL45WlqtydABhRDZePM9S0i9RuDBHy2BkIq+XcIyAcjVVApl0pnKE/rpgurh9kLPs4SyG1QFAnzE82CPIJAqoQIv8rChz930h/9DYoPrVJbpAH9jtn6SSEdwATssselQcXLOK04dkbOrPCJ5WcxRUB2DqPgIH8S8A+srMZThtcqa2c33UPOiGDu7GVnonvBCMzIO4A5WtM7jKCh179TwVl7Terhc2QplWgCcFyWEJc0rIWzQbkqsmmXJ4/TmsH3hBRY+WlYR3pR5GoIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ \ No newline at end of file diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/timestamp.tst b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/timestamp.tst deleted file mode 100644 index 0e0bd78562..0000000000 Binary files a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/META-INF/timestamp.tst and /dev/null differ diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/message.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/message.xml index 53cd3b9783..55aa0a9889 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/message.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/message.xml @@ -1,25 +1,27 @@ + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - test + DEV + COM + 1234 + TestService + storeAttachments + v1 - EE37702211234 - 0d5867860017136646c67e98cb4eb8b1 - issue + 6354aea4-1f3e-4354-ad39-666f76e438c8 + 4.0 - aä + diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchain.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchain.xml index bda894bb12..31a189d364 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchain.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchain.xml @@ -1,12 +1,12 @@ - + - p3OpS1/FHEt3Sy89llX/JGXMqZoC8goYaTnzIXh6N6VrLGhh4H2PDk1Vpc58pW17O6ugShKyk4I/jDQPgT9p7A== + mET+G37YrRAMl92j7gxR95W/rAcOBRlWTrbeJMt7L7lMr+1EALnsNRpq4fH6sUMJNWSA1B2kpDL0NDVCjIQnnw== - ylyfi1WldaJ+fsUy5+h5Hfep7cM4z0f0Cua3zrCn8+rLrCRPuYym+9pMequYW0ZnQMqNUnZp0RFNqLEWnUWq2w== + YoZ26aBCLuGV0W9J7CH6YtOXhkEsleUwu1GwIrQ+ZJw7GBAnTwRZF2s2n/z8h1iOkzLiFmO8p4f2VVz+F1DqYg== diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchainresult.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchainresult.xml index 3c276d655b..367db698d2 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchainresult.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-hashchain/sig-hashchainresult.xml @@ -1,5 +1,5 @@ - + - X8/FpC/o/0d/K5uwc7XtcqYrXkvCItytpaMjl7HC5OzvI/7baEzpTK57RJiBDtvrwOVKyYt/YSsVeBUoFruFcQ== + RMrOJhh5munNHgv/2wN0WOuxn8xeQ6d5CDOkUjifIlQCoK52NKJyGa8Gf6FpHZlU5VKM4VzOYMTFLJKxeEVNxg== diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/manifest.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/manifest.xml index 8d0dffc0ae..12d813bc27 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/manifest.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/manifest.xml @@ -1,4 +1,5 @@ - - - + + + + diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/signatures.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/signatures.xml index 32a2cf4304..b296edfffb 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/signatures.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/META-INF/signatures.xml @@ -1,46 +1,46 @@ - + - + -y/aBXPHn1Y+2SYNZJiRbNG0cjZOBMcoQgZ84IqUdFolcS5nWX7Q4SDCSl/KOU0p9a6ux1+z0LATr -UKzKkODz5A== +h+nCF0uWI2EuFjZb5dycNBDrUwG/Xz2grwnagMmJ3q4AIomSLWUg6LJbZJpEnh5tJgPUZijguou3 +BDTFnXSaFA== - + -IHOat5CxhC06rGh5at8kYTD6azEaW7O5vP9LTEjf0zDigs6/7wCZojspGv6VhCMr2oIxCaFGItfR -jplXJfA7wg== +8t/k/DPwL4TF8YJmya4gnRW/7uZ+MXv+bQxUwzY+jP7GeAx++mTMVJfhSRFY2c+NYTb8YiL3XQuO +EdsQmfg1jg== -TWRmZxErnWYK8QsDtNO+o6DSxRi9BLQU2Mzyol3Xb7P/rxwMrKv9BttRXtE1j5EmyfGqSrnn0t0m -kdvu2a/uBE5nThvL5AyBMHL3WdY3eGEivQkAdHrooCGZXE/y5vAAnCHP4qVtOEHGwTgOOf1USQrM -jfs5DFA+lVKVMXWvAyFZ4JaUXtfm2DjkBsyRSHCyUBCTT8OCxldcAWMBLXmO6mjkNie5SmdCqRb7 -KEEK2bZNDf4oHhUhMqNPqYLDIGFaSlKd1PyJuGHft5uWLOBqCYrCFMxjkChcVedpC0oz5B3CE/ve -5pfveGE/Z2olPq3fVIT8jADkrpmczXU2NAZoaQ== +ZS+9m7OdP16V6UK4gMIT2UyORAKYaz6jnOgeO++HA8VJp0bJa+rgD/NIzqYru4S4EiMt7RHhC/itVdY29CFzlTgquR8sLoIDep3ziBUh6gLB0LAwwjSJlfqbg+wL4t4ZGET59RalF7H2aGYDjEpHYLdy7+vCVp9r2X70/2EuZPdVX59lQauqI9yBjzmH9BlKbDtc0rlwIbg16QZrO5OrcJChH8SnZ6QUUAopgPrTerFgNKnvt4f467spiH1iCX0UkcS0FPG9qQLfVC3eUrqA66Sj8cplTSVB1FhknCB1NoODD/8pDhgMuX4FlVfu45Fhkmepe0zLhXdhfPFPePWbsg== -MIIDiDCCAnCgAwIBAgIIW99Q5VUloqswDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D -QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTIwOTI4MTgxNzM5WhcN -MTQwOTI4MTgxNzM5WjATMREwDwYDVQQDDAhjb25zdW1lcjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAILY5AcoHHeoHIYqrrjaadQJwJlwMFN8mT/txE4/oKUWecvikwk1RNJNH0s+D9iU -oCsCYqlU7PXbIXIelkH08ehgsdi5OmNAiG0fxEIouPDDOg5L5c4wxOm1/vVf0H+yBrv1OWUfEnCw -siRmqRN1JU9LH1GkVulPdqCMbicqlbidTTfYcFwf4R7RfOFeHrrNJSBvRev+TUt+JnwbO4vHFxhG -DBXMLwiNZdedhE9NO3zUorWPEiVNapp/u0agMXAv3RmJsIGeVJerGFay7Eb9RbhTcHOePGl1IetV -7J3A9L14OqauMShaFJQUnTXSqS8ldcge/JfgSiWTqE0TjVc0pYMCAwEAAaOBuzCBuDBYBggrBgEF -BQcBAQRMMEowSAYIKwYBBQUHMAGGPGh0dHA6Ly9pa3MyLXVidW50dS5jeWJlci5lZTo4MDgwL2Vq -YmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQU25SlUgQRwFCiraz2euhPUBqpvj0w -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3LYkuA7b9+NJlOTE1ItBGGujSCTAOBgNVHQ8BAf8E -BAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAFFWRyInsq/jKrW20BKzRr2KAAnE2nDVmZLFfcv7ZwrL -OOJYkHxdPEfkcXcwJy4B1KJdvm0+1FlgfoKgDiUjTRbXraXmyUwAL5s5yMr9wFwu9N9JL6IwchMN -T6S5zwA+iioLMQbHAMfwXXSS/Vp7aUxmejK4XbNtehsukalD7S3ILAK7dtamPr0YvRqUBbj4k9zD -60gVU13jmACr/JuSXI4JxyoiFdUNDdtQbiiGOsrOuLmc/WbzXNo7iN/zhwEMJNJThtyGYthhiYeZ -KT+0B5Yy/sARkinWqLpUwddf+plfH+4HP2akrt8uoHSZXKKOmN8IlXgN89LPVBC+oSltnhY= +MIIEQTCCAimgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQD +DAdUZXN0IENBMB4XDTI0MTIwNTA3MDMzMFoXDTQ0MTEzMDA3MDMzMFowSDELMAkGA1UEBhMCRkkx +FDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvc3MyL0NP +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHKk1EqJ0GAr8AXZsGzhRcr6F7UuXIu +sXXzD3UuHFDpnBdZuB7oMK4XIiuzwuJ9bRpQEKh+FnncJjQTCz9V4ZkCirwZcHDBETKdcJfMIsmC +NluHjJyKY4fqYMzupnhPfJDCYUossfuPPSDdwK7w9mg7KQcpJJ8nJc2wb9NLdG1ds5cgupPVVVXy +GB/h3n5+8JpfAwp1Jd4KN3p8dvt1DNiunVoHVofdENvtuuy2Tv1y8Sk2wW29zQ4HjT0oC3Ls/O6G +yZVjqstr44qyXituHdK0mNLmQTSlv1FLj/DDERl17/iL0CYTjakq0s2kU/QeH4NDM20KU5sJxThw +NwwZjy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFGFC+sQB +UOb+A6j8v4nmOyWUYWujMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3 +DQEBCwUAA4ICAQASJrJAu65+prtEOB1qJ/n5FjgSJ698WynMnOoF0oLHWlrdzOK+FbtpsLmpzB9N +CYA5NgRFc0hWqLr6VfeUw8z3+pimJT4aMbND9ZxT3vNl1mzNTNqeUeKFtoSPxJgpQzZZkhylWaJg +Mv6KnmNElX9S7ckZWBFPvvhe7+4uRNh5SHTRaez5pUxN0GRFrfVej05sIZwqn1j7wBu7H2p9UKRa +oRj9zMzG7oRgjYvXlKUn1O6PCzn0McH6mt2BYCaGG9kOZklLg75VRKcLBN4ebNxRkLk3qa1rcXOI +AsomDBEGU/0tbP+tSlaQXu8JKyD70dVjpYol/qUIV5+8OpH+hTb9779WmAZ/dLshXYA6trE5IIWR +QzeHSpLcKZAKX1aSO1/T2a7YfqmgLzEgeCDkAtNlQIsvJAUf8VNaNcnRZMF04zd3NyZYuh6xel80 +IC9IWUiAroEF5kFv+fu0xM0/ID21YjM8NckNCC672/2icKK9hlMPLsliEw6Zb587PTnPjpUXLntP +FiSSDbmXIsF6DtSL3rmoPHmj3e6UEj1Fe364J6Fl3wrykTzN2SlpDoUmOqY1NoHxIO/4YXBX+s5/ +S1gRfsUrC7UWQf3cjtDdr69nCcQDmRlhkJij0SkJjdXrdONptFQVwy+JcT/CiwkNk5yf3VvyHOP9 +HtZtkTx9cL+tPg== -2014-07-01T12:07:56.053ZYS16cctCB+L01PCP/PTgCfhEI+4FtQP8bGNSbQ2RFYjLBSgBtM3ypXyB+BTABFe8GF+sI5v8RbInvXMJLK/JHQ==C=SE,O=EJBCA Sample,CN=AdminCA16620098923164181163text/xmlMIAGCSqGSIb3DQEHAqCAMIACAQMxDzANBglghkgBZQMEAgEFADCABgsqhkiG9w0BCRABBKCABGAwXgIBAQYCKgMwMTANBglghkgBZQMEAgEFAAQg0eW0xg+Vn3BvTtHoUC2HyTqEpMutubxtBFMliqzg458CCFZZTCHq5ewhGA8yMDE0MDcwMTEyMTA1MFoCB2vHMdwxbPAAAAAAoIAwggLCMIIBqqADAgECAghv5E82aR8J1jANBgkqhkiG9w0BAQUFADA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTAeFw0xMjExMjkxMTUzMDZaFw0xNDExMjkxMTUzMDZaMBUxEzARBgNVBAMMCnRpbWVzdGFtcDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJvnk1UO0fOz3Wx+Vfd9q1lZRLr2vGTEMylwajp2gnthoqsIyvcFndmUNN8J0SixahxNxhd2bcI7wFeVm+GS8rIc3+GvRTMPRPyPyYFiird8aNNVMk4gbbJOzJP/fPd2lwzIYxbCyKo531NO0jwNxHZw69DOUuJX2HP+QH2Isl5JAgMBAAGjeDB2MB0GA1UdDgQWBBRt2a28ocJ7T6+Eo/5lxVSOZ/nD8DAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHctiS4Dtv340mU5MTUi0EYa6NIJMA4GA1UdDwEB/wQEAwIGQDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAQEAUncAngjhFN4wFaE3xEs9B0nNx3RVGn0VTJiGciRHrv2ddT5lsjJpA3Hf6E8huFw4wrGUoabQtwOeMcvgS4noZvTbu8XuZLAVtwo8z4vbfHZAu+5VxQSNxs/cpyb3dcJK7dEjvUkg0z5aKeNeR78I64XOExYlwtiPtLl0ZHnfJrQ2dJ/t2W5rkUsFGI4UDmRFZN+3pFwRbSMZnOxwvrBmf6Ef30iKGOqB3FXUbJ0v4GAMx+vJnOGX6HVa1PC/QGLkazzW/xSU1ROcIJ8u719q0fHzn+20VxcTK31JDN7c0ZxpHWLeTJm82KPMbcL6OtScn+UWzkBwiI8bQSbPqhkRiwAAMYIBiDCCAYQCAQEwQzA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRQIIb+RPNmkfCdYwDQYJYIZIAWUDBAIBBQCggZgwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xNDA3MDExMjEwNTBaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFAWhDuvbDNlnnkyFp4hIFF7x8AvqMC8GCSqGSIb3DQEJBDEiBCAOa4eOsFOW5/kzo+zu5/tiKFOjE+JyEoJO35S3L0+LzTANBgkqhkiG9w0BAQEFAASBgHm3OSqYgXXlfb8681Wj5IeRlFkTa1A40tDR5KJgyvhtAfd1+LlpnTqhRKWyFCn70T4m84ODTvSq8lP/wq/1iHANl6YUDe+6K3V/2aWVmHwStdCsrSIpFSeMThEGWC7eczTib8emqy0qhy4KDMYIpmLdAa7ELBc7rSCejnVVMFiGAAAAAAAAMIIBugoBAKCCAbMwggGvBgkrBgEFBQcwAQEEggGgMIIBnDCBhaEYMBYxFDASBgNVBAMMC09jc3AgU2lnbmVyGA8yMDE0MDcwMTEyMDc1NVowWDBWMEEwCQYFKw4DAhoFAAQUQUX4pczwfgHr8dItQKHik5Kx4C4EFHctiS4Dtv340mU5MTUi0EYa6NIJAghb31DlVSWiq4AAGA8yMDE0MDcwMjEyMDc1NVowDQYJKoZIhvcNAQEFBQADggEBAC7bOcGajfJHVP1EYMrGb2XTBsBpocbgmVcDeR9m8bQLHFjZ+HV9EiVtatqEgNTuWJ6v3khIH8qu9xr61mLPlgDx7Rd2U/wQZNuZuuEHeprxswwpY1aLyXFkruYNdeJ4hPW/md116Sj6evArIw75qyctZH/uvhQ5BG3xY9l+oNywY8sfa4QJGnvcH96dVAvkGGbG0hd4AJ6mbyY68alsq8T5Dfm5Sk24QDg9JT00ratyReLcaz74ptYxUYmEJrPZIjR5FDz4N6xvtKz2nX7/MA1jc0LDMrfE9RW6W5parB8LQPvGaSfTnBdeNOnulTkni8JNECu0AAzg4rsJAh8nPR4= +2024-12-05T13:16:11.661Z6NdJix+ZRZCMO+8d9QrlnHziCH8DOfPuO3q4DvYhRNQU1KLz+C0bwgx32X74qh+VfAloHSk4DQMbzlYgSYYT9Q==CN=Test CA,O=Test18urn:oid:1.3.6.1.4.1.3516.16.2Profile for High Performance Digital Signatures (version 1.2)BuO0EDNfkxSVlUbxCzmQPzX1AUF1/xx9ytWHk3/6SAOePxQiniEfDYk+90QeYb3lWpV3Izhuz9fKaYyE+lTcXw==https://repo.cyber.ee/dsig-profile-1.2.pdftext/xmlMIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQMxDzANBglghkgBZQMEAgEFADCBuAYLKoZIhvcNAQkQAQSggagEgaUwgaICAQEGBCoDBAEwTzALBglghkgBZQMEAgMEQBt9rZMBtSlYEABRUCvS+C7byEK6gDkwBlw8s7V6dMar4fpCovrLFnR4+zXaQ2+rOUif1du6YAq4ViPLMAZ0bv4CAQEYDzIwMjQxMjA1MTMxNjM1WjAKAgEBgAIB9IEBZKAmpCQwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0GgggUsMIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDUwNjA5NTA1NFoXDTQ0MDUwMTA5NTA1NFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgRFNOs/GwiiWs27YlIkficK82DOpD2fHlD40nLUWukarpG9cPEOGUPfTLY7Op9hcbtqWKEYXM1PRPo5ratfS9AEJwv6Hi7F4c/rRKg0bPo9bWBIdQJzzS4tKhUx02kB6lsuBI5kVRl4J0XVwK93IT7DH8fLJMqTy9Ts9XRPCmdEpksMWHnBChZ8c6rRupYDddY+sQTVnqDSx8ShEIG/lC2oohAP1BcGE3XWxBpU8dpZsmKe9AGkaFhqHSWcKjEf2ZoqoiUkMWfbXYtykgyeblXtHnf5QFaBNHmOEZTgrmOdaPH+EWisnuBKWyUgxp2e8LIovf9uNzdy/Gqjm1b4YiMVqGewYNcud4Zc64fNlOpSvJx+aUFuDwHbA5z68i++qgKoQ7ggfAFQ1GlnktElUX0lHMUM1yBELD7l9/DXjaKVr9ptiusGSDNq0IDT+N2Pf5acdwedTG6tRQuGZfhlSJL2oGoKwf06jnU88kxihCm6hQZfQvdorUh98xl39ckc1P6QHSXhRDtKOTaCLB1hK5MciXEjeaAoU4h16tsWmnaT9kQhLO5RY1fyTBanudT/bpsVVlj7FcV32ZkNshXJXjvvIgvxCrBBwD2ITx0jhJy2Eo+wHPceD8RrTIyiWPqMzDPKCcrWdslSlKsksxzCpWJ/eVtDgoqwlB7dXo5nVbqwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFF7UoEZQt68oD4VMfBBZ71YwISflMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBjzpaSJjIdSkeRWHQBmv/1DH9WjCmnqFXNKG92XSmIHywSVEyVY88lWid14v5X4zTc3ZFFdtfY7k8KK/7YFnDEpS79UO8vlk2gmvabiNx2bfABH+eHwql6IspDcSFHtWdDon0l6fCFptqeuT1KpYGV8ZGAn/w9j86BacxFMGOqyzMZqcjIZKmOB08W5n8IMYelTEtfD/Agb4J1NPcvJjXRcV8V1faxpR74VRdre0p1CEF/rY2GMdzvUIKGQXhRpyP7sj6Kp+pCqthNU6BNl9bc2M/0JXp+EQwokgLQ6zwBgnBwkB48nnphzyg0Ms2JOo9avDkrICG20XuxAUumpR2rHNO6tOY93rIwxAxiM8Jc50dHHWN3qYmDFxEiPfQrF4qEWA7PIZjs6njoyKVq16j7W4LEUnTBG/atoCpXyezwzTGAMOfT1Bl0B4MFhKJqczJamFSNZajlERLigJn8a3c+kmz1HgBeCfemjKpZKG1z0PixfcZSofCqk1BelXTBzqRsGGHQ45B4F2QiFw/s2slZ4gxq0kfHJFOp2/JXIz0G6aiYQVGa3ryrAsb7mGzL0EdT5AKnROhOhM4CH5mvUE/4RWx92rguyohi3CmmxhCL/4bgcLJ1hcH0MxdHRwTWPBDod8S6ZZ4Zjc38oASkub0iYndi1LPgaAJ6WmhIgS4eFzGCAuwwggLoAgEBMCYwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQQIBAjANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI0MTIwNTEzMTYzNVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhIbycL7EUf3QIk5EMSJoMJdgSdEwLwYJKoZIhvcNAQkEMSIEIFF2FwC6mbULb/bTRhH8cE7sul5jnAZXJrmDjt86DfqKMA0GCSqGSIb3DQEBAQUABIICAHbpudx0u3FX7/xXlu0Fg2ckIuXPb24VMmSbRqfZnTMxlsx9qkfM4Y26we/j54Jyz7KiBGxH/EcQqjC9fz6G52CZkgFntk3i31URrZ9EW0nkOhLRCQBt9s3xoZx3YZtBSrEbu2KQ7QgtCharHE3opHQRdCGI7qyUFcD3CwLs4S0+GOJtKU5Kq9Nf9pHtXxOq/Sd3vEbUPAScvJLnMOAPbYLp0s7dQel++SQgRhmTcYn4NIDeYG2/7iw7YcduHr3uaEDRRNsLHYXhAAWaFLhbAqggVHnxt2ReXLp81sSn78qcxFKUT7Q8KaSZV1gwz+GZoiu9CpmENv9+zB6R4lwE7BHrLyMF5j1Lx9F5s2bgtBZ0kJ7eIbxkqHpkS2AnfzqofYdoYKlSIOx5ENgfJWP+5om9kaKYeyjO0nH/32R6Tr0jxFL9ub5FEo8EySoACWIvYY5L77IXK01ZMfITrgWRf+52/cQIhZvnOASajAmrg1RC07M7C7i8ke+xFqQ1rdVXm0acDNJVLwnCqawUW0Zg+I6tboQ7mOL0c5fNIpdtM5ua1MsZwHU6WdbCtUGud5o2nyZLG7LJmcn4tCDnkTX+6b714ZLYCqZf4xUBUkvbHQwi6YQWG+/a4hCRY7n7vYNW2ny/Zvoe98fcfTCRc54qf6uGT3gZpXPdZSm39+0b+CmrMIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDEyMDUxMzEzMjZaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBEoAAGA8yMDI0MTIwNTEzMTMyNlowDQYJKoZIhvcNAQELBQADggIBAKE5UVfbrmqyekWMj0mutc9wb/zxIv39jS0XE7pcCmG8jjXwgXGlxsQBrOI4Za99xCzehUTM/Fu6C+298NbiB8itDl4zeqZRx6zZpOeLNyj1NLjmJGcgquXCrOwmFMUzAjcGWm8PV3a1lnn7fEx/E0iKchM7mZ2SjdMLrYnPFSkdZV+rBKje9ZPTSiSqNukE1iO6XJXwXnWETg3mmcchwDXwBYJPSIiLPBto9DUz9/JvOI/MIX2hIIaGLZTP1eBQDMV3hpyvT//gkaKqCGlKywEbZZl5zJy1Xz7llCA8nBL4G2KbjK0qoKbR8NLLJagtj8UfgzgRkysm1HE3VzbUabJezCyfDwohaSMq8+79fkfh+0BaDX4Ih0c3U2jMPGonNtuTtIC/xaSK+wGBJKx/xNoSQLxi8P8oWi5raXTTkQNmH72xrqUJps9qRYOQjaa1umcyVFXZRYbzmxh3au8XZ38LoaBpRPJ5nTDqeS0RadFm/+/fgZJdrqtAdfaO79CQWmb1XEAl4F5KFByRXuJpuL2bn5HUPfOfZwaOR3lI8e1SAHe1P8FiZYHW8V/0G5GJDo549CqoRYbuboUizSiHIvVNuE/LpVtQhRZgr+9gY+pX6/rQkTi6fQb/y/BdXyzHtyHist/mSnknE9QEdAJMSnIarQd1o+48GmODoxW2ddU9oIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ \ No newline at end of file diff --git a/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/message.xml b/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/message.xml index 7c6b199e66..32744b14f5 100644 --- a/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/message.xml +++ b/src/asicverifier/src/test/resources/asic-containers/valid-signed-message/message.xml @@ -1,25 +1,27 @@ + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - getState + DEV + COM + 1234 + TestService + getRandom + v1 - EE:PIN:abc4567 - 6289448e512292d17d54ef60ed2318e7 - + dd19fe68-7d37-41bd-b79c-8948ccdb36da + 4.0 - aäõ + diff --git a/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/manifest.xml b/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/manifest.xml index 8d0dffc0ae..12d813bc27 100644 --- a/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/manifest.xml +++ b/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/manifest.xml @@ -1,4 +1,5 @@ - - - + + + + diff --git a/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/signatures.xml b/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/signatures.xml index 32a2cf4304..b296edfffb 100644 --- a/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/signatures.xml +++ b/src/asicverifier/src/test/resources/asic-containers/wrong-message/META-INF/signatures.xml @@ -1,46 +1,46 @@ - + - + -y/aBXPHn1Y+2SYNZJiRbNG0cjZOBMcoQgZ84IqUdFolcS5nWX7Q4SDCSl/KOU0p9a6ux1+z0LATr -UKzKkODz5A== +h+nCF0uWI2EuFjZb5dycNBDrUwG/Xz2grwnagMmJ3q4AIomSLWUg6LJbZJpEnh5tJgPUZijguou3 +BDTFnXSaFA== - + -IHOat5CxhC06rGh5at8kYTD6azEaW7O5vP9LTEjf0zDigs6/7wCZojspGv6VhCMr2oIxCaFGItfR -jplXJfA7wg== +8t/k/DPwL4TF8YJmya4gnRW/7uZ+MXv+bQxUwzY+jP7GeAx++mTMVJfhSRFY2c+NYTb8YiL3XQuO +EdsQmfg1jg== -TWRmZxErnWYK8QsDtNO+o6DSxRi9BLQU2Mzyol3Xb7P/rxwMrKv9BttRXtE1j5EmyfGqSrnn0t0m -kdvu2a/uBE5nThvL5AyBMHL3WdY3eGEivQkAdHrooCGZXE/y5vAAnCHP4qVtOEHGwTgOOf1USQrM -jfs5DFA+lVKVMXWvAyFZ4JaUXtfm2DjkBsyRSHCyUBCTT8OCxldcAWMBLXmO6mjkNie5SmdCqRb7 -KEEK2bZNDf4oHhUhMqNPqYLDIGFaSlKd1PyJuGHft5uWLOBqCYrCFMxjkChcVedpC0oz5B3CE/ve -5pfveGE/Z2olPq3fVIT8jADkrpmczXU2NAZoaQ== +ZS+9m7OdP16V6UK4gMIT2UyORAKYaz6jnOgeO++HA8VJp0bJa+rgD/NIzqYru4S4EiMt7RHhC/itVdY29CFzlTgquR8sLoIDep3ziBUh6gLB0LAwwjSJlfqbg+wL4t4ZGET59RalF7H2aGYDjEpHYLdy7+vCVp9r2X70/2EuZPdVX59lQauqI9yBjzmH9BlKbDtc0rlwIbg16QZrO5OrcJChH8SnZ6QUUAopgPrTerFgNKnvt4f467spiH1iCX0UkcS0FPG9qQLfVC3eUrqA66Sj8cplTSVB1FhknCB1NoODD/8pDhgMuX4FlVfu45Fhkmepe0zLhXdhfPFPePWbsg== -MIIDiDCCAnCgAwIBAgIIW99Q5VUloqswDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5D -QTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTIwOTI4MTgxNzM5WhcN -MTQwOTI4MTgxNzM5WjATMREwDwYDVQQDDAhjb25zdW1lcjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAILY5AcoHHeoHIYqrrjaadQJwJlwMFN8mT/txE4/oKUWecvikwk1RNJNH0s+D9iU -oCsCYqlU7PXbIXIelkH08ehgsdi5OmNAiG0fxEIouPDDOg5L5c4wxOm1/vVf0H+yBrv1OWUfEnCw -siRmqRN1JU9LH1GkVulPdqCMbicqlbidTTfYcFwf4R7RfOFeHrrNJSBvRev+TUt+JnwbO4vHFxhG -DBXMLwiNZdedhE9NO3zUorWPEiVNapp/u0agMXAv3RmJsIGeVJerGFay7Eb9RbhTcHOePGl1IetV -7J3A9L14OqauMShaFJQUnTXSqS8ldcge/JfgSiWTqE0TjVc0pYMCAwEAAaOBuzCBuDBYBggrBgEF -BQcBAQRMMEowSAYIKwYBBQUHMAGGPGh0dHA6Ly9pa3MyLXVidW50dS5jeWJlci5lZTo4MDgwL2Vq -YmNhL3B1YmxpY3dlYi9zdGF0dXMvb2NzcDAdBgNVHQ4EFgQU25SlUgQRwFCiraz2euhPUBqpvj0w -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBR3LYkuA7b9+NJlOTE1ItBGGujSCTAOBgNVHQ8BAf8E -BAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAFFWRyInsq/jKrW20BKzRr2KAAnE2nDVmZLFfcv7ZwrL -OOJYkHxdPEfkcXcwJy4B1KJdvm0+1FlgfoKgDiUjTRbXraXmyUwAL5s5yMr9wFwu9N9JL6IwchMN -T6S5zwA+iioLMQbHAMfwXXSS/Vp7aUxmejK4XbNtehsukalD7S3ILAK7dtamPr0YvRqUBbj4k9zD -60gVU13jmACr/JuSXI4JxyoiFdUNDdtQbiiGOsrOuLmc/WbzXNo7iN/zhwEMJNJThtyGYthhiYeZ -KT+0B5Yy/sARkinWqLpUwddf+plfH+4HP2akrt8uoHSZXKKOmN8IlXgN89LPVBC+oSltnhY= +MIIEQTCCAimgAwIBAgIBEjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQD +DAdUZXN0IENBMB4XDTI0MTIwNTA3MDMzMFoXDTQ0MTEzMDA3MDMzMFowSDELMAkGA1UEBhMCRkkx +FDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvc3MyL0NP +TTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJHKk1EqJ0GAr8AXZsGzhRcr6F7UuXIu +sXXzD3UuHFDpnBdZuB7oMK4XIiuzwuJ9bRpQEKh+FnncJjQTCz9V4ZkCirwZcHDBETKdcJfMIsmC +NluHjJyKY4fqYMzupnhPfJDCYUossfuPPSDdwK7w9mg7KQcpJJ8nJc2wb9NLdG1ds5cgupPVVVXy +GB/h3n5+8JpfAwp1Jd4KN3p8dvt1DNiunVoHVofdENvtuuy2Tv1y8Sk2wW29zQ4HjT0oC3Ls/O6G +yZVjqstr44qyXituHdK0mNLmQTSlv1FLj/DDERl17/iL0CYTjakq0s2kU/QeH4NDM20KU5sJxThw +NwwZjy0CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFGFC+sQB +UOb+A6j8v4nmOyWUYWujMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3 +DQEBCwUAA4ICAQASJrJAu65+prtEOB1qJ/n5FjgSJ698WynMnOoF0oLHWlrdzOK+FbtpsLmpzB9N +CYA5NgRFc0hWqLr6VfeUw8z3+pimJT4aMbND9ZxT3vNl1mzNTNqeUeKFtoSPxJgpQzZZkhylWaJg +Mv6KnmNElX9S7ckZWBFPvvhe7+4uRNh5SHTRaez5pUxN0GRFrfVej05sIZwqn1j7wBu7H2p9UKRa +oRj9zMzG7oRgjYvXlKUn1O6PCzn0McH6mt2BYCaGG9kOZklLg75VRKcLBN4ebNxRkLk3qa1rcXOI +AsomDBEGU/0tbP+tSlaQXu8JKyD70dVjpYol/qUIV5+8OpH+hTb9779WmAZ/dLshXYA6trE5IIWR +QzeHSpLcKZAKX1aSO1/T2a7YfqmgLzEgeCDkAtNlQIsvJAUf8VNaNcnRZMF04zd3NyZYuh6xel80 +IC9IWUiAroEF5kFv+fu0xM0/ID21YjM8NckNCC672/2icKK9hlMPLsliEw6Zb587PTnPjpUXLntP +FiSSDbmXIsF6DtSL3rmoPHmj3e6UEj1Fe364J6Fl3wrykTzN2SlpDoUmOqY1NoHxIO/4YXBX+s5/ +S1gRfsUrC7UWQf3cjtDdr69nCcQDmRlhkJij0SkJjdXrdONptFQVwy+JcT/CiwkNk5yf3VvyHOP9 +HtZtkTx9cL+tPg== -2014-07-01T12:07:56.053ZYS16cctCB+L01PCP/PTgCfhEI+4FtQP8bGNSbQ2RFYjLBSgBtM3ypXyB+BTABFe8GF+sI5v8RbInvXMJLK/JHQ==C=SE,O=EJBCA Sample,CN=AdminCA16620098923164181163text/xmlMIAGCSqGSIb3DQEHAqCAMIACAQMxDzANBglghkgBZQMEAgEFADCABgsqhkiG9w0BCRABBKCABGAwXgIBAQYCKgMwMTANBglghkgBZQMEAgEFAAQg0eW0xg+Vn3BvTtHoUC2HyTqEpMutubxtBFMliqzg458CCFZZTCHq5ewhGA8yMDE0MDcwMTEyMTA1MFoCB2vHMdwxbPAAAAAAoIAwggLCMIIBqqADAgECAghv5E82aR8J1jANBgkqhkiG9w0BAQUFADA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTAeFw0xMjExMjkxMTUzMDZaFw0xNDExMjkxMTUzMDZaMBUxEzARBgNVBAMMCnRpbWVzdGFtcDEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJvnk1UO0fOz3Wx+Vfd9q1lZRLr2vGTEMylwajp2gnthoqsIyvcFndmUNN8J0SixahxNxhd2bcI7wFeVm+GS8rIc3+GvRTMPRPyPyYFiird8aNNVMk4gbbJOzJP/fPd2lwzIYxbCyKo531NO0jwNxHZw69DOUuJX2HP+QH2Isl5JAgMBAAGjeDB2MB0GA1UdDgQWBBRt2a28ocJ7T6+Eo/5lxVSOZ/nD8DAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFHctiS4Dtv340mU5MTUi0EYa6NIJMA4GA1UdDwEB/wQEAwIGQDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQUFAAOCAQEAUncAngjhFN4wFaE3xEs9B0nNx3RVGn0VTJiGciRHrv2ddT5lsjJpA3Hf6E8huFw4wrGUoabQtwOeMcvgS4noZvTbu8XuZLAVtwo8z4vbfHZAu+5VxQSNxs/cpyb3dcJK7dEjvUkg0z5aKeNeR78I64XOExYlwtiPtLl0ZHnfJrQ2dJ/t2W5rkUsFGI4UDmRFZN+3pFwRbSMZnOxwvrBmf6Ef30iKGOqB3FXUbJ0v4GAMx+vJnOGX6HVa1PC/QGLkazzW/xSU1ROcIJ8u719q0fHzn+20VxcTK31JDN7c0ZxpHWLeTJm82KPMbcL6OtScn+UWzkBwiI8bQSbPqhkRiwAAMYIBiDCCAYQCAQEwQzA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRQIIb+RPNmkfCdYwDQYJYIZIAWUDBAIBBQCggZgwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xNDA3MDExMjEwNTBaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFAWhDuvbDNlnnkyFp4hIFF7x8AvqMC8GCSqGSIb3DQEJBDEiBCAOa4eOsFOW5/kzo+zu5/tiKFOjE+JyEoJO35S3L0+LzTANBgkqhkiG9w0BAQEFAASBgHm3OSqYgXXlfb8681Wj5IeRlFkTa1A40tDR5KJgyvhtAfd1+LlpnTqhRKWyFCn70T4m84ODTvSq8lP/wq/1iHANl6YUDe+6K3V/2aWVmHwStdCsrSIpFSeMThEGWC7eczTib8emqy0qhy4KDMYIpmLdAa7ELBc7rSCejnVVMFiGAAAAAAAAMIIBugoBAKCCAbMwggGvBgkrBgEFBQcwAQEEggGgMIIBnDCBhaEYMBYxFDASBgNVBAMMC09jc3AgU2lnbmVyGA8yMDE0MDcwMTEyMDc1NVowWDBWMEEwCQYFKw4DAhoFAAQUQUX4pczwfgHr8dItQKHik5Kx4C4EFHctiS4Dtv340mU5MTUi0EYa6NIJAghb31DlVSWiq4AAGA8yMDE0MDcwMjEyMDc1NVowDQYJKoZIhvcNAQEFBQADggEBAC7bOcGajfJHVP1EYMrGb2XTBsBpocbgmVcDeR9m8bQLHFjZ+HV9EiVtatqEgNTuWJ6v3khIH8qu9xr61mLPlgDx7Rd2U/wQZNuZuuEHeprxswwpY1aLyXFkruYNdeJ4hPW/md116Sj6evArIw75qyctZH/uvhQ5BG3xY9l+oNywY8sfa4QJGnvcH96dVAvkGGbG0hd4AJ6mbyY68alsq8T5Dfm5Sk24QDg9JT00ratyReLcaz74ptYxUYmEJrPZIjR5FDz4N6xvtKz2nX7/MA1jc0LDMrfE9RW6W5parB8LQPvGaSfTnBdeNOnulTkni8JNECu0AAzg4rsJAh8nPR4= +2024-12-05T13:16:11.661Z6NdJix+ZRZCMO+8d9QrlnHziCH8DOfPuO3q4DvYhRNQU1KLz+C0bwgx32X74qh+VfAloHSk4DQMbzlYgSYYT9Q==CN=Test CA,O=Test18urn:oid:1.3.6.1.4.1.3516.16.2Profile for High Performance Digital Signatures (version 1.2)BuO0EDNfkxSVlUbxCzmQPzX1AUF1/xx9ytWHk3/6SAOePxQiniEfDYk+90QeYb3lWpV3Izhuz9fKaYyE+lTcXw==https://repo.cyber.ee/dsig-profile-1.2.pdftext/xmlMIIJAgYJKoZIhvcNAQcCoIII8zCCCO8CAQMxDzANBglghkgBZQMEAgEFADCBuAYLKoZIhvcNAQkQAQSggagEgaUwgaICAQEGBCoDBAEwTzALBglghkgBZQMEAgMEQBt9rZMBtSlYEABRUCvS+C7byEK6gDkwBlw8s7V6dMar4fpCovrLFnR4+zXaQ2+rOUif1du6YAq4ViPLMAZ0bv4CAQEYDzIwMjQxMjA1MTMxNjM1WjAKAgEBgAIB9IEBZKAmpCQwIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0GgggUsMIIFKDCCAxCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDUwNjA5NTA1NFoXDTQ0MDUwMTA5NTA1NFowIjENMAsGA1UECgwEVGVzdDERMA8GA1UEAwwIVGVzdCBUU0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDgRFNOs/GwiiWs27YlIkficK82DOpD2fHlD40nLUWukarpG9cPEOGUPfTLY7Op9hcbtqWKEYXM1PRPo5ratfS9AEJwv6Hi7F4c/rRKg0bPo9bWBIdQJzzS4tKhUx02kB6lsuBI5kVRl4J0XVwK93IT7DH8fLJMqTy9Ts9XRPCmdEpksMWHnBChZ8c6rRupYDddY+sQTVnqDSx8ShEIG/lC2oohAP1BcGE3XWxBpU8dpZsmKe9AGkaFhqHSWcKjEf2ZoqoiUkMWfbXYtykgyeblXtHnf5QFaBNHmOEZTgrmOdaPH+EWisnuBKWyUgxp2e8LIovf9uNzdy/Gqjm1b4YiMVqGewYNcud4Zc64fNlOpSvJx+aUFuDwHbA5z68i++qgKoQ7ggfAFQ1GlnktElUX0lHMUM1yBELD7l9/DXjaKVr9ptiusGSDNq0IDT+N2Pf5acdwedTG6tRQuGZfhlSJL2oGoKwf06jnU88kxihCm6hQZfQvdorUh98xl39ckc1P6QHSXhRDtKOTaCLB1hK5MciXEjeaAoU4h16tsWmnaT9kQhLO5RY1fyTBanudT/bpsVVlj7FcV32ZkNshXJXjvvIgvxCrBBwD2ITx0jhJy2Eo+wHPceD8RrTIyiWPqMzDPKCcrWdslSlKsksxzCpWJ/eVtDgoqwlB7dXo5nVbqwIDAQABo2owaDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFF7UoEZQt68oD4VMfBBZ71YwISflMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBjzpaSJjIdSkeRWHQBmv/1DH9WjCmnqFXNKG92XSmIHywSVEyVY88lWid14v5X4zTc3ZFFdtfY7k8KK/7YFnDEpS79UO8vlk2gmvabiNx2bfABH+eHwql6IspDcSFHtWdDon0l6fCFptqeuT1KpYGV8ZGAn/w9j86BacxFMGOqyzMZqcjIZKmOB08W5n8IMYelTEtfD/Agb4J1NPcvJjXRcV8V1faxpR74VRdre0p1CEF/rY2GMdzvUIKGQXhRpyP7sj6Kp+pCqthNU6BNl9bc2M/0JXp+EQwokgLQ6zwBgnBwkB48nnphzyg0Ms2JOo9avDkrICG20XuxAUumpR2rHNO6tOY93rIwxAxiM8Jc50dHHWN3qYmDFxEiPfQrF4qEWA7PIZjs6njoyKVq16j7W4LEUnTBG/atoCpXyezwzTGAMOfT1Bl0B4MFhKJqczJamFSNZajlERLigJn8a3c+kmz1HgBeCfemjKpZKG1z0PixfcZSofCqk1BelXTBzqRsGGHQ45B4F2QiFw/s2slZ4gxq0kfHJFOp2/JXIz0G6aiYQVGa3ryrAsb7mGzL0EdT5AKnROhOhM4CH5mvUE/4RWx92rguyohi3CmmxhCL/4bgcLJ1hcH0MxdHRwTWPBDod8S6ZZ4Zjc38oASkub0iYndi1LPgaAJ6WmhIgS4eFzGCAuwwggLoAgEBMCYwITENMAsGA1UECgwEVGVzdDEQMA4GA1UEAwwHVGVzdCBDQQIBAjANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTI0MTIwNTEzMTYzNVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUhIbycL7EUf3QIk5EMSJoMJdgSdEwLwYJKoZIhvcNAQkEMSIEIFF2FwC6mbULb/bTRhH8cE7sul5jnAZXJrmDjt86DfqKMA0GCSqGSIb3DQEBAQUABIICAHbpudx0u3FX7/xXlu0Fg2ckIuXPb24VMmSbRqfZnTMxlsx9qkfM4Y26we/j54Jyz7KiBGxH/EcQqjC9fz6G52CZkgFntk3i31URrZ9EW0nkOhLRCQBt9s3xoZx3YZtBSrEbu2KQ7QgtCharHE3opHQRdCGI7qyUFcD3CwLs4S0+GOJtKU5Kq9Nf9pHtXxOq/Sd3vEbUPAScvJLnMOAPbYLp0s7dQel++SQgRhmTcYn4NIDeYG2/7iw7YcduHr3uaEDRRNsLHYXhAAWaFLhbAqggVHnxt2ReXLp81sSn78qcxFKUT7Q8KaSZV1gwz+GZoiu9CpmENv9+zB6R4lwE7BHrLyMF5j1Lx9F5s2bgtBZ0kJ7eIbxkqHpkS2AnfzqofYdoYKlSIOx5ENgfJWP+5om9kaKYeyjO0nH/32R6Tr0jxFL9ub5FEo8EySoACWIvYY5L77IXK01ZMfITrgWRf+52/cQIhZvnOASajAmrg1RC07M7C7i8ke+xFqQ1rdVXm0acDNJVLwnCqawUW0Zg+I6tboQ7mOL0c5fNIpdtM5ua1MsZwHU6WdbCtUGud5o2nyZLG7LJmcn4tCDnkTX+6b714ZLYCqZf4xUBUkvbHQwi6YQWG+/a4hCRY7n7vYNW2ny/Zvoe98fcfTCRc54qf6uGT3gZpXPdZSm39+0b+CmrMIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDEyMDUxMzEzMjZaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBEoAAGA8yMDI0MTIwNTEzMTMyNlowDQYJKoZIhvcNAQELBQADggIBAKE5UVfbrmqyekWMj0mutc9wb/zxIv39jS0XE7pcCmG8jjXwgXGlxsQBrOI4Za99xCzehUTM/Fu6C+298NbiB8itDl4zeqZRx6zZpOeLNyj1NLjmJGcgquXCrOwmFMUzAjcGWm8PV3a1lnn7fEx/E0iKchM7mZ2SjdMLrYnPFSkdZV+rBKje9ZPTSiSqNukE1iO6XJXwXnWETg3mmcchwDXwBYJPSIiLPBto9DUz9/JvOI/MIX2hIIaGLZTP1eBQDMV3hpyvT//gkaKqCGlKywEbZZl5zJy1Xz7llCA8nBL4G2KbjK0qoKbR8NLLJagtj8UfgzgRkysm1HE3VzbUabJezCyfDwohaSMq8+79fkfh+0BaDX4Ih0c3U2jMPGonNtuTtIC/xaSK+wGBJKx/xNoSQLxi8P8oWi5raXTTkQNmH72xrqUJps9qRYOQjaa1umcyVFXZRYbzmxh3au8XZ38LoaBpRPJ5nTDqeS0RadFm/+/fgZJdrqtAdfaO79CQWmb1XEAl4F5KFByRXuJpuL2bn5HUPfOfZwaOR3lI8e1SAHe1P8FiZYHW8V/0G5GJDo549CqoRYbuboUizSiHIvVNuE/LpVtQhRZgr+9gY+pX6/rQkTi6fQb/y/BdXyzHtyHist/mSnknE9QEdAJMSnIarQd1o+48GmODoxW2ddU9oIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ \ No newline at end of file diff --git a/src/asicverifier/src/test/resources/asic-containers/wrong-message/message.xml b/src/asicverifier/src/test/resources/asic-containers/wrong-message/message.xml index a2eacb3d2d..ea836ef8b4 100644 --- a/src/asicverifier/src/test/resources/asic-containers/wrong-message/message.xml +++ b/src/asicverifier/src/test/resources/asic-containers/wrong-message/message.xml @@ -1,25 +1,27 @@ + xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" + xmlns:id="http://x-road.eu/xsd/identifiers" + xmlns:xroad="http://x-road.eu/xsd/xroad.xsd"> - - EE - BUSINESS - consumer + + DEV + COM + 4321 + TestClient - EE - BUSINESS - producer - getState + DEV + COM + 1234 + TestService + getRandom + v1 - EE:PIN:abc4567 - 6289448e512292d17d54ef60ed2318e7 - + wrong id + 4.0 - aaaaaaa + diff --git a/src/asicverifier/src/test/resources/invalid-digest.asice b/src/asicverifier/src/test/resources/invalid-digest.asice index 7bba7ff3c2..1dcc750350 100644 Binary files a/src/asicverifier/src/test/resources/invalid-digest.asice and b/src/asicverifier/src/test/resources/invalid-digest.asice differ diff --git a/src/asicverifier/src/test/resources/invalid-hashchain-modified-message.asice b/src/asicverifier/src/test/resources/invalid-hashchain-modified-message.asice index c77664884c..e0a99c1090 100644 Binary files a/src/asicverifier/src/test/resources/invalid-hashchain-modified-message.asice and b/src/asicverifier/src/test/resources/invalid-hashchain-modified-message.asice differ diff --git a/src/asicverifier/src/test/resources/invalid-not-signed-hashchain.asice b/src/asicverifier/src/test/resources/invalid-not-signed-hashchain.asice index b7c4fc1b55..c4afb13344 100644 Binary files a/src/asicverifier/src/test/resources/invalid-not-signed-hashchain.asice and b/src/asicverifier/src/test/resources/invalid-not-signed-hashchain.asice differ diff --git a/src/asicverifier/src/test/resources/invalid-signed-hashchain.asice b/src/asicverifier/src/test/resources/invalid-signed-hashchain.asice index 36795c6b78..31004504b5 100644 Binary files a/src/asicverifier/src/test/resources/invalid-signed-hashchain.asice and b/src/asicverifier/src/test/resources/invalid-signed-hashchain.asice differ diff --git a/src/asicverifier/src/test/resources/logback.xml b/src/asicverifier/src/test/resources/logback.xml new file mode 100644 index 0000000000..262b7396c0 --- /dev/null +++ b/src/asicverifier/src/test/resources/logback.xml @@ -0,0 +1,16 @@ + + + + + + %d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC} [%thread] %-5level %logger{36} - %msg%n + UTF-8 + + + + + + + + + diff --git a/src/asicverifier/src/test/resources/valid-batch-ts.asice b/src/asicverifier/src/test/resources/valid-batch-ts.asice index 6f94ecf078..88452784df 100644 Binary files a/src/asicverifier/src/test/resources/valid-batch-ts.asice and b/src/asicverifier/src/test/resources/valid-batch-ts.asice differ diff --git a/src/asicverifier/src/test/resources/valid-non-batch-rest.asice b/src/asicverifier/src/test/resources/valid-non-batch-rest.asice new file mode 100644 index 0000000000..78eef84488 Binary files /dev/null and b/src/asicverifier/src/test/resources/valid-non-batch-rest.asice differ diff --git a/src/asicverifier/src/test/resources/valid-non-batch-soap-attachments.asice b/src/asicverifier/src/test/resources/valid-non-batch-soap-attachments.asice new file mode 100644 index 0000000000..542851d13a Binary files /dev/null and b/src/asicverifier/src/test/resources/valid-non-batch-soap-attachments.asice differ diff --git a/src/asicverifier/src/test/resources/valid-signed-hashchain.asice b/src/asicverifier/src/test/resources/valid-signed-hashchain.asice index d1521afd8f..3289155fc1 100644 Binary files a/src/asicverifier/src/test/resources/valid-signed-hashchain.asice and b/src/asicverifier/src/test/resources/valid-signed-hashchain.asice differ diff --git a/src/asicverifier/src/test/resources/valid-signed-message.asice b/src/asicverifier/src/test/resources/valid-signed-message.asice index 56f15307c8..43106e9ccc 100644 Binary files a/src/asicverifier/src/test/resources/valid-signed-message.asice and b/src/asicverifier/src/test/resources/valid-signed-message.asice differ diff --git a/src/asicverifier/src/test/resources/wrong-message.asice b/src/asicverifier/src/test/resources/wrong-message.asice index 76abbdb345..86aab534b1 100644 Binary files a/src/asicverifier/src/test/resources/wrong-message.asice and b/src/asicverifier/src/test/resources/wrong-message.asice differ diff --git a/src/common/common-core/src/main/java/ee/ria/xroad/common/util/CachingStream.java b/src/common/common-core/src/main/java/ee/ria/xroad/common/util/CachingStream.java index 913e1b0186..77dc3da2cb 100644 --- a/src/common/common-core/src/main/java/ee/ria/xroad/common/util/CachingStream.java +++ b/src/common/common-core/src/main/java/ee/ria/xroad/common/util/CachingStream.java @@ -101,4 +101,13 @@ public void consume() { } } + public long size() { + try { + return channel.size(); + } catch (IOException ex) { + throw ErrorCodes.translateException(ex); + } + } + + } diff --git a/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/DEV/shared-params.xml b/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/DEV/shared-params.xml new file mode 100755 index 0000000000..107c21a4c4 --- /dev/null +++ b/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/DEV/shared-params.xml @@ -0,0 +1,87 @@ + + + DEV + +

cs
+ MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJpbnRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVnkhIxrLOx36RI36qpGbNbSm7JhHViW/cudYEGLsVSa0gi4dLsFFwrQqGkeE6Lr96k/JevY68sVOBzcE015NzFAOynMDqcJDEdYdCX5HkU0JGU6lS4ThOhrEUzyUTJVPRG90hkbM10R0RHFXo8+7TP2ZlTsmFsgCcGObU4Y9JAdusicTb7qLnEfSlLA4Ut/2K0yOlddA7khIABCWEk1xCQQm/7E99SxNYhhSWtqdFmrG9Gqs+CflVhZy/Ki9kvXa198noY6EwMbYyOYmGqn5xN4KvpMK1MduMD9BG8w3K3mm6w2NRThsILzvvaOZ26X+BlgBm07jo7BhAi2O/DhqhAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQA4xu/g7uQuzqDTy7HV1RZ0gzuO9ZhFXLyJWP+zlChcESd4ihkIqJyHcpuXCME77xSm5DQfNUHTKvmaw9wc1mckZ8II46PHDjhkC2XhjR2z9UtfmKihb1dBdAXdv6vBwlBxG33OY4jSesZKGHDUg5kRy6x1kqU+JTM9LPe/wBcq9KUCzvC7loRwCD4VTNWMfJaKPLPgDXqn/bAtEB38jpbf47ICQGuBxGF5JAgpzXvTRxrDJZ0SI2tEzRwE6dSp1z+ThVjoA6YDOB7sOrXIv84aj1q9iubJtwbja9bPNRsA5MN5R7FeNFiEK577jh1Ih+eg7X3X3Qrmoa8jD++7esy/ + MIIC2DCCAcCgAwIBAgIBATANBgkqhkiG9w0BAQ0FADAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwHhcNNzAwMTAxMDAwMDAwWhcNMzgwMTAxMDAwMDAwWjAdMRswGQYDVQQDDBJleHRlcm5hbFNpZ25pbmdLZXkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwGj9bGDS9Xwgl2SRZ7kri0GYq3QA5BBV12za1YU3NFPqfjgyKenbFLdMlOXNFzQXbTNMvKk5eRGxPDwsWgLq5s6FHuaUcmyBuaBZTk/ITc9Rq7gaC7iQ809mxpcNJFonrSPw2sscraVY0AYIgDhmt8WvBeumP2J8oymfpK0McoAXwzCeF88Zo9kBXPNodWvzVGLx/qKvQK820Z9cRNkuxTvVJpWxanf3Fq4yDMtXiam9KFj3Y+K4e1IItr3irF0MG9EUQmzKTrJC6pmDP2HlXMPmWUI1IaRheOP6ZwUpJlCdJ04gfb7Y778i2hJuvsb9tKCCuGcL7l0jTWqKHxyfVAgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICRDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBDQUAA4IBAQAvDMuW9HX7hsywBGIGt9xT2BMlTV84bdd5i2NtdQY7hFlxQK5R9z6A7ahPzvFZJOjAu3qHJ+3R7r6GQbBvGtWPtR+U5nUuT/7tl6ccR9lYtv8gQBZsev3tL2zVXb9X3cA5bnUSwppUsaBjh92vI8ak9fyFZ1y7rYqbAGIVd8QUrVOZnVCvYTdlQP0JDv6EldOFni2qWo9fKTRw1894csmaSk2iBuZp1RU3n2BQSwfhOndUgT6WuJbVNDJNPD8PjDnhSoeOhLrgHHhU+6CMmF7MYr7SLz4GennWay82WCfNUFw0ols1FONilZyRjNq1qM+gt5SEL4+qsL+vER7CZ51J + + + Test CA + false + + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQXh1Z0F3SUJBZ0lVU0gvVUw3REFSbnRsOHVDNjRFUkNvZDhRRFJvd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0lURU5NQXNHQTFVRUNnd0VWR1Z6ZERFUU1BNEdBMVVFQXd3SFZHVnpkQ0JEUVRBZUZ3MHlOREExTURZdwpPVFV3TlROYUZ3MDBOREExTURFd09UVXdOVE5hTUNFeERUQUxCZ05WQkFvTUJGUmxjM1F4RURBT0JnTlZCQU1NCkIxUmxjM1FnUTBFd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUUNnSmZLaC9oOGIKS0huMDkvQnpaQmVyUkhZZzhzL3I4WkJXbXlEbXMxQUZ6dnJ0NUpXYkhRWmlsNTZtK2lrTXc1ZEtONThld0c2Ngo5NlVCNlQxenZWQ0VzY0ltclZlVHVZUnRndjdEK2poeUVzTGxXSlJKZjlZaWxqOTh4YmtoMlRVdFNSellxU0JLCkhCUzRsSTlXN2ZHMU1lRG0yMVpzUm53bVZsbHgrVDFydmJINXpNM1FkU0xYV2tsczB2RXRoR3VOYnh5ZUt5Z0UKSVdWWldENXh2MkMzeHUwa05KQ0RxUklDbzJwQUgvV21lZzRDaEhNKzBJY3k0bm0yaVZnUDVWSkNrZmdxb1F0VwpLaisyK0dvWmlDdE1PZWRodmZ3OFVrRUk4cDRmc0tOT2hqZEQ4SE9GSlJ5OUxpMDhoOTZwcitpM0ZUR1JmTHBCCnVuQnFsQmV5NUNudmhGR0xseWhkSVNOM3k4ckhFbmNRLzdiSWFIclRXWDRxVUpXU3R4RVFYN3BPSElWc3hoZEIKL2lIYUhRaE1xL3dnS283Nnd1aU5iVi9BdmIyTVFzV1diZWs3UDk0bzhSdFZiSVZpTUEyYzd6VXpMdUhBOUFrdwpFa0JPcm5PV21hNk56WkFMVFRDWG9jV3ZqM2ttVzRKckJNL1BUZm5oT0krKytsbXZIZ3RmcGY2K21uQnN4UU5hCmd6dDgzYzVadmgzaytCSHpOQVNicjVSUS9jdzRCakN5RjNDZTR1MVA5YzNkeGhsSkQydjNDdjFYQTN3Mk5ObmoKVXZBVVk2K1pPY2JSRW5EOFUzM2dQejFVd0dmNjNmb1NCU05zdTVXZWlqV29ZMWpDWmxkeVpJdkJiNUF6ZlV1WQpFU01teU9nNCtYQ3FHNmZKcHhtb2JaSUpVVGkxYmJ6c3N3SURBUUFCbzJNd1lUQWRCZ05WSFE0RUZnUVVHeVVoCkRCMlJaVXZKb0RRdllLTGh2cVpnWWdVd0h3WURWUjBqQkJnd0ZvQVVHeVVoREIyUlpVdkpvRFF2WUtMaHZxWmcKWWdVd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBT0JnTlZIUThCQWY4RUJBTUNBWVl3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFHSE55L0NEQktFQnhKSm9BTHV3QnFqVVRnS1pBcTlaMUhGUmFFcFZhNzZEQ1VUc2xtNUZqWS9SClJrek9QNFlaUGZrTytVRDdpL1VDMStkMHVSVXBFQXFsbjlWVkJoWGx3TklsemVxSVlncHBxUnFJZzgyZ1ladEcKcGJDRnlzN0IzdzVkNS8vM1dCNWlWVllNbjFNcEhtY2k2MGQwOXFsSDJxNHFQRElQZFBvdDhIWnI4dmp4QzMraQpNcjNOdW5wQ2dta3gxUGkyY3dFVTBnTEhxdHVtMG9XQWc0VHhlTmRXUEpjaVJTZDUxUjl6NEU1RG4vYitOMVdqCmlPc3BiZ256emJNWWd2Q2o5aGREZXY3L1FEczN0WFcxOTJIbVRacDZMdWMxSGpIand4dDNvU2JVWDBtRkk0ZE4KemZITmlRcE5HcGJDVU1jQkk3NWh6eUZ2SnhsZ01UNFhjL0dBaUJWdlEwWmgrb1VmOGRNRmFuNDlHYVNDWVVGUwpQNDR2NlFteWgvdWpQU3pEZWlEWXIvUmZtQWRpOTFwOThBb00xY3lTMTVpdEUxZURsSkcrNmRoemxOTnVYYVhUClloL1BQVWp3Wloyc24vdFlIN2lwVEJuRUxPVm1XeEMxaUpkb01pY3Zmbm4wbE5URU45NEI2SjdYQ09GSk1taWoKT2xKZ0xiY1BKT1ZSNkY5SEk2ZHByRGtsMHpyOHFYRUlrUHkxbTJiQ0ZlZjBYRnQ4dmREeGZlN2k3Uis5NTJzawp3all4YjRXMk1LZFpENUwyZjFpQTFZK2VFSHZSUGVvUWFtc0pXOFhuNm41OXJlVExnL0dZMVIzYnNJYTY3ZXd4CnhDZSt0QVUrbDd4dXhOeXRYanltMEpoMDBrU2dPN1dTUE92ZklLRXBBbTVTVXk4bjUvZjAKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + + http://testca:8888 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZORENDQXh5Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTBNRFV3TmpBNU5UQTFNMW9YRFRRME1EVXdNVEE1TlRBMQpNMW93SXpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVTTUJBR0ExVUVBd3dKVkdWemRDQlBRMU5RTUlJQ0lqQU5CZ2txCmhraUc5dzBCQVFFRkFBT0NBZzhBTUlJQ0NnS0NBZ0VBcHpIaC9EbmtQZ2podjVwTU9PdlBOQWRYek5ObkFkZEkKd0tUUVFMYTFMWTdDMjRsWDhYaEYyZzF1cjM1RDRGd3FQY3dmNUpJclc4L2M2VXhEb3RtcFRRWjdxVUZ6Vjh4ZQpNdldOM0NDeVp6aFdZOUw4YkdybUc1T01sNEM4TUgwZHF5TmNHNkxrQzZQTndDajZ0WHhUZVIzb1NxOEJhNmxTClRWN09CZkpCOEZhUE5ldENyNkwrRkhnWHBpeE1qWEszU1VINWsrZWFGSnVyb2grcHRhYSs4azh0VEN1R2Qwa0cKZHhUM05pZncrbHlFYjZWYm43MExUM3pXK2kxRFVQelNBL3FhdXpCTlJ5TDY4MnE0RGROUi9pTW93VytmK29HQwpvOHl3bTB2SlFRTjg3UjM4a2k5K0tNU2xHREFZTVJ4Yzh6RDZhUUc2Z0JyeVNkTE1vRFgvUTR4djBrQWRXSGlWCjZJNWtwNC9GOGRuYUUyVlhIWGlLd0hSVXVJWjUwMjd4enpLR0pFK1VIQksxa3krNGI0eFZTSFQvZmY4cnJ6NUUKZEJ4NzFpRThDR2R4OWhqQ3hCYnlENmp0TXRuWmpPT0dmUWVYMzdpZll6S0k0L0Nmc1NEa3k1T2p2cFRqZG1wcApQOE16Mk5hRDN2TEF6Nk5QZ0ZLdnBNQlFUUGNXYm9TeFhRbnVKNkMyZU0wZFBiNVF4MjNzQWVXU2RhZmNieEVVCmNBaDNiZzJCc3ZrbXhKRWZLS1BPbkFCMzRhc3g5WHRCb21KcldsRkxQOCswdjBTTVdrTklkSWg1YlpwU3NVV0IKMktzZEJrd3gzU1F1Slg3dDNyUUNaelAxYnk3NWFTSkhBKyt0MjJsNW5TbldMekhiVklBaFRZY0hJd2NhUnp0TApZYTZPcmR1Qk1KVUNBd0VBQWFOMU1ITXdDUVlEVlIwVEJBSXdBREFkQmdOVkhRNEVGZ1FVWHFScGZ1QjhURVJiCmR5ZXlEL3J2WlBCT250Z3dId1lEVlIwakJCZ3dGb0FVR3lVaERCMlJaVXZKb0RRdllLTGh2cVpnWWdVd0RnWUQKVlIwUEFRSC9CQVFEQWdlQU1CWUdBMVVkSlFFQi93UU1NQW9HQ0NzR0FRVUZCd01KTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQ0FRQnZXcjE0MldoNUZzWmx1SzZqWktJbUlLbVNoL1N5RkI1WVNmK21DVDVUdzVTaS8rYzNSeVNmCkllaVk3N2YvWi9mTndFdmFPWHpUbnZhMjVhYnkyOTd2N1V4aGVmWWNMWjgrYnZBS2QxMXk5QndqNGlIM2dqOUEKaHNnQ2U3SVhDQVd4aVJhSEgwMEZVdVBBRzIwcnBLTmxZY29kbUU1Yk1uZ2M3bGxUSi82Tm90aXJ3QS82akZHegpEeUFXMjNyVUcvbTdMV2huNWk0cW1sUU80NmxEQVNBd0dvQUthTmw2dHJrSTJySkVGdVhuTzN5V2FzTUNzekFiCmtlOTFDZGJvZllITlJ4SWFtL0pnTHVIbjVZeGhlNTRET2xqZXU4SWxHS2NIR1c3SWlNUXlLWHdYNmErRGFPM3cKZThkckF6eFBjaDJJZWFEeU1VR0NVMkxqb3p5dmwrQXNUQmZ4Z1JMbWZRUUxxSmVDeXlCb0JncnI3aTdQWGkxeApTajdyeW1YYU41SGV6TW9ablMyS0pseG84TFRMcDQwckxWZjZYMmNBaC90TS84T0RJWjZKc1NCY0dHb0gyV3pNCndBR0grLzN0Zk9ISW5QRkUvbG9nQUp5YXIwaFpDa0kzWGxuWnZ1djV0VWhNeHVqTzNtVjU4d0MrM1ovYytpcUoKNnBRNmt5MG5aTjdIdUhOVHArYURIYWE1a0ZjZmRjWk5HbWpoeDEvcm8wejFuaW5oV3BodEttR3hKTnNsSjJ6YgpnRS9FdUh0NURVQ29Uc0g0Lzc3aFdzZkRQR2Rmc3NRQjBQYm9xQkNmT21VSEl0cU14OUZaekdHSU1kcjFub1RsClE5Z0I2TU9jVitEQ1JlNTRhckFuVlFjWkorL2FONEYxMU81WnRYL0p0TUJza2IyQmJyVHhtUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + + + ee.ria.xroad.common.certificateprofile.impl.FiVRKCertificateProfileInfoProvider + + + Test TSA + http://testca:8899 + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZLRENDQXhDZ0F3SUJBZ0lCQWpBTkJna3Foa2lHOXcwQkFRc0ZBREFoTVEwd0N3WURWUVFLREFSVVpYTjAKTVJBd0RnWURWUVFEREFkVVpYTjBJRU5CTUI0WERUSTBNRFV3TmpBNU5UQTFORm9YRFRRME1EVXdNVEE1TlRBMQpORm93SWpFTk1Bc0dBMVVFQ2d3RVZHVnpkREVSTUE4R0ExVUVBd3dJVkdWemRDQlVVMEV3Z2dJaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURnUkZOT3MvR3dpaVdzMjdZbElrZmljSzgyRE9wRDJmSGwKRDQwbkxVV3VrYXJwRzljUEVPR1VQZlRMWTdPcDloY2J0cVdLRVlYTTFQUlBvNXJhdGZTOUFFSnd2NkhpN0Y0YwovclJLZzBiUG85YldCSWRRSnp6UzR0S2hVeDAya0I2bHN1Qkk1a1ZSbDRKMFhWd0s5M0lUN0RIOGZMSk1xVHk5ClRzOVhSUENtZEVwa3NNV0huQkNoWjhjNnJSdXBZRGRkWStzUVRWbnFEU3g4U2hFSUcvbEMyb29oQVAxQmNHRTMKWFd4QnBVOGRwWnNtS2U5QUdrYUZocUhTV2NLakVmMlpvcW9pVWtNV2ZiWFl0eWtneWVibFh0SG5mNVFGYUJOSAptT0VaVGdybU9kYVBIK0VXaXNudUJLV3lVZ3hwMmU4TElvdmY5dU56ZHkvR3FqbTFiNFlpTVZxR2V3WU5jdWQ0ClpjNjRmTmxPcFN2SngrYVVGdUR3SGJBNXo2OGkrK3FnS29RN2dnZkFGUTFHbG5rdEVsVVgwbEhNVU0xeUJFTEQKN2w5L0RYamFLVnI5cHRpdXNHU0ROcTBJRFQrTjJQZjVhY2R3ZWRURzZ0UlF1R1pmaGxTSkwyb0dvS3dmMDZqbgpVODhreGloQ202aFFaZlF2ZG9yVWg5OHhsMzlja2MxUDZRSFNYaFJEdEtPVGFDTEIxaEs1TWNpWEVqZWFBb1U0CmgxNnRzV21uYVQ5a1FoTE81UlkxZnlUQmFudWRUL2Jwc1ZWbGo3RmNWMzJaa05zaFhKWGp2dklndnhDckJCd0QKMklUeDBqaEp5MkVvK3dIUGNlRDhSclRJeWlXUHFNekRQS0Njcldkc2xTbEtza3N4ekNwV0ovZVZ0RGdvcXdsQgo3ZFhvNW5WYnF3SURBUUFCbzJvd2FEQVdCZ05WSFNVQkFmOEVEREFLQmdnckJnRUZCUWNEQ0RBT0JnTlZIUThCCkFmOEVCQU1DQmtBd0hRWURWUjBPQkJZRUZGN1VvRVpRdDY4b0Q0Vk1mQkJaNzFZd0lTZmxNQjhHQTFVZEl3UVkKTUJhQUZCc2xJUXdka1dWTHlhQTBMMkNpNGI2bVlHSUZNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUJqenBhUwpKaklkU2tlUldIUUJtdi8xREg5V2pDbW5xRlhOS0c5MlhTbUlIeXdTVkV5Vlk4OGxXaWQxNHY1WDR6VGMzWkZGCmR0Zlk3azhLSy83WUZuREVwUzc5VU84dmxrMmdtdmFiaU54MmJmQUJIK2VId3FsNklzcERjU0ZIdFdkRG9uMGwKNmZDRnB0cWV1VDFLcFlHVjhaR0FuL3c5ajg2QmFjeEZNR09xeXpNWnFjaklaS21PQjA4VzVuOElNWWVsVEV0ZgpEL0FnYjRKMU5QY3ZKalhSY1Y4VjFmYXhwUjc0VlJkcmUwcDFDRUYvclkyR01kenZVSUtHUVhoUnB5UDdzajZLCnArcENxdGhOVTZCTmw5YmMyTS8wSlhwK0VRd29rZ0xRNnp3QmduQndrQjQ4bm5waHp5ZzBNczJKT285YXZEa3IKSUNHMjBYdXhBVXVtcFIyckhOTzZ0T1k5M3JJd3hBeGlNOEpjNTBkSEhXTjNxWW1ERnhFaVBmUXJGNHFFV0E3UApJWmpzNm5qb3lLVnExNmo3VzRMRVVuVEJHL2F0b0NwWHllend6VEdBTU9mVDFCbDBCNE1GaEtKcWN6SmFtRlNOClphamxFUkxpZ0puOGEzYytrbXoxSGdCZUNmZW1qS3BaS0cxejBQaXhmY1pTb2ZDcWsxQmVsWFRCenFSc0dHSFEKNDVCNEYyUWlGdy9zMnNsWjRneHEwa2ZISkZPcDIvSlhJejBHNmFpWVFWR2EzcnlyQXNiN21HekwwRWRUNUFLbgpST2hPaE00Q0g1bXZVRS80Uld4OTJyZ3V5b2hpM0NtbXhoQ0wvNGJnY0xKMWhjSDBNeGRIUndUV1BCRG9kOFM2ClpaNFpqYzM4b0FTa3ViMGlZbmRpMUxQZ2FBSjZXbWhJZ1M0ZUZ3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + + + + COM + Commercial + + 1234 + Test member + + MANAGEMENT + + + TestService + + + + + COM + Commercial + + 4321 + Test client + + TestClient + + + + id0 + SS0 +
ss0
+ doUtNhEOGtC25LLCQJ9iOE3ZRMXj9EhDAZTcusuEUIs= + id1 + id2 + + + id3 + SS1 +
ss1
+ pE1fROGYVuLoU9x0avWSU3qRZsGuCsG8neuchZ+VR50= + id4 + + + security-server-owners + Security server owners + + DEV + COM + 1234 + + + DEV + COM + 4321 + + + + + COM + Commercial + + 3600 + + diff --git a/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/DEV/shared-params.xml.metadata b/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/DEV/shared-params.xml.metadata new file mode 100755 index 0000000000..4b0d172279 --- /dev/null +++ b/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/DEV/shared-params.xml.metadata @@ -0,0 +1 @@ +{"configurationVersion":"3"} \ No newline at end of file diff --git a/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/instance-identifier b/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/instance-identifier new file mode 100755 index 0000000000..4a90a52a17 --- /dev/null +++ b/src/common/common-globalconf/src/test/resources/globalconf_good2_v3/instance-identifier @@ -0,0 +1 @@ +DEV \ No newline at end of file diff --git a/src/common/common-message/src/main/java/ee/ria/xroad/common/hashchain/HashChainBuilder.java b/src/common/common-message/src/main/java/ee/ria/xroad/common/hashchain/HashChainBuilder.java index 97d9156ef2..25719aa408 100644 --- a/src/common/common-message/src/main/java/ee/ria/xroad/common/hashchain/HashChainBuilder.java +++ b/src/common/common-message/src/main/java/ee/ria/xroad/common/hashchain/HashChainBuilder.java @@ -40,7 +40,7 @@ import java.util.Map; import static ee.ria.xroad.common.hashchain.DigestList.digestHashStep; -import static ee.ria.xroad.common.util.MessageFileNames.attachment; +import static ee.ria.xroad.common.util.MessageFileNames.attachmentOfIdx; import static java.lang.Integer.numberOfLeadingZeros; /** @@ -547,7 +547,7 @@ private HashStepType multipartStep(byte[][] inputSet, int stepCount) { } else { // All the other inputs are attachments, starting from 1. ret.getHashValueOrStepRefOrDataRef().add( - dataRef(attachment(i), inputSet[i])); + dataRef(attachmentOfIdx(i), inputSet[i])); } } diff --git a/src/common/common-message/src/main/java/ee/ria/xroad/common/message/AttachmentStream.java b/src/common/common-message/src/main/java/ee/ria/xroad/common/message/AttachmentStream.java new file mode 100644 index 0000000000..fd9a482fd0 --- /dev/null +++ b/src/common/common-message/src/main/java/ee/ria/xroad/common/message/AttachmentStream.java @@ -0,0 +1,49 @@ +/* + * The MIT License + * + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package ee.ria.xroad.common.message; + +import java.io.InputStream; + +public interface AttachmentStream { + InputStream getStream(); + + long getSize(); + + static AttachmentStream fromInputStream(InputStream stream, long size) { + return new AttachmentStream() { + @Override + public InputStream getStream() { + return stream; + } + + @Override + public long getSize() { + return size; + } + }; + } +} diff --git a/src/common/common-message/src/main/java/ee/ria/xroad/common/message/MultipartSoapMessageEncoder.java b/src/common/common-message/src/main/java/ee/ria/xroad/common/message/MultipartSoapMessageEncoder.java index 0fab154d48..25c1521e6f 100644 --- a/src/common/common-message/src/main/java/ee/ria/xroad/common/message/MultipartSoapMessageEncoder.java +++ b/src/common/common-message/src/main/java/ee/ria/xroad/common/message/MultipartSoapMessageEncoder.java @@ -84,7 +84,7 @@ public void close() throws IOException { @Override public void soap(SoapMessage soapMessage, - Map additionalHeaders) throws Exception { + Map additionalHeaders) throws IOException { multipart.startPart(soapMessage.getContentType(), convertHeaders(additionalHeaders)); multipart.write(soapMessage.getBytes()); @@ -92,7 +92,7 @@ public void soap(SoapMessage soapMessage, @Override public void attachment(String contentType, InputStream content, - Map additionalHeaders) throws Exception { + Map additionalHeaders) throws IOException { String[] headers = {}; if (additionalHeaders != null && !additionalHeaders.isEmpty()) { headers = convertHeaders(additionalHeaders); diff --git a/src/common/common-message/src/main/java/ee/ria/xroad/common/util/MessageFileNames.java b/src/common/common-message/src/main/java/ee/ria/xroad/common/util/MessageFileNames.java index c51b2332de..6e4aa3bcb5 100644 --- a/src/common/common-message/src/main/java/ee/ria/xroad/common/util/MessageFileNames.java +++ b/src/common/common-message/src/main/java/ee/ria/xroad/common/util/MessageFileNames.java @@ -34,33 +34,55 @@ public final class MessageFileNames { private MessageFileNames() { } - /** Name of the file containing hash chain. */ + /** + * Name of the file containing hash chain. + */ public static final String SIG_HASH_CHAIN = "/sig-hashchain.xml"; - /** Name of the file containing hash chain result. */ + /** + * Name of the file containing hash chain result. + */ public static final String SIG_HASH_CHAIN_RESULT = "/sig-hashchainresult.xml"; - /** Name of the file containing hash chain. */ + /** + * Name of the file containing hash chain. + */ public static final String TS_HASH_CHAIN = "/ts-hashchain.xml"; - /** Name of the file containing hash chain result. */ + /** + * Name of the file containing hash chain result. + */ public static final String TS_HASH_CHAIN_RESULT = "/ts-hashchainresult.xml"; - /** Name of the file containing SOAP message. */ + /** + * Name of the file containing SOAP message. + */ public static final String MESSAGE = "/message.xml"; - /** Name of the file containing SOAP message. */ + /** + * Name of the file containing SOAP message. + */ public static final String SIGNATURE = "/META-INF/signatures.xml"; /** - * Name of the file containing idx-th attachment. - * The attachments are numbered starting from 1. - * @param idx index of attachment - * @return String + * Name of SOAP attachment. Suffixed with the index of the attachment. + */ + public static final String ATTACHMENT = "/attachment"; + + /** + * Name of the file containing idx-th attachment. + * The attachments are numbered starting from 1. + * + * @param idx index of attachment + * @return String */ - public static String attachment(int idx) { - return "/attachment" + idx; + public static String attachmentOfIdx(int idx) { + return ATTACHMENT + idx; + } + + public static boolean isAttachment(String uri) { + return uri != null && uri.startsWith(MessageFileNames.ATTACHMENT); } } diff --git a/src/common/common-message/src/test/java/ee/ria/xroad/common/hashchain/HashChainVerifierTest.java b/src/common/common-message/src/test/java/ee/ria/xroad/common/hashchain/HashChainVerifierTest.java index 1b95533f0c..17911c5167 100644 --- a/src/common/common-message/src/test/java/ee/ria/xroad/common/hashchain/HashChainVerifierTest.java +++ b/src/common/common-message/src/test/java/ee/ria/xroad/common/hashchain/HashChainVerifierTest.java @@ -43,7 +43,7 @@ import static ee.ria.xroad.common.ErrorCodes.X_MALFORMED_HASH_CHAIN; import static ee.ria.xroad.common.crypto.Digests.calculateDigest; import static ee.ria.xroad.common.util.MessageFileNames.MESSAGE; -import static ee.ria.xroad.common.util.MessageFileNames.attachment; +import static ee.ria.xroad.common.util.MessageFileNames.attachmentOfIdx; /** * Tests to verify that hash chain verification is correct. @@ -182,11 +182,11 @@ public void attachments() throws Exception { Map inputs = makeInputs( MESSAGE, new DigestValue( DigestAlgorithm.SHA256, new byte[]{(byte) 11}), - attachment(1), new DigestValue( + attachmentOfIdx(1), new DigestValue( DigestAlgorithm.SHA256, new byte[]{(byte) 12}), - attachment(2), new DigestValue( + attachmentOfIdx(2), new DigestValue( DigestAlgorithm.SHA256, new byte[]{(byte) 13}), - attachment(3), new DigestValue( + attachmentOfIdx(3), new DigestValue( DigestAlgorithm.SHA256, new byte[]{(byte) 14})); HashChainVerifier.verify( diff --git a/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/MessageAttachment.java b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/MessageAttachment.java new file mode 100644 index 0000000000..1968b4a89c --- /dev/null +++ b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/MessageAttachment.java @@ -0,0 +1,89 @@ +/* + * The MIT License + * + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package ee.ria.xroad.common.messagelog; + +import lombok.AccessLevel; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; +import lombok.ToString; +import lombok.extern.slf4j.Slf4j; + +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; + +import java.io.InputStream; +import java.sql.Blob; + + +@Slf4j +@ToString(callSuper = true, exclude = {"attachment", "attachmentCipher"}) +@EqualsAndHashCode(exclude = {"attachment"}) +@NoArgsConstructor(access = AccessLevel.PROTECTED) +public class MessageAttachment { + + @Getter + private Long id; + + @Getter + @Setter + private MessageRecord logRecord; + + @Getter + @Setter + private Integer attachmentNo; + + @Getter + @Setter + private Blob attachment; + + @Setter + private transient Cipher attachmentCipher; + + public MessageAttachment(MessageRecord logRecord, Integer attachmentNo, Blob attachment) { + this.logRecord = logRecord; + this.attachmentNo = attachmentNo; + this.attachment = attachment; + } + + public InputStream getInputStream() { + try { + if (attachmentCipher != null) { + return new CipherInputStream(attachment.getBinaryStream(), attachmentCipher); + } + return attachment.getBinaryStream(); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public boolean hasCipher() { + return attachmentCipher != null; + } + +} diff --git a/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/MessageRecord.java b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/MessageRecord.java index f2415d53a9..4a440664bc 100644 --- a/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/MessageRecord.java +++ b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/MessageRecord.java @@ -28,7 +28,7 @@ import ee.ria.xroad.common.asic.AsicContainer; import ee.ria.xroad.common.asic.TimestampData; import ee.ria.xroad.common.identifier.ClientId; -import ee.ria.xroad.common.message.SoapMessageImpl; +import ee.ria.xroad.common.message.AttachmentStream; import ee.ria.xroad.common.signature.SignatureData; import lombok.AccessLevel; @@ -40,18 +40,21 @@ import lombok.extern.slf4j.Slf4j; import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.sql.Blob; +import java.util.ArrayList; +import java.util.List; + +import static java.util.function.Predicate.not; /** * A message log record. */ @Slf4j -@ToString(callSuper = true, exclude = {"attachment"}) -@EqualsAndHashCode(callSuper = true, exclude = {"attachment"}) +@ToString(callSuper = true, exclude = {"attachments", "attachmentStreams", "messageCipher"}) +@EqualsAndHashCode(callSuper = true, exclude = {"attachments"}) @NoArgsConstructor(access = AccessLevel.PROTECTED) public class MessageRecord extends AbstractLogRecord { @@ -104,13 +107,11 @@ public class MessageRecord extends AbstractLogRecord { private String subsystemCode; @Getter - @Setter - private Blob attachment; + private List attachments = new ArrayList<>(); @Getter - private transient InputStream attachmentStream; - @Getter - private transient long attachmentStreamSize; + @Setter + private transient List attachmentStreams = new ArrayList<>(); @Getter @Setter @@ -125,31 +126,14 @@ public class MessageRecord extends AbstractLogRecord { @Setter private transient Cipher messageCipher; - @Setter - private transient Cipher attachmentCipher; - /** * Constructs a message record. * - * @param msg the message - * @param sig the signature - * @param clientId message sender client identifier - * @param xRequestId common id between a request and it's response - * @throws Exception in case of any errors - */ - public MessageRecord(SoapMessageImpl msg, String sig, ClientId clientId, String xRequestId) - throws Exception { - this(msg.getQueryId(), msg.getXml(), sig, msg.isResponse(), clientId, xRequestId); - } - - /** - * Constructs a message record. - * - * @param qid the query ID - * @param msg the message - * @param sig the signature - * @param response whether this record is for a response - * @param clientId message sender client identifier + * @param qid the query ID + * @param msg the message + * @param sig the signature + * @param response whether this record is for a response + * @param clientId message sender client identifier * @param xRequestId common id between a request and it's response */ public MessageRecord(String qid, String msg, String sig, boolean response, @@ -174,7 +158,7 @@ public AsicContainer toAsicContainer() throws Exception { final boolean encrypted = keyId != null; final SignatureData signatureData = new SignatureData(signature, hashChainResult, hashChain); - if (encrypted && (messageCipher == null || attachmentCipher == null)) { + if (encrypted && (messageCipher == null || attachments.stream().anyMatch(not(MessageAttachment::hasCipher)))) { throw new IllegalStateException("Encrypted message record has not been prepared for decryption"); } @@ -193,20 +177,12 @@ public AsicContainer toAsicContainer() throws Exception { } else { plaintextMessage = message; } - - final InputStream plainAttachment; - if (encrypted && attachment != null) { - plainAttachment = new CipherInputStream(attachment.getBinaryStream(), attachmentCipher); - } else { - plainAttachment = (attachment != null) ? attachment.getBinaryStream() : null; - } - - return new AsicContainer(plaintextMessage, signatureData, timestamp, plainAttachment, getTime()); + var attachmentList = attachments.stream().map(MessageAttachment::getInputStream).toList(); + return new AsicContainer(plaintextMessage, signatureData, timestamp, attachmentList, getTime()); } public void setAttachmentStream(InputStream stream, long size) { - this.attachmentStream = stream; - this.attachmentStreamSize = size; + this.setAttachmentStreams(List.of(AttachmentStream.fromInputStream(stream, size))); } public void setCipherMessage(byte[] msg) { @@ -214,4 +190,10 @@ public void setCipherMessage(byte[] msg) { this.message = null; } + public MessageAttachment addAttachment(int attachmentNo, Blob attachment) { + MessageAttachment messageAttachment = new MessageAttachment(this, attachmentNo, attachment); + attachments.add(messageAttachment); + return messageAttachment; + } + } diff --git a/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/SoapLogMessage.java b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/SoapLogMessage.java index b455b8d630..3853351a8e 100644 --- a/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/SoapLogMessage.java +++ b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/SoapLogMessage.java @@ -27,10 +27,14 @@ import ee.ria.xroad.common.identifier.ClientId; import ee.ria.xroad.common.identifier.ServiceId; +import ee.ria.xroad.common.message.AttachmentStream; import ee.ria.xroad.common.message.SoapMessageImpl; import ee.ria.xroad.common.signature.SignatureData; import lombok.Getter; +import lombok.NonNull; + +import java.util.List; /** * LogMessage for SOAP @@ -39,17 +43,22 @@ public final class SoapLogMessage extends LogMessage { @Getter private final SoapMessageImpl message; + @Getter + @NonNull + private final List attachments; + + /** * Create a SOAP log message */ - public SoapLogMessage(SoapMessageImpl message, SignatureData signature, boolean clientSide) { - super(signature, clientSide); - this.message = message; - } - - public SoapLogMessage(SoapMessageImpl message, SignatureData signature, boolean clientSide, String xRequestId) { + public SoapLogMessage(SoapMessageImpl message, + SignatureData signature, + @NonNull List attachments, + boolean clientSide, + String xRequestId) { super(signature, clientSide, xRequestId); this.message = message; + this.attachments = attachments; } public String getQueryId() { diff --git a/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/archive/LogArchiveCache.java b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/archive/LogArchiveCache.java index 86de77060a..7dcaf23a7b 100644 --- a/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/archive/LogArchiveCache.java +++ b/src/common/common-messagelog/src/main/java/ee/ria/xroad/common/messagelog/archive/LogArchiveCache.java @@ -193,9 +193,8 @@ private void addContainerToArchive(MessageRecord record) throws Exception { final ZipEntry entry = new ZipEntry(archiveFilename); entry.setLastModifiedTime(FileTime.from(record.getTime(), TimeUnit.MILLISECONDS)); archiveTmp.putNextEntry(entry); - try (CountingOutputStream cos = - new CountingOutputStream(new DigestOutputStream(new EntryStream(archiveTmp), digest)); - OutputStream bos = new BufferedOutputStream(cos)) { + try (CountingOutputStream cos = new CountingOutputStream(new DigestOutputStream(new EntryStream(archiveTmp), digest)); + OutputStream bos = new BufferedOutputStream(cos)) { // ZipOutputStream writing directly to a DigestOutputStream is extremely inefficient, hence the additional // buffering. Digesting a stream instead of an in-memory buffer because the archive can be // large (over 1GiB) diff --git a/src/common/common-test/src/main/java/ee/ria/xroad/common/conf/globalconf/TestGlobalConfImpl.java b/src/common/common-test/src/main/java/ee/ria/xroad/common/conf/globalconf/TestGlobalConfImpl.java index 7e4ad025f0..d0ad5c2c56 100644 --- a/src/common/common-test/src/main/java/ee/ria/xroad/common/conf/globalconf/TestGlobalConfImpl.java +++ b/src/common/common-test/src/main/java/ee/ria/xroad/common/conf/globalconf/TestGlobalConfImpl.java @@ -33,21 +33,19 @@ * Test globalconf implementation. */ public class TestGlobalConfImpl extends GlobalConfImpl { - private static final GlobalConfSource SOURCE; + /** + * Constructs a new test globalconf. + */ + public TestGlobalConfImpl() { + super(globalConfSource()); + } - static { + private static GlobalConfSource globalConfSource() { try { - SOURCE = new FileSystemGlobalConfSource(getConfigurationPath()); + return new FileSystemGlobalConfSource(getConfigurationPath()); } catch (Exception e) { throw translateWithPrefix(X_MALFORMED_GLOBALCONF, e); } } - /** - * Constructs a new test globalconf. - */ - public TestGlobalConfImpl() { - super(SOURCE); - } - } diff --git a/src/common/common-verifier/build.gradle b/src/common/common-verifier/build.gradle index bc384e9747..01d353bc7d 100644 --- a/src/common/common-verifier/build.gradle +++ b/src/common/common-verifier/build.gradle @@ -10,4 +10,5 @@ dependencies { api project(':common:common-globalconf') testImplementation project(':common:common-test') + testImplementation(libs.julOverSlf4j) } diff --git a/src/common/common-verifier/src/main/java/ee/ria/xroad/common/signature/SignatureVerifier.java b/src/common/common-verifier/src/main/java/ee/ria/xroad/common/signature/SignatureVerifier.java index 24874e0d19..1ca9e2138e 100644 --- a/src/common/common-verifier/src/main/java/ee/ria/xroad/common/signature/SignatureVerifier.java +++ b/src/common/common-verifier/src/main/java/ee/ria/xroad/common/signature/SignatureVerifier.java @@ -44,10 +44,10 @@ import org.apache.xml.security.signature.MissingResourceFailureException; import org.apache.xml.security.signature.XMLSignature; import org.apache.xml.security.signature.XMLSignatureByteInput; +import org.apache.xml.security.signature.XMLSignatureDigestInput; import org.apache.xml.security.signature.XMLSignatureInput; import org.apache.xml.security.signature.XMLSignatureStreamInput; import org.apache.xml.security.utils.resolver.ResourceResolverContext; -import org.apache.xml.security.utils.resolver.ResourceResolverException; import org.apache.xml.security.utils.resolver.ResourceResolverSpi; import org.bouncycastle.cert.ocsp.OCSPResp; import org.w3c.dom.Node; @@ -59,6 +59,7 @@ import java.nio.charset.StandardCharsets; import java.security.cert.X509Certificate; import java.util.ArrayList; +import java.util.Base64; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -70,6 +71,7 @@ import static ee.ria.xroad.common.ErrorCodes.X_MALFORMED_SIGNATURE; import static ee.ria.xroad.common.ErrorCodes.translateException; import static ee.ria.xroad.common.util.MessageFileNames.SIG_HASH_CHAIN_RESULT; +import static ee.ria.xroad.common.util.MessageFileNames.isAttachment; /** * Encapsulates the AsiC XAdES signature profile. This class verifies the @@ -339,8 +341,7 @@ private void verifySignatureValue(X509Certificate signingCert) } if (!s.checkSignatureValue(signingCert)) { - throw new CodedException(X_INVALID_SIGNATURE_VALUE, - "Signature is not valid"); + throw new CodedException(X_INVALID_SIGNATURE_VALUE, "Signature is not valid"); } } @@ -406,24 +407,26 @@ private final class SignatureResourceResolverImpl extends ResourceResolverSpi { public boolean engineCanResolveURI(ResourceResolverContext context) { return switch (context.attr.getValue()) { case MessageFileNames.MESSAGE, MessageFileNames.SIG_HASH_CHAIN_RESULT -> true; - default -> false; + default -> isAttachment(context.attr.getValue()); // only attachments can be resolved }; } @Override - public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException { - switch (context.attr.getValue()) { - case MessageFileNames.MESSAGE: - MessagePart part = getPart(MessageFileNames.MESSAGE); - - if (part != null && part.getMessage() != null) { - return new XMLSignatureByteInput(part.getMessage()); - } - - break; - case MessageFileNames.SIG_HASH_CHAIN_RESULT: - return new XMLSignatureStreamInput(is(hashChainResult)); - default: // do nothing + public XMLSignatureInput engineResolveURI(ResourceResolverContext context) { + if (MessageFileNames.MESSAGE.equals(context.attr.getValue())) { + MessagePart part = getPart(MessageFileNames.MESSAGE); + + if (part != null && part.getMessage() != null) { + return new XMLSignatureByteInput(part.getMessage()); + } + } else if (MessageFileNames.SIG_HASH_CHAIN_RESULT.equals(context.attr.getValue())) { + return new XMLSignatureStreamInput(is(hashChainResult)); + } else if (isAttachment(context.attr.getValue())) { + MessagePart part = getPart(context.attr.getValue()); + + if (part != null && part.getData() != null) { + return new XMLSignatureDigestInput(Base64.getEncoder().encodeToString(part.getData())); + } } return null; @@ -437,7 +440,6 @@ private final class HashChainReferenceResolverImpl public InputStream resolve(String uri) { if (uri.equals(MessageFileNames.SIG_HASH_CHAIN) && (hashChain != null)) { return is(hashChain); - // $FALL-THROUGH$ } return null; } diff --git a/src/common/common-verifier/src/test/java/ee/ria/xroad/common/signature/SignatureVerifierTest.java b/src/common/common-verifier/src/test/java/ee/ria/xroad/common/signature/SignatureVerifierTest.java index 2227b66248..7025dcacef 100644 --- a/src/common/common-verifier/src/test/java/ee/ria/xroad/common/signature/SignatureVerifierTest.java +++ b/src/common/common-verifier/src/test/java/ee/ria/xroad/common/signature/SignatureVerifierTest.java @@ -25,7 +25,7 @@ */ package ee.ria.xroad.common.signature; -import ee.ria.xroad.common.ExpectedCodedException; +import ee.ria.xroad.common.CodedException; import ee.ria.xroad.common.SystemProperties; import ee.ria.xroad.common.TestCertUtil; import ee.ria.xroad.common.TestSecurityUtil; @@ -35,10 +35,13 @@ import ee.ria.xroad.common.identifier.ClientId; import ee.ria.xroad.common.util.MessageFileNames; +import lombok.SneakyThrows; import org.apache.commons.io.IOUtils; -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Nested; +import org.junit.jupiter.api.Test; +import org.slf4j.bridge.SLF4JBridgeHandler; import java.io.FileInputStream; import java.io.IOException; @@ -58,11 +61,14 @@ import static ee.ria.xroad.common.ErrorCodes.X_MALFORMED_SIGNATURE; import static ee.ria.xroad.common.crypto.Digests.calculateDigest; import static ee.ria.xroad.common.crypto.identifier.DigestAlgorithm.SHA512; +import static ee.ria.xroad.common.util.MessageFileNames.MESSAGE; +import static ee.ria.xroad.common.util.MessageFileNames.attachmentOfIdx; +import static org.assertj.core.api.Assertions.assertThatThrownBy; /** * Tests the signature verifier. */ -public class SignatureVerifierTest { +class SignatureVerifierTest { /** * The date when the OCSP responses etc are valid. @@ -76,28 +82,21 @@ public class SignatureVerifierTest { private static final ClientId CONSUMER_ID = createClientId("consumer"); private GlobalConfProvider globalConfProvider; - @Rule - public ExpectedCodedException thrown = ExpectedCodedException.none(); - - static { + @BeforeAll + public static void init() { TestSecurityUtil.initSecurity(); + + //Additional logging for debugging + SLF4JBridgeHandler.install(); } /** * Set up the test -- correct global conf location etc. */ - @Before - public void setUp() { - System.setProperty(SystemProperties.CONFIGURATION_PATH, "../common-globalconf/src/test/resources/globalconf_good_v2"); - System.setProperty(SystemProperties.CONFIGURATION_ANCHOR_FILE, - "../common-globalconf/src/test/resources/configuration-anchor1.xml"); - - globalConfProvider = new TestGlobalConfImpl() { - @Override - public X509Certificate getCaCert(String instanceIdentifier, X509Certificate memberCert) throws Exception { - return TestCertUtil.getCaCert(); - } - }; + @BeforeEach + void setUp() { + loadGlobalConf("../common-globalconf/src/test/resources/globalconf_good_v4", + "../common-globalconf/src/test/resources/configuration-anchor1.xml", true); } /** @@ -106,7 +105,7 @@ public X509Certificate getCaCert(String instanceIdentifier, X509Certificate memb * @throws Exception if error occurs */ @Test - public void verifyValidSignature() throws Exception { + void verifyValidSignature() throws Exception { verifyValidSignature("../common-test/src/test/signatures/sign-0.xml"); } @@ -116,7 +115,7 @@ public void verifyValidSignature() throws Exception { * @throws Exception if error occurs */ @Test - public void verifyValidSignatureHashChain() throws Exception { + void verifyValidSignatureHashChain() throws Exception { Resolver resolver; resolver = new Resolver() { @@ -124,7 +123,7 @@ public void verifyValidSignatureHashChain() throws Exception { public InputStream resolve(String uri) throws IOException { if ("/attachment1".equals(uri)) { // Returns the attachment content - return IOUtils.toInputStream("blaah"); + return IOUtils.toInputStream("blaah", StandardCharsets.UTF_8); } else { return super.resolve(uri); } @@ -142,7 +141,7 @@ public InputStream resolve(String uri) throws IOException { * @throws Exception if error occurs */ @Test - public void verifyValidBackwardCompatibleSignature() throws Exception { + void verifyValidBackwardCompatibleSignature() throws Exception { verifyValidSignature("../common-test/src/test/signatures/sign-0-old-format.xml"); } @@ -150,7 +149,7 @@ private void verifyValidSignature(String signatureFileName) throws Exception { List hashes = new ArrayList<>(); byte[] messageBytes = fileToBytes("../common-test/src/test/signatures/message-0.xml"); - hashes.add(new MessagePart(MessageFileNames.MESSAGE, SHA512, calculateDigest(SHA512, messageBytes), + hashes.add(new MessagePart(MESSAGE, SHA512, calculateDigest(SHA512, messageBytes), messageBytes)); SignatureVerifier verifier = createSignatureVerifier(signatureFileName); @@ -161,64 +160,53 @@ private void verifyValidSignature(String signatureFileName) throws Exception { /** * Tests that reading an empty signature fails. - * - * @throws Exception if error occurs */ @Test - public void emptySignature() throws Exception { - thrown.expectError(X_INVALID_XML); - - createSignatureVerifier("src/test/signatures/empty.xml"); + void emptySignature() { + assertThatThrownBy(() -> createSignatureVerifier("src/test/signatures/empty.xml")) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_INVALID_XML); } /** * Tests that verifying a signature without ds:Signature element fails. - * - * @throws Exception if error occurs */ @Test - public void noXadesSignature() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - - createSignatureVerifier("src/test/signatures/sign-0-no-signature.xml"); + void noXadesSignature() { + assertThatThrownBy(() -> createSignatureVerifier("src/test/signatures/sign-0-no-signature.xml")) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** * Tests that verifying a signature without ObjectContainer element fails. - * - * @throws Exception if error occurs */ @Test - public void noObjectContainer() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - - createSignatureVerifier("src/test/signatures/sign-0-no-objectcontainer.xml"); + void noObjectContainer() { + assertThatThrownBy(() -> createSignatureVerifier("src/test/signatures/sign-0-no-objectcontainer.xml")) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** * Tests that reading a malformed XML fails. - * - * @throws Exception if error occurs */ @Test - public void malformedXml() throws Exception { - thrown.expectError(X_INVALID_XML); - - createSignatureVerifier("src/test/signatures/sign-0-malformed-xml.xml"); + void malformedXml() { + assertThatThrownBy(() -> createSignatureVerifier("src/test/signatures/sign-0-malformed-xml.xml")) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_INVALID_XML); } /** * Tests that validating against the schema fails if the XML does not satisfy the schema. * Just changed the name of one element for now. - * - * @throws Exception if error occurs */ @Test - public void schemaValidationFail() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - - SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/sign-0-schema-fail.xml"); - verifier.verify(null, null); + void schemaValidationFail() { + assertThatThrownBy(() -> createSignatureVerifier("src/test/signatures/sign-0-schema-fail.xml")) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** @@ -227,11 +215,11 @@ public void schemaValidationFail() throws Exception { * @throws Exception if error occurs */ @Test - public void noSigningCertificate() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - + void noSigningCertificate() throws Exception { SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/sign-0-no-signing-cert.xml"); - verifier.verify(null, null); + assertThatThrownBy(() -> verifier.verify(null, null)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** @@ -240,11 +228,12 @@ public void noSigningCertificate() throws Exception { * @throws Exception if error occurs */ @Test - public void invalidSignerName() throws Exception { - thrown.expectError(X_INCORRECT_CERTIFICATE); - + void invalidSignerName() throws Exception { + var clientId = createClientId("FOORBAR"); SignatureVerifier verifier = createSignatureVerifier("../common-test/src/test/signatures/sign-0.xml"); - verifier.verify(createClientId("FOORBAR"), null); + assertThatThrownBy(() -> verifier.verify(clientId, null)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_INCORRECT_CERTIFICATE); } /** @@ -253,22 +242,11 @@ public void invalidSignerName() throws Exception { * @throws Exception if error occurs */ @Test - public void invalidSignatureValue() throws Exception { - thrown.expectError(X_INVALID_SIGNATURE_VALUE); - + void invalidSignatureValue() throws Exception { SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/sign-0-invalid-signature-value.xml"); - verifier.verify(CONSUMER_ID, null); - } - - /** - * Test that reading encapsulated certificates works as expected. - * - * @throws Exception if error occurs - */ - //@Test - public void extraCerts() throws Exception { - SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/extra-certs.xml"); - verifier.verify(TEST_ORG_ID, CORRECT_VALIDATION_DATE); + assertThatThrownBy(() -> verifier.verify(CONSUMER_ID, null)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_INVALID_SIGNATURE_VALUE); } /** @@ -278,11 +256,11 @@ public void extraCerts() throws Exception { * @throws Exception if error occurs */ @Test - public void extraCertsMissingId() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - + void extraCertsMissingId() throws Exception { SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/extra-certs-missing-id.xml"); - verifier.verify(TEST_ORG_ID, CORRECT_VALIDATION_DATE); + assertThatThrownBy(() -> verifier.verify(TEST_ORG_ID, CORRECT_VALIDATION_DATE)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** @@ -291,11 +269,11 @@ public void extraCertsMissingId() throws Exception { * @throws Exception if error occurs */ @Test - public void extraCertsMissingCert() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - + void extraCertsMissingCert() throws Exception { SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/extra-certs-missing-cert.xml"); - verifier.verify(TEST_ORG_ID, CORRECT_VALIDATION_DATE); + assertThatThrownBy(() -> verifier.verify(TEST_ORG_ID, CORRECT_VALIDATION_DATE)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** @@ -304,11 +282,11 @@ public void extraCertsMissingCert() throws Exception { * @throws Exception if error occurs */ @Test - public void extraCertsDigestInvalid() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - + void extraCertsDigestInvalid() throws Exception { SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/extra-certs-digest-invalid.xml"); - verifier.verify(TEST_ORG_ID, CORRECT_VALIDATION_DATE); + assertThatThrownBy(() -> verifier.verify(TEST_ORG_ID, CORRECT_VALIDATION_DATE)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** @@ -317,11 +295,11 @@ public void extraCertsDigestInvalid() throws Exception { * @throws Exception if error occurs */ @Test - public void ocspNoResponses() throws Exception { - thrown.expectError(X_MALFORMED_SIGNATURE); - + void ocspNoResponses() throws Exception { SignatureVerifier verifier = createSignatureVerifier("src/test/signatures/sign-0-ocsp-no-responses.xml"); - verifier.verify(CONSUMER_ID, CORRECT_VALIDATION_DATE); + assertThatThrownBy(() -> verifier.verify(CONSUMER_ID, CORRECT_VALIDATION_DATE)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_MALFORMED_SIGNATURE); } /** @@ -331,19 +309,60 @@ public void ocspNoResponses() throws Exception { * @throws Exception if error occurs */ @Test - public void invalidAttachmentHash() throws Exception { - thrown.expectError(X_INVALID_SIGNATURE_VALUE); - + void invalidAttachmentHash() throws Exception { List hashes = new ArrayList<>(); - hashes.add(new MessagePart(MessageFileNames.MESSAGE, SHA512, hash("foo"), hash("foo"))); + hashes.add(new MessagePart(MESSAGE, SHA512, hash("foo"), hash("foo"))); SignatureVerifier verifier = createSignatureVerifier("../common-test/src/test/signatures/sign-0.xml"); verifier.addParts(hashes); - verifier.verify(CONSUMER_ID, CORRECT_VALIDATION_DATE); + assertThatThrownBy(() -> verifier.verify(CONSUMER_ID, CORRECT_VALIDATION_DATE)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_INVALID_SIGNATURE_VALUE); } - // ------------------------------------------------------------------------ + @Nested + class NonBatchSignature { + private static final String NON_BATCH_SIG = "src/test/signatures/non-batch-sig/signatures.xml"; + private static final Date VALIDATION_DATE = createDate(9, 6, 2024); + + static final ClientId DEV_CLIENT = ClientId.Conf.create("DEV", "COM", "4321"); + private final byte[] messageBytes = fileToBytes("src/test/signatures/non-batch-sig/message.xml"); + private final byte[] attachmentBytes = fileToBytes("src/test/signatures/non-batch-sig/attachment1"); + + @BeforeEach + void before() { + loadGlobalConf("../common-globalconf/src/test/resources/globalconf_good2_v3", + "../common-globalconf/src/test/resources/configuration-anchor1.xml", false); + } + + @Test + void verifyValid() throws Exception { + List hashes = new ArrayList<>(); + hashes.add(new MessagePart(MESSAGE, SHA512, calculateDigest(SHA512, messageBytes), messageBytes)); + hashes.add(new MessagePart(attachmentOfIdx(1), SHA512, calculateDigest(SHA512, attachmentBytes), null)); + + SignatureVerifier verifier = createSignatureVerifier(NON_BATCH_SIG); + verifier.addParts(hashes); + + verifier.verify(DEV_CLIENT, VALIDATION_DATE); + } + + @Test + void failOnInvalidHash() throws Exception { + List hashes = new ArrayList<>(); + hashes.add(new MessagePart(MESSAGE, SHA512, calculateDigest(SHA512, messageBytes), messageBytes)); + hashes.add(new MessagePart(attachmentOfIdx(1), SHA512, calculateDigest(SHA512, new byte[]{1}), null)); + + SignatureVerifier verifier = createSignatureVerifier(NON_BATCH_SIG); + verifier.addParts(hashes); + + assertThatThrownBy(() -> verifier.verify(DEV_CLIENT, VALIDATION_DATE)) + .isInstanceOf(CodedException.class) + .hasMessageContaining(X_INVALID_SIGNATURE_VALUE); + } + + } private SignatureVerifier createSignatureVerifier(String signaturePath) throws Exception { return new SignatureVerifier(globalConfProvider, signature(signaturePath)); @@ -364,14 +383,15 @@ private static byte[] hash(String input) { return input.getBytes(StandardCharsets.UTF_8); } - private static byte[] fileToBytes(String fileName) throws Exception { + @SneakyThrows + private static byte[] fileToBytes(String fileName) { try (InputStream file = file(fileName)) { return IOUtils.toByteArray(file); } } private static String loadFile(String fileName) throws Exception { - return IOUtils.toString(file(fileName)); + return IOUtils.toString(file(fileName), StandardCharsets.UTF_8); } private static InputStream file(String fileName) throws IOException { @@ -406,7 +426,7 @@ Resolver withHashChain(String fileName) { } Resolver withMessage(String fileName) { - return add(MessageFileNames.MESSAGE, fileName); + return add(MESSAGE, fileName); } Resolver add(String name, String file) { @@ -429,4 +449,20 @@ public boolean shouldResolve(String uri, byte[] digestValue) { return true; } } + + void loadGlobalConf(String globalConfPath, String configurationAnchorFile, boolean useTestCaCert) { + System.setProperty(SystemProperties.CONFIGURATION_PATH, globalConfPath); + System.setProperty(SystemProperties.CONFIGURATION_ANCHOR_FILE, configurationAnchorFile); + + globalConfProvider = new TestGlobalConfImpl() { + @Override + public X509Certificate getCaCert(String instanceIdentifier, X509Certificate memberCert) throws Exception { + if (useTestCaCert) { + return TestCertUtil.getCaCert(); + } else { + return super.getCaCert(instanceIdentifier, memberCert); + } + } + }; + } } diff --git a/src/common/common-verifier/src/test/resources/logback-test.xml b/src/common/common-verifier/src/test/resources/logback-test.xml new file mode 100644 index 0000000000..c442bec8a9 --- /dev/null +++ b/src/common/common-verifier/src/test/resources/logback-test.xml @@ -0,0 +1,22 @@ + + + + + + true + + + + + %d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC} [%thread] %-5level %logger{36} - %msg%n + UTF-8 + + + + + + + + + + diff --git a/src/common/common-verifier/src/test/signatures/non-batch-sig/.gitattributes b/src/common/common-verifier/src/test/signatures/non-batch-sig/.gitattributes new file mode 100644 index 0000000000..b651510939 --- /dev/null +++ b/src/common/common-verifier/src/test/signatures/non-batch-sig/.gitattributes @@ -0,0 +1,2 @@ +message.xml binary +attachment1 binary diff --git a/src/common/common-verifier/src/test/signatures/non-batch-sig/attachment1 b/src/common/common-verifier/src/test/signatures/non-batch-sig/attachment1 new file mode 100644 index 0000000000..c7e849f9b2 --- /dev/null +++ b/src/common/common-verifier/src/test/signatures/non-batch-sig/attachment1 @@ -0,0 +1 @@ +{"test":true} \ No newline at end of file diff --git a/src/common/common-verifier/src/test/signatures/non-batch-sig/message.xml b/src/common/common-verifier/src/test/signatures/non-batch-sig/message.xml new file mode 100644 index 0000000000..c3b536ca04 --- /dev/null +++ b/src/common/common-verifier/src/test/signatures/non-batch-sig/message.xml @@ -0,0 +1,11 @@ +POST +/r1/DEV/COM/1234/TestService/mock1 +X-Road-Force-Legacy-Transport:true +X-Road-Client:DEV/COM/4321/TestClient +X-Road-Force-Policy-Reevaluation:true +Content-Type:application/json +Accept:*/* +Postman-Token:81b4e8fa-6ec6-4a5f-9ee5-991567624ba1 +Accept-Encoding:gzip, deflate, br +x-road-request-id:9bb842bb-9256-429b-8e9d-278c7b94f8f1 +x-road-id:DEV-7012d0aa-a51d-4200-94ed-1e68f43bccfc diff --git a/src/common/common-verifier/src/test/signatures/non-batch-sig/signatures.xml b/src/common/common-verifier/src/test/signatures/non-batch-sig/signatures.xml new file mode 100644 index 0000000000..0fccc3878a --- /dev/null +++ b/src/common/common-verifier/src/test/signatures/non-batch-sig/signatures.xml @@ -0,0 +1 @@ +QWsRWE9PqI9AWsENFMfzmvrt8Amcn4tgQzJ4DfW2KnWqTEcO0WS20YPU3qbZ8Yl0ZOe07bCYdWMWdH9UQPr/3g==a/ACZyGtDpyAluZzPgOQK52GqPcZ8ychXX7vHKsWZSf+NUL6awjJYKnNW2VUyz/AFDGqzmlMOAYnDWWnHmHi4w==3YLX6wnfY31fCv7JKVm1OQIbBn0QSKNwnti/G7qA1ZtWd01eAN3s06O/dLt/PsVYBiO1QN69G87oJHHfaLnQEw==ezfdMxXTzH03c+KwU4mK64YUxdKcvG2lh/UAiSKP+ZrtjNUGwLvyuXI/XhosTsUAHNOICD/K6QqjvM0ehLx+RXI+B5uZN3uFe2FtCsQMfbRhaBm0sa0Wia97c3KA0rWsGmr0Utg72iny40INnNItXq+Ci8be33PO+G8pQaCGpI7MFMy/mx+zIelvh35VuhKMAD5Mi7rA2Z2STseSN+kvXk+mhJN7gDahqPpK8EQlLDKi0A4ckLbWQIICPQvYd4q0g6r4f7HPOz+uixrjIcKQDFBAUnKa9Q0aO/xCbeljOGiE3EYAlBUnW8+n++6KX+DT/oE9alCelOIneU9pHBc4ZA==MIIEQTCCAimgAwIBAgIBBDANBgkqhkiG9w0BAQsFADAhMQ0wCwYDVQQKDARUZXN0MRAwDgYDVQQDDAdUZXN0IENBMB4XDTI0MDcwNTA5MDcyOVoXDTQ0MDYzMDA5MDcyOVowSDELMAkGA1UEBhMCRkkxFDASBgNVBAoMC1Rlc3QgY2xpZW50MQ0wCwYDVQQDDAQ0MzIxMRQwEgYDVQQFEwtERVYvU1MxL0NPTTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMATBvscytXner+YkFNztEvpALoT4e1qy09TjCkyjlBqpYdXxZ9uAWGczJnd13yyzks3aaA9gU2S4wBATjXGHyfrsBSHCgw644SlFXXpqzFv9+FFNygdK0xVeG7CXGdm/3BjhK1f72BZFBbmvpmM5y4AwzxcypN38GFM5jdunm1FCLOf8M0xhaVbEXkV779shHOR5KmxMStSiexT7X+dfdcXLXf9wDFWNWoYwBrJL0lnHlc4K/iertlItJefnqxR3kY0C5x4lX1qoU8xe8PjCQmo97qC8eruTQylRglSOjbkW5fH1voYDBXnYM0fimDHuTQ3ueED+g5y6Rd0vlCoht8CAwEAAaNdMFswCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFDiwO9pNLz+TlQvelFJlDBhZ0zsPMB8GA1UdIwQYMBaAFBslIQwdkWVLyaA0L2Ci4b6mYGIFMA0GCSqGSIb3DQEBCwUAA4ICAQBcyyl+h7twvsqGka49AeoxF22o9vcNyc+uSI55ooKk5fxJw8Kb5TvrE88Jny2TqGLU/LO9zB3+hZzVxRW6hQ9Md+xmU0+WNKJzbs0kJ5DNisfYCaa2mgs8Lpwa9483kxDSslKwxvxWA5/T/buEmjrD2qmtrYgMocbndn8Uv9dLh1P6tNuudO35lixlSw/pRGZ9ZrzoSNjNYASJ3MqkJBfcMnzM848aaNwuGr0EwnGkrh2hBJhJXPqBpOBJ1SZtB+jjSD92tl6ESBFIKKqnEPu++RzA8rBNEIANNR7X/tULuwQioHWpz9+B1NWev/NuIty5fpMPhZrvc2/lfparupOuOA5YtWHguXUnHsIxYav/hMn0jpbUayqROKyBflH+o8zCH/W0WiTh57LD1qZToIN2trvSdeMkzzl9/ZEFS6iH8v0WB11IJZvAh4Y/pQVlDWtR6ovnjYMinwwQ9MsYvERgLZUQISLz5ZATI/+Qktz7hkf1y9Y0+34WjtvafwmdnUCwScy3g44KwLQf+En0P2L/DbvyV/LsR+D+kxaXmpbJb/auuHyAV7+56vvUDgcN6gR69JEvqSatwE+odqN6RiXINltGTYrddxmWBKJKxrWOqIkiYuLKfqaOpkPKy/aEFPG+jaFstaGI89KXVl9Fr628h5eaLDeHr3F5nknLwc6RPw==2024-07-09T07:38:53Z/WB1DMFa6kbTcTs7P6gjMZq1ggoBiRX/kf6PvMP4diM+488EYI7r3v4OtGGde36/cwhY0tGo0Vu9ZQLhCjO6Vw==MCowJaQjMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0ECAQQ=application/octet-streamapplication/octet-streamMIIIAAoBAKCCB/kwggf1BgkrBgEFBQcwAQEEggfmMIIH4jCBi6ElMCMxDTALBgNVBAoMBFRlc3QxEjAQBgNVBAMMCVRlc3QgT0NTUBgPMjAyNDA3MDkwNzM2NTVaMFEwTzA6MAkGBSsOAwIaBQAEFNsTW9ilb2xLkfsajb6ownofjL7uBBQbJSEMHZFlS8mgNC9gouG+pmBiBQIBBIAAGA8yMDI0MDcwOTA3MzY1NVowDQYJKoZIhvcNAQELBQADggIBAEylx2/EI2e8zosSSOV5UO2H6sPZqEMctBc47WYm+i6STIxZXAn9RPh8oNy9JuH6ZkzXgGPsp+QEtT17Ba+FOMoTtZwPQJPfzgRxvhYZ9iCiqk8gYWOuR5qfh/vDMfohHy+JmIw5MllgyIQ7T4LXGHUWmTPBQeZ7EMagLSSyjLW5YYAO9empAG5uGKq8vYzvlycockYnwgqmeCLMjB9VW57EV3HU1Z/RsLl9Izk8TTYdB58wapNst+7bY7BjgzT/kIFe459uCJ9xosEwevpLs1ZriiUypQQVu7r7t5I5d3fVLBsfg0XxjVREKZrhKBGtkqS27tizS2kU3O9gTCHtM3k/b13osW2cYHatq7m21mxO69nwA2kBerq8gQkRwbO3AgpxvMqMQVr5Vqxc3vo/EEpx2sdrpkj9YrJcxvm4IlkNIFU67mcAgAf+aaNaf16KcBVHl5A6ieB9RFjSexaoo4tOLc4rdQIpW2Z+oR3B7dvKmMVHHUXOsZMUL1uohDsrJkn0AS6YM2ARncS6voDFs2TjKqyzik+qQcQv3vGY4uaneLgdGQpd2qgTaSV9EnJdWp816yZpC7nuR17iHOmsJXbISqt5EEShgTGrWSQM/r3E8xA+/n4LxtgcMKp5jX6V3fbkoMaNElbvJdZiDy7iEWe7z9LPefe8JDC4Wk1L7AsroIIFPDCCBTgwggU0MIIDHKADAgECAgEBMA0GCSqGSIb3DQEBCwUAMCExDTALBgNVBAoMBFRlc3QxEDAOBgNVBAMMB1Rlc3QgQ0EwHhcNMjQwNTA2MDk1MDUzWhcNNDQwNTAxMDk1MDUzWjAjMQ0wCwYDVQQKDARUZXN0MRIwEAYDVQQDDAlUZXN0IE9DU1AwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnMeH8OeQ+COG/mkw46880B1fM02cB10jApNBAtrUtjsLbiVfxeEXaDW6vfkPgXCo9zB/kkitbz9zpTEOi2alNBnupQXNXzF4y9Y3cILJnOFZj0vxsauYbk4yXgLwwfR2rI1wbouQLo83AKPq1fFN5HehKrwFrqVJNXs4F8kHwVo8160Kvov4UeBemLEyNcrdJQfmT55oUm6uiH6m1pr7yTy1MK4Z3SQZ3FPc2J/D6XIRvpVufvQtPfNb6LUNQ/NID+pq7ME1HIvrzargN01H+IyjBb5/6gYKjzLCbS8lBA3ztHfySL34oxKUYMBgxHFzzMPppAbqAGvJJ0sygNf9DjG/SQB1YeJXojmSnj8Xx2doTZVcdeIrAdFS4hnnTbvHPMoYkT5QcErWTL7hvjFVIdP99/yuvPkR0HHvWITwIZ3H2GMLEFvIPqO0y2dmM44Z9B5ffuJ9jMojj8J+xIOTLk6O+lON2amk/wzPY1oPe8sDPo0+AUq+kwFBM9xZuhLFdCe4noLZ4zR09vlDHbewB5ZJ1p9xvERRwCHduDYGy+SbEkR8oo86cAHfhqzH1e0GiYmtaUUs/z7S/RIxaQ0h0iHltmlKxRYHYqx0GTDHdJC4lfu3etAJnM/VvLvlpIkcD763baXmdKdYvMdtUgCFNhwcjBxpHO0thro6t24EwlQIDAQABo3UwczAJBgNVHRMEAjAAMB0GA1UdDgQWBBRepGl+4HxMRFt3J7IP+u9k8E6e2DAfBgNVHSMEGDAWgBQbJSEMHZFlS8mgNC9gouG+pmBiBTAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwkwDQYJKoZIhvcNAQELBQADggIBAG9avXjZaHkWxmW4rqNkoiYgqZKH9LIUHlhJ/6YJPlPDlKL/5zdHJJ8h6Jjvt/9n983AS9o5fNOe9rblpvLb3u/tTGF59hwtnz5u8Ap3XXL0HCPiIfeCP0CGyAJ7shcIBbGJFocfTQVS48AbbSuko2Vhyh2YTlsyeBzuWVMn/o2i2KvAD/qMUbMPIBbbetQb+bstaGfmLiqaVA7jqUMBIDAagApo2Xq2uQjaskQW5ec7fJZqwwKzMBuR73UJ1uh9gc1HEhqb8mAu4efljGF7ngM6WN67wiUYpwcZbsiIxDIpfBfpr4No7fB7x2sDPE9yHYh5oPIxQYJTYuOjPK+X4CxMF/GBEuZ9BAuol4LLIGgGCuvuLs9eLXFKPuvKZdo3kd7MyhmdLYomXGjwtMunjSstV/pfZwCH+0z/w4MhnomxIFwYagfZbMzAAYf7/e184cic8UT+WiAAnJqvSFkKQjdeWdm+6/m1SEzG6M7eZXnzAL7dn9z6KonqlDqTLSdk3se4c1On5oMdprmQVx91xk0aaOHHX+ujTPWeKeFamG0qYbEk2yUnbNuAT8S4e3kNQKhOwfj/vuFax8M8Z1+yxAHQ9uioEJ86ZQci2ozH0VnMYYgx2vWehOVD2AHow5xX4MJF7nhqsCdVBxkn79o3gXXU7lm1f8m0wGyRvYFutPGZ diff --git a/src/gradle/libs.versions.toml b/src/gradle/libs.versions.toml index 9f9b35a249..4a987278ee 100644 --- a/src/gradle/libs.versions.toml +++ b/src/gradle/libs.versions.toml @@ -64,6 +64,7 @@ grpc-protocGenGrpcJava = { module = "io.grpc:protoc-gen-grpc-java", version.ref slf4j-api = { module = "org.slf4j:slf4j-api", version.ref = "slf4j" } jclOverSlf4j = { module = "org.slf4j:jcl-over-slf4j", version.ref = "slf4j" } +julOverSlf4j = { module = "org.slf4j:jul-to-slf4j", version.ref = "slf4j" } testAutomation-core = { module = "com.nortal.test:test-automation-core", version.ref = "testAutomationFramework" } testAutomation-allure = { module = "com.nortal.test:test-automation-allure", version.ref = "testAutomationFramework" } diff --git a/src/packages/src/xroad/common/addon/proxy/messagelog-changelog.xml b/src/packages/src/xroad/common/addon/proxy/messagelog-changelog.xml index b4e2965a3b..9a6472e089 100644 --- a/src/packages/src/xroad/common/addon/proxy/messagelog-changelog.xml +++ b/src/packages/src/xroad/common/addon/proxy/messagelog-changelog.xml @@ -16,6 +16,7 @@ + diff --git a/src/packages/src/xroad/common/addon/proxy/messagelog/11-attachments.xml b/src/packages/src/xroad/common/addon/proxy/messagelog/11-attachments.xml new file mode 100644 index 0000000000..fced9e394e --- /dev/null +++ b/src/packages/src/xroad/common/addon/proxy/messagelog/11-attachments.xml @@ -0,0 +1,84 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/clientproxy/ClientMessageProcessor.java b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/clientproxy/ClientMessageProcessor.java index 9413660c01..dd5582e97f 100644 --- a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/clientproxy/ClientMessageProcessor.java +++ b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/clientproxy/ClientMessageProcessor.java @@ -56,7 +56,6 @@ import io.opentelemetry.context.Context; import io.opentelemetry.instrumentation.annotations.WithSpan; import lombok.extern.slf4j.Slf4j; -import org.apache.commons.io.IOUtils; import org.apache.http.client.HttpClient; import org.bouncycastle.cert.ocsp.OCSPResp; import org.bouncycastle.util.Arrays; @@ -372,7 +371,7 @@ private void checkRequestHash() throws Exception { private void logResponseMessage() throws Exception { log.trace("logResponseMessage()"); - MessageLog.log(response.getSoap(), response.getSignature(), true, xRequestId); + MessageLog.log(response.getSoap(), response.getSignature(), response.getAttachments(), true, xRequestId); } private void sendResponse() throws Exception { @@ -383,8 +382,8 @@ private void sendResponse() throws Exception { jResponse.setStatus(OK_200); jResponse.setContentType(response.getSoapContentType(), MimeUtils.UTF8); - try (InputStream is = response.getSoapContent(); var out = jResponse.getOutputStream()) { - IOUtils.copy(is, out); + try (var out = jResponse.getOutputStream()) { + response.writeSoapContent(out); } } @@ -536,7 +535,8 @@ private void updateOpMonitoringData() { private void logRequestMessage() throws Exception { log.trace("logRequestMessage()"); - MessageLog.log(requestSoap, request.getSignature(), true, xRequestId); + // Not logging request attachments, as they are always batch-signed in X-Road 7 + MessageLog.log(requestSoap, request.getSignature(), List.of(), true, xRequestId); } @Override diff --git a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/messagelog/MessageLog.java b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/messagelog/MessageLog.java index 6a0d4c4c14..0a87bc00f6 100644 --- a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/messagelog/MessageLog.java +++ b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/messagelog/MessageLog.java @@ -29,6 +29,7 @@ import ee.ria.xroad.common.SystemProperties; import ee.ria.xroad.common.conf.globalconf.GlobalConfProvider; import ee.ria.xroad.common.conf.serverconf.ServerConfProvider; +import ee.ria.xroad.common.message.AttachmentStream; import ee.ria.xroad.common.message.RestRequest; import ee.ria.xroad.common.message.RestResponse; import ee.ria.xroad.common.message.SoapMessageImpl; @@ -43,6 +44,7 @@ import lombok.extern.slf4j.Slf4j; +import java.util.List; import java.util.Map; import static ee.ria.xroad.common.ErrorCodes.X_LOGGING_FAILED_X; @@ -86,16 +88,17 @@ public static AbstractLogManager init(JobManager jobManager, GlobalConfProvider /** * Save the message and signature to message log. Attachments are not logged. * - * @param message the message - * @param signature the signature - * @param clientSide whether this message is logged by the client proxy - * @param xRequestId (optional) additional request if to distinguish request/response pairs + * @param message the message + * @param signature the signature + * @param attachments message attachments + * @param clientSide whether this message is logged by the client proxy + * @param xRequestId (optional) additional request if to distinguish request/response pairs */ - public static void log(SoapMessageImpl message, SignatureData signature, boolean clientSide, + public static void log(SoapMessageImpl message, SignatureData signature, List attachments, boolean clientSide, String xRequestId) { try { assertInitialized(); - logManager.log(new SoapLogMessage(message, signature, clientSide, xRequestId)); + logManager.log(new SoapLogMessage(message, signature, attachments, clientSide, xRequestId)); } catch (Exception e) { throw translateWithPrefix(X_LOGGING_FAILED_X, e); } @@ -129,10 +132,6 @@ public static void log(RestRequest request, RestResponse message, } } - public static void log(SoapMessageImpl message, SignatureData signature, boolean clientSide) { - log(message, signature, clientSide, null); - } - public static void log(RestRequest message, SignatureData signature, CacheInputStream body, boolean clientside) { log(message, signature, body, clientside, null); } diff --git a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessage.java b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessage.java index 84056d7ecd..2ab72e15e3 100644 --- a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessage.java +++ b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessage.java @@ -25,11 +25,11 @@ */ package ee.ria.xroad.proxy.protocol; +import ee.ria.xroad.common.message.AttachmentStream; import ee.ria.xroad.common.message.MultipartSoapMessageEncoder; import ee.ria.xroad.common.message.RestRequest; import ee.ria.xroad.common.message.RestResponse; import ee.ria.xroad.common.message.SoapFault; -import ee.ria.xroad.common.message.SoapMessageEncoder; import ee.ria.xroad.common.message.SoapMessageImpl; import ee.ria.xroad.common.signature.SignatureData; import ee.ria.xroad.common.util.CacheInputStream; @@ -39,13 +39,16 @@ import ee.ria.xroad.common.util.MimeUtils; import ee.ria.xroad.common.util.MultipartEncoder; +import lombok.Getter; import lombok.extern.slf4j.Slf4j; import org.apache.commons.io.IOUtils; import org.bouncycastle.cert.ocsp.OCSPResp; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; +import java.io.IOException; import java.io.InputStream; +import java.io.OutputStream; import java.util.ArrayList; import java.util.List; import java.util.Map; @@ -63,22 +66,28 @@ public class ProxyMessage implements ProxyMessageConsumer { public static final int REST_BODY_LIMIT = 8192; //store up to limit bytes into memory + + @Getter private final List ocspResponses = new ArrayList<>(); private final String originalContentType; private final String originalMimeBoundary; private SoapMessageImpl soapMessage; + @Getter private SignatureData signature; + + @Getter private SoapFault fault; - protected Map soapPartHeaders; + private Map soapPartHeaders; + + private CachingStream restBodyCache; - protected CachingStream attachmentCache; - protected SoapMessageEncoder encoder; + private final List attachmentCache = new ArrayList<>(); - private boolean hasBeenConsumed; private RestRequest restMessage; + @Getter private RestResponse restResponse; /** @@ -102,62 +111,44 @@ public RestRequest getRest() { return restMessage; } - public RestResponse getRestResponse() { - return restResponse; - } - - /** - * @return the message signature - */ - public SignatureData getSignature() { - return signature; - } - - /** - * @return TLS OCSP responses - */ - public List getOcspResponses() { - return ocspResponses; - } - - /** - * @return SOAP fault if this message is a fault, null otherwise - */ - public SoapFault getFault() { - return fault; - } - /** * @return content type of the cached message. */ public String getSoapContentType() { return isMimeEncodedSoap() || hasAttachments() - ? (originalContentType != null ? originalContentType : encoder.getContentType()) + ? originalContentType // cannot be null here, because isMimeEncodedSoap() would throw before : MimeTypes.TEXT_XML_UTF8; } /** * @return content of the cached message. - * @throws Exception in case of any errors + * @throws IOException in case of any errors + * @deprecated use {@link #writeSoapContent(OutputStream)} instead */ - public InputStream getSoapContent() throws Exception { + @Deprecated + public InputStream getSoapContent() throws IOException { + ByteArrayOutputStream out = new ByteArrayOutputStream(); + writeSoapContent(out); + return new ByteArrayInputStream(out.toByteArray()); + } + + public void writeSoapContent(OutputStream out) throws IOException { if (isMimeEncodedSoap()) { - ByteArrayOutputStream out = new ByteArrayOutputStream(); MultipartEncoder mp = new MultipartEncoder(out, originalMimeBoundary); mp.startPart(getSoap().getContentType(), MimeUtils.toHeaders(soapPartHeaders)); mp.write(getSoap().getBytes()); mp.close(); - - return new ByteArrayInputStream(out.toByteArray()); } else if (hasAttachments()) { + MultipartSoapMessageEncoder multipartEncoder = new MultipartSoapMessageEncoder(out, originalMimeBoundary); + // Write the SOAP before attachments + multipartEncoder.soap(soapMessage, soapPartHeaders); + for (Attachment attachment : attachmentCache) { + multipartEncoder.attachment(attachment.contentType, attachment.content.getCachedContents(), attachment.additionalHeaders); + } // Finish writing to the attachment cache. - encoder.close(); - - hasBeenConsumed = true; - - return attachmentCache.getCachedContents(); + multipartEncoder.close(); } else { - return new ByteArrayInputStream(soapMessage.getBytes()); + out.write(soapMessage.getBytes()); } } @@ -165,18 +156,12 @@ public InputStream getSoapContent() throws Exception { * Finalize SOAP message processing. */ public void consume() { - if (hasAttachments() && !hasBeenConsumed) { - try { - encoder.close(); - - hasBeenConsumed = true; - } catch (Exception ignored) { - log.warn("Error closing SOAP encoder: {}", ignored); - } + if (restBodyCache != null) { + restBodyCache.consume(); } - if (attachmentCache != null) { - attachmentCache.consume(); + for (var attachment : attachmentCache) { + attachment.content.consume(); } } @@ -216,9 +201,9 @@ public void rest(RestResponse message) throws Exception { @Override public void restBody(InputStream content) throws Exception { - assert (attachmentCache == null); - attachmentCache = new CachingStream(); - IOUtils.copyLarge(content, attachmentCache); + assert (restBodyCache == null); + restBodyCache = new CachingStream(); + IOUtils.copyLarge(content, restBodyCache); } @Override @@ -226,15 +211,9 @@ public void attachment(String contentType, InputStream content, Map getAttachments() { + return attachmentCache.stream().map(Attachment::getAttachmentStream).toList(); + } + + + private record Attachment(String contentType, CachingStream content, Map additionalHeaders) { + AttachmentStream getAttachmentStream() { + return new AttachmentStream() { + @Override + public InputStream getStream() { + return content.getCachedContents(); + } + + @Override + public long getSize() { + return content.size(); + } + }; + } + } } diff --git a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageDecoder.java b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageDecoder.java index 924689b94d..d203f4866e 100644 --- a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageDecoder.java +++ b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageDecoder.java @@ -411,7 +411,7 @@ private void handleRestBody(BodyDescriptor bd, InputStream is) { callback.restBody(proxyIs); attachmentsByteCount += cos.getByteCount(); restBodyDigest = dc.getDigest(); - verifier.addPart(MessageFileNames.attachment(++attachmentNo), getHashAlgoId(), restBodyDigest); + verifier.addPart(MessageFileNames.attachmentOfIdx(++attachmentNo), getHashAlgoId(), restBodyDigest); } catch (Exception ex) { throw translateException(ex); } @@ -471,7 +471,7 @@ public void body(BodyDescriptor bd, InputStream is) attachmentsByteCount += cos.getByteCount(); verifier.addPart( - MessageFileNames.attachment(++attachmentNo), + MessageFileNames.attachmentOfIdx(++attachmentNo), getHashAlgoId(), dc.getDigest()); } catch (Exception ex) { throw translateException(ex); diff --git a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageEncoder.java b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageEncoder.java index 2bf7e75caf..aea1f5dae0 100644 --- a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageEncoder.java +++ b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/protocol/ProxyMessageEncoder.java @@ -212,7 +212,7 @@ public void restBody(byte[] head, int count, InputStream rest) throws Exception mpEncoder.write(proxyIs); restBodyDigest = calc.getDigest(); - signer.addPart(MessageFileNames.attachment(++attachmentNo), hashAlgoId, restBodyDigest); + signer.addPart(MessageFileNames.attachmentOfIdx(++attachmentNo), hashAlgoId, restBodyDigest); attachmentsByteCount += cos.getByteCount(); } @@ -274,7 +274,7 @@ public void attachment(String contentType, InputStream content, attachmentsByteCount += cos.getByteCount(); - signer.addPart(MessageFileNames.attachment(++attachmentNo), + signer.addPart(MessageFileNames.attachmentOfIdx(++attachmentNo), hashAlgoId, calc.getDigest()); } diff --git a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/serverproxy/ProxyMessageSoapEntity.java b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/serverproxy/ProxyMessageSoapEntity.java new file mode 100644 index 0000000000..95ef304ee2 --- /dev/null +++ b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/serverproxy/ProxyMessageSoapEntity.java @@ -0,0 +1,76 @@ +/* + * The MIT License + * + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package ee.ria.xroad.proxy.serverproxy; + +import ee.ria.xroad.proxy.protocol.ProxyMessage; + +import lombok.RequiredArgsConstructor; +import org.apache.http.Header; +import org.apache.http.entity.AbstractHttpEntity; +import org.apache.http.message.BasicHeader; +import org.apache.http.protocol.HTTP; + +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; + +import static ee.ria.xroad.common.util.AbstractHttpSender.CHUNKED_LENGTH; + +@RequiredArgsConstructor +class ProxyMessageSoapEntity extends AbstractHttpEntity { + private final ProxyMessage proxyMessage; + + @Override + public boolean isRepeatable() { + return false; + } + + @Override + public long getContentLength() { + return CHUNKED_LENGTH; + } + + @Override + public Header getContentType() { + return new BasicHeader(HTTP.CONTENT_TYPE, proxyMessage.getSoapContentType()); + } + + @Override + public InputStream getContent() { + throw new UnsupportedOperationException("getContent() is not supported"); + } + + @Override + public void writeTo(OutputStream outStream) throws IOException { + proxyMessage.writeSoapContent(outStream); + } + + @Override + public boolean isStreaming() { + return true; + } +} diff --git a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/serverproxy/ServerMessageProcessor.java b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/serverproxy/ServerMessageProcessor.java index 257eb55133..99d330cea9 100644 --- a/src/proxy/core/src/main/java/ee/ria/xroad/proxy/serverproxy/ServerMessageProcessor.java +++ b/src/proxy/core/src/main/java/ee/ria/xroad/proxy/serverproxy/ServerMessageProcessor.java @@ -93,7 +93,6 @@ import static ee.ria.xroad.common.ErrorCodes.X_UNKNOWN_SERVICE; import static ee.ria.xroad.common.ErrorCodes.translateException; import static ee.ria.xroad.common.ErrorCodes.translateWithPrefix; -import static ee.ria.xroad.common.util.AbstractHttpSender.CHUNKED_LENGTH; import static ee.ria.xroad.common.util.EncoderUtils.encodeBase64; import static ee.ria.xroad.common.util.MimeUtils.HEADER_HASH_ALGO_ID; import static ee.ria.xroad.common.util.MimeUtils.HEADER_ORIGINAL_CONTENT_TYPE; @@ -409,14 +408,14 @@ private void verifySignature() throws Exception { private void logRequestMessage() throws Exception { log.trace("logRequestMessage()"); - MessageLog.log(requestMessage.getSoap(), requestMessage.getSignature(), false, xRequestId); + MessageLog.log(requestMessage.getSoap(), requestMessage.getSignature(), requestMessage.getAttachments(), false, xRequestId); } private void logResponseMessage() throws Exception { if (responseSoap != null && encoder != null) { log.trace("logResponseMessage()"); - - MessageLog.log(responseSoap, encoder.getSignature(), false, xRequestId); + // Attachments are not logged here, because response from X-Road 7 server is always batch signed + MessageLog.log(responseSoap, encoder.getSignature(), List.of(), false, xRequestId); } } @@ -432,15 +431,14 @@ private void sendRequest(String serviceAddress, HttpSender httpSender) throws Ex } log.info("Sending request to {}", uri); - try (InputStream in = requestMessage.getSoapContent()) { + try { opMonitoringData.setRequestOutTs(getEpochMillisecond()); - httpSender.doPost(uri, in, CHUNKED_LENGTH, jRequest.getHeaders().get(HEADER_ORIGINAL_CONTENT_TYPE)); + httpSender.doPost(uri, new ProxyMessageSoapEntity(requestMessage)); opMonitoringData.setResponseInTs(getEpochMillisecond()); } catch (Exception ex) { if (ex instanceof CodedException) { opMonitoringData.setResponseInTs(getEpochMillisecond()); } - throw translateException(ex).withPrefix(X_SERVICE_FAILED_X); } } diff --git a/src/proxy/core/src/test/java/ee/ria/xroad/proxy/protocol/ProxyMessageTest.java b/src/proxy/core/src/test/java/ee/ria/xroad/proxy/protocol/ProxyMessageTest.java new file mode 100644 index 0000000000..68a76de3e6 --- /dev/null +++ b/src/proxy/core/src/test/java/ee/ria/xroad/proxy/protocol/ProxyMessageTest.java @@ -0,0 +1,135 @@ +/* + * The MIT License + * + * Copyright (c) 2019- Nordic Institute for Interoperability Solutions (NIIS) + * Copyright (c) 2018 Estonian Information System Authority (RIA), + * Nordic Institute for Interoperability Solutions (NIIS), Population Register Centre (VRK) + * Copyright (c) 2015-2017 Estonian Information System Authority (RIA), Population Register Centre (VRK) + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package ee.ria.xroad.proxy.protocol; + +import ee.ria.xroad.common.message.SoapMessageImpl; + +import org.junit.Test; +import org.mockito.Mockito; + +import java.io.ByteArrayInputStream; +import java.util.Map; + +import static java.nio.charset.StandardCharsets.UTF_8; +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.when; + +public class ProxyMessageTest { + + public static final byte[] MOCK_SOAP_MESSAGE_BODY = "".getBytes(UTF_8); + + @Test + public void soapContentTypeMimeEncodedSoap() throws Exception { + var originalContentType = "multipart/related"; + + ProxyMessage message = new ProxyMessage(originalContentType); + + assertThat(message.getSoapContentType()).isEqualTo(originalContentType); + } + + @Test + public void soapContentTypeAttachment() throws Exception { + var originalContentType = "original-content-type"; + + ProxyMessage message = new ProxyMessage(originalContentType); + message.attachment("application/octet-stream", new ByteArrayInputStream("attachment".getBytes(UTF_8)), Map.of()); + + assertThat(message.getSoapContentType()).isEqualTo(originalContentType); + } + + @Test + public void soapContentTypeTextXml() throws Exception { + var originalContentType = "application/xml"; + + ProxyMessage message = new ProxyMessage(originalContentType); + + assertThat(message.getSoapContentType()).isEqualTo("text/xml; charset=UTF-8"); + } + + + @Test + public void soapContent() throws Exception { + ProxyMessage message = new ProxyMessage("text/xml; charset=UTF-8"); + message.soap(getMockSoapMessage(), Map.of()); + + assertThat(message.getSoapContent().readAllBytes()) + .withRepresentation(bytes -> new String((byte[]) bytes)) + .isEqualTo(MOCK_SOAP_MESSAGE_BODY); + } + + @Test + public void soapContentMime() throws Exception { + var expectedSoapContent = """ + --BOUNDARY\r + content-type: text/xml; charset=UTF-8\r + \r + \r + --BOUNDARY--\r + """; + + ProxyMessage message = new ProxyMessage("multipart/related; boundary=BOUNDARY"); + message.soap(getMockSoapMessage(), Map.of()); + + var soapContent = message.getSoapContent().readAllBytes(); + + assertThat(soapContent) + .withRepresentation(bytes -> new String((byte[]) bytes)) + .isEqualTo(expectedSoapContent.getBytes(UTF_8)); + } + + @Test + public void soapContentWithAttachment() throws Exception { + var expectedSoapContent = """ + --BOUNDARY\r + content-type:text/xml; charset=UTF-8\r + \r + \r + --BOUNDARY\r + content-type:text/plain\r + \r + attachment\r + --BOUNDARY--\r + """; + + ProxyMessage message = new ProxyMessage("multipart/related; boundary=BOUNDARY"); + message.soap(getMockSoapMessage(), Map.of()); + message.attachment("text/plain", new ByteArrayInputStream("attachment".getBytes(UTF_8)), Map.of()); + + var soapConent = message.getSoapContent().readAllBytes(); + + assertThat(soapConent) + .withRepresentation(bytes -> new String((byte[]) bytes)) + .isEqualTo(expectedSoapContent.getBytes(UTF_8)); + } + + private SoapMessageImpl getMockSoapMessage() { + var mockSoapMessage = Mockito.mock(SoapMessageImpl.class); + when(mockSoapMessage.getContentType()).thenReturn("text/xml; charset=UTF-8"); + when(mockSoapMessage.getBytes()).thenReturn(MOCK_SOAP_MESSAGE_BODY); + return mockSoapMessage; + } +}