diff --git a/certs/inter_kmes/client-kme1-to-kme2.crt b/certs/inter_kmes/client-kme1-to-kme2.crt new file mode 100644 index 0000000..7684d6c --- /dev/null +++ b/certs/inter_kmes/client-kme1-to-kme2.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFoDCCA4igAwIBAgIULgVrj3RJ1EaHNwT6U8U+O374qoIwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIGttZTIgUm9vdCBDQTAeFw0yNDAyMDYx +NDQ3MThaFw0yNjAyMjUxNDQ3MThaMCYxJDAiBgNVBAMMG0tNRSBuZXR3b3JrIENs +aWVudCAkMSB0byAkMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKxy +hiaukcwflvZ3BxCU4Yp5AimANai5YhCOKzEF6mBkNE+z//jtdmnz2vREKkDAcUqt +sW1I+lsYDxABLSBwL0nAWARwwTTshg+DEX82BRX3QDYzAtFMYCSy3/pp1ReGOxGi +mEPplUPsFqQM6LIqq/Pn8T4AEAuMAEqOpbobYfDyvjKQHY50BqpU5JVPMmVsbMHm +CDY/yYebzA6QSWccHtOfsP+tdQJvrGX4yG5tkCPS0Nhu4Myf/tYPjOsNwtDIM27s +p7IynvZoy5aMex8y2neuDjM6Xki/49klUBV2oIS2C3BwTUYnxKuOolN9kllr8r7t +/JAuBHECQAqL0nniDqmXgyHUM5eEwCYIg5GVZ40ACpWnOdOZ9SWoY24jVsq6MxmK ++XY9D3VhisDFrL9E3pzOC0wSDD74L5J0P3D26n3qPv3dIbnxBFzAORPGWigiyFD8 +ke3X80PW8nw7JgbPGcFo9ac+bSEm3zbGIq9GoZlnyfKRJkBvbR03/PVny3z8h7bg +wXDyhDFCsFe4jhCt5EQMe8U503dlGiAct7ircjpMZilu4FlyMWXaOCg7w5T/0Z7C +grVUTluAAicj31teNYWhpCKEbpJSxCGuUiCyXNJgNNW6dWKOe3wm9Neyv7sXR2rd +3WG6IuICyDk8q9JgSMB8yokxbWxmNrzaHfSfTb+BAgMBAAGjgcowgccwCQYDVR0T +BAIwADARBglghkgBhvhCAQEEBAMCBaAwOAYJYIZIAYb4QgENBCsWKUludGVyIEtN +RSBuZXR3b3JrIGNsaWVudCBhdXRoIGNlcnRpZmljYXRlMB0GA1UdDgQWBBRa3Hdj +DAVFhWiDz67b8ZDXyJKTxzAfBgNVHSMEGDAWgBT9qyCcnfQM5Xj6NJQ00kkwLXP3 +7DAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME +MA0GCSqGSIb3DQEBCwUAA4ICAQCHMGBlc9UJZbeMUX5ASsSSa6sOnAWN8d7qI4Ju +FeclR38XaAvbgjipZ10LTpJDKnL258+PfKly3CUaMBevma8Y08tpuRE4OeJB40M7 +zrRW6VK81XSDDGoLxSAEpq2EFQvMOmOPsZCbYK5PSCXpQg1ZXadDcmuz3dHP5O3f +hxomp9q+Y2enroM74qFNnZ2PMYk+zoaKj2WADy8R04bHzoQ+SrVY9HfIARRahn8j +MUrryU/a9rzfOAXl1o1ZFbjTjPYIdx0yLkaoL7ecCtsCB3JULYJrVuuLFTn64fmZ +oUioomEo3WJHLIFfzJ++RCakEvwWtzpk0vN29PjE4PM99ms8IiVoHIRP9XOd3EiD +H8TlI/CQ9XS26X+fF+HILhGHxYFkykdMmlCOxNdk9MQYC8icSviMPJfWiNgPoUxb +5aVGSHlJeki0VaXuf5URjvanAujWhbsGR0zyk+nobE+vSM+Z5qoOualxuNt7pSDZ +tH9Dx/6Q+gaR6HZ+CVwLMxTHjeDxGqAUBFTGOtjPYm4ozEAy8ASq3f1/nWXp19Hz +3LNEO2zejoO8CpWyjyrPPiLTldeCNj5nRDCx4NAZoeR25moZ4mjJXt78VVxWhTTx +hovJD+JeZ9M7EmmUvplVBDLWWdKfibzsOiD2uvPfhAX8DkTBN20gzD0xnZZ2Cw0M +U/xebg== +-----END CERTIFICATE----- diff --git a/certs/inter_kmes/client-kme1-to-kme2.csr b/certs/inter_kmes/client-kme1-to-kme2.csr new file mode 100644 index 0000000..2205c59 --- /dev/null +++ b/certs/inter_kmes/client-kme1-to-kme2.csr @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEazCCAlMCAQAwJjEkMCIGA1UEAwwbS01FIG5ldHdvcmsgQ2xpZW50ICQxIHRv +ICQyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArHKGJq6RzB+W9ncH +EJThinkCKYA1qLliEI4rMQXqYGQ0T7P/+O12afPa9EQqQMBxSq2xbUj6WxgPEAEt +IHAvScBYBHDBNOyGD4MRfzYFFfdANjMC0UxgJLLf+mnVF4Y7EaKYQ+mVQ+wWpAzo +siqr8+fxPgAQC4wASo6luhth8PK+MpAdjnQGqlTklU8yZWxsweYINj/Jh5vMDpBJ +Zxwe05+w/611Am+sZfjIbm2QI9LQ2G7gzJ/+1g+M6w3C0MgzbuynsjKe9mjLlox7 +HzLad64OMzpeSL/j2SVQFXaghLYLcHBNRifEq46iU32SWWvyvu38kC4EcQJACovS +eeIOqZeDIdQzl4TAJgiDkZVnjQAKlac505n1JahjbiNWyrozGYr5dj0PdWGKwMWs +v0TenM4LTBIMPvgvknQ/cPbqfeo+/d0hufEEXMA5E8ZaKCLIUPyR7dfzQ9byfDsm +Bs8ZwWj1pz5tISbfNsYir0ahmWfJ8pEmQG9tHTf89WfLfPyHtuDBcPKEMUKwV7iO +EK3kRAx7xTnTd2UaIBy3uKtyOkxmKW7gWXIxZdo4KDvDlP/RnsKCtVROW4ACJyPf +W141haGkIoRuklLEIa5SILJc0mA01bp1Yo57fCb017K/uxdHat3dYboi4gLIOTyr +0mBIwHzKiTFtbGY2vNod9J9Nv4ECAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQAI +kXOnPiqpwzojuYY/oSDRh/1aeDNrzm7HE+9nM4bcZJ3Xcg8c4ol1hFQFlzG1DKVl +UWK+p61FtIBaYmoFzx/HCnxrW8Utqs/M3+18xXdq9fwiQ9Y5rtF5MGbSlzpFXwwy +85xx54/t0WzpiRre5GvciB9os2xNWJH0+Gcd1oiieTX4DCP1s+ak6w604VQ6UQcg +KEU2xkYWAL3W9JcYjN8ho1H4e4YbwLQmny4hJ/6WwD2K4QZrtb+Pr9gjnVWD+gle +QjB2C88m057pcg2BJXA/9o1kMTSGIJ2Gyw9NSBysHJ/kwTjPSSERPRUgzz1+1Hz3 +tin9b4gw/461ozM7T8ivd0dcQJjOw3dayEqVmpV34c3BLRyluhDZaogAVTHQDYUj +ROhRd/9y2H8h8ZQgzhlPC7n4+f+f7slHZA9s2ly7fxMM822tn/io3Ze+cJxHrqxh +XuidmuzJDre/HZoO7rUu4vBLMQwiW0vT+OeO8g005PMs691ygJvVP2HKZcPbu3Ec +hm9kbpsALzRvBWdI/tTXnGNTozNVms37Xl1hlao7uxaPj58kdGFU2f1+kwy5mWDb +4en3N1s67puT/62jyNysWaaHjg9Ax+sgLvM51P5Id7gtNd8oBuYSfv4wWFDTDg1u +daybAA68VJKkATwG3jLgLY1gjmJfaalTsaivnvLQMw== +-----END CERTIFICATE REQUEST----- diff --git a/certs/inter_kmes/client-kme1-to-kme2.key b/certs/inter_kmes/client-kme1-to-kme2.key new file mode 100644 index 0000000..55244ab --- /dev/null +++ b/certs/inter_kmes/client-kme1-to-kme2.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCscoYmrpHMH5b2 +dwcQlOGKeQIpgDWouWIQjisxBepgZDRPs//47XZp89r0RCpAwHFKrbFtSPpbGA8Q +AS0gcC9JwFgEcME07IYPgxF/NgUV90A2MwLRTGAkst/6adUXhjsRophD6ZVD7Bak +DOiyKqvz5/E+ABALjABKjqW6G2Hw8r4ykB2OdAaqVOSVTzJlbGzB5gg2P8mHm8wO +kElnHB7Tn7D/rXUCb6xl+MhubZAj0tDYbuDMn/7WD4zrDcLQyDNu7KeyMp72aMuW +jHsfMtp3rg4zOl5Iv+PZJVAVdqCEtgtwcE1GJ8SrjqJTfZJZa/K+7fyQLgRxAkAK +i9J54g6pl4Mh1DOXhMAmCIORlWeNAAqVpznTmfUlqGNuI1bKujMZivl2PQ91YYrA +xay/RN6czgtMEgw++C+SdD9w9up96j793SG58QRcwDkTxlooIshQ/JHt1/ND1vJ8 +OyYGzxnBaPWnPm0hJt82xiKvRqGZZ8nykSZAb20dN/z1Z8t8/Ie24MFw8oQxQrBX +uI4QreREDHvFOdN3ZRogHLe4q3I6TGYpbuBZcjFl2jgoO8OU/9GewoK1VE5bgAIn +I99bXjWFoaQihG6SUsQhrlIgslzSYDTVunVijnt8JvTXsr+7F0dq3d1huiLiAsg5 +PKvSYEjAfMqJMW1sZja82h30n02/gQIDAQABAoICABl0hkzrc+YXu6cCBu7xqyFP +n3wUytbvFoSvF70SzHgSEo65WU2bb+FP98Aa18nbHl4RqaEiJqKPuJl6MvkY1kIi +vFtbcYmoaFmd1VVb2gBWEQpvGTlf9sk0Bk/mk2f3jnyZ7bQIpNnz3Zu1tBuopN1K +HZgzVir+LYTT7a69IAX7Lwwzrck7Y0h9Y4iOujeye5Nbq1amr87utn5n2g34XqyK +ZAw5xI3pgh9DTALQ9Xf0RJPOOiy6aVmbzgdcbqd3BfCXymFJi6F/8p10ezAtx4Xn +EX2KXiSK/s0s7tdcPXGZlbKxQRbcA/H3Cgsc/B9rCdgZNTDrOgicdmuYHCeVsOgl +L+Y0y9jjc/XyVPCSgkkFBX0HLK49Z+aH6p/PwkLo/XaoiCDDOaR4fAyDMh5CFR+g +gSL2+L0yzM0j38UFjGoGiBwk3u1GN8EzLLjgCJ5Y5hzj3Q8/LMlgfdddnf8EoJPy +1bYOKGL2Gpz4SnZeGEYvKjlNejU2kFHcI6iwrOCKK3Gv0dk9MmkBfwIp0bY6uTZL +tDNQyF8p73ryta5ZlnnYgI6gTIurVavujYmrqShreUP/Dn3aBlBDc2mIiF+gjZJ2 +TyNseoQMIGuZiq1ptdojsmYK76JOeV695wUGXOZMhitrcW+x7TT60EK/sLIzLJqc +6tUKQLxecQ5D/GPyFG1JAoIBAQDxOmFCPaXa2P3ktuFTFERnRdIJLMfN2I0C5KWN +TOfXkzigK19l1tFTvMZEbiimV5M1SAN4LfeAubVFeeOiABU6BdokD1I+kUs5bIZA ++6n2zsHlf7oUc+nVlUzu7qv5W/kOUSFewViWrfnq0UmatwWamAiFaKHMKwexMNc5 +VssQqGcDoogsx0Ldu3f897T+8qd+f7tTGSd1ovPUJAKrGr1WDyyymnPG6vo3DWSx +UOLH3LQ2dVM89SSQ0JDQ3IIHwxU4Fh7uOFWLbL/sWfP4rFVQ0YeUk5Xup1cxV4iO +6Jo4A0RfAjUUbcjtUi1EGRmr6NcNCEQZeBg5XjoxLOCqJDKzAoIBAQC3Aea2AGDu +aziynyYV5fPGlqoyF0azcdxXxS51EG5qlHS85d8TEbIg8yifcrv6r9nDFTniiurO +eD9J2Gw37W/cdxjmdBn46zl16vvMJMtL+4XULL3JbJn1UVVP/aY8sR5EeddvZ5YB +rPLlY4h7UFhvIsPlAyU03kFxRPo8fhVks4vmjcKIWpctA5ih0ORuVjIY9BKpLxEo +ZWtrHuBp9Xw/k+1q18Kit/b74k2XZJAeMLxjO+FqfWhtAYFC7J24HZKoflrse1gS +N+YE6aXcexc+XxQAJ6C/EC63ihKcFrooxGPYpdkzauzxi34896cwkbhjLWRYAQJE +uvWWFTpQ7M77AoIBAB92oeDl8ZAN5W/Derg/WHyv2qlfsd/jcuEBuaYodcTkaupZ +PeQmlL77TFD4nUy093pnniw6sqGTl1UshMhIgnxC7yTs6qlGgi1HPmuTZ6PNa/Tn +J/oq9EDrbFFtx/iKSn3XjyawyUE+B+7cxWDspkp3sgTUlOXwZtxxpmDQNURC8szC +kkhk5Q/Ot+PC21S1iasyNdis2zy4uFzfJYnzvuZOrGHPS3KSi3hKwuttxWaUHt1L +iEPXJaHN0lWrrTod89KQ8A/aQS4iTRYi1XOF5srXyXtTlKbAJNtGs4UQSa0sn+pU +e1/iweZSZZ0QOQz3HbWRcnBv/Zjd9XEcjWEjv4kCggEAWMKZTWi9mqVyaF/8Lt7K +72Sfw4+6gMoWnpNKRwjjJNpADGZJXYxVotmMuFkDh0DHE3E2FARggiecOoq3YiDN +AlbZQtzIxAwCYIjJ+2dVGtMxQ4k3u3vq6Cq8gAF8IS+eiIO305agEMv7OvqddYGw +gqaP8IEoCI5Lm05jN/fHFIJotjfHRC7755845jLUuBciUSv/6QKlBby67seY/ItN +6eArZIilJBqptd062NSzeZEVreObHvUYMtZqBTWSAXyGZyZxnwTr4FowO+2+vkMN +MPkYUELoGgMVRXu4LvBu9drauncl82RG65hGb/eFpW7nyWJ4qp5CpWcwOcyt7hYN +BQKCAQAFCFV7KgED2iS2+IPdidfg6Kz4EiNl18wLPAbisIdcx9w9y0D4xzygJI9L +IF/ZN0RTsYeK2h5c6JzQ2h1cingq8Ut8K6m+vc4tkBz/K1i9mObymsYHA8nOLVhl +SZzi8Y0hFP8ut/Wg+7LQ2n6/Cq0pTcGnbrifuwhPwRUFK5K7LQfKi7ZiEgjcs9us +jngbjZethCx3wKDauw6kAnrmZvw2+FgmRZdhP56MheCc8CgYr2g2yyRknChgrYxQ +ruArdxERSbxZ1+nZCMTn6ht+4SRjE0oWIUlV7n3CsSCcZKwJ6NDZTM6Ds5q/NDq5 +gZLjkMeVDWo7PeCcWo3s+USMfyfz +-----END PRIVATE KEY----- diff --git a/certs/inter_kmes/client-kme1-to-kme2.pem b/certs/inter_kmes/client-kme1-to-kme2.pem new file mode 100644 index 0000000..c7928b0 --- /dev/null +++ b/certs/inter_kmes/client-kme1-to-kme2.pem @@ -0,0 +1,115 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCscoYmrpHMH5b2 +dwcQlOGKeQIpgDWouWIQjisxBepgZDRPs//47XZp89r0RCpAwHFKrbFtSPpbGA8Q +AS0gcC9JwFgEcME07IYPgxF/NgUV90A2MwLRTGAkst/6adUXhjsRophD6ZVD7Bak +DOiyKqvz5/E+ABALjABKjqW6G2Hw8r4ykB2OdAaqVOSVTzJlbGzB5gg2P8mHm8wO +kElnHB7Tn7D/rXUCb6xl+MhubZAj0tDYbuDMn/7WD4zrDcLQyDNu7KeyMp72aMuW +jHsfMtp3rg4zOl5Iv+PZJVAVdqCEtgtwcE1GJ8SrjqJTfZJZa/K+7fyQLgRxAkAK +i9J54g6pl4Mh1DOXhMAmCIORlWeNAAqVpznTmfUlqGNuI1bKujMZivl2PQ91YYrA +xay/RN6czgtMEgw++C+SdD9w9up96j793SG58QRcwDkTxlooIshQ/JHt1/ND1vJ8 +OyYGzxnBaPWnPm0hJt82xiKvRqGZZ8nykSZAb20dN/z1Z8t8/Ie24MFw8oQxQrBX +uI4QreREDHvFOdN3ZRogHLe4q3I6TGYpbuBZcjFl2jgoO8OU/9GewoK1VE5bgAIn +I99bXjWFoaQihG6SUsQhrlIgslzSYDTVunVijnt8JvTXsr+7F0dq3d1huiLiAsg5 +PKvSYEjAfMqJMW1sZja82h30n02/gQIDAQABAoICABl0hkzrc+YXu6cCBu7xqyFP +n3wUytbvFoSvF70SzHgSEo65WU2bb+FP98Aa18nbHl4RqaEiJqKPuJl6MvkY1kIi +vFtbcYmoaFmd1VVb2gBWEQpvGTlf9sk0Bk/mk2f3jnyZ7bQIpNnz3Zu1tBuopN1K +HZgzVir+LYTT7a69IAX7Lwwzrck7Y0h9Y4iOujeye5Nbq1amr87utn5n2g34XqyK +ZAw5xI3pgh9DTALQ9Xf0RJPOOiy6aVmbzgdcbqd3BfCXymFJi6F/8p10ezAtx4Xn +EX2KXiSK/s0s7tdcPXGZlbKxQRbcA/H3Cgsc/B9rCdgZNTDrOgicdmuYHCeVsOgl +L+Y0y9jjc/XyVPCSgkkFBX0HLK49Z+aH6p/PwkLo/XaoiCDDOaR4fAyDMh5CFR+g +gSL2+L0yzM0j38UFjGoGiBwk3u1GN8EzLLjgCJ5Y5hzj3Q8/LMlgfdddnf8EoJPy +1bYOKGL2Gpz4SnZeGEYvKjlNejU2kFHcI6iwrOCKK3Gv0dk9MmkBfwIp0bY6uTZL +tDNQyF8p73ryta5ZlnnYgI6gTIurVavujYmrqShreUP/Dn3aBlBDc2mIiF+gjZJ2 +TyNseoQMIGuZiq1ptdojsmYK76JOeV695wUGXOZMhitrcW+x7TT60EK/sLIzLJqc +6tUKQLxecQ5D/GPyFG1JAoIBAQDxOmFCPaXa2P3ktuFTFERnRdIJLMfN2I0C5KWN +TOfXkzigK19l1tFTvMZEbiimV5M1SAN4LfeAubVFeeOiABU6BdokD1I+kUs5bIZA ++6n2zsHlf7oUc+nVlUzu7qv5W/kOUSFewViWrfnq0UmatwWamAiFaKHMKwexMNc5 +VssQqGcDoogsx0Ldu3f897T+8qd+f7tTGSd1ovPUJAKrGr1WDyyymnPG6vo3DWSx +UOLH3LQ2dVM89SSQ0JDQ3IIHwxU4Fh7uOFWLbL/sWfP4rFVQ0YeUk5Xup1cxV4iO +6Jo4A0RfAjUUbcjtUi1EGRmr6NcNCEQZeBg5XjoxLOCqJDKzAoIBAQC3Aea2AGDu +aziynyYV5fPGlqoyF0azcdxXxS51EG5qlHS85d8TEbIg8yifcrv6r9nDFTniiurO +eD9J2Gw37W/cdxjmdBn46zl16vvMJMtL+4XULL3JbJn1UVVP/aY8sR5EeddvZ5YB +rPLlY4h7UFhvIsPlAyU03kFxRPo8fhVks4vmjcKIWpctA5ih0ORuVjIY9BKpLxEo +ZWtrHuBp9Xw/k+1q18Kit/b74k2XZJAeMLxjO+FqfWhtAYFC7J24HZKoflrse1gS +N+YE6aXcexc+XxQAJ6C/EC63ihKcFrooxGPYpdkzauzxi34896cwkbhjLWRYAQJE +uvWWFTpQ7M77AoIBAB92oeDl8ZAN5W/Derg/WHyv2qlfsd/jcuEBuaYodcTkaupZ +PeQmlL77TFD4nUy093pnniw6sqGTl1UshMhIgnxC7yTs6qlGgi1HPmuTZ6PNa/Tn +J/oq9EDrbFFtx/iKSn3XjyawyUE+B+7cxWDspkp3sgTUlOXwZtxxpmDQNURC8szC +kkhk5Q/Ot+PC21S1iasyNdis2zy4uFzfJYnzvuZOrGHPS3KSi3hKwuttxWaUHt1L +iEPXJaHN0lWrrTod89KQ8A/aQS4iTRYi1XOF5srXyXtTlKbAJNtGs4UQSa0sn+pU +e1/iweZSZZ0QOQz3HbWRcnBv/Zjd9XEcjWEjv4kCggEAWMKZTWi9mqVyaF/8Lt7K +72Sfw4+6gMoWnpNKRwjjJNpADGZJXYxVotmMuFkDh0DHE3E2FARggiecOoq3YiDN +AlbZQtzIxAwCYIjJ+2dVGtMxQ4k3u3vq6Cq8gAF8IS+eiIO305agEMv7OvqddYGw +gqaP8IEoCI5Lm05jN/fHFIJotjfHRC7755845jLUuBciUSv/6QKlBby67seY/ItN +6eArZIilJBqptd062NSzeZEVreObHvUYMtZqBTWSAXyGZyZxnwTr4FowO+2+vkMN +MPkYUELoGgMVRXu4LvBu9drauncl82RG65hGb/eFpW7nyWJ4qp5CpWcwOcyt7hYN +BQKCAQAFCFV7KgED2iS2+IPdidfg6Kz4EiNl18wLPAbisIdcx9w9y0D4xzygJI9L +IF/ZN0RTsYeK2h5c6JzQ2h1cingq8Ut8K6m+vc4tkBz/K1i9mObymsYHA8nOLVhl +SZzi8Y0hFP8ut/Wg+7LQ2n6/Cq0pTcGnbrifuwhPwRUFK5K7LQfKi7ZiEgjcs9us +jngbjZethCx3wKDauw6kAnrmZvw2+FgmRZdhP56MheCc8CgYr2g2yyRknChgrYxQ +ruArdxERSbxZ1+nZCMTn6ht+4SRjE0oWIUlV7n3CsSCcZKwJ6NDZTM6Ds5q/NDq5 +gZLjkMeVDWo7PeCcWo3s+USMfyfz +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIFoDCCA4igAwIBAgIULgVrj3RJ1EaHNwT6U8U+O374qoIwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIGttZTIgUm9vdCBDQTAeFw0yNDAyMDYx +NDQ3MThaFw0yNjAyMjUxNDQ3MThaMCYxJDAiBgNVBAMMG0tNRSBuZXR3b3JrIENs +aWVudCAkMSB0byAkMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKxy +hiaukcwflvZ3BxCU4Yp5AimANai5YhCOKzEF6mBkNE+z//jtdmnz2vREKkDAcUqt +sW1I+lsYDxABLSBwL0nAWARwwTTshg+DEX82BRX3QDYzAtFMYCSy3/pp1ReGOxGi +mEPplUPsFqQM6LIqq/Pn8T4AEAuMAEqOpbobYfDyvjKQHY50BqpU5JVPMmVsbMHm +CDY/yYebzA6QSWccHtOfsP+tdQJvrGX4yG5tkCPS0Nhu4Myf/tYPjOsNwtDIM27s +p7IynvZoy5aMex8y2neuDjM6Xki/49klUBV2oIS2C3BwTUYnxKuOolN9kllr8r7t +/JAuBHECQAqL0nniDqmXgyHUM5eEwCYIg5GVZ40ACpWnOdOZ9SWoY24jVsq6MxmK ++XY9D3VhisDFrL9E3pzOC0wSDD74L5J0P3D26n3qPv3dIbnxBFzAORPGWigiyFD8 +ke3X80PW8nw7JgbPGcFo9ac+bSEm3zbGIq9GoZlnyfKRJkBvbR03/PVny3z8h7bg +wXDyhDFCsFe4jhCt5EQMe8U503dlGiAct7ircjpMZilu4FlyMWXaOCg7w5T/0Z7C +grVUTluAAicj31teNYWhpCKEbpJSxCGuUiCyXNJgNNW6dWKOe3wm9Neyv7sXR2rd +3WG6IuICyDk8q9JgSMB8yokxbWxmNrzaHfSfTb+BAgMBAAGjgcowgccwCQYDVR0T +BAIwADARBglghkgBhvhCAQEEBAMCBaAwOAYJYIZIAYb4QgENBCsWKUludGVyIEtN +RSBuZXR3b3JrIGNsaWVudCBhdXRoIGNlcnRpZmljYXRlMB0GA1UdDgQWBBRa3Hdj +DAVFhWiDz67b8ZDXyJKTxzAfBgNVHSMEGDAWgBT9qyCcnfQM5Xj6NJQ00kkwLXP3 +7DAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME +MA0GCSqGSIb3DQEBCwUAA4ICAQCHMGBlc9UJZbeMUX5ASsSSa6sOnAWN8d7qI4Ju +FeclR38XaAvbgjipZ10LTpJDKnL258+PfKly3CUaMBevma8Y08tpuRE4OeJB40M7 +zrRW6VK81XSDDGoLxSAEpq2EFQvMOmOPsZCbYK5PSCXpQg1ZXadDcmuz3dHP5O3f +hxomp9q+Y2enroM74qFNnZ2PMYk+zoaKj2WADy8R04bHzoQ+SrVY9HfIARRahn8j +MUrryU/a9rzfOAXl1o1ZFbjTjPYIdx0yLkaoL7ecCtsCB3JULYJrVuuLFTn64fmZ +oUioomEo3WJHLIFfzJ++RCakEvwWtzpk0vN29PjE4PM99ms8IiVoHIRP9XOd3EiD +H8TlI/CQ9XS26X+fF+HILhGHxYFkykdMmlCOxNdk9MQYC8icSviMPJfWiNgPoUxb +5aVGSHlJeki0VaXuf5URjvanAujWhbsGR0zyk+nobE+vSM+Z5qoOualxuNt7pSDZ +tH9Dx/6Q+gaR6HZ+CVwLMxTHjeDxGqAUBFTGOtjPYm4ozEAy8ASq3f1/nWXp19Hz +3LNEO2zejoO8CpWyjyrPPiLTldeCNj5nRDCx4NAZoeR25moZ4mjJXt78VVxWhTTx +hovJD+JeZ9M7EmmUvplVBDLWWdKfibzsOiD2uvPfhAX8DkTBN20gzD0xnZZ2Cw0M +U/xebg== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUek0U09F785SwAT3V56Elsj+XvGQwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIGttZTIgUm9vdCBDQTAeFw0yNDAyMDYx +NDM4NTRaFw0zNDAyMDMxNDM4NTRaMCExHzAdBgNVBAMMFkludGVyLUtNRSBrbWUy +IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0zi2Js02h +P8c7ieKgSZhbbgWNUrcDKDuqEvBBuIOH93rM9oNNX1KAp7pNATEfVwLPUUdsb5Cx +k03p4e3JLOZFIx+yo+mM+9lPOWMl4PvSkWkz280tzzz3i5LdHjbhib9TjAimma3n +cLmZXjZfKKNyovjhYDRXO9eX3sfBwFg/JvWLQJ0rMsbAiSkvK7UD9VciacT4ZbPh +s30j8JszpWatDlF7SKHtdRkPZ2jXCB/nugg/YKAelZ9f7aUtxT8GqQrkIY+8gvKY +M6SWoiD74QtXc7jAhbk947LIpAZj4hjO++eyUQTj0trdBdVq9FWtuDNlXM1RfMwX +uJgjX4I0EPJNuFtR/TKyBEAQnpmSnQBZNU9aYz4gHX0Xr4wy4ai3smO1apJcmI/5 +257THwPVT7r4+8v4S4FhTVooIsQ5NJFEtQ7I/i0XRWT9gsd0C/5dpK+l4yF7TGNF +odXwkCkv6Y1tXzEM163uXJdUi4K1ipBcUZHATy6JLrOQ+DxF2qDqhC+7rReylq/p +/+KzhdRIj3gDgjRe3ZM0oazIRCqSvfOcN8bppOzNVhbFM1CPsFmw33u6TAoqsZxU +JKM2YOyoMGg+DPHQySAAWIW7w/jQgnZZ+KMRWoNonsKen06UoGqAwP7D2zLD2OIw +NjBRvNejylgbqcN13oMlWSq5ctApzuO9TwIDAQABo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEBMA4GA1UdDwEB/wQEAwIBRjAdBgNVHQ4EFgQU/asgnJ30DOV4+jSUNNJJ +MC1z9+wwDQYJKoZIhvcNAQELBQADggIBALR793A5uM8MWAJoeyw9dNpacyYRUFbq +XubsZPywXTeL698by3lj8WaXxHUx9R9WjO+dgqxmgtV3m6bSIIQEMGuDvw5C2hTA +/XfYR1gDg1PA1xcHM1s2Mr+ColvhNDV9lKnFhGwCzApAAG08yJYNwWPNIewp1jax +VIlQC7OeeznZE02E2tZHqwslKtH8FFNfF7qsDs2vs4VIDEZ9+c1N8GOzQhnpJw6q +53buzHakun+Np+ZsERDxe8wayZImUNhkG2HEMfojzwEoOVOkl/9UnxbHycXpOB2p +Yxx/J4msu4w0+1eGzDFSQNaLxFSQI7WW0VxzPj91cbz82AMTmydF+HQkDxIZF6z5 +41ykQVyrWXOx4eTXuLJFiRTnAAZxPkXEcuxIJCNI1YHW+vSKFFv2nJqbLr3qdFkB +EUja1tl7jtldciguXVWiZ1M/jjJDHIzbbsQNQY0hSiMIgHzC5ljUq+S70P/CGrN4 +CUJEZ1K/0ibk1bvlgfN8+MP0lZr4MSC/G9Rd4exy6Kztgg9j+6Va46yze9mlvqL3 +T8bP/4v0EiuBA4wtiOqBq7d1VlXiIrwg+EYucZA0AjXOnIZRIhWlll3Z5Qr3tqbQ +Tu66Gevg0YbSUFtmdKgT63W1h4wuVMPDkWUogbpvt5y2fMhVQZgEB9c7jflARb5v +2TZRRWOar7pw +-----END CERTIFICATE----- diff --git a/certs/inter_kmes/client-kme1-to-kme2.pfx b/certs/inter_kmes/client-kme1-to-kme2.pfx new file mode 100644 index 0000000..a4b026c Binary files /dev/null and b/certs/inter_kmes/client-kme1-to-kme2.pfx differ diff --git a/certs/inter_kmes/client-kme2-to-kme1.crt b/certs/inter_kmes/client-kme2-to-kme1.crt new file mode 100644 index 0000000..e4f52e6 --- /dev/null +++ b/certs/inter_kmes/client-kme2-to-kme1.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFoDCCA4igAwIBAgIUbaPW6mZkPEGO04sF4O/p2YuXThMwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIEtNRTEgUm9vdCBDQTAeFw0yNDAyMDYx +NDQ3MzNaFw0yNjAyMjUxNDQ3MzNaMCYxJDAiBgNVBAMMG0tNRSBuZXR3b3JrIENs +aWVudCAkMSB0byAkMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM67 +uvY3Qgl3Pt9f4iwSPvlG7S8jopJC0yL0p5WzrpuvVqBoz6kTapsom4XcJ7Pq/Ibu +yv6ykpe3iU2u1JfpZELQi2nmAN0XLWc92OE+gRwc7sXinwXNL7Tu4ZOC5LmfOTBO +e4RQlnFGDfDQ2IPCAHM8Q3F+pG9WDQ3VLIlL0afGGWIsKy1jm46S+W4DcuhpGrk8 +53cCKAliK8ML0L1tYx57pc5PjmyBh3XufOEsDlB6aqSGUuxFNKCec4YapBQ3C3SE +5RZfC4lmFn2e1SiuHKAKcK9b3oK+fBa/0IIkYVRzk0ufEEZ7fHrWmYGh04IRg7jM +rKxLYsX8sQOT/QYXDoMJi+kR/Vk1HBWI8c5kuwk/9KDU6NvCcrbEeYQEhZjE2NEz +B2NtsgNpNOTEPI2EKSPDNzgncWvB1UNyFqqF9RycgdcwR8DpIvgP00+96CXcKWW1 +PJ+lqkJ2C4FTScfQ0HN9zrQD4HAvvfEAMc5m0v9Z1dPGzC67h4Y/1gCTTVvWs0MG +ZbzrI8kIYl6newSIEbPSdTnxUwTJY/ewqmomEoVSfaVp3VIY4OE0qPyFbKNmUaHj +V4RBmRzU5NFMhU5ZQ8YOEaiOJcPMjVgHZgOOFdRGI3Lc2l2A6Eyv3ofIjwDgamSo +zn5XoeVpHD8a/0HwpzC3ZMerKzAFI9Yh/AJL8RQzAgMBAAGjgcowgccwCQYDVR0T +BAIwADARBglghkgBhvhCAQEEBAMCBaAwOAYJYIZIAYb4QgENBCsWKUludGVyIEtN +RSBuZXR3b3JrIGNsaWVudCBhdXRoIGNlcnRpZmljYXRlMB0GA1UdDgQWBBR0O7LO +YSz0b62sKb0z5mb0ZNsLxDAfBgNVHSMEGDAWgBTFnK3cKILWJSYzIoqqSbjTFjiu +XzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME +MA0GCSqGSIb3DQEBCwUAA4ICAQA+VV+ZdPBJxQCUua3HZ91pZCYf48+nRT79zjTb +H9FWdOkUJI//IoZ9o8sAHa6phsflFH4hdCh8M3sJM9kTO7R2qkTbo5UJBTAtYucY +mR/afXDbDFl5jtfqn04xNoIi8yhNHEPYQXE63eBfyIu7ifnHyZ4zzpCYc3wBdweB +O31hP/fnLVD7ZWvXUkBtystOfZL+M2FEL3NaPTp9EisQ/TiYsxhPF1gPQZCsxQxu +6bkpKnYXUTFTFSreE/sFqPmRHG9v09nwR6pln6bk2cxMlq9AeEjewCS8aQVvPjAW +VnYTbL4fGjxyz39WFFGKjTvye+xrsx+VPFErvwt5UNLtkzB6EgSuzhG7gz/xWdkP +WsdG05AFs6PmKcpgLbt9K+aQlrGrmMImlAJ0ZWoO8RstfLfmNlaFwJe3KcLKx6CI +sjhb24QrGEOWXlWNolxkAW7GToHWKpLEdLHnoyWFipWDw2T9VeCTc1QvfTjhsYWE +rsXTFwZNaE8vhUkRpN88Gm25G0Eiuwi82XE40soEYFYC301s/ttUXzciEikIJdGG +3HQnFH+gE0LcCaMQ/gKw2JfMiJ05ff0g4DyQgxi8QR84K0qi/ISpOCE4WpoGchUj +kkkwio4hDRgVSCmFxOCHb1/YyK/DpvhlSkvVeYMinbfOis+Du2tlnbvCcLVisOhp +qsuiIQ== +-----END CERTIFICATE----- diff --git a/certs/inter_kmes/client-kme2-to-kme1.csr b/certs/inter_kmes/client-kme2-to-kme1.csr new file mode 100644 index 0000000..9ed488a --- /dev/null +++ b/certs/inter_kmes/client-kme2-to-kme1.csr @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEazCCAlMCAQAwJjEkMCIGA1UEAwwbS01FIG5ldHdvcmsgQ2xpZW50ICQxIHRv +ICQyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzru69jdCCXc+31/i +LBI++UbtLyOikkLTIvSnlbOum69WoGjPqRNqmyibhdwns+r8hu7K/rKSl7eJTa7U +l+lkQtCLaeYA3RctZz3Y4T6BHBzuxeKfBc0vtO7hk4LkuZ85ME57hFCWcUYN8NDY +g8IAczxDcX6kb1YNDdUsiUvRp8YZYiwrLWObjpL5bgNy6GkauTzndwIoCWIrwwvQ +vW1jHnulzk+ObIGHde584SwOUHpqpIZS7EU0oJ5zhhqkFDcLdITlFl8LiWYWfZ7V +KK4coApwr1vegr58Fr/QgiRhVHOTS58QRnt8etaZgaHTghGDuMysrEtixfyxA5P9 +BhcOgwmL6RH9WTUcFYjxzmS7CT/0oNTo28JytsR5hASFmMTY0TMHY22yA2k05MQ8 +jYQpI8M3OCdxa8HVQ3IWqoX1HJyB1zBHwOki+A/TT73oJdwpZbU8n6WqQnYLgVNJ +x9DQc33OtAPgcC+98QAxzmbS/1nV08bMLruHhj/WAJNNW9azQwZlvOsjyQhiXqd7 +BIgRs9J1OfFTBMlj97CqaiYShVJ9pWndUhjg4TSo/IVso2ZRoeNXhEGZHNTk0UyF +TllDxg4RqI4lw8yNWAdmA44V1EYjctzaXYDoTK/eh8iPAOBqZKjOfleh5WkcPxr/ +QfCnMLdkx6srMAUj1iH8AkvxFDMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4ICAQC2 +Pzt1cUT8T4h06tsfugit/iT0pzaqKF9nFnIZtuioVJk2IPUMJiUGfTpztnPNcXSD ++0yNix8Lj/ipc7oqmeNSgvjDp9zz/JDg4lEWghmrbSUNdmuZvhUjWMRGpsFfRutO +EqFzT3KP7i8sv58HjlCMyqFkdHs2X8jYGR6jHHYVTSseuGzub4cJyprLxyR9Xle2 +Bs6CFCl9bSwoKJqyt/5n0ZrGlSNYhr1G9rrr9xF3qvIwJgAcPZOi0z9dVI+6hnOi +vSBBw/Qfze0WXIy531z4EhqwbRSb22x2uIF1XLOx1rIi/58sJ7mWZ82LqLVxteY1 +F6yleYSBAbV6ILFUdVp6zMWtdqnd4n6KB/qwPa6VJRRtMEreeRUQNSun4ENNqRAW +nLuYx53N+RLJenW9RWxIkYgVy28CGEBJJ5J8KSifEe1yfXb5j4WVatKgH/lU8hhC +jj1sQZJxNVdqy0bOnwjNfbouh7q4cARlgcbazu9+UuA3Aeq0onsfnSIqEC8h09OZ +9YzI/TkrQ19L8oVdH/04XsjUuM6okC3i279Y9UfW1QNmc7MLge7gWf5Z2h4mgTuc +fj7OlXosdJhwXhVGYbX1mH9M02yTferOEtITp+o0vVIfPVnfV/ehxZJwiFQ4xF48 +d6ONlFE62C84eo73QngMA4M2QZQgnDwL59r6tJRsyg== +-----END CERTIFICATE REQUEST----- diff --git a/certs/inter_kmes/client-kme2-to-kme1.key b/certs/inter_kmes/client-kme2-to-kme1.key new file mode 100644 index 0000000..cf3a032 --- /dev/null +++ b/certs/inter_kmes/client-kme2-to-kme1.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDOu7r2N0IJdz7f +X+IsEj75Ru0vI6KSQtMi9KeVs66br1agaM+pE2qbKJuF3Cez6vyG7sr+spKXt4lN +rtSX6WRC0Itp5gDdFy1nPdjhPoEcHO7F4p8FzS+07uGTguS5nzkwTnuEUJZxRg3w +0NiDwgBzPENxfqRvVg0N1SyJS9GnxhliLCstY5uOkvluA3LoaRq5POd3AigJYivD +C9C9bWMee6XOT45sgYd17nzhLA5QemqkhlLsRTSgnnOGGqQUNwt0hOUWXwuJZhZ9 +ntUorhygCnCvW96CvnwWv9CCJGFUc5NLnxBGe3x61pmBodOCEYO4zKysS2LF/LED +k/0GFw6DCYvpEf1ZNRwViPHOZLsJP/Sg1OjbwnK2xHmEBIWYxNjRMwdjbbIDaTTk +xDyNhCkjwzc4J3FrwdVDchaqhfUcnIHXMEfA6SL4D9NPvegl3ClltTyfpapCdguB +U0nH0NBzfc60A+BwL73xADHOZtL/WdXTxswuu4eGP9YAk01b1rNDBmW86yPJCGJe +p3sEiBGz0nU58VMEyWP3sKpqJhKFUn2lad1SGODhNKj8hWyjZlGh41eEQZkc1OTR +TIVOWUPGDhGojiXDzI1YB2YDjhXURiNy3NpdgOhMr96HyI8A4GpkqM5+V6HlaRw/ +Gv9B8Kcwt2THqyswBSPWIfwCS/EUMwIDAQABAoICAEyBQr4tUt3n6DeH505B7lYX +vlyshlQ0MKiF+6K13Q82QwuX3gmG6vPCglN2VqcJdiyFIFBDS2akAEbkRT52m6jy +PjWRbY5kLmQ/igxJMkRyHJbUt97QwS/nG0mYrgZXezV6RdGAdTw0HaKZ1xZjbAE5 +MwhEQpwFL02ILzQb/9ljwS8Ig24Hp6CKmY3x7ss9Yitc85eiD6jxUJqcu8HuQjkc +rw57eIyFHtkwybwWrrFvrBl4sCVJsyEhokTlhQUKHc4gBBtUTxOo2PfiGKY2UNeV +JYBvsheWYJuWnpYa2n4DS2Y31jEPL9DRq/tCJODElIeGDvyv5Ty5t9RIJuHjFHYV +Efu8y0GVYybWIuDPCqg+O8ApXD1Y24Jj4AOSWcCIZzFel35q//b6EkMaSqNGLISy +cqCvrX+DMxR9MrAwgT0kDuXZ/YvAsR6PuXpbnOkVh0eoN73GMHqRjsARtNpdHZhc +LnViZZNiWa5hrUn/f0c/6+sxV2E3wicnqRwZGsebmMAwtHxst3KsgOe6gCl3teQK +omGlZBSRnFXsBKtOaOZhggcGWEYgUhtmRThfe21+numT81c5Mv3qRAl3ZyQ5ySEB +bXjxrzT3W1W8Yq9X7AdmYp3QgieRxxzK/4Du0+VcKg3F9MRgiQQAZ8jRYBsb9pTt +Pq29j4irNRgrH0MY2svZAoIBAQD3TM6FpUKpzgCTF2diCDq7CphdhD/OaF1FAaAC +RnoS8m+e3d7J385Iqix+bKz9uIAtaUNPuTbywTOuZ5buoceLJVhJTsHs8Bzztv1U +eOP/NlFG1JHUHZpg/L/sGu4kUhY02TQy9NNPWprYn3ABmcMaMPNc7NpS3iNMFPMH +zU4WJIgfPM3AvFtsrlpIpkV3/z0tMf6AF3mbNF3GHVu+NM8aUXlR4HJzZvJivo9n +rCpXYca9t41/OVoekOGDS4AtZQQlg5WaXOP+oZk9aJLX/IF7RKeWCkeKBLuFoOZg +3Ro25LBBovxs25rOQJUcu/u6uSlkY8EfrVeUfiG6eln7/6N1AoIBAQDWAZQNwNis +FRHgCcPYmT/E6V/dJ0D2+fGjq0e4xFyklPhFFSVnaJcqTZd4o5Sk9+hitoWjamaE +d3GkQjQ/WjJxZ4mgsMzCk/6ZQ/pIran6FB3ByjVsUg4592vjlEQKdUrTcps9k/lC +E9jAsRlSukRlMBR4U8VcVDyw2enVcSnAbVXHCF6WFLj2tKiTkSOtm4yK3qLl7OVW +WairPnp9/O0ihOUwblFqridEKSkkgmhLvgWc3rl1WVzhsKBc03bThIruF21udTdC +q8Hql1c+zEP//tPbWUNM8JuEyCOc6A8L554BHVwYCuKhPFwSVFOgNyA56wHVrAiQ +lyUUtJW+fawHAoIBAF3TnVOlhOpqB1vHeGkAWFAY0ABDKfZFMIX6/NuAI9bGdsUe +xuVu7ZQyRJle4C+PbcpM8sXvrsJhvRsBoIk/hjbr31hI8ljULRfmqK0BBPgSgrnN +8to4tRbxLlwFR68uGdDJS/29V+L2rGNd8qAY16Y7RkpObvMb5uZ52E9wfJz4FVFM +v3/Ntx4/9G817ot9opdgLYAp5/CT6LQ+9UzwOldw7Ae9kY7pUzNVu5EJCDOJHF9k +oeHQP7nzHCy1W5ddiTo2d29OqQ41/68F2xjpa7L6NF8/3S6nZwJnLqE3ojeLgrgU +f5NJqq1wYWK6i+KnV+YH1wEOwnjLdj6LJ1LuBfUCggEBAL5IaPxRnFZl5Z7vD9Rn +buwHFdXuMTVoyBJfGUaQUk+EpbvHMZrgxIg4tZXu3RxR0a7z25+R29Ws3r7OnuY1 +rORoy1a13VqlfJuKdeBpidlySYMl6JqH215vQN751gX2hLG+FYqLJ/Y472FmFr4Y +IPhX59uVoMaXn98f42qFVDpk/QAb0P5hLpUtzTZotvCGflB75RvLp58/2VlqFEAx +xCgNQjvt2zaf4woYDx0HVvUB4Lu6zewpqQyDoBLpc55fG6jX69VrI9eEIMgWCN0t +gsj8LCO9Grouthk6W3AIZliPeU5EbL5z706t/K/PiwvJ+D2HV/pFHNhzi+T9LKhT +1cECggEAIYTK+LlSaJKY/ScGnUjZSaLut+cB7HnOhJ8gItfI2IDTXmWmEM/2ZlkI +dKkb5jAPtufWH7c5jFvrED+/J923NKL0EbL1WbgcKWQU8q9M94eXmYEVE83iQddA +hDaju0Z1enXii394s1tFXapF1scinrXRSX5YGBHioU+1DqPy9ocz7FucIGdnsY4I +RoMRUn6RhiqLmTzEi7XiWln/t2DPyuaNZARmuFG+X915Erw4pmP9q2RLGz7AAm1N +y+vvvcxh0X0LdOC53kFL/OC1BCv1nmhYxleno0ZxgP71IlGPZQ2ZyuZ6GAr6otae +ugdZ90OGITKH5d9ZrEXJp7a6QTBZfA== +-----END PRIVATE KEY----- diff --git a/certs/inter_kmes/client-kme2-to-kme1.pem b/certs/inter_kmes/client-kme2-to-kme1.pem new file mode 100644 index 0000000..fc264e0 --- /dev/null +++ b/certs/inter_kmes/client-kme2-to-kme1.pem @@ -0,0 +1,115 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDOu7r2N0IJdz7f +X+IsEj75Ru0vI6KSQtMi9KeVs66br1agaM+pE2qbKJuF3Cez6vyG7sr+spKXt4lN +rtSX6WRC0Itp5gDdFy1nPdjhPoEcHO7F4p8FzS+07uGTguS5nzkwTnuEUJZxRg3w +0NiDwgBzPENxfqRvVg0N1SyJS9GnxhliLCstY5uOkvluA3LoaRq5POd3AigJYivD +C9C9bWMee6XOT45sgYd17nzhLA5QemqkhlLsRTSgnnOGGqQUNwt0hOUWXwuJZhZ9 +ntUorhygCnCvW96CvnwWv9CCJGFUc5NLnxBGe3x61pmBodOCEYO4zKysS2LF/LED +k/0GFw6DCYvpEf1ZNRwViPHOZLsJP/Sg1OjbwnK2xHmEBIWYxNjRMwdjbbIDaTTk +xDyNhCkjwzc4J3FrwdVDchaqhfUcnIHXMEfA6SL4D9NPvegl3ClltTyfpapCdguB +U0nH0NBzfc60A+BwL73xADHOZtL/WdXTxswuu4eGP9YAk01b1rNDBmW86yPJCGJe +p3sEiBGz0nU58VMEyWP3sKpqJhKFUn2lad1SGODhNKj8hWyjZlGh41eEQZkc1OTR +TIVOWUPGDhGojiXDzI1YB2YDjhXURiNy3NpdgOhMr96HyI8A4GpkqM5+V6HlaRw/ +Gv9B8Kcwt2THqyswBSPWIfwCS/EUMwIDAQABAoICAEyBQr4tUt3n6DeH505B7lYX +vlyshlQ0MKiF+6K13Q82QwuX3gmG6vPCglN2VqcJdiyFIFBDS2akAEbkRT52m6jy +PjWRbY5kLmQ/igxJMkRyHJbUt97QwS/nG0mYrgZXezV6RdGAdTw0HaKZ1xZjbAE5 +MwhEQpwFL02ILzQb/9ljwS8Ig24Hp6CKmY3x7ss9Yitc85eiD6jxUJqcu8HuQjkc +rw57eIyFHtkwybwWrrFvrBl4sCVJsyEhokTlhQUKHc4gBBtUTxOo2PfiGKY2UNeV +JYBvsheWYJuWnpYa2n4DS2Y31jEPL9DRq/tCJODElIeGDvyv5Ty5t9RIJuHjFHYV +Efu8y0GVYybWIuDPCqg+O8ApXD1Y24Jj4AOSWcCIZzFel35q//b6EkMaSqNGLISy +cqCvrX+DMxR9MrAwgT0kDuXZ/YvAsR6PuXpbnOkVh0eoN73GMHqRjsARtNpdHZhc +LnViZZNiWa5hrUn/f0c/6+sxV2E3wicnqRwZGsebmMAwtHxst3KsgOe6gCl3teQK +omGlZBSRnFXsBKtOaOZhggcGWEYgUhtmRThfe21+numT81c5Mv3qRAl3ZyQ5ySEB +bXjxrzT3W1W8Yq9X7AdmYp3QgieRxxzK/4Du0+VcKg3F9MRgiQQAZ8jRYBsb9pTt +Pq29j4irNRgrH0MY2svZAoIBAQD3TM6FpUKpzgCTF2diCDq7CphdhD/OaF1FAaAC +RnoS8m+e3d7J385Iqix+bKz9uIAtaUNPuTbywTOuZ5buoceLJVhJTsHs8Bzztv1U +eOP/NlFG1JHUHZpg/L/sGu4kUhY02TQy9NNPWprYn3ABmcMaMPNc7NpS3iNMFPMH +zU4WJIgfPM3AvFtsrlpIpkV3/z0tMf6AF3mbNF3GHVu+NM8aUXlR4HJzZvJivo9n +rCpXYca9t41/OVoekOGDS4AtZQQlg5WaXOP+oZk9aJLX/IF7RKeWCkeKBLuFoOZg +3Ro25LBBovxs25rOQJUcu/u6uSlkY8EfrVeUfiG6eln7/6N1AoIBAQDWAZQNwNis +FRHgCcPYmT/E6V/dJ0D2+fGjq0e4xFyklPhFFSVnaJcqTZd4o5Sk9+hitoWjamaE +d3GkQjQ/WjJxZ4mgsMzCk/6ZQ/pIran6FB3ByjVsUg4592vjlEQKdUrTcps9k/lC +E9jAsRlSukRlMBR4U8VcVDyw2enVcSnAbVXHCF6WFLj2tKiTkSOtm4yK3qLl7OVW +WairPnp9/O0ihOUwblFqridEKSkkgmhLvgWc3rl1WVzhsKBc03bThIruF21udTdC +q8Hql1c+zEP//tPbWUNM8JuEyCOc6A8L554BHVwYCuKhPFwSVFOgNyA56wHVrAiQ +lyUUtJW+fawHAoIBAF3TnVOlhOpqB1vHeGkAWFAY0ABDKfZFMIX6/NuAI9bGdsUe +xuVu7ZQyRJle4C+PbcpM8sXvrsJhvRsBoIk/hjbr31hI8ljULRfmqK0BBPgSgrnN +8to4tRbxLlwFR68uGdDJS/29V+L2rGNd8qAY16Y7RkpObvMb5uZ52E9wfJz4FVFM +v3/Ntx4/9G817ot9opdgLYAp5/CT6LQ+9UzwOldw7Ae9kY7pUzNVu5EJCDOJHF9k +oeHQP7nzHCy1W5ddiTo2d29OqQ41/68F2xjpa7L6NF8/3S6nZwJnLqE3ojeLgrgU +f5NJqq1wYWK6i+KnV+YH1wEOwnjLdj6LJ1LuBfUCggEBAL5IaPxRnFZl5Z7vD9Rn +buwHFdXuMTVoyBJfGUaQUk+EpbvHMZrgxIg4tZXu3RxR0a7z25+R29Ws3r7OnuY1 +rORoy1a13VqlfJuKdeBpidlySYMl6JqH215vQN751gX2hLG+FYqLJ/Y472FmFr4Y +IPhX59uVoMaXn98f42qFVDpk/QAb0P5hLpUtzTZotvCGflB75RvLp58/2VlqFEAx +xCgNQjvt2zaf4woYDx0HVvUB4Lu6zewpqQyDoBLpc55fG6jX69VrI9eEIMgWCN0t +gsj8LCO9Grouthk6W3AIZliPeU5EbL5z706t/K/PiwvJ+D2HV/pFHNhzi+T9LKhT +1cECggEAIYTK+LlSaJKY/ScGnUjZSaLut+cB7HnOhJ8gItfI2IDTXmWmEM/2ZlkI +dKkb5jAPtufWH7c5jFvrED+/J923NKL0EbL1WbgcKWQU8q9M94eXmYEVE83iQddA +hDaju0Z1enXii394s1tFXapF1scinrXRSX5YGBHioU+1DqPy9ocz7FucIGdnsY4I +RoMRUn6RhiqLmTzEi7XiWln/t2DPyuaNZARmuFG+X915Erw4pmP9q2RLGz7AAm1N +y+vvvcxh0X0LdOC53kFL/OC1BCv1nmhYxleno0ZxgP71IlGPZQ2ZyuZ6GAr6otae +ugdZ90OGITKH5d9ZrEXJp7a6QTBZfA== +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIFoDCCA4igAwIBAgIUbaPW6mZkPEGO04sF4O/p2YuXThMwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIEtNRTEgUm9vdCBDQTAeFw0yNDAyMDYx +NDQ3MzNaFw0yNjAyMjUxNDQ3MzNaMCYxJDAiBgNVBAMMG0tNRSBuZXR3b3JrIENs +aWVudCAkMSB0byAkMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM67 +uvY3Qgl3Pt9f4iwSPvlG7S8jopJC0yL0p5WzrpuvVqBoz6kTapsom4XcJ7Pq/Ibu +yv6ykpe3iU2u1JfpZELQi2nmAN0XLWc92OE+gRwc7sXinwXNL7Tu4ZOC5LmfOTBO +e4RQlnFGDfDQ2IPCAHM8Q3F+pG9WDQ3VLIlL0afGGWIsKy1jm46S+W4DcuhpGrk8 +53cCKAliK8ML0L1tYx57pc5PjmyBh3XufOEsDlB6aqSGUuxFNKCec4YapBQ3C3SE +5RZfC4lmFn2e1SiuHKAKcK9b3oK+fBa/0IIkYVRzk0ufEEZ7fHrWmYGh04IRg7jM +rKxLYsX8sQOT/QYXDoMJi+kR/Vk1HBWI8c5kuwk/9KDU6NvCcrbEeYQEhZjE2NEz +B2NtsgNpNOTEPI2EKSPDNzgncWvB1UNyFqqF9RycgdcwR8DpIvgP00+96CXcKWW1 +PJ+lqkJ2C4FTScfQ0HN9zrQD4HAvvfEAMc5m0v9Z1dPGzC67h4Y/1gCTTVvWs0MG +ZbzrI8kIYl6newSIEbPSdTnxUwTJY/ewqmomEoVSfaVp3VIY4OE0qPyFbKNmUaHj +V4RBmRzU5NFMhU5ZQ8YOEaiOJcPMjVgHZgOOFdRGI3Lc2l2A6Eyv3ofIjwDgamSo +zn5XoeVpHD8a/0HwpzC3ZMerKzAFI9Yh/AJL8RQzAgMBAAGjgcowgccwCQYDVR0T +BAIwADARBglghkgBhvhCAQEEBAMCBaAwOAYJYIZIAYb4QgENBCsWKUludGVyIEtN +RSBuZXR3b3JrIGNsaWVudCBhdXRoIGNlcnRpZmljYXRlMB0GA1UdDgQWBBR0O7LO +YSz0b62sKb0z5mb0ZNsLxDAfBgNVHSMEGDAWgBTFnK3cKILWJSYzIoqqSbjTFjiu +XzAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME +MA0GCSqGSIb3DQEBCwUAA4ICAQA+VV+ZdPBJxQCUua3HZ91pZCYf48+nRT79zjTb +H9FWdOkUJI//IoZ9o8sAHa6phsflFH4hdCh8M3sJM9kTO7R2qkTbo5UJBTAtYucY +mR/afXDbDFl5jtfqn04xNoIi8yhNHEPYQXE63eBfyIu7ifnHyZ4zzpCYc3wBdweB +O31hP/fnLVD7ZWvXUkBtystOfZL+M2FEL3NaPTp9EisQ/TiYsxhPF1gPQZCsxQxu +6bkpKnYXUTFTFSreE/sFqPmRHG9v09nwR6pln6bk2cxMlq9AeEjewCS8aQVvPjAW +VnYTbL4fGjxyz39WFFGKjTvye+xrsx+VPFErvwt5UNLtkzB6EgSuzhG7gz/xWdkP +WsdG05AFs6PmKcpgLbt9K+aQlrGrmMImlAJ0ZWoO8RstfLfmNlaFwJe3KcLKx6CI +sjhb24QrGEOWXlWNolxkAW7GToHWKpLEdLHnoyWFipWDw2T9VeCTc1QvfTjhsYWE +rsXTFwZNaE8vhUkRpN88Gm25G0Eiuwi82XE40soEYFYC301s/ttUXzciEikIJdGG +3HQnFH+gE0LcCaMQ/gKw2JfMiJ05ff0g4DyQgxi8QR84K0qi/ISpOCE4WpoGchUj +kkkwio4hDRgVSCmFxOCHb1/YyK/DpvhlSkvVeYMinbfOis+Du2tlnbvCcLVisOhp +qsuiIQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUNShk38tjlkIH+MlYr5tzZClmosMwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIEtNRTEgUm9vdCBDQTAeFw0yNDAyMDYx +NDMyMjVaFw0zNDAyMDMxNDMyMjVaMCExHzAdBgNVBAMMFkludGVyLUtNRSBLTUUx +IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCYAFV4JzHS +Ln0D/9xQINoTit5utaH4wDbBmJ0xxV+1+mi1CTWwKEo6EDV1D8c7k3dBc0QbGRpK +v7bylLrOZQHQwkAW7iSECeb6rgtiPiAIhgcj6dG7/RhffJCDVyl1kAqG6Zln+h0H +8i/48wUvJsomUtxXtz7IYdgbD2EqJs/9c78hCKQ3EOYG9VlY4cCLI1afVE0Pee9R +4W04c92vNt9pdvndzO+XD773gTbI108djFogEWjnpaX512HoIQdVULv3PjZXsVyF +KYKvTjVv/Ix6uEA5C40XxgXqRHi199csktahj0mt/gJzrEIMeK8o04duGzbAPDea +fUDStOLKgMD1vr4G3kPzBoaQ6RknwyQXrAuPEJMHMFku92r4axBRZGXdYKWMa+/v +HH14yFJFaZRmZagAdspFQNqpERuvmC0KTNIxvCA5e2KfAc9zExxnKI3qcws1BEaJ +uUrfTSEmV0nBTWOlsFh+wS1ln2NIzj+GuzJu0YcN/l1eXaYw+bOM9w0C3zRU95/8 +olanOTQGbODGdpnE9rfZ/g8q65ScBsG+DGmLi9kkEj1o8nGzT1ICPuqLbXpZAmDX +nV8t6mvxy/qa7BG53bETkh/4zSJOCAdm00dQsebHZ+Tj6GGcDdwH2WF0XTHUUGNK +t5Yqd/sAJy6HE+Oc4mOrrj6gLoMkr/G0+wIDAQABo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEBMA4GA1UdDwEB/wQEAwIBRjAdBgNVHQ4EFgQUxZyt3CiC1iUmMyKKqkm4 +0xY4rl8wDQYJKoZIhvcNAQELBQADggIBAG41+VOSZm3MiXiFA/TInIxIjp/wYWyg ++f4Z+OeQ+hOJWcb5e8mIrEokOamXy84Fzs/3KcsrMt1Vnf/KcrxpGVjI100kNC2l +5M3qx5LXrCao1pZ5nEtXiGKW9C/7JOJ95DwpCvYbG0/OLhWdBT9u91Y1E+jC8x1g +RlBy/mRmQGASSBgqI6VQ7tl/apuEqkQ82sIiNgk2S+qboOumNDqk+Xe82Oe5VkLX +NEfVkc7dp9fzAmi0sn6rWUAnU2XDRR+F3LW2InbI4PS30wU9j1L3sqCREIBJ2f4N +ZEqI0tDDII2RuFN3QSDPT8TRTy2bfY7YFP+9CZuThiP0zdmeZzN+YN4AfyB7PdV/ +9oVrOx93jwb7aet7PbRLibFBBfIMd1MRVSb+LLOxwRXOK5jJxsNFjJlsIFN3R+D8 +O6/pXCD7v5tcj8FibxE3v1GLIVe+S2mYcwVZ9SIcfR+QV2FUnUroP71suQjp/Nkv +KFDzhcLuumwwUtb5LcNDobiQ1w/zrlooRp6r0S4YS9va5RY3zYjl4AyzlhFBW7Dh +xCLMLixM9PKr5+7QPlQwvtU6qfIil0ef7VLEKXXHWb530HqTY4wEQyOiU7PM7yu4 +lIlqRK7m5tNFbw+rv8EKIl6LwLep854/N8mzrZoJiSntkVJ/mM3/5mNurPu9Xskv +yLkPQ6grE38m +-----END CERTIFICATE----- diff --git a/certs/inter_kmes/client-kme2-to-kme1.pfx b/certs/inter_kmes/client-kme2-to-kme1.pfx new file mode 100644 index 0000000..769dcaa Binary files /dev/null and b/certs/inter_kmes/client-kme2-to-kme1.pfx differ diff --git a/certs/inter_kmes/generate_kme_ca.sh b/certs/inter_kmes/generate_kme_ca.sh new file mode 100755 index 0000000..74f359e --- /dev/null +++ b/certs/inter_kmes/generate_kme_ca.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash + +ARGC=$# + +if [ $ARGC -ne 1 ] +then + echo "Invalid number of arguments" + exit +fi + +openssl genrsa -out "root-ca-$1.key" 4096 +openssl req -new -key "root-ca-$1.key" -out "root-ca-$1.csr" -sha256 -subj "/CN=Inter-KME $1 Root CA" +openssl x509 -req -days 3650 -in "root-ca-$1.csr" -signkey "root-ca-$1.key" -sha256 -out "root-ca-$1.crt" -extfile "root-ca.cnf" -extensions root_ca diff --git a/certs/inter_kmes/generate_kme_clients.sh b/certs/inter_kmes/generate_kme_clients.sh new file mode 100755 index 0000000..2436878 --- /dev/null +++ b/certs/inter_kmes/generate_kme_clients.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +ARGC=$# + +if [ $ARGC -ne 2 ] +then + echo "Invalid number of arguments" + echo "Usage: $0 kmeclient kmeserver" + exit +fi + +openssl genrsa -out "client-$1-to-$2.key" 4096 +openssl req -new -key "client-$1-to-$2.key" -out "client-$1-to-$2.csr" -sha256 -subj '/CN=KME network Client $1 to $2' +openssl x509 -req -days 750 -in "client-$1-to-$2.csr" -sha256 -CA "root-ca-$2.crt" -CAkey "root-ca-$2.key" -CAcreateserial -out "client-$1-to-$2.crt" -extfile "inter-kme-client.cnf" -extensions client +cat "client-$1-to-$2.key" "client-$1-to-$2.crt" "root-ca-$2.crt" > "client-$1-to-$2.pem" +openssl pkcs12 -export -out "client-$1-to-$2.pfx" -inkey "client-$1-to-$2.key" -in "client-$1-to-$2.pem" -certfile "root-ca-$2.crt" diff --git a/certs/inter_kmes/inter-kme-client.cnf b/certs/inter_kmes/inter-kme-client.cnf new file mode 100644 index 0000000..7d549cc --- /dev/null +++ b/certs/inter_kmes/inter-kme-client.cnf @@ -0,0 +1,8 @@ +[client] +basicConstraints = CA:FALSE +nsCertType = client, email +nsComment = "Inter KME network client auth certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment +extendedKeyUsage = clientAuth, emailProtection diff --git a/certs/inter_kmes/root-ca-kme1.crt b/certs/inter_kmes/root-ca-kme1.crt new file mode 100644 index 0000000..0c260bc --- /dev/null +++ b/certs/inter_kmes/root-ca-kme1.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUNShk38tjlkIH+MlYr5tzZClmosMwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIEtNRTEgUm9vdCBDQTAeFw0yNDAyMDYx +NDMyMjVaFw0zNDAyMDMxNDMyMjVaMCExHzAdBgNVBAMMFkludGVyLUtNRSBLTUUx +IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCYAFV4JzHS +Ln0D/9xQINoTit5utaH4wDbBmJ0xxV+1+mi1CTWwKEo6EDV1D8c7k3dBc0QbGRpK +v7bylLrOZQHQwkAW7iSECeb6rgtiPiAIhgcj6dG7/RhffJCDVyl1kAqG6Zln+h0H +8i/48wUvJsomUtxXtz7IYdgbD2EqJs/9c78hCKQ3EOYG9VlY4cCLI1afVE0Pee9R +4W04c92vNt9pdvndzO+XD773gTbI108djFogEWjnpaX512HoIQdVULv3PjZXsVyF +KYKvTjVv/Ix6uEA5C40XxgXqRHi199csktahj0mt/gJzrEIMeK8o04duGzbAPDea +fUDStOLKgMD1vr4G3kPzBoaQ6RknwyQXrAuPEJMHMFku92r4axBRZGXdYKWMa+/v +HH14yFJFaZRmZagAdspFQNqpERuvmC0KTNIxvCA5e2KfAc9zExxnKI3qcws1BEaJ +uUrfTSEmV0nBTWOlsFh+wS1ln2NIzj+GuzJu0YcN/l1eXaYw+bOM9w0C3zRU95/8 +olanOTQGbODGdpnE9rfZ/g8q65ScBsG+DGmLi9kkEj1o8nGzT1ICPuqLbXpZAmDX +nV8t6mvxy/qa7BG53bETkh/4zSJOCAdm00dQsebHZ+Tj6GGcDdwH2WF0XTHUUGNK +t5Yqd/sAJy6HE+Oc4mOrrj6gLoMkr/G0+wIDAQABo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEBMA4GA1UdDwEB/wQEAwIBRjAdBgNVHQ4EFgQUxZyt3CiC1iUmMyKKqkm4 +0xY4rl8wDQYJKoZIhvcNAQELBQADggIBAG41+VOSZm3MiXiFA/TInIxIjp/wYWyg ++f4Z+OeQ+hOJWcb5e8mIrEokOamXy84Fzs/3KcsrMt1Vnf/KcrxpGVjI100kNC2l +5M3qx5LXrCao1pZ5nEtXiGKW9C/7JOJ95DwpCvYbG0/OLhWdBT9u91Y1E+jC8x1g +RlBy/mRmQGASSBgqI6VQ7tl/apuEqkQ82sIiNgk2S+qboOumNDqk+Xe82Oe5VkLX +NEfVkc7dp9fzAmi0sn6rWUAnU2XDRR+F3LW2InbI4PS30wU9j1L3sqCREIBJ2f4N +ZEqI0tDDII2RuFN3QSDPT8TRTy2bfY7YFP+9CZuThiP0zdmeZzN+YN4AfyB7PdV/ +9oVrOx93jwb7aet7PbRLibFBBfIMd1MRVSb+LLOxwRXOK5jJxsNFjJlsIFN3R+D8 +O6/pXCD7v5tcj8FibxE3v1GLIVe+S2mYcwVZ9SIcfR+QV2FUnUroP71suQjp/Nkv +KFDzhcLuumwwUtb5LcNDobiQ1w/zrlooRp6r0S4YS9va5RY3zYjl4AyzlhFBW7Dh +xCLMLixM9PKr5+7QPlQwvtU6qfIil0ef7VLEKXXHWb530HqTY4wEQyOiU7PM7yu4 +lIlqRK7m5tNFbw+rv8EKIl6LwLep854/N8mzrZoJiSntkVJ/mM3/5mNurPu9Xskv +yLkPQ6grE38m +-----END CERTIFICATE----- diff --git a/certs/inter_kmes/root-ca-kme1.csr b/certs/inter_kmes/root-ca-kme1.csr new file mode 100644 index 0000000..54fa204 --- /dev/null +++ b/certs/inter_kmes/root-ca-kme1.csr @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEZjCCAk4CAQAwITEfMB0GA1UEAwwWSW50ZXItS01FIEtNRTEgUm9vdCBDQTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJgAVXgnMdIufQP/3FAg2hOK +3m61ofjANsGYnTHFX7X6aLUJNbAoSjoQNXUPxzuTd0FzRBsZGkq/tvKUus5lAdDC +QBbuJIQJ5vquC2I+IAiGByPp0bv9GF98kINXKXWQCobpmWf6HQfyL/jzBS8myiZS +3Fe3Pshh2BsPYSomz/1zvyEIpDcQ5gb1WVjhwIsjVp9UTQ9571HhbThz3a8232l2 ++d3M75cPvveBNsjXTx2MWiARaOelpfnXYeghB1VQu/c+NlexXIUpgq9ONW/8jHq4 +QDkLjRfGBepEeLX31yyS1qGPSa3+AnOsQgx4ryjTh24bNsA8N5p9QNK04sqAwPW+ +vgbeQ/MGhpDpGSfDJBesC48QkwcwWS73avhrEFFkZd1gpYxr7+8cfXjIUkVplGZl +qAB2ykVA2qkRG6+YLQpM0jG8IDl7Yp8Bz3MTHGcojepzCzUERom5St9NISZXScFN +Y6WwWH7BLWWfY0jOP4a7Mm7Rhw3+XV5dpjD5s4z3DQLfNFT3n/yiVqc5NAZs4MZ2 +mcT2t9n+DyrrlJwGwb4MaYuL2SQSPWjycbNPUgI+6ottelkCYNedXy3qa/HL+prs +EbndsROSH/jNIk4IB2bTR1Cx5sdn5OPoYZwN3AfZYXRdMdRQY0q3lip3+wAnLocT +45ziY6uuPqAugySv8bT7AgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAH5ExS7Tb +NhpkIYcK9WYlSjpjozv+ojfDjdoimjU2H2b4ko7Utp0ae/2qwqW1hvy6YQa7CJxq +R+aJOIrRskRy7XM0FGlR+hl5B768ERg9MHWkFFDy2/hEvFInwqg7tD95xPj0XqmK +eXqLvG8o9pIVJ5tl27SXY/f5q/8YIBI27Du5pm7DDG2nC9acpXSlog7E7n/jcVEw +7ykz443Z6XLVaSy4GiklZQ7/woIwuTxI+knMuNZnsPnha8i/CY8EJQavm/2off9O +B/RXtoFnWTz54d6Qub4ybOhHYFfHZVGNHgw2ETBsLiltzwoTJc0sUWzYKzUjoWc3 +JgmDrZVpQXuy4DWHZ89/Jbwlpz6BPW5ZgttIbktbmXTveoVUwa1MVNEcueHGs3UL +1kCUSxQUXYon8KPYHoliPQzrlJ3Cy/gm1RXmOS22hr9E2j7rGzAYlGEXXw3tZnAQ +BVoMrtu58mpvMYIWxmxLbW/lXc7gkNJ2N0mayShrYblGqMOn8Np8YJVVX00lfAAU +Jie/dzcHvrfdrcKJkmVK//Vdq3eMSdf6fULS6NWT0gvKRoTtdVHBHqtMN2XGtG+T +w/SAUHhk8MeKg2LVmR7vPt1DzfOLzH9/CZli0/n17Stygtbz9duQJCLSoAi2DC9p +uYXeWeHB7zL/7WGgIp/W7voTy+VCD7xSlUQ= +-----END CERTIFICATE REQUEST----- diff --git a/certs/inter_kmes/root-ca-kme1.key b/certs/inter_kmes/root-ca-kme1.key new file mode 100644 index 0000000..afbc0f2 --- /dev/null +++ b/certs/inter_kmes/root-ca-kme1.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCYAFV4JzHSLn0D +/9xQINoTit5utaH4wDbBmJ0xxV+1+mi1CTWwKEo6EDV1D8c7k3dBc0QbGRpKv7by +lLrOZQHQwkAW7iSECeb6rgtiPiAIhgcj6dG7/RhffJCDVyl1kAqG6Zln+h0H8i/4 +8wUvJsomUtxXtz7IYdgbD2EqJs/9c78hCKQ3EOYG9VlY4cCLI1afVE0Pee9R4W04 +c92vNt9pdvndzO+XD773gTbI108djFogEWjnpaX512HoIQdVULv3PjZXsVyFKYKv +TjVv/Ix6uEA5C40XxgXqRHi199csktahj0mt/gJzrEIMeK8o04duGzbAPDeafUDS +tOLKgMD1vr4G3kPzBoaQ6RknwyQXrAuPEJMHMFku92r4axBRZGXdYKWMa+/vHH14 +yFJFaZRmZagAdspFQNqpERuvmC0KTNIxvCA5e2KfAc9zExxnKI3qcws1BEaJuUrf +TSEmV0nBTWOlsFh+wS1ln2NIzj+GuzJu0YcN/l1eXaYw+bOM9w0C3zRU95/8olan +OTQGbODGdpnE9rfZ/g8q65ScBsG+DGmLi9kkEj1o8nGzT1ICPuqLbXpZAmDXnV8t +6mvxy/qa7BG53bETkh/4zSJOCAdm00dQsebHZ+Tj6GGcDdwH2WF0XTHUUGNKt5Yq +d/sAJy6HE+Oc4mOrrj6gLoMkr/G0+wIDAQABAoICAAIWExY8l3r2h2G8K8ZvxP56 +q/XiCVCUNswub43k0xz4zGIbt8BstSQZ39n09vuS2RKtZdRnYkx/WB/5OZ0mlsFK +QT3vU9H6HtD2/ZICH0duq39rMKU/YovA9mzPD/McoIBciW37aVWYFd95WmtcwW6I +OZz8l2CBs0kfy2ocMUOdyJRH/ZUB5t5WlLzbEFz4hbJXIl2hg07g5LJfKL5EZwmY +B/Lq4qj0nt7fx6Q3DE9wAzaodoOjauVEdwQMHAEoRAQvNui6NvZe7PvB+4rHcRgo +Gj2OMogOgDtIaE27Epl6hHagNFcugtManKd2KpVJXfT9a6F00iCNMowRzoEQBlXz +t2AWaf5rg1hOFDfizD2vlY2UThLxGtQ17fkaUmrYGgAFbcFcEYQKk/EprS2gsXPi +shsHUWGdBJXoUpMCkHBHJWVKoOllyTC45LgJSDmwklt+x7m4ZdBNyHM/H+/B3c8o +mGQM110CSOUGP1fqrgR7Shkf5PwhjIAW1rndt0UCgx/Kj9wlLtYCCebwfyYcIQgA +aEyDtwZogsbCJiTL/MysZfMttdt4DtqYODdZsKfwpzIMz/3DTQT6LsTLit/5HPEm +WgfxFd8HbMTAFtstNI7Dqb98p0+3gIoUEmA38lvbTq2tGGXZABK2PKVbEROzPbY8 +JN7oLBK1/qRqUewiX3tJAoIBAQDIL0gQ8aJMO5omXNZ4Hog4mtf8Rvn/xWDcu7YB +ZCB+9c0J+aalxlQe0VclgVAn7bIklpGD65ERuL+ZOQ6QhhJoQwCThxC88ENsS5zg +0AbZdpLrDY+8XwX8xuNn4DeUqUfdoLPyUhHault1S49jT4mTucd9AP/ExnuKFg3k +FKO+I7v7kyO1ZByIu2Zqa/B1DV4SFcZziyjJyjW1kpP65fxLOeogW6CH98KWMWvx +HHApeOU4OmZBFjVp98ysLc4dcA/En4T0r5ZyC/o6+4O3sznxcUMazBSYtkot5gxJ +N9TJx1E8ummzOK8pjx6GiSNPxCTlY6TP32Dv1uwazrkwatu5AoIBAQDCYdV85e3T +jAwgpdgMOxH9sGtqWID43En5nlD8YSalKXKL9Kx6ERkve4nETWKUlwdQ3bbVJ5To +EUixqi7dZ0MlZjod3ir26lC+zJKaY2/gpuekrD/I9kGuWv4mqP0L5KEqclxCiD8t +6X0aeiZp9cb+Cfe7hMSA2E4q2KcDpvU824eVUif/NyAHauB/ow6hsYC+XU96VzSJ +vWkQwLsGI5K9KqDOGElc7aoKDgbKNtB3TwMg45LCxsiQiojbS4LigVyJuY70KJbM +LY8MEsrdkTsxGC40jAHW74nCUn8G7olj+g2PuZpQWKcioWrMLlX93KiE/S3+B/Q0 +jpPJCvO9HDhTAoIBAQCCE78XS3vzXzNORDsUOHq5lVxNUG14VnAXXl3oz4ASH3RJ +TBCOXa4hjFO9Siakm16LSc9qUjKkulC9poahQI1LdGY2dqhYrSKShxt8NZCN0++p +jtlcRL6mPzJbOCXFkq3hBGCJT+zMHRX6xMt6c59o/2nx/ykzWunBk40ZLJQtpBit +YzHr1w53hpYJBvRrivEafU3DnKQ3Yw69Wm6PtMvYsdxBhGhukX6+i4ShWqJDQIxp +mgEBwAWbQuqa4vSwyjVkxWbmfAYdO00w8GfpgStgiQFas0ua47CV3IsVNJMvPjW6 +aULvsyCWt6nVL91jIof7CmF4taTOk/A9hyBsprL5AoIBAQCkIo5tr42Z4xjefIup +EDwJ1m1tWBxXh1Pjtp417ib+sbfqnAkD7eoxYQScwKdsRvdDfmQDKzAeoXGbq9N0 +2twk+WQ7kjz/UC4sXnuwaCSxMt5I+7XEkMQ3YNhYdrttznmUaQqkl32Z3B3qPJix +QnrsSihorBxtm7itj1G/0Lwlzk13de8WH0spWEMHI/2X5VWL6SjSak6PvGO6ZLPH +5EPk/djZDkLseDbr1JpBJ/XxuMMwg1mKpOX4vzH+0o1Li+ZC2W/vlVJ4SEQQ8tFg +NGEh/IQPlOV8w7m0X4qppMRYqm3HHfdCvwkqQdj3Xmz4NtoJqeurJLY9puL9kQTt +e6XHAoIBACg8+WIehdsV1vQu3zV964Ba/RHhguH5qSeGc9h7h0j9fHAPDznnlmXz +ZQ6weTUOp18FP6AhIcknKza8oAk1W+0I6e98ezYKUIn8zTDsYO9OG1zXdyrLs0cC +mqZH9q+XyyyEINtXwzEaU/R8S7T6FkFZxh+EIrfy7TVPlst13q9IQGmSn3OtT6IE +b0W7kxMaO27hHa8cyIz+myXDf9TR29sEYgfcE4iEuESo2E/V835V49EwaOm4hGPr +wEgBu6Xz8dMTHKTDwkhtlEZXGt0JVF/QxdxgWrltMQF5QHAcK4Map2MUb5Zj7Tu4 ++VLcPohkFwIz6POauRDOGxuKoeynkrs= +-----END PRIVATE KEY----- diff --git a/certs/inter_kmes/root-ca-kme1.srl b/certs/inter_kmes/root-ca-kme1.srl new file mode 100644 index 0000000..9186165 --- /dev/null +++ b/certs/inter_kmes/root-ca-kme1.srl @@ -0,0 +1 @@ +6DA3D6EA66643C418ED38B05E0EFE9D98B974E13 diff --git a/certs/inter_kmes/root-ca-kme2.crt b/certs/inter_kmes/root-ca-kme2.crt new file mode 100644 index 0000000..d7eba58 --- /dev/null +++ b/certs/inter_kmes/root-ca-kme2.crt @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIFFTCCAv2gAwIBAgIUek0U09F785SwAT3V56Elsj+XvGQwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWSW50ZXItS01FIGttZTIgUm9vdCBDQTAeFw0yNDAyMDYx +NDM4NTRaFw0zNDAyMDMxNDM4NTRaMCExHzAdBgNVBAMMFkludGVyLUtNRSBrbWUy +IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0zi2Js02h +P8c7ieKgSZhbbgWNUrcDKDuqEvBBuIOH93rM9oNNX1KAp7pNATEfVwLPUUdsb5Cx +k03p4e3JLOZFIx+yo+mM+9lPOWMl4PvSkWkz280tzzz3i5LdHjbhib9TjAimma3n +cLmZXjZfKKNyovjhYDRXO9eX3sfBwFg/JvWLQJ0rMsbAiSkvK7UD9VciacT4ZbPh +s30j8JszpWatDlF7SKHtdRkPZ2jXCB/nugg/YKAelZ9f7aUtxT8GqQrkIY+8gvKY +M6SWoiD74QtXc7jAhbk947LIpAZj4hjO++eyUQTj0trdBdVq9FWtuDNlXM1RfMwX +uJgjX4I0EPJNuFtR/TKyBEAQnpmSnQBZNU9aYz4gHX0Xr4wy4ai3smO1apJcmI/5 +257THwPVT7r4+8v4S4FhTVooIsQ5NJFEtQ7I/i0XRWT9gsd0C/5dpK+l4yF7TGNF +odXwkCkv6Y1tXzEM163uXJdUi4K1ipBcUZHATy6JLrOQ+DxF2qDqhC+7rReylq/p +/+KzhdRIj3gDgjRe3ZM0oazIRCqSvfOcN8bppOzNVhbFM1CPsFmw33u6TAoqsZxU +JKM2YOyoMGg+DPHQySAAWIW7w/jQgnZZ+KMRWoNonsKen06UoGqAwP7D2zLD2OIw +NjBRvNejylgbqcN13oMlWSq5ctApzuO9TwIDAQABo0UwQzASBgNVHRMBAf8ECDAG +AQH/AgEBMA4GA1UdDwEB/wQEAwIBRjAdBgNVHQ4EFgQU/asgnJ30DOV4+jSUNNJJ +MC1z9+wwDQYJKoZIhvcNAQELBQADggIBALR793A5uM8MWAJoeyw9dNpacyYRUFbq +XubsZPywXTeL698by3lj8WaXxHUx9R9WjO+dgqxmgtV3m6bSIIQEMGuDvw5C2hTA +/XfYR1gDg1PA1xcHM1s2Mr+ColvhNDV9lKnFhGwCzApAAG08yJYNwWPNIewp1jax +VIlQC7OeeznZE02E2tZHqwslKtH8FFNfF7qsDs2vs4VIDEZ9+c1N8GOzQhnpJw6q +53buzHakun+Np+ZsERDxe8wayZImUNhkG2HEMfojzwEoOVOkl/9UnxbHycXpOB2p +Yxx/J4msu4w0+1eGzDFSQNaLxFSQI7WW0VxzPj91cbz82AMTmydF+HQkDxIZF6z5 +41ykQVyrWXOx4eTXuLJFiRTnAAZxPkXEcuxIJCNI1YHW+vSKFFv2nJqbLr3qdFkB +EUja1tl7jtldciguXVWiZ1M/jjJDHIzbbsQNQY0hSiMIgHzC5ljUq+S70P/CGrN4 +CUJEZ1K/0ibk1bvlgfN8+MP0lZr4MSC/G9Rd4exy6Kztgg9j+6Va46yze9mlvqL3 +T8bP/4v0EiuBA4wtiOqBq7d1VlXiIrwg+EYucZA0AjXOnIZRIhWlll3Z5Qr3tqbQ +Tu66Gevg0YbSUFtmdKgT63W1h4wuVMPDkWUogbpvt5y2fMhVQZgEB9c7jflARb5v +2TZRRWOar7pw +-----END CERTIFICATE----- diff --git a/certs/inter_kmes/root-ca-kme2.csr b/certs/inter_kmes/root-ca-kme2.csr new file mode 100644 index 0000000..0f45215 --- /dev/null +++ b/certs/inter_kmes/root-ca-kme2.csr @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIEZjCCAk4CAQAwITEfMB0GA1UEAwwWSW50ZXItS01FIGttZTIgUm9vdCBDQTCC +AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALTOLYmzTaE/xzuJ4qBJmFtu +BY1StwMoO6oS8EG4g4f3esz2g01fUoCnuk0BMR9XAs9RR2xvkLGTTenh7cks5kUj +H7Kj6Yz72U85YyXg+9KRaTPbzS3PPPeLkt0eNuGJv1OMCKaZredwuZleNl8oo3Ki ++OFgNFc715fex8HAWD8m9YtAnSsyxsCJKS8rtQP1VyJpxPhls+GzfSPwmzOlZq0O +UXtIoe11GQ9naNcIH+e6CD9goB6Vn1/tpS3FPwapCuQhj7yC8pgzpJaiIPvhC1dz +uMCFuT3jssikBmPiGM7757JRBOPS2t0F1Wr0Va24M2VczVF8zBe4mCNfgjQQ8k24 +W1H9MrIEQBCemZKdAFk1T1pjPiAdfRevjDLhqLeyY7VqklyYj/nbntMfA9VPuvj7 +y/hLgWFNWigixDk0kUS1Dsj+LRdFZP2Cx3QL/l2kr6XjIXtMY0Wh1fCQKS/pjW1f +MQzXre5cl1SLgrWKkFxRkcBPLokus5D4PEXaoOqEL7utF7KWr+n/4rOF1EiPeAOC +NF7dkzShrMhEKpK985w3xumk7M1WFsUzUI+wWbDfe7pMCiqxnFQkozZg7KgwaD4M +8dDJIABYhbvD+NCCdln4oxFag2iewp6fTpSgaoDA/sPbMsPY4jA2MFG816PKWBup +w3XegyVZKrly0CnO471PAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAgEAnv7DpbI0 +8tf4wz/D5NWueBKinibURH57lgJJxObGfmHaD4jSYSHA/bCx57rZZfKIt9xIkb4t +n5Hrb0kilQCyLU57fHzlRARo6EWTGO5q7EXIaMKHwYNlqltuGdesfGZVvbGnoEmY +tTSYzqBtYxUEqYZ/jflhonFHRTe+JHmRzLCllEoQ7/md30GnncbBz2ZgJvHCyvmx +jGYWkwCv6M1nZ4wyEmn+kCd6diTGBRm7eMOn6pFkmO9ZcjREgNjuDDUqletd9Zj/ +4v823sq5MtuiP/HVva5gESpQAU6fk1s/Z19os/wl4TtqjESpOAUgGuQDTRPJNULF +7UnKI3ISZjtRU+EQyT7HAjLAU/Zlenr2F916r93oINwwKbuoHI8qobAHZxelfinZ +u2mo6/lbRfk+S5/7ZpJZ2zvwzjNqafO/s0i8wIFNCtDpBr4P3VmAAgA+AbNWOrJf +YIxFKKM+XUlMBDz31X4lrlmry++Yq3smvx6kjBJVdPylGt05Tt8bhsFJK756c1Xb +3o4ol7FaDNoW/bpsiUWLPkne1qBciQGU8qFH2YeHTjcNz+anGAxBJoo+i9/1CTRp +G+yzgX4g1RLJ5w+vXxzu8ooaRFIOlI5Bde4Ka0TfCEq4pZEoMCeP2EwLRVXurocf +u/ANsAXRmlYO2t4UajaWBBhif1fSIYKA5yc= +-----END CERTIFICATE REQUEST----- diff --git a/certs/inter_kmes/root-ca-kme2.key b/certs/inter_kmes/root-ca-kme2.key new file mode 100644 index 0000000..6216766 --- /dev/null +++ b/certs/inter_kmes/root-ca-kme2.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC0zi2Js02hP8c7 +ieKgSZhbbgWNUrcDKDuqEvBBuIOH93rM9oNNX1KAp7pNATEfVwLPUUdsb5Cxk03p +4e3JLOZFIx+yo+mM+9lPOWMl4PvSkWkz280tzzz3i5LdHjbhib9TjAimma3ncLmZ +XjZfKKNyovjhYDRXO9eX3sfBwFg/JvWLQJ0rMsbAiSkvK7UD9VciacT4ZbPhs30j +8JszpWatDlF7SKHtdRkPZ2jXCB/nugg/YKAelZ9f7aUtxT8GqQrkIY+8gvKYM6SW +oiD74QtXc7jAhbk947LIpAZj4hjO++eyUQTj0trdBdVq9FWtuDNlXM1RfMwXuJgj +X4I0EPJNuFtR/TKyBEAQnpmSnQBZNU9aYz4gHX0Xr4wy4ai3smO1apJcmI/5257T +HwPVT7r4+8v4S4FhTVooIsQ5NJFEtQ7I/i0XRWT9gsd0C/5dpK+l4yF7TGNFodXw +kCkv6Y1tXzEM163uXJdUi4K1ipBcUZHATy6JLrOQ+DxF2qDqhC+7rReylq/p/+Kz +hdRIj3gDgjRe3ZM0oazIRCqSvfOcN8bppOzNVhbFM1CPsFmw33u6TAoqsZxUJKM2 +YOyoMGg+DPHQySAAWIW7w/jQgnZZ+KMRWoNonsKen06UoGqAwP7D2zLD2OIwNjBR +vNejylgbqcN13oMlWSq5ctApzuO9TwIDAQABAoICAA5RueI1n3NNgB44rbMba66U +sxSIitKm2rrTJHtVUqLFDdEHwPRdappNLlWvlNAHmG204TQ2+GhSjebKVtu0655p +dAw2K7wCV36NFqDHBbVH1jjI3UzAefKc94pS50PLdf9MOtnUQqVEFImPSue/FIVy +tMVHVOiHu8EHtXL5zxiz9tm1dKfELgt3kW8ZRg0Z3scXRgXqKr84SN6SIqiKHpdG +vVtHMFPZufIHXZKSI9IQC1vW74zHNXJnzsomMfdOvKcT+rSSUQY5fifT5UrYKDQf +3RpE55vS2bOcPJ6n0bvVes8bgt323WXdyBOKuvJhgT3eMKtAd/rKSs+aXnnN0cgF +wpqKewIwED+SExmyayl5LB3xzo7YypmUVe9Zs0XxPEikADhPVG2BhtLdBqX/N/Am +QEyfn/sI1TwEwMRWPsycsJ2aaGRqXaiEFe6ssb8Ie2GKbROLRgVJpYK3f6Qg5a7m +f9RwYD3RRwqkyD773A2FFTqs3/NQ68nORPrQzQppt9NlUb4YvUr4eVSkjcK7lbpA +DFuUEob4UdzgGHKpsUZAPTbFP+F0yZE0SRfFDeabj69HL0TpbSS4/I/anaoCOGeX +9+5hSvNnBk6YRtbRHBhMBZiycJOlXUwitz+TWJNRZHBTqT6GzuEhPoyaqWm0Vlgz +F97ddSH1m1P2Qn2FY6C5AoIBAQDrRa5opODCnkGkC8BNXJaOX77DKtZfakQluvEK +L2tCgeUYPWX5uGHSxMHCu+TFTqVBPkXYtcg2WB96UjDCqknw1Jug2+Z+ZDZePbJX +q63FLADIT9F9yXhsow+cUhVD3uYaQt5LkxfjZLBaTsWIHQ1p5afE5ruaDnRw+zOS +r1JSvQGN9qKCeCx3GMZabaVlglov7D6chY2CVRw/BYkoIXhSVBzXlv2NSlRVJgtx +mBf2grtZP4W/VEamuJPwaeTsLXl2cCCfCt3ZliP88GBX/p3TKXXmz/BqL7voa531 +QICdSbyvbcMcRB5Eq3bvNTY8kiSFF/5FvTRbAzLidu7gOMYtAoIBAQDEvA329UNR +uPmo2/4RQPTUVTTXTuL8jztuWjEbQu4TFDYCrtiwALymiTFP+XdpTFCpUV2NQG1E +kZHKnrssJ1HL6QszCBZA+U2bvqzPYVlmSsZoLO2Cb3z1y+RWvzvlmLR49mOK1pUY +d4x6Dr5WLoR+zwL7KkhI6dTC5Ucyyp6EsVP77CsqhnDAMifNnnkCUIWCB14Zhj6A +J32gTBRyGRoBp4Z2O4VXG/L4p25jVj0uLI/uFDZUxpLrTLpzZTAT21Ja6mYjA1xe +Zb0rAS7hxVDINiXhwkMWhdLIWB92O85bt3E1luTAfnDmRdgx+NKk753MdhoyXQt5 +sWc3EayTwlrrAoIBAQCNqV5Tyfs/lBTIFv9KVZad0Y7GazO7Lfwsj7x1Oool+Jqe +FtIhI+FbDHfyrjoYh7s/ZqSd0Q7lkfgaKgUMIYb2CL5QhDfsIKEP66xH16qBD3bF +JjJov/fPyfsrT81YGY2JgHvjG4WFuOnq5oVP6NZbzhlPmPKa11tLcCXki8ZQ5Vdb +SIcfcgasC3Hbnyu4zF1Lf79Pdab4NBEW7VlhnY2aXOUk9thiy7+tqYO4eTDskFkI +axQ4WSFVX8xMNSbPAq6hHvC1ctCUJDA1K/OG6FvVeqBwQwJqnaVSVAI/WwBWNMD1 +DG0vxuBGzsuFSxAGNqTgssq66SruJiXscFpzDhxdAoIBAQC4PmXVolwpbNJjEaQf +BHZFZIbYHUj2vi0qa80Retz7gTIT0SudqRMD4/gKrdbnBlGEQG8cmfm6/ZlL6Nvh +vfEcxmN2p1wv/UpxUWEF1mWjJuQpK+pC/aZJi2mM1AuEOj7KCfWvUMbQ4yTsKmKW +03nCSJzCHBcWMebPn2nOZ3ONUYUVqVfDu6RcWpxsNL2fLUnbPIsj3FUsL8+3D4kW +UevJINsMXzHBIqupsyPuZBVn6NPiY4t+WXm+Y106NMmRzxSRkHOW1s7qmN1QKQt+ +5QuCdTOE+ilaLnn4po7Qa7IWsvWS+n3AyKly/nY6Vozvanidwv1FrV3R2hKPwD2f +I6WBAoIBAQC908uzmtVq0rXFmMGixXUrdcG8/SF6B9JGAY/LmuRKcb8bCpUzD3d7 +zlV/rtLvuUoWrMlTYwjYASaWnvWnKqtZBGmwuvt295zrfdaP6GGueYGr40bWObC9 +b3t8MgBqUW3+aczRd6Ad99XsFCJrZ2Wcfo987sATLM6cPligHXb8VIJ+O2B0tmvJ ++6AzmhXeu/LkloFu3W37OvZvBBWMa5ws4wDlY7Y6AjIYuouUDvDUjt5eOAta+Ka0 +MJ+VqfN1D+4KPGJUnppk82CvHjpHvicfv9SgRtzEmgJBqu+Hn+4cFfwe+PLORFEh +Asyo0MYdsZa5OMiHqXUg7sZhEM5OWviz +-----END PRIVATE KEY----- diff --git a/certs/inter_kmes/root-ca-kme2.srl b/certs/inter_kmes/root-ca-kme2.srl new file mode 100644 index 0000000..dfacdf9 --- /dev/null +++ b/certs/inter_kmes/root-ca-kme2.srl @@ -0,0 +1 @@ +2E056B8F7449D446873704FA53C53E3B7EF8AA82 diff --git a/certs/inter_kmes/root-ca.cnf b/certs/inter_kmes/root-ca.cnf new file mode 100644 index 0000000..b87de32 --- /dev/null +++ b/certs/inter_kmes/root-ca.cnf @@ -0,0 +1,4 @@ +[root_ca] +basicConstraints = critical,CA:TRUE,pathlen:1 +keyUsage = critical, nonRepudiation, cRLSign, keyCertSign +subjectKeyIdentifier=hash diff --git a/certs/CA-zone1.crt b/certs/zone1/CA-zone1.crt similarity index 100% rename from certs/CA-zone1.crt rename to certs/zone1/CA-zone1.crt diff --git a/certs/CA-zone1.key b/certs/zone1/CA-zone1.key similarity index 100% rename from certs/CA-zone1.key rename to certs/zone1/CA-zone1.key diff --git a/certs/CA-zone1.srl b/certs/zone1/CA-zone1.srl similarity index 100% rename from certs/CA-zone1.srl rename to certs/zone1/CA-zone1.srl diff --git a/certs/README.md b/certs/zone1/README.md similarity index 100% rename from certs/README.md rename to certs/zone1/README.md diff --git a/certs/kme1.crt b/certs/zone1/kme1.crt similarity index 100% rename from certs/kme1.crt rename to certs/zone1/kme1.crt diff --git a/certs/kme1.csr b/certs/zone1/kme1.csr similarity index 100% rename from certs/kme1.csr rename to certs/zone1/kme1.csr diff --git a/certs/kme1.key b/certs/zone1/kme1.key similarity index 100% rename from certs/kme1.key rename to certs/zone1/kme1.key diff --git a/certs/kme1.v3.ext b/certs/zone1/kme1.v3.ext similarity index 100% rename from certs/kme1.v3.ext rename to certs/zone1/kme1.v3.ext diff --git a/certs/pass.txt b/certs/zone1/pass.txt similarity index 100% rename from certs/pass.txt rename to certs/zone1/pass.txt diff --git a/certs/sae1.cnf b/certs/zone1/sae1.cnf similarity index 100% rename from certs/sae1.cnf rename to certs/zone1/sae1.cnf diff --git a/certs/sae1.crt b/certs/zone1/sae1.crt similarity index 100% rename from certs/sae1.crt rename to certs/zone1/sae1.crt diff --git a/certs/sae1.csr b/certs/zone1/sae1.csr similarity index 100% rename from certs/sae1.csr rename to certs/zone1/sae1.csr diff --git a/certs/sae1.key b/certs/zone1/sae1.key similarity index 100% rename from certs/sae1.key rename to certs/zone1/sae1.key diff --git a/certs/sae1.pem b/certs/zone1/sae1.pem similarity index 100% rename from certs/sae1.pem rename to certs/zone1/sae1.pem diff --git a/certs/sae1.pfx b/certs/zone1/sae1.pfx similarity index 100% rename from certs/sae1.pfx rename to certs/zone1/sae1.pfx diff --git a/certs/sae2.cnf b/certs/zone1/sae2.cnf similarity index 100% rename from certs/sae2.cnf rename to certs/zone1/sae2.cnf diff --git a/certs/sae2.crt b/certs/zone1/sae2.crt similarity index 100% rename from certs/sae2.crt rename to certs/zone1/sae2.crt diff --git a/certs/sae2.csr b/certs/zone1/sae2.csr similarity index 100% rename from certs/sae2.csr rename to certs/zone1/sae2.csr diff --git a/certs/sae2.key b/certs/zone1/sae2.key similarity index 100% rename from certs/sae2.key rename to certs/zone1/sae2.key diff --git a/certs/sae2.pem b/certs/zone1/sae2.pem similarity index 100% rename from certs/sae2.pem rename to certs/zone1/sae2.pem diff --git a/certs/sae2.pfx b/certs/zone1/sae2.pfx similarity index 100% rename from certs/sae2.pfx rename to certs/zone1/sae2.pfx diff --git a/config_kme1.json b/config_kme1.json index b8c115f..cebd987 100644 --- a/config_kme1.json +++ b/config_kme1.json @@ -2,21 +2,26 @@ "this_kme": { "id": 1, "sqlite_db_path": ":memory:", - "https_listen_address": "127.0.0.1:3000", - "https_ca_client_cert_path": "certs/CA-zone1.crt", - "https_server_cert_path": "certs/kme1.crt", - "https_server_key_path": "certs/kme1.key" + "key_directory_to_watch": "raw_keys/kme-1-1", + "saes_https_interface": { + "listen_address": "127.0.0.1:3000", + "ca_client_cert_path": "certs/zone1/CA-zone1.crt", + "server_cert_path": "certs/zone1/kme1.crt", + "server_key_path": "certs/zone1/kme1.key" + }, + "kmes_https_interface": { + "listen_address": "0.0.0.0:3001", + "ca_client_cert_path": "certs/inter_kmes/root-ca-kme1.crt", + "server_cert_path": "certs/zone1/kme1.crt", + "server_key_path": "certs/zone1/kme1.key" + } }, "other_kmes": [ - { - "id": 1, - "key_directory_to_watch": "raw_keys", - "ip_address": "127.0.0.1" - }, { "id": 2, - "key_directory_to_watch": "raw_keys", - "ip_address": "127.0.0.1" + "key_directory_to_watch": "raw_keys/kme-1-2", + "inter_kme_bind_address": "127.0.0.1:3001", + "https_client_authentication_certificate": "certs/inter_kmes/client-kme1-to-kme2.pfx" } ], "saes": [ diff --git a/raw_keys/211202_1159_CD6ADBF2.cor b/raw_keys/kme-1-1/211202_1159_CD6ADBF2.cor similarity index 100% rename from raw_keys/211202_1159_CD6ADBF2.cor rename to raw_keys/kme-1-1/211202_1159_CD6ADBF2.cor diff --git a/raw_keys/kme-1-2/211202_1159_CD6ADBF2.cor b/raw_keys/kme-1-2/211202_1159_CD6ADBF2.cor new file mode 100755 index 0000000..bbb4623 Binary files /dev/null and b/raw_keys/kme-1-2/211202_1159_CD6ADBF2.cor differ diff --git a/raw_keys/211202_1201_9961A847.cor b/raw_keys/kme-1-2/211202_1201_9961A847.cor similarity index 100% rename from raw_keys/211202_1201_9961A847.cor rename to raw_keys/kme-1-2/211202_1201_9961A847.cor diff --git a/raw_keys/211202_1203_4CC5B386.cor b/raw_keys/kme-1-2/211202_1203_4CC5B386.cor similarity index 100% rename from raw_keys/211202_1203_4CC5B386.cor rename to raw_keys/kme-1-2/211202_1203_4CC5B386.cor diff --git a/raw_keys/211202_1205_94889199.cor b/raw_keys/kme-1-2/211202_1205_94889199.cor similarity index 100% rename from raw_keys/211202_1205_94889199.cor rename to raw_keys/kme-1-2/211202_1205_94889199.cor diff --git a/raw_keys/211202_1208_6DB301BA.cor b/raw_keys/kme-1-2/211202_1208_6DB301BA.cor similarity index 100% rename from raw_keys/211202_1208_6DB301BA.cor rename to raw_keys/kme-1-2/211202_1208_6DB301BA.cor diff --git a/raw_keys/211202_1210_2655B746.cor b/raw_keys/kme-1-2/211202_1210_2655B746.cor similarity index 100% rename from raw_keys/211202_1210_2655B746.cor rename to raw_keys/kme-1-2/211202_1210_2655B746.cor diff --git a/raw_keys/211202_1212_6844D5F5.cor b/raw_keys/kme-1-2/211202_1212_6844D5F5.cor similarity index 100% rename from raw_keys/211202_1212_6844D5F5.cor rename to raw_keys/kme-1-2/211202_1212_6844D5F5.cor diff --git a/raw_keys/211202_1214_7FADACCC.cor b/raw_keys/kme-1-2/211202_1214_7FADACCC.cor similarity index 100% rename from raw_keys/211202_1214_7FADACCC.cor rename to raw_keys/kme-1-2/211202_1214_7FADACCC.cor diff --git a/raw_keys/211202_1216_BFD17354.cor b/raw_keys/kme-1-2/211202_1216_BFD17354.cor similarity index 100% rename from raw_keys/211202_1216_BFD17354.cor rename to raw_keys/kme-1-2/211202_1216_BFD17354.cor diff --git a/raw_keys/211202_1219_9FE60FC0.cor b/raw_keys/kme-1-2/211202_1219_9FE60FC0.cor similarity index 100% rename from raw_keys/211202_1219_9FE60FC0.cor rename to raw_keys/kme-1-2/211202_1219_9FE60FC0.cor diff --git a/raw_keys/211202_1221_47BE3A07.cor b/raw_keys/kme-1-2/211202_1221_47BE3A07.cor similarity index 100% rename from raw_keys/211202_1221_47BE3A07.cor rename to raw_keys/kme-1-2/211202_1221_47BE3A07.cor diff --git a/raw_keys/211202_1223_C350632B.cor b/raw_keys/kme-1-2/211202_1223_C350632B.cor similarity index 100% rename from raw_keys/211202_1223_C350632B.cor rename to raw_keys/kme-1-2/211202_1223_C350632B.cor diff --git a/raw_keys/211202_1225_A7A6EF2D.cor b/raw_keys/kme-1-2/211202_1225_A7A6EF2D.cor similarity index 100% rename from raw_keys/211202_1225_A7A6EF2D.cor rename to raw_keys/kme-1-2/211202_1225_A7A6EF2D.cor diff --git a/raw_keys/211202_1228_F7F2EC9C.cor b/raw_keys/kme-1-2/211202_1228_F7F2EC9C.cor similarity index 100% rename from raw_keys/211202_1228_F7F2EC9C.cor rename to raw_keys/kme-1-2/211202_1228_F7F2EC9C.cor diff --git a/raw_keys/211202_1230_DBFE95B7.cor b/raw_keys/kme-1-2/211202_1230_DBFE95B7.cor similarity index 100% rename from raw_keys/211202_1230_DBFE95B7.cor rename to raw_keys/kme-1-2/211202_1230_DBFE95B7.cor diff --git a/src/config/mod.rs b/src/config/mod.rs index 6801817..2733844 100644 --- a/src/config/mod.rs +++ b/src/config/mod.rs @@ -40,14 +40,40 @@ pub struct ThisKmeConfig { /// Path to SQLite database file, used to store keys, certificates and other data /// You can use `:memory:` to use in-memory database pub(crate) sqlite_db_path: String, - /// Address to listen for HTTPS connections - pub https_listen_address: String, + /// Directory for keys used in the same KME zone + /// # Note you could use classical encryption in this case, it's just for compatibility purpose + pub(crate) key_directory_to_watch: String, + /// Config for internal HTTPS interface for SAEs + /// # Note you should listen only on secured internal network + pub saes_https_interface: SAEsHttpsInterfaceConfig, + /// Config for external HTTPS interface for other KMEs + pub kmes_https_interface: KMEsHttpsInterfaceConfig +} + +/// Config for internal HTTPS interface for SAEs (likely secured local network) +#[derive(Serialize, Deserialize, Debug)] +pub struct SAEsHttpsInterfaceConfig { + /// Address to listen for HTTPS connections, it should be a secured internal network + pub listen_address: String, + /// Server certificate authority certificate path, used to authenticate client SAEs + pub ca_client_cert_path: String, + /// Server HTTPS certificate path + pub server_cert_path: String, + /// Server HTTPS private key path + pub server_key_path: String +} + +/// Config for external HTTPS interface for other KME network (likely global network +#[derive(Serialize, Deserialize, Debug)] +pub struct KMEsHttpsInterfaceConfig { + /// Address to listen for HTTPS connections, it could be the public IP address + pub listen_address: String, /// Server certificate authority certificate path, used to authenticate client SAEs - pub https_ca_client_cert_path: String, + pub ca_client_cert_path: String, /// Server HTTPS certificate path - pub https_server_cert_path: String, + pub server_cert_path: String, /// Server HTTPS private key path - pub https_server_key_path: String + pub server_key_path: String } /// Configs for other KMEs, including their IDs and paths to directories to watch for new keys @@ -58,7 +84,9 @@ pub struct OtherKmeConfig { /// Path to directory to read and watch for new keys, files must have [crate::QKD_KEY_FILE_EXTENSION](crate::QKD_KEY_FILE_EXTENSION) extension pub(crate) key_directory_to_watch: String, /// IP address of the other KME, used to send keys to it using "classical channel" - pub(crate) ip_address: String, + pub(crate) inter_kme_bind_address: String, + /// Client certificate for inter KME HTTPS authentication + pub(crate) https_client_authentication_certificate: String } /// Config for specific SAE: its ID, KME ID and optional client certificate serial diff --git a/src/main.rs b/src/main.rs index 4ddbd7f..603038c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,6 +1,6 @@ use log::error; use qkd_kme_server::qkd_manager::QkdManager; -use qkd_kme_server::routes::QKDKMERoutesV1; +use qkd_kme_server::routes::EtsiSaeQkdRoutesV1; #[tokio::main] async fn main() { @@ -19,19 +19,26 @@ async fn main() { } }; - let server = qkd_kme_server::server::Server { - listen_addr: config.this_kme_config.https_listen_address.clone(), - ca_client_cert_path: config.this_kme_config.https_ca_client_cert_path.clone(), - server_cert_path: config.this_kme_config.https_server_cert_path.clone(), - server_key_path: config.this_kme_config.https_server_key_path.clone(), + let sae_https_server = qkd_kme_server::server::Server { + listen_addr: config.this_kme_config.saes_https_interface.listen_address.clone(), + ca_client_cert_path: config.this_kme_config.saes_https_interface.ca_client_cert_path.clone(), + server_cert_path: config.this_kme_config.saes_https_interface.server_cert_path.clone(), + server_key_path: config.this_kme_config.saes_https_interface.server_key_path.clone(), + }; + + let inter_kme_https_server = qkd_kme_server::server::Server { + listen_addr: config.this_kme_config.kmes_https_interface.listen_address.clone(), + ca_client_cert_path: config.this_kme_config.kmes_https_interface.ca_client_cert_path.clone(), + server_cert_path: config.this_kme_config.kmes_https_interface.server_cert_path.clone(), + server_key_path: config.this_kme_config.kmes_https_interface.server_key_path.clone(), }; let qkd_manager= QkdManager::from_config(&config); println!("{:?}", qkd_manager.is_err()); let qkd_manager = qkd_manager.unwrap(); - if server.run::(&qkd_manager).await.is_err() { - error!("Error running HTTP server"); + if sae_https_server.run::(&qkd_manager).await.is_err() { + error!("Error running SAEs HTTPS server"); return; } } \ No newline at end of file diff --git a/src/qkd_manager/config_extractor.rs b/src/qkd_manager/config_extractor.rs index ea53aa2..398913b 100644 --- a/src/qkd_manager/config_extractor.rs +++ b/src/qkd_manager/config_extractor.rs @@ -5,7 +5,7 @@ use std::sync::Arc; use notify::event::{AccessKind, AccessMode}; use notify::{EventKind, RecursiveMode, Watcher}; use crate::config::Config; -use crate::io_err; +use crate::{io_err, KmeId}; use crate::qkd_manager::{PreInitQkdKeyWrapper, QkdManager}; pub(super) struct ConfigExtractor {} @@ -22,33 +22,39 @@ impl ConfigExtractor { for other_kme_config in &config.other_kme_configs { let kme_id = other_kme_config.id; let kme_keys_dir = other_kme_config.key_directory_to_watch.as_str(); - let mut dir_watchers = qkd_manager.dir_watcher.lock().unwrap(); - let qkd_manager = Arc::clone(&qkd_manager); - Self::extract_all_keys_from_dir(Arc::clone(&qkd_manager), kme_keys_dir, other_kme_config.id); + Self::extract_and_watch_raw_keys_dir(Arc::clone(&qkd_manager), kme_id, kme_keys_dir)?; + } + Self::extract_and_watch_raw_keys_dir(Arc::clone(&qkd_manager), config.this_kme_config.id, config.this_kme_config.key_directory_to_watch.as_str())?; + Ok(()) + } - dir_watchers.push(match notify::recommended_watcher(move |res: Result| { - match res { - Ok(event) => { - if let EventKind::Access(AccessKind::Close(AccessMode::Write)) = event.kind { - if Self::check_file_extension_qkd_keys(event.paths[0].to_str().unwrap()) { - Self::extract_all_keys_from_file(Arc::clone(&qkd_manager), &event.paths[0].to_str().unwrap(), kme_id); - } + fn extract_and_watch_raw_keys_dir(qkd_manager: Arc, kme_id: KmeId, kme_keys_dir: &str) -> Result<(), io::Error> { + let mut dir_watchers = qkd_manager.dir_watcher.lock().unwrap(); + let qkd_manager = Arc::clone(&qkd_manager); + Self::extract_all_keys_from_dir(Arc::clone(&qkd_manager), kme_keys_dir, kme_id); + + dir_watchers.push(match notify::recommended_watcher(move |res: Result| { + match res { + Ok(event) => { + if let EventKind::Access(AccessKind::Close(AccessMode::Write)) = event.kind { + if Self::check_file_extension_qkd_keys(event.paths[0].to_str().unwrap()) { + Self::extract_all_keys_from_file(Arc::clone(&qkd_manager), &event.paths[0].to_str().unwrap(), kme_id); } } - Err(e) => { - println!("Watch error: {:?}", e); - return; - } } - }) { - Ok(watcher) => watcher, Err(e) => { - return Err(io_err(&format!("Error creating watcher: {:?}", e))); + println!("Watch error: {:?}", e); + return; } - }); - if dir_watchers.iter_mut().last().unwrap().watch(Path::new(kme_keys_dir), RecursiveMode::NonRecursive).is_err() { - return Err(io_err(&format!("Error watching directory: {:?}", kme_keys_dir))); } + }) { + Ok(watcher) => watcher, + Err(e) => { + return Err(io_err(&format!("Error creating watcher: {:?}", e))); + } + }); + if dir_watchers.iter_mut().last().unwrap().watch(Path::new(kme_keys_dir), RecursiveMode::NonRecursive).is_err() { + return Err(io_err(&format!("Error watching directory: {:?}", kme_keys_dir))); } Ok(()) } diff --git a/src/routes/keys/get_key.rs b/src/routes/keys/get_key.rs index 1b26a0c..3b98be7 100644 --- a/src/routes/keys/get_key.rs +++ b/src/routes/keys/get_key.rs @@ -21,7 +21,7 @@ pub(in crate::routes) fn route_get_status(rcx: &RequestContext, _req: Request serial, Err(_) => { - return super::QKDKMERoutesV1::authentication_error(); + return super::EtsiSaeQkdRoutesV1::authentication_error(); } }; @@ -36,17 +36,17 @@ pub(in crate::routes) fn route_get_status(rcx: &RequestContext, _req: Request json, Err(_) => { error!("Error serializing key status"); - return super::QKDKMERoutesV1::internal_server_error(); + return super::EtsiSaeQkdRoutesV1::internal_server_error(); } }; // Return the key status as a response - Ok(crate::routes::QKDKMERoutesV1::json_response_from_str(&key_status_json)) + Ok(crate::routes::EtsiSaeQkdRoutesV1::json_response_from_str(&key_status_json)) } QkdManagerResponse::AuthenticationError => { - super::QKDKMERoutesV1::authentication_error() + super::EtsiSaeQkdRoutesV1::authentication_error() } _ => { - super::QKDKMERoutesV1::internal_server_error() + super::EtsiSaeQkdRoutesV1::internal_server_error() } } } @@ -80,20 +80,20 @@ pub(in crate::routes) fn route_get_key(rcx: &RequestContext, _req: Request json, Err(_) => { error!("Error serializing keys"); - return super::QKDKMERoutesV1::internal_server_error(); + return super::EtsiSaeQkdRoutesV1::internal_server_error(); } }; // Return the key(s) as a response - Ok(crate::routes::QKDKMERoutesV1::json_response_from_str(&keys_json)) + Ok(crate::routes::EtsiSaeQkdRoutesV1::json_response_from_str(&keys_json)) } QkdManagerResponse::AuthenticationError => { - super::QKDKMERoutesV1::authentication_error() + super::EtsiSaeQkdRoutesV1::authentication_error() } QkdManagerResponse::NotFound => { - super::QKDKMERoutesV1::not_found() + super::EtsiSaeQkdRoutesV1::not_found() } _ => { - super::QKDKMERoutesV1::internal_server_error() + super::EtsiSaeQkdRoutesV1::internal_server_error() } } } @@ -134,7 +134,7 @@ pub(in crate::routes) async fn route_get_key_with_id(rcx: &RequestContext<'_>, r let post_body_bytes = match req.into_body().collect().await { Ok(bytes) => bytes.to_bytes(), Err(_) => { - return super::QKDKMERoutesV1::bad_request(); + return super::EtsiSaeQkdRoutesV1::bad_request(); } }; @@ -142,7 +142,7 @@ pub(in crate::routes) async fn route_get_key_with_id(rcx: &RequestContext<'_>, r let request_list_keys_ids: RequestListKeysIds = match serde_json::from_slice(&post_body_bytes) { Ok(request_list_keys_ids) => request_list_keys_ids, Err(_) => { - return super::QKDKMERoutesV1::bad_request(); + return super::EtsiSaeQkdRoutesV1::bad_request(); } }; @@ -161,20 +161,20 @@ pub(in crate::routes) async fn route_get_key_with_id(rcx: &RequestContext<'_>, r Ok(json) => json, Err(_) => { error!("Error serializing keys"); - return super::QKDKMERoutesV1::internal_server_error(); + return super::EtsiSaeQkdRoutesV1::internal_server_error(); } }; // Return the key(s) as a response - Ok(crate::routes::QKDKMERoutesV1::json_response_from_str(&keys_json)) + Ok(crate::routes::EtsiSaeQkdRoutesV1::json_response_from_str(&keys_json)) } QkdManagerResponse::AuthenticationError => { - super::QKDKMERoutesV1::authentication_error() + super::EtsiSaeQkdRoutesV1::authentication_error() } QkdManagerResponse::NotFound => { - super::QKDKMERoutesV1::not_found() + super::EtsiSaeQkdRoutesV1::not_found() } _ => { - super::QKDKMERoutesV1::internal_server_error() + super::EtsiSaeQkdRoutesV1::internal_server_error() } } } @@ -187,7 +187,7 @@ macro_rules! ensure_sae_id_format_type { Ok(sae_id) => sae_id, Err(_) => { warn!("Invalid SAE ID, must be an integer"); - return super::QKDKMERoutesV1::bad_request(); + return super::EtsiSaeQkdRoutesV1::bad_request(); } } } @@ -201,7 +201,7 @@ macro_rules! ensure_client_certificate_serial { Ok(serial) => serial, Err(_) => { warn!("Error getting client certificate serial"); - return super::QKDKMERoutesV1::authentication_error(); + return super::EtsiSaeQkdRoutesV1::authentication_error(); } } } diff --git a/src/routes/keys/mod.rs b/src/routes/keys/mod.rs index 92ce90f..ad4d3a1 100644 --- a/src/routes/keys/mod.rs +++ b/src/routes/keys/mod.rs @@ -4,7 +4,7 @@ use std::convert::Infallible; use http_body_util::Full; use hyper::{body, Request, Response}; use hyper::body::Bytes; -use crate::routes::{QKDKMERoutesV1, RequestContext}; +use crate::routes::{EtsiSaeQkdRoutesV1, RequestContext}; mod get_key; @@ -18,6 +18,6 @@ pub(super) async fn key_handler(rcx: &RequestContext<'_>, req: Request get_key::route_get_key_with_id(rcx, req, slave_sae_id).await, // Route not found - _ => QKDKMERoutesV1::not_found(), + _ => EtsiSaeQkdRoutesV1::not_found(), } } \ No newline at end of file diff --git a/src/routes/mod.rs b/src/routes/mod.rs index 1338029..babba5d 100644 --- a/src/routes/mod.rs +++ b/src/routes/mod.rs @@ -35,10 +35,10 @@ pub trait Routes { } /// Struct representing the routes of the server for the v1 version of the API -pub struct QKDKMERoutesV1 {} +pub struct EtsiSaeQkdRoutesV1 {} #[async_trait] -impl Routes for QKDKMERoutesV1 { +impl Routes for EtsiSaeQkdRoutesV1 { async fn handle_request(req: Request, client_cert: Option<&CertificateDer>, qkd_manager: QkdManager) -> Result>, Infallible> { let path = req.uri().path().to_owned(); @@ -71,7 +71,7 @@ impl Routes for QKDKMERoutesV1 { #[allow(dead_code)] -impl QKDKMERoutesV1 { +impl EtsiSaeQkdRoutesV1 { RESPONSE_ERROR_FUNCTION!(internal_server_error, StatusCode::INTERNAL_SERVER_ERROR, "Internal server error"); RESPONSE_ERROR_FUNCTION!(not_found, StatusCode::NOT_FOUND, "Element not found"); RESPONSE_ERROR_FUNCTION!(authentication_error, StatusCode::UNAUTHORIZED, "Authentication error"); @@ -111,7 +111,7 @@ mod tests { #[tokio::test] async fn test_internal_server_error() { - let response = super::QKDKMERoutesV1::internal_server_error().unwrap(); + let response = super::EtsiSaeQkdRoutesV1::internal_server_error().unwrap(); assert_eq!(response.status(), StatusCode::INTERNAL_SERVER_ERROR); let body = String::from_utf8(response.into_body().collect().await.unwrap().to_bytes().to_vec()).unwrap(); assert_eq!(body, "{\n \"message\": \"Internal server error\"\n}"); @@ -119,7 +119,7 @@ mod tests { #[tokio::test] async fn test_not_found() { - let response = super::QKDKMERoutesV1::not_found().unwrap(); + let response = super::EtsiSaeQkdRoutesV1::not_found().unwrap(); assert_eq!(response.status(), StatusCode::NOT_FOUND); let body = String::from_utf8(response.into_body().collect().await.unwrap().to_bytes().to_vec()).unwrap(); assert_eq!(body, "{\n \"message\": \"Element not found\"\n}"); @@ -127,7 +127,7 @@ mod tests { #[tokio::test] async fn test_authentication_error() { - let response = super::QKDKMERoutesV1::authentication_error().unwrap(); + let response = super::EtsiSaeQkdRoutesV1::authentication_error().unwrap(); assert_eq!(response.status(), StatusCode::UNAUTHORIZED); let body = String::from_utf8(response.into_body().collect().await.unwrap().to_bytes().to_vec()).unwrap(); assert_eq!(body, "{\n \"message\": \"Authentication error\"\n}"); @@ -135,7 +135,7 @@ mod tests { #[tokio::test] async fn test_bad_request() { - let response = super::QKDKMERoutesV1::bad_request().unwrap(); + let response = super::EtsiSaeQkdRoutesV1::bad_request().unwrap(); assert_eq!(response.status(), StatusCode::BAD_REQUEST); let body = String::from_utf8(response.into_body().collect().await.unwrap().to_bytes().to_vec()).unwrap(); assert_eq!(body, "{\n \"message\": \"Bad request\"\n}"); @@ -143,7 +143,7 @@ mod tests { #[tokio::test] async fn test_json_response_from_str() { - let response = super::QKDKMERoutesV1::json_response_from_str("{\"variable\": \"value\"}"); + let response = super::EtsiSaeQkdRoutesV1::json_response_from_str("{\"variable\": \"value\"}"); assert_eq!(response.status(), StatusCode::OK); assert_eq!(response.headers().get("content-type").unwrap(), "application/json"); let body = String::from_utf8(response.into_body().collect().await.unwrap().to_bytes().to_vec()).unwrap(); diff --git a/src/routes/request_context.rs b/src/routes/request_context.rs index 55da9bd..8a0b686 100644 --- a/src/routes/request_context.rs +++ b/src/routes/request_context.rs @@ -111,7 +111,7 @@ mod test { #[test] fn test_context_with_cert() { - const CERT_FILENAME: &'static str = "certs/kme1.crt"; + const CERT_FILENAME: &'static str = "certs/zone1/kme1.crt"; let certs = load_cert(CERT_FILENAME).unwrap(); assert_eq!(certs.len(), 1); let context = super::RequestContext::new(Some(&certs[0]), crate::qkd_manager::QkdManager::new(":memory:", 1)).unwrap(); diff --git a/src/routes/sae/info.rs b/src/routes/sae/info.rs index 227cf22..01704ce 100644 --- a/src/routes/sae/info.rs +++ b/src/routes/sae/info.rs @@ -16,7 +16,7 @@ pub(in crate::routes) async fn route_get_info_me(rcx: &RequestContext<'_>, _req: let client_cert_serial = match rcx.get_client_certificate_serial_as_raw() { Ok(serial) => serial, Err(_) => { - return crate::routes::QKDKMERoutesV1::authentication_error() + return crate::routes::EtsiSaeQkdRoutesV1::authentication_error() } }; // Retrieve the SAE ID from the QKD manager, given the client certificate serial @@ -24,7 +24,7 @@ pub(in crate::routes) async fn route_get_info_me(rcx: &RequestContext<'_>, _req: Ok(sae_info) => sae_info, Err(_) => { // Client certificate serial isn't registered in the QKD manager - return crate::routes::QKDKMERoutesV1::not_found() + return crate::routes::EtsiSaeQkdRoutesV1::not_found() } }; @@ -35,12 +35,12 @@ pub(in crate::routes) async fn route_get_info_me(rcx: &RequestContext<'_>, _req: }; match sae_info_response_obj.to_json() { Ok(json) => { - Ok(crate::routes::QKDKMERoutesV1::json_response_from_str(&json)) + Ok(crate::routes::EtsiSaeQkdRoutesV1::json_response_from_str(&json)) } Err(_) => { // Error serializing the response object, should never happen error!("Error serializing SAE info"); - crate::routes::QKDKMERoutesV1::internal_server_error() + crate::routes::EtsiSaeQkdRoutesV1::internal_server_error() } } } \ No newline at end of file diff --git a/src/routes/sae/mod.rs b/src/routes/sae/mod.rs index 7795478..8486035 100644 --- a/src/routes/sae/mod.rs +++ b/src/routes/sae/mod.rs @@ -12,6 +12,6 @@ use crate::routes::request_context::RequestContext; pub(super) async fn sae_handler(rcx: &RequestContext<'_>, req: Request, uri_segments: &[&str]) -> Result>, Infallible> { match (uri_segments, req.method()) { (["info", "me"], &hyper::Method::GET) => info::route_get_info_me(rcx, req).await, - _ => super::QKDKMERoutesV1::not_found(), + _ => super::EtsiSaeQkdRoutesV1::not_found(), } } \ No newline at end of file diff --git a/src/server/certificates.rs b/src/server/certificates.rs index c30a689..609865b 100644 --- a/src/server/certificates.rs +++ b/src/server/certificates.rs @@ -60,22 +60,22 @@ pub(super) fn load_pkey(filename: &str) -> Result>, i mod test { #[test] fn test_load_cert() { - const CERT_FILENAME: &'static str = "certs/kme1.crt"; + const CERT_FILENAME: &'static str = "certs/zone1/kme1.crt"; let certs = super::load_cert(CERT_FILENAME).unwrap(); assert_eq!(certs.len(), 1); - const CERT_FILENAME_NO_EXIST: &'static str = "certs/no_exist.crt"; + const CERT_FILENAME_NO_EXIST: &'static str = "certs/zone1/no_exist.crt"; let certs = super::load_cert(CERT_FILENAME_NO_EXIST); assert!(certs.is_err()); } #[test] fn test_load_pkey() { - const PKEY_FILENAME: &'static str = "certs/kme1.key"; + const PKEY_FILENAME: &'static str = "certs/zone1/kme1.key"; let keys = super::load_pkey(PKEY_FILENAME).unwrap(); assert_eq!(keys.len(), 1); - const PKEY_FILENAME_NO_EXIST: &'static str = "certs/no_exist.key"; + const PKEY_FILENAME_NO_EXIST: &'static str = "certs/zone1/no_exist.key"; let keys = super::load_pkey(PKEY_FILENAME_NO_EXIST); assert!(keys.is_err()); } diff --git a/src/server/mod.rs b/src/server/mod.rs index 1d680b5..ac2a2dc 100644 --- a/src/server/mod.rs +++ b/src/server/mod.rs @@ -149,9 +149,9 @@ impl Server { mod tests { #[test] fn test_get_ssl_config() { - const CA_CERT_FILENAME: &'static str = "certs/CA-zone1.crt"; - const SERVER_CERT_FILENAME: &'static str = "certs/kme1.crt"; - const SERVER_KEY_FILENAME: &'static str = "certs/kme1.key"; + const CA_CERT_FILENAME: &'static str = "certs/zone1/CA-zone1.crt"; + const SERVER_CERT_FILENAME: &'static str = "certs/zone1/kme1.crt"; + const SERVER_KEY_FILENAME: &'static str = "certs/zone1/kme1.key"; let server = super::Server { listen_addr: "127.0.0.1:3000".to_string(), ca_client_cert_path: CA_CERT_FILENAME.to_string(), @@ -161,7 +161,7 @@ mod tests { let config = server.get_ssl_config(); assert!(config.is_ok()); - const CA_CERT_FILE_WRONG_FORMAT: &'static str = "certs/sae1.pfx"; + const CA_CERT_FILE_WRONG_FORMAT: &'static str = "certs/zone1/sae1.pfx"; let server = super::Server { listen_addr: "127.0.0.1:3000".to_string(), ca_client_cert_path: CA_CERT_FILE_WRONG_FORMAT.to_string(), diff --git a/tests/common/mod.rs b/tests/common/mod.rs index a22c3c8..8ba12c7 100644 --- a/tests/common/mod.rs +++ b/tests/common/mod.rs @@ -3,16 +3,16 @@ use std::fs::File; use std::io::Read; use qkd_kme_server::qkd_manager::{PreInitQkdKeyWrapper, QkdManager}; -use qkd_kme_server::routes::QKDKMERoutesV1; +use qkd_kme_server::routes::EtsiSaeQkdRoutesV1; pub const HOST_PORT: &'static str = "localhost:3000"; pub fn setup() { let server = qkd_kme_server::server::Server { listen_addr: "127.0.0.1:3000".to_string(), - ca_client_cert_path: "certs/CA-zone1.crt".to_string(), - server_cert_path: "certs/kme1.crt".to_string(), - server_key_path: "certs/kme1.key".to_string(), + ca_client_cert_path: "certs/zone1/CA-zone1.crt".to_string(), + server_cert_path: "certs/zone1/kme1.crt".to_string(), + server_key_path: "certs/zone1/kme1.key".to_string(), }; let qkd_manager = QkdManager::new(":memory:", 1); @@ -33,12 +33,12 @@ pub fn setup() { ).unwrap(); qkd_manager.add_pre_init_qkd_key(qkd_key_2).unwrap(); - tokio::spawn(async move {server.run::(&qkd_manager).await.unwrap();}); + tokio::spawn(async move {server.run::(&qkd_manager).await.unwrap();}); } pub fn setup_cert_auth_reqwest_client() -> reqwest::Client { let mut buf = Vec::new(); - File::open("certs/sae1.pfx").unwrap().read_to_end(&mut buf).unwrap(); + File::open("certs/zone1/sae1.pfx").unwrap().read_to_end(&mut buf).unwrap(); let client_cert_id = reqwest::Identity::from_pkcs12_der(&buf, "").unwrap(); reqwest::Client::builder() .identity(client_cert_id) @@ -49,7 +49,7 @@ pub fn setup_cert_auth_reqwest_client() -> reqwest::Client { pub fn setup_cert_auth_reqwest_client_unregistered_sae() -> reqwest::Client { let mut buf = Vec::new(); // SAE2 is not registered in SAEs database - File::open("certs/sae2.pfx").unwrap().read_to_end(&mut buf).unwrap(); + File::open("certs/zone1/sae2.pfx").unwrap().read_to_end(&mut buf).unwrap(); let client_cert_id = reqwest::Identity::from_pkcs12_der(&buf, "").unwrap(); reqwest::Client::builder() .identity(client_cert_id)