diff --git a/README.md b/README.md index 2e78c8fa..038bb128 100644 --- a/README.md +++ b/README.md @@ -369,6 +369,35 @@ Cleanup tests docker compose --project-name load -f docker-compose-load.yml down -v ``` +### SDK Security Overhead Testing + +#### Regenerating Certificates + +It's recommended that you do not trouble certificates and keys found in `docker/security/`. +If you do need to for whatever reason these are the steps. + +From the root `ml-core-test-harness` directory. Accept all defaults and enter `y` when prompted. + +- `cd docker/security/payer/jws/ && . keygen.sh && cd ../tls/ && . createSecrets.sh && cd ../../payee/jws && . keygen.sh && cd ../tls/ && . createSecrets.sh && cd ../../../../` +- `cp docker/security/payer/jws/publickey.cer docker/security/payee/jws/verification_keys/fspiopsimpayer.pem && cp docker/security/payee/jws/publickey.cer docker/security/payer/jws/verification_keys/fspiopsimpayee.pem` +- `cd docker/security/payer/tls/ && openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr && cp dfsp_server_cacert.pem ../../payee/tls/payer_server_cacert.pem && cd ../../../../` +- `cd docker/security/payee/tls/ && openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr && cp dfsp_server_cacert.pem ../../payer/tls/payee_server_cacert.pem && cd ../../../../` + +Here are more verbose hands on instructions of what above commands do. + +- Run `. keygen.sh` and `. createSecrets.sh` in the `/jws` and `/tls` folders respectively for both payer and payee. +- Move `payee/jws/publickey.cer` to `payer/jws/verification_keys/fspiopsimpayee.pem` and move `payer/jws/publickey.cer` to `payee/jws/verification_keys/fspiopsimpayer.pem` +- Switch directories to `docker/security/payer/tls/` +- Run `openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr` +- Switch directories to `docker/security/payee/tls/` +- Run `openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr` +- Move each others `dfsp_server_cacert.pem` into each others folder and rename to `payer_server_cacert.pem` and `payee_server_cacert.pem` + +#### Starting the Security Harness + +- Run `docker compose --project-name security -f docker-compose-security.yml --profile security-sdk-scheme-adapter up` + + ### Automate Load Tests This section describes the process to automate capturing of grafana rendered dashboards after running the performance testing scenarios. diff --git a/docker-compose-perf.yml b/docker-compose-perf.yml index ebd0875a..947d90e9 100644 --- a/docker-compose-perf.yml +++ b/docker-compose-perf.yml @@ -975,7 +975,7 @@ services: - als-test - transfers-test - quotes-test - + redis: networks: - mojaloop-net diff --git a/docker-compose-security.yml b/docker-compose-security.yml new file mode 100644 index 00000000..0afc3048 --- /dev/null +++ b/docker-compose-security.yml @@ -0,0 +1,122 @@ +version: "3.7" + +networks: + mojaloop-net: + name: mojaloop-net + +services: + sim-fspiop: + image: mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} + env_file: + - .env + - ./envs/fspiop-sim-security.env + build: + context: ./packages/callback-handler-svc + cache_from: + - mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} + ports: + - "3001:3001" + - "3002:3002" + networks: + - mojaloop-net + volumes: + - ./packages/callback-handler-svc/config:/opt/app/config + - ./packages/callback-handler-svc/handlers:/opt/app/handlers + - ./docker/config-modifier:/opt/app/config-modifier + environment: {} + # - LOG_LEVEL=error + healthcheck: + test: wget -q http://localhost:3001/health -O /dev/null || exit 1 + timeout: 20s + retries: 30 + interval: 15s + user: root + profiles: + - security-sdk-scheme-adapter + + payer-sdk-scheme-adapter-api-svc: + image: mojaloop/sdk-scheme-adapter:v23.3.0 + env_file: + - ./envs/payer-sdk-scheme-adapter-api-svc.env + container_name: payer-sdk-scheme-adapter-api-svc + command: yarn nx run modules-api-svc:start + ports: + - "5000:4000" + - "5001:4001" + networks: + - mojaloop-net + depends_on: + redis: + condition: service_healthy + volumes: + - ./docker/wait4:/opt/app/wait4 + - ./docker/config-modifier:/opt/app/config-modifier + - ./docker/security/payer:/opt/app/modules/api-svc/secrets + - ./docker/security/payer:/opt/app/secrets + - ./docker/security/payer:/secrets + healthcheck: + test: [ + "CMD" , + "apk", "add", "--no-cache", "curl", # Install curl + "&&", + "curl", "-f", "http://localhost:4001" # Check if api is up + ] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + user: root + profiles: + - security-sdk-scheme-adapter + + + payee-sdk-scheme-adapter-api-svc: + image: mojaloop/sdk-scheme-adapter:v23.3.0 + env_file: + - ./envs/payee-sdk-scheme-adapter-api-svc.env + container_name: payee-sdk-scheme-adapter-api-svc + command: yarn nx run modules-api-svc:start + ports: + - "4000:4000" + - "4001:4001" + networks: + - mojaloop-net + depends_on: + redis: + condition: service_healthy + volumes: + - ./docker/wait4:/opt/app/wait4 + - ./docker/config-modifier:/opt/app/config-modifier + - ./docker/security/payee:/opt/app/modules/api-svc/secrets + - ./docker/security/payee:/opt/app/secrets + - ./docker/security/payee:/secrets + healthcheck: + test: [ + "CMD" , + "apk", "add", "--no-cache", "curl", # Install curl + "&&", + "curl", "-f", "http://localhost:4001" # Check if api is up + ] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + user: root + profiles: + - security-sdk-scheme-adapter + + redis: + networks: + - mojaloop-net + image: "redis:6.2.4-alpine" + container_name: redis + ports: + - "6379:6379" + healthcheck: + test: ["CMD" ,"sh", "-c", "redis-cli","ping"] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + profiles: + - security-sdk-scheme-adapter diff --git a/docker/security/payee/jws/keygen.sh b/docker/security/payee/jws/keygen.sh new file mode 100644 index 00000000..1d99acaa --- /dev/null +++ b/docker/security/payee/jws/keygen.sh @@ -0,0 +1,2 @@ +openssl genrsa -out privatekey.pem 2048 +openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825 -subj "/CN=fspiopsimpayee/C=US/ST=Ohio/L=Columbus/O=User/OU=Testing" diff --git a/docker/security/payee/jws/privatekey.pem b/docker/security/payee/jws/privatekey.pem new file mode 100644 index 00000000..e2032473 --- /dev/null +++ b/docker/security/payee/jws/privatekey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEUZLuN584blSb +M6KGpK+36rJsAw+jz8y5hcRh8EvU7lBnam39a/dAx/If8LqttMAqGfx+pNx164PR +CJpmdm/FcffA0XHyrmN+K76tRev4q/O80s8qLmLpxTh2P6L9unMEtKyl9bBeuwV5 +PnwZ+cJHzy9wMUCpXouWGRK09csYqavGYNqV/zai/4earpi5HR8MJgTRnNXHHHJw +6Xo8lsA6Tu/6ELOa0QDXuOeb6gWUDmynewuqsLhZgurF/EPrbAebRgXzLZVeGcDg +i0jz0kfpNdqZ45AOWq6L1p5xWYvHJUE05KKkTMnUt7E1RzwzkU24W0smmrBqG5S7 +UJB1772NAgMBAAECggEAA7F1kXXj0NF072iExBvg0sjSnqj3rqeJnLhEZ51E9LzS +ljRD3Nke0Sd4MBtv8s84/QtfgYudB1QTakExrZmVZII03K1A0GwK1h3njxkgi9CP +gmIq4IqRdMyV6wkrPUyFJM9rUg6+e/TwioV46ACXvZCxvhGtiDvAzEv52wRAU/a3 +GABg9gEmTqzQQPihiBHO1GV3GSflGQGRtoRpDmEFZd4ef4nTO9h+df8LZiIxFdS5 +3Sh/YfFjhjTJIOgi1x5y8jx7aIOQel5DGL6rdkbNyq7TO7mU+2dapmrjQ6EBdL2J +0+977J8hkzUagGw7PONwTx7FK2pvjO+PQrcvzB/uNwKBgQD4y0mLIcC+JizciThi +mL38xW5K/QYcdVqrJjzTYxPVhU4/d8xp5zcA+qPbbCzGFX7lYhm0LvvDcUz032nV +oun6kiSdwwFYIRvvtHVa3SdL0V7k5xOUf1k/MPRw76uM4vYmfsF96tDgsxCNjzrF +UoiUXwkfPq/oJTc9gVIptDOTywKBgQDKATOOqdAmFzhYA+KetwGyIPLs4oXaNZuW +5L0k2R8hLGnIj/yoXvYmIj8DQzJ1CkeU/9QjQNNx8wGLfImOBSGBW+PftPbwh3Fq ++Fk+5IJQhcLWBd2Plqj4DPgLzZQbJENVymaH+by8mvX/ze34XAuRuAe2t26UKEGX +xDCAmwu5BwKBgBJ82Lw0B+SZZaAFumDpRMTxzt5XqwqWVeR99OsoY6LsQwJIXrJH +8jhqZ564jSMzGbjl708KZr8BPly79Vtgvc5W6c2nXgQ0gaTwXgAgivkBV/Hekf/o +7rLZanCx/qd7fhsiNDKtLlRkOgiq6g0bsvaDkWP2/o9bpJ03bOmYcHS9AoGBALsk +T8psYczYGDfaKZnWe3i187gnx8+3eFRbxysbBy7pgXrwgibOCwabFXuFRnqNsnFE +bRjX1swrUBQUpS7wa/D2226FrXx6TkXGnI+ajWvh7/Xtayy6bAGZqjbtFrfqaYNS +RpjUcdjdSufYtQ0w4Pr33hWVbJlPjiz28eRDP6IDAoGBALyLXPp0t4AnR1LQlPiH +4ZXoM01Rq7AnonPEU6TmHgcjpdlOLObzZxICHN6XRrI9OVMBCfrAOpJjXHPei1aL +pfgn7auWbix2zpIGnDW+vXwd3NnD1YYiafxpC/JmZnv04x6Idsv3tTrNxjmluorz +zUxhZDWwyPNTjTjsumYx6Q1A +-----END PRIVATE KEY----- diff --git a/docker/security/payee/jws/publickey.cer b/docker/security/payee/jws/publickey.cer new file mode 100644 index 00000000..90c2e9f5 --- /dev/null +++ b/docker/security/payee/jws/publickey.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUIw60tmOgWtsoMuwSiCWhFAbgYQgwDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZWUxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjdaFw0yOTAyMTIwMjAzMjdaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVlMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEUZLuN584 +blSbM6KGpK+36rJsAw+jz8y5hcRh8EvU7lBnam39a/dAx/If8LqttMAqGfx+pNx1 +64PRCJpmdm/FcffA0XHyrmN+K76tRev4q/O80s8qLmLpxTh2P6L9unMEtKyl9bBe +uwV5PnwZ+cJHzy9wMUCpXouWGRK09csYqavGYNqV/zai/4earpi5HR8MJgTRnNXH +HHJw6Xo8lsA6Tu/6ELOa0QDXuOeb6gWUDmynewuqsLhZgurF/EPrbAebRgXzLZVe +GcDgi0jz0kfpNdqZ45AOWq6L1p5xWYvHJUE05KKkTMnUt7E1RzwzkU24W0smmrBq +G5S7UJB1772NAgMBAAGjUzBRMB0GA1UdDgQWBBQWsU9P5kdFZxLL1WU26BglFshR +HjAfBgNVHSMEGDAWgBQWsU9P5kdFZxLL1WU26BglFshRHjAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQALkRuzIU+FeKn0qg1xE16JRUbMktI7LcCc +vzg1E3kXUoZ7GsTfhySeAcmibvssPQPXrRx/pKwfgoR2O/v9++DumxPRff4UEWF2 +hS2WKOJu2ychQhn5H7cu9Jc7g1QTgLQJlvLR+8IZprC+xOEiaz19xvEW2aMWbE2W +Gr9S2WSxZA0aWOcq1imvVa27h+i8t51He0fwzfguH3+jz3pkkS+6vVwRl5JXke5a +/ufUzIeaRRbcVRnytlwNdgLQBKdwTEJWXFHhd9wMxTjRLa7TdA8et+VLdWF+WKai +GTCIYsiYqM0V5fSwobeH5zKT7DvDDDS5hs5OfkXs6be8vARZxn7b +-----END CERTIFICATE----- diff --git a/docker/security/payee/jws/verification_keys/fspiopsimpayer.pem b/docker/security/payee/jws/verification_keys/fspiopsimpayer.pem new file mode 100644 index 00000000..1080509b --- /dev/null +++ b/docker/security/payee/jws/verification_keys/fspiopsimpayer.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUWSaadyOlOZuikVJBgnVJm6sHmS0wDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZXIxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjBaFw0yOTAyMTIwMjAzMjBaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVyMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/NERUW0kW +P7sDBZezMYuC/YIvjCVofKASQwGKkvd+kUhAPWahbIvkD5rRP0QZVtw/BlSDuq+a +ci7EkJCgWXXU29+GHapsvqoYMpFcW+jvEdMoLK1LV7EMY3wV4quOBfhK94aCIHNk +1+ZlSzK0bFVE2kGXUj05yWmsRp45UmwVvm8GVXAVrSoDQ0XB4Bi4Ej6UbRZhXdEj +OtUj5XWPOu6NotpRQuD6o0vD8ZyiJC9ZOMswolICYao5WM4Tu3QCJk4Anj27PbyI +ZAMf3n80B33IcnjDAiK3KpzpdeCMAoig23Yal2NU+PEvl/XAL5D7TK9CbMFA8irE +LhSN0iLCrOf7AgMBAAGjUzBRMB0GA1UdDgQWBBREVDEKyvB0X1PF3l76TKKbr2nV +WzAfBgNVHSMEGDAWgBREVDEKyvB0X1PF3l76TKKbr2nVWzAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBmlox7S/6VOkl1ix2X4xaWZW7LUy/5UfA+ +Zxhy02zPY6puzbTd7O0TwK6WXQ0P41U24IksUj43FNgpcS2EcNy8yQTXyh2Sx7ro +wrBEX1R2kaf+vond4Yl7iVXC/127JeGPG8bnfgNeHY/NTJNedzUTJ4Ax5rTUAtCh +TVIjfhKXmR2091C4P1QMXpvHsYhWaWPUZkkrOZq8WkBxyuPaLMZE52IH5VyUqUna +w6ShQvkN48k0VrRGcejYLmpKtXMlx0bLf3/Noz8MF2HJK4sDvohPkHZlZPnyj4Zm +m/HGVUTzUiKtg8UEbEd20KDoktz2sCeOFpAk+nLmSBhvnMOvzAh4 +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/09.pem b/docker/security/payee/tls/09.pem new file mode 100644 index 00000000..429ff28d --- /dev/null +++ b/docker/security/payee/tls/09.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:30 2024 GMT + Not After : Nov 10 02:03:30 2026 GMT + Subject: CN=payee-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:85:44:4a:93:8b:01:60:d4:1b:89:ab:d2:8f:a8: + bd:58:01:46:aa:04:e5:34:75:53:34:06:fe:b5:37: + 72:0a:a6:f0:e7:c4:80:9f:c9:02:50:83:fc:de:12: + 89:e9:57:76:34:4b:26:bb:80:14:75:55:7c:38:69: + 30:67:ef:91:c2:82:c3:e9:8a:d2:a3:22:62:69:0c: + 3d:e0:10:0a:5d:67:3f:79:b7:20:20:4a:f8:5f:08: + cf:87:87:84:83:7a:fa:b7:63:05:bb:f4:76:8d:9e: + 8a:51:02:5e:a4:75:dd:8a:f2:a9:e8:19:20:dc:85: + e2:8d:4d:b2:09:67:1b:f0:c5:f7:14:90:80:f1:39: + 3a:5f:2a:bd:8c:ba:26:53:d1:41:bb:2a:9a:18:e2: + 29:39:9e:c6:0b:87:72:70:6b:51:19:ff:cd:83:6a: + 95:fe:d1:3c:9c:da:6a:c9:3d:e0:c5:c3:fc:e5:88: + 52:df:43:78:ff:7f:0d:e2:a9:35:5d:23:14:fd:e3: + c6:55:27:d3:eb:1c:7f:b6:bf:6f:e4:b6:1a:01:38: + d3:50:be:1f:f8:b9:15:b3:c2:26:da:f8:c7:53:1d: + bc:37:d6:c1:8d:98:b5:01:25:37:f0:0a:ce:de:e7: + 37:df:53:f4:39:76:00:15:28:01:11:11:0b:6a:fc: + 35:63:f5:0a:0d:8b:d2:c1:2c:b3:5c:b3:bb:9f:b8: + fd:07:03:9b:d6:66:49:76:92:94:9a:51:13:f0:08: + d4:7f:c5:53:b1:7c:45:4f:53:36:f8:25:8b:47:93: + 70:75:66:5e:99:73:34:52:24:e0:aa:29:ea:6a:57: + d7:f4:23:db:66:29:ae:0a:92:17:66:e6:7c:f3:95: + d8:13:71:f0:bd:c0:00:14:02:59:5d:54:b6:cf:f1: + 23:f5:84:45:f5:03:0a:d2:4a:89:9c:da:67:ff:69: + 97:11:d6:a4:0f:9f:e1:6c:8b:29:f5:cb:03:66:38: + c4:e2:44:93:31:e1:60:63:c6:45:e5:84:fe:43:9a: + 23:96:03:af:0f:ea:43:53:07:76:af:b9:de:50:7e: + b7:82:69:c5:20:0f:94:3f:97:d1:c0:3e:c0:7d:27: + b3:19:25:ac:94:ff:1d:fd:20:c9:34:a5:75:ed:7c: + 5b:1b:6e:92:a6:d7:24:62:36:76:6f:a5:29:db:8b: + be:4f:5a:41:51:89:81:6c:3a:6b:c7:85:e4:d0:32: + a8:d1:a5:37:62:70:e3:09:85:0e:4a:b4:62:89:40: + 41:62:8b:43:0d:2a:40:7a:fc:99:00:77:56:0a:ed: + 35:cb:f6:ed:20:01:fc:5a:f8:85:5a:64:f5:18:db: + e8:e7:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 19:A4:61:22:4C:25:A3:69:5F:BD:89:19:E9:40:AC:B9:3F:C3:72:34 + X509v3 Authority Key Identifier: + 45:58:70:0B:E5:B2:78:A8:AB:FD:83:BA:30:48:89:A6:4C:C2:C1:98 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payee-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 54:1c:48:ec:77:f4:9a:07:78:2e:ee:b1:9d:26:98:69:af:ba: + 68:c4:31:56:3d:df:f1:c5:90:c4:76:07:a5:bb:09:dd:4b:a9: + 9a:4b:d5:13:a7:5e:45:e4:df:78:58:b2:a1:3d:ea:b2:cd:f4: + 15:01:a2:81:18:35:de:aa:ed:21:d0:76:58:29:b5:81:e1:38: + 35:d9:07:0e:db:de:f0:ec:7c:c3:57:78:7d:92:35:a3:3a:7d: + cc:17:fa:b5:6e:b1:66:79:6c:e3:b2:3d:76:e2:0c:b1:2f:c6: + d1:15:fa:34:56:4f:2e:1a:05:dd:7f:ab:1c:aa:55:90:6c:d2: + 52:d9:f6:d8:4b:4b:fe:2b:47:6f:ca:32:b9:83:23:3a:06:a9: + 6c:c6:7c:9a:e7:21:60:26:d4:15:8a:ac:42:8e:dc:f6:5c:12: + ed:e3:85:58:0f:bb:d9:bb:ed:de:a1:92:2e:9d:7c:30:bd:0d: + 81:fe:eb:c4:c1:51:f0:3a:7c:3e:7b:eb:6b:64:39:e0:b2:8f: + 38:a1:31:44:93:63:97:c5:22:97:98:9b:fd:7e:01:91:76:a9: + 7f:7b:34:f9:bb:ef:6e:e4:a5:bf:db:34:12:a7:e6:2b:e9:ea: + 00:7a:54:06:30:3e:c9:7e:af:49:c5:63:49:60:5d:fc:9c:57: + 47:23:20:d8:b7:e7:78:77:4c:8b:f6:e6:fc:8e:87:4a:c1:8b: + a7:b8:b2:81:0f:68:8e:56:7e:6e:f0:f3:a5:92:a2:3c:c8:75: + 95:bd:db:a2:5f:5d:1a:ff:5d:77:7d:02:e1:16:32:bf:51:4f: + 55:57:38:10:7b:ed:fc:b5:f1:83:0f:69:62:83:b8:bd:ba:88: + 08:fd:9f:97:57:75:0c:9e:b1:c3:0c:5f:95:da:1c:2a:bf:3a: + f2:cf:86:34:bc:1d:95:9d:f9:d4:16:2a:86:6d:70:c0:f7:1b: + f1:bd:7c:08:d2:d3:ee:10:25:c1:a3:9f:0c:4f:a0:57:18:6f: + 44:71:f5:14:c9:20:a4:88:50:ae:ac:ed:1c:fc:99:9b:45:95: + 4d:7a:23:c1:ad:b2:cd:6c:98:ae:e0:3a:f5:42:fe:b8:f6:14: + 30:50:b6:66:c2:3b:89:71:ed:7d:af:77:12:0d:a4:c9:3e:d3: + 0f:53:be:6a:63:e7:9c:98:25:ad:f5:ab:c0:42:5a:90:33:d2: + 63:d6:c5:73:fc:37:da:53:01:ad:fa:4f:13:53:62:cd:c1:92: + 66:61:0f:37:22:6c:f8:8d:92:c4:2b:f6:13:55:c8:11:93:6a: + 9d:5e:9d:c2:68:94:a9:95:0f:29:05:c7:ae:93:d8:4a:f5:4a: + ca:75:d6:4f:1f:57:78:5b +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzMwWhcNMjYxMTEwMDIwMzMwWjArMSkwJwYDVQQDDCBw +YXllZS1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAIVESpOLAWDUG4mr0o+ovVgBRqoE5TR1UzQG/rU3cgqm +8OfEgJ/JAlCD/N4SielXdjRLJruAFHVVfDhpMGfvkcKCw+mK0qMiYmkMPeAQCl1n +P3m3ICBK+F8Iz4eHhIN6+rdjBbv0do2eilECXqR13YryqegZINyF4o1NsglnG/DF +9xSQgPE5Ol8qvYy6JlPRQbsqmhjiKTmexguHcnBrURn/zYNqlf7RPJzaask94MXD +/OWIUt9DeP9/DeKpNV0jFP3jxlUn0+scf7a/b+S2GgE401C+H/i5FbPCJtr4x1Md +vDfWwY2YtQElN/AKzt7nN99T9Dl2ABUoARERC2r8NWP1Cg2L0sEss1yzu5+4/QcD +m9ZmSXaSlJpRE/AI1H/FU7F8RU9TNvgli0eTcHVmXplzNFIk4Kop6mpX1/Qj22Yp +rgqSF2bmfPOV2BNx8L3AABQCWV1Uts/xI/WERfUDCtJKiZzaZ/9plxHWpA+f4WyL +KfXLA2Y4xOJEkzHhYGPGReWE/kOaI5YDrw/qQ1MHdq+53lB+t4JpxSAPlD+X0cA+ +wH0nsxklrJT/Hf0gyTSlde18WxtukqbXJGI2dm+lKduLvk9aQVGJgWw6a8eF5NAy +qNGlN2Jw4wmFDkq0YolAQWKLQw0qQHr8mQB3VgrtNcv27SAB/Fr4hVpk9Rjb6OcL +AgMBAAGjgekwgeYwHQYDVR0OBBYEFBmkYSJMJaNpX72JGelArLk/w3I0MB8GA1Ud +IwQYMBaAFEVYcAvlsnioq/2DujBIiaZMwsGYMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVlLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAVBxI7Hf0mgd4Lu6xnSaYaa+6aMQxVj3f8cWQ +xHYHpbsJ3UupmkvVE6deReTfeFiyoT3qss30FQGigRg13qrtIdB2WCm1geE4NdkH +Dtve8Ox8w1d4fZI1ozp9zBf6tW6xZnls47I9duIMsS/G0RX6NFZPLhoF3X+rHKpV +kGzSUtn22EtL/itHb8oyuYMjOgapbMZ8muchYCbUFYqsQo7c9lwS7eOFWA+72bvt +3qGSLp18ML0Ngf7rxMFR8Dp8Pnvra2Q54LKPOKExRJNjl8Uil5ib/X4BkXapf3s0 ++bvvbuSlv9s0EqfmK+nqAHpUBjA+yX6vScVjSWBd/JxXRyMg2LfneHdMi/bm/I6H +SsGLp7iygQ9ojlZ+bvDzpZKiPMh1lb3bol9dGv9dd30C4RYyv1FPVVc4EHvt/LXx +gw9pYoO4vbqICP2fl1d1DJ6xwwxfldocKr868s+GNLwdlZ351BYqhm1wwPcb8b18 +CNLT7hAlwaOfDE+gVxhvRHH1FMkgpIhQrqztHPyZm0WVTXojwa2yzWyYruA69UL+ +uPYUMFC2ZsI7iXHtfa93Eg2kyT7TD1O+amPnnJglrfWrwEJakDPSY9bFc/w32lMB +rfpPE1NizcGSZmEPNyJs+I2SxCv2E1XIEZNqnV6dwmiUqZUPKQXHrpPYSvVKynXW +Tx9XeFs= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/0A.pem b/docker/security/payee/tls/0A.pem new file mode 100644 index 00000000..cc839149 --- /dev/null +++ b/docker/security/payee/tls/0A.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:45 2024 GMT + Not After : Nov 10 02:03:45 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:b4:eb:51:3b:68:ae:f2:eb:b9:c1:9d:39:ab:2a: + 32:74:c8:93:07:ed:ad:5d:5e:8c:8f:8f:e6:c4:69: + 7f:e6:bf:df:17:56:3c:00:93:73:de:a7:29:e6:36: + bf:84:60:dd:98:56:f8:16:db:5f:a0:64:08:f8:a8: + c9:dc:c3:e4:98:9a:0a:40:17:0d:90:13:26:6a:45: + 9e:2f:96:d5:87:30:cf:3b:97:74:78:33:ea:ba:7f: + 1f:25:3a:be:09:04:05:b8:ef:4f:58:94:ac:8d:e2: + 1c:64:4b:ab:ca:ec:50:14:48:c6:87:42:f9:21:75: + c6:b1:de:b2:0d:88:70:2a:58:74:4c:3b:ea:b6:8d: + ab:a5:8d:f2:a4:d1:f7:41:00:0b:39:15:40:cf:39: + 02:de:74:14:84:39:5d:84:9e:e5:c9:0d:49:36:48: + bf:ac:cf:78:12:fe:0b:70:06:2a:e6:6f:d7:8f:b8: + 8b:f9:7c:aa:0f:d2:5d:23:d3:42:55:8e:ee:84:1d: + 51:b6:40:35:8c:ac:52:a9:71:fb:06:e2:2e:72:88: + 99:8a:50:1b:0a:61:15:38:c8:80:37:97:b9:7c:b8: + fe:c5:17:85:16:13:f1:8a:84:22:e0:d9:79:05:b5: + 2b:21:fd:ec:b8:8c:52:59:e0:37:0f:22:a4:b8:9b: + b9:8c:5d:73:93:36:b1:40:b8:c1:06:42:22:4d:f8: + 42:ac:c8:7b:ac:52:9c:36:2e:b8:e0:9f:10:75:66: + 84:12:66:58:c0:60:6e:cb:4f:17:52:d5:31:7a:98: + de:e6:b9:5d:33:20:34:a4:5a:d9:cd:3d:70:42:2c: + d4:a3:96:59:a5:40:1a:2e:5c:a5:9f:b1:76:12:ca: + 98:6c:c3:74:4c:05:29:b1:f3:0e:00:f4:3a:55:2a: + 79:49:1a:42:1a:89:d8:7b:bb:f0:24:7c:76:9a:ee: + 44:a6:34:7d:2e:6e:19:29:cd:32:38:85:b1:26:d1: + 62:70:a8:82:64:99:2e:4e:63:54:d4:60:5f:71:1a: + 8c:51:e4:19:8f:0a:c7:86:da:ce:79:a4:f3:db:e8: + c2:e1:67:af:b2:a4:f6:36:9c:18:83:b3:b7:c5:c4: + 71:8e:e7:61:74:4f:ac:0f:76:9c:54:f9:2e:71:85: + 22:df:4f:e4:ba:43:9f:c2:87:c3:df:1a:c8:40:00: + 7b:58:18:57:65:80:45:7c:e6:d4:b7:7a:2f:d1:17: + 6d:dd:79:1c:dc:cd:ae:4c:e2:db:a7:f9:88:72:28: + e2:3d:46:b5:d2:f8:6a:36:08:55:d0:db:eb:0c:64: + e3:92:49:5c:fe:a3:f5:3b:d8:53:39:47:9e:e3:9d: + ba:2b:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F3:51:9C:18:8F:A9:FB:B5:A4:FB:27:29:34:51:5A:43:0F:2A:8F:53 + X509v3 Authority Key Identifier: + 1D:1B:61:3D:E6:01:AB:E6:BB:45:75:32:08:46:7C:6B:EA:26:90:37 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 13:30:0a:2c:92:11:ab:48:ae:44:4b:da:54:59:2c:90:73:a1: + 71:ed:00:d8:ad:27:86:65:0c:f7:d2:95:d6:7c:85:06:25:51: + a0:74:6e:17:af:cd:88:d6:ec:58:a5:00:f8:4d:d5:dc:57:5c: + e6:d9:0d:75:83:9a:be:5a:bf:c3:18:f6:5a:84:6d:d8:14:8e: + 1f:31:fb:c8:ba:0d:35:51:af:89:a6:62:b8:be:d2:aa:1d:75: + 63:42:3f:89:f8:59:47:30:bc:f9:fd:35:33:92:1d:09:b7:74: + 03:0e:25:d6:80:a2:68:a8:6c:d4:3b:26:b3:cf:28:c7:ca:79: + 25:a6:6a:22:4d:78:70:53:68:47:c8:84:21:bd:ed:82:d4:8b: + 38:df:70:d8:dc:aa:dc:e2:bd:8d:c8:ce:57:f8:10:ee:d6:bc: + 81:b9:b4:07:61:47:53:79:53:c2:c0:48:13:74:9b:e7:51:aa: + 97:19:49:0e:d8:57:77:9b:0b:6d:52:c9:9e:cd:54:c7:55:23: + 21:e2:4f:c6:f0:fd:1d:8e:06:cd:03:3b:79:18:53:71:3a:fa: + b6:47:93:74:cb:fc:13:88:cb:72:82:84:bc:e1:8c:52:9f:38: + 7e:6f:df:74:ac:79:81:31:96:c3:52:46:49:e0:9d:15:9c:92: + dc:67:d6:87:33:33:95:89:75:af:7f:cb:7a:79:01:39:27:95: + 51:15:ca:0a:39:08:0d:87:1c:ba:da:29:17:d6:69:2c:d1:97: + 3a:3a:02:ff:30:72:11:39:d8:ad:ce:50:46:62:11:30:94:af: + d6:09:0b:10:7a:28:e9:a7:49:f6:3a:c1:53:cf:a6:c8:15:58: + 34:c5:33:c2:3c:54:0c:98:c6:8c:2f:71:ec:a7:9a:6d:af:c3: + af:0a:00:0a:09:f9:9f:41:9d:e6:b5:ca:79:e9:ac:a2:b7:01: + b4:82:91:2c:c1:49:37:40:a5:ec:a2:72:5f:30:47:17:c5:88: + 11:5b:ab:27:6a:94:28:f5:e8:62:01:ab:23:bf:4c:c8:9a:c0: + 61:b5:17:9c:5e:58:8e:96:d4:30:02:c7:11:e1:c1:3c:e0:5f: + 56:46:21:41:30:16:67:00:26:3d:34:4e:22:74:2c:a9:0c:cb: + dc:05:ba:19:56:b7:1b:55:8d:14:ca:5a:0e:7d:9b:0f:c9:c1: + b5:ae:42:f9:06:63:7e:9b:53:f1:05:67:c3:40:7e:f2:0e:bf: + 1b:c3:71:f3:13:a8:05:a3:f2:36:d4:35:76:39:f9:2d:8e:43: + 66:d5:0a:6b:35:d8:0f:63:a3:e7:90:5e:fe:00:16:4a:76:a0: + df:33:b0:62:26:f2:3a:8f +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzQ1WhcNMjYxMTEwMDIwMzQ1WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtOtRO2iu8uu5wZ05qyoy +dMiTB+2tXV6Mj4/mxGl/5r/fF1Y8AJNz3qcp5ja/hGDdmFb4FttfoGQI+KjJ3MPk +mJoKQBcNkBMmakWeL5bVhzDPO5d0eDPqun8fJTq+CQQFuO9PWJSsjeIcZEuryuxQ +FEjGh0L5IXXGsd6yDYhwKlh0TDvqto2rpY3ypNH3QQALORVAzzkC3nQUhDldhJ7l +yQ1JNki/rM94Ev4LcAYq5m/Xj7iL+XyqD9JdI9NCVY7uhB1RtkA1jKxSqXH7BuIu +coiZilAbCmEVOMiAN5e5fLj+xReFFhPxioQi4Nl5BbUrIf3suIxSWeA3DyKkuJu5 +jF1zkzaxQLjBBkIiTfhCrMh7rFKcNi644J8QdWaEEmZYwGBuy08XUtUxepje5rld +MyA0pFrZzT1wQizUo5ZZpUAaLlyln7F2EsqYbMN0TAUpsfMOAPQ6VSp5SRpCGonY +e7vwJHx2mu5EpjR9Lm4ZKc0yOIWxJtFicKiCZJkuTmNU1GBfcRqMUeQZjwrHhtrO +eaTz2+jC4WevsqT2NpwYg7O3xcRxjudhdE+sD3acVPkucYUi30/kukOfwofD3xrI +QAB7WBhXZYBFfObUt3ov0Rdt3Xkc3M2uTOLbp/mIcijiPUa10vhqNghV0NvrDGTj +kklc/qP1O9hTOUee4526K98CAwEAAaOB0jCBzzAdBgNVHQ4EFgQU81GcGI+p+7Wk ++ycpNFFaQw8qj1MwHwYDVR0jBBgwFoAUHRthPeYBq+a7RXUyCEZ8a+omkDcwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAEzAKLJIRq0iuREvaVFkskHOhce0A2K0nhmUM99KV1nyF +BiVRoHRuF6/NiNbsWKUA+E3V3Fdc5tkNdYOavlq/wxj2WoRt2BSOHzH7yLoNNVGv +iaZiuL7Sqh11Y0I/ifhZRzC8+f01M5IdCbd0Aw4l1oCiaKhs1Dsms88ox8p5JaZq +Ik14cFNoR8iEIb3tgtSLON9w2Nyq3OK9jcjOV/gQ7ta8gbm0B2FHU3lTwsBIE3Sb +51GqlxlJDthXd5sLbVLJns1Ux1UjIeJPxvD9HY4GzQM7eRhTcTr6tkeTdMv8E4jL +coKEvOGMUp84fm/fdKx5gTGWw1JGSeCdFZyS3GfWhzMzlYl1r3/LenkBOSeVURXK +CjkIDYccutopF9ZpLNGXOjoC/zByETnYrc5QRmIRMJSv1gkLEHoo6adJ9jrBU8+m +yBVYNMUzwjxUDJjGjC9x7Keaba/DrwoACgn5n0Gd5rXKeemsorcBtIKRLMFJN0Cl +7KJyXzBHF8WIEVurJ2qUKPXoYgGrI79MyJrAYbUXnF5YjpbUMALHEeHBPOBfVkYh +QTAWZwAmPTROInQsqQzL3AW6GVa3G1WNFMpaDn2bD8nBta5C+QZjfptT8QVnw0B+ +8g6/G8Nx8xOoBaPyNtQ1djn5LY5DZtUKazXYD2Oj55Be/gAWSnag3zOwYibyOo8= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/createSecrets.sh b/docker/security/payee/tls/createSecrets.sh new file mode 100644 index 00000000..ad0489d1 --- /dev/null +++ b/docker/security/payee/tls/createSecrets.sh @@ -0,0 +1,28 @@ +OUTPUT_DIR="." +setopt +o nomatch + +rm -f *.key *.pem *.csr *.crt *.old *.attr + +## Generating Server CA certificate +openssl req -x509 -config openssl-serverca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server_cacert.pem -outform PEM + +## Generate server csr +openssl req -config openssl-server.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server.csr -outform PEM + +## Sign server cert +openssl ca -config openssl-serverca.cnf -policy signing_policy -extensions signing_req -out dfsp_server_cert.pem -infiles dfsp_server.csr + +##################### + +## Generating Client CA certificate +openssl req -x509 -config openssl-clientca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client_cacert.pem -outform PEM + +## Generate client csr +openssl req -config openssl-client.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client.csr -outform PEM + + +# Sign the hub client csr with clientca +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out hub_client_cert.pem -infiles hub_client.csr +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr + + diff --git a/docker/security/payee/tls/dfsp_client.csr b/docker/security/payee/tls/dfsp_client.csr new file mode 100644 index 00000000..4a3a7e9b --- /dev/null +++ b/docker/security/payee/tls/dfsp_client.csr @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFnDCCA4QCAQAwgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDESMBAGA1UE +BwwJQmFsdGltb3JlMRQwEgYDVQQKDAtERlNQIENsaWVudDERMA8GA1UECwwIUGF5 +bWVudHMxEzARBgNVBAMMCmRmc3BjbGllbnQxJTAjBgkqhkiG9w0BCQEWFmRmc3Bj +bGllbnRAZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDOwSot7pf5tRZeYCTOI4xh+ccjahLTa2EsVAY25HDh9WiBnxXYad/8z0RtMmTN +Ji2ERz50PHN+de1QsWSsrybP4+xxXn29yd4ZEPQsdVM3WoOdN2eXbbeRtEgnzBIg +OffHH6zETuly4C0TK+U1m0qiMFPwx0FH9brgYSUT0sZHg4VXe1ac+MSfuPAM6tGS +AZ+qrYgzFaDPozoPk6t1QJ2RqGRJ3bgYt6D2o+B0XULtiyXywpIChQd3fyRlxDsi +Tj7LwHX7Tnm721Dni3ZL7zafi68VN14KayC4bsf+MFCoOdLUWlnyjiyWyzevluPm +H3pUeYGWFnAuIE+j59NQAwVjyI/RAeEcEa+jmU5uwNqgMlBDTPRwvDtxSLluQrvF +X2AANbyZWrwKgt6jQ4Em5Qr9ORwp+krVd0GmKiDaju1hThCENUzFoRYGq0EpRS9z +K9cncxWIGJTwcut51EMddZFltqWMKUxrhKV3Frnbc+YcwzWL7elGdA71Z1bDlAfL +na1ShYSf32+r/tt7idvDaknoElNYseo+KeIaiesAyET04I0W3Pv14sWqD3wPgQiS +OdiB2YBJ2la1/RJO8lK2uDFTPKAEgYwacc2yyvUQwFc5t+gPUDEIV6TV5thCL7ZP +UsGsy1Gr9YtwQvzHTOW0xPqX91PrUzd5US7+EIAUZT7i9QIDAQABoIHCMIG/Bgkq +hkiG9w0BCQ4xgbEwga4wHQYDVR0OBBYEFLeYMDuHoJvt9K5xUSXnDyykXREWMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEF +BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAs +BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDQYJ +KoZIhvcNAQELBQADggIBAC2Hs69FCzxxQziPIW4v/4zQL2AZCuqXeepVrb7br2ec +mhp/DymGr8FMlsZx6TVORyyM4ZAJeTJq8JitwAlw1rm7xo5c35DAlkEAl3k5CFsz +s/hXU/volXZAydudFzKqcn7QqreGWa9ug+A2/C33T58hdhw/DB40AgyQehj4P0Lm +u03k1SdVtYk2x7opzVRi/A6MQiDFKAPzNbdjjuKEOvgWCBlBosJLeDIwyiMuhmfb +ku+Cq2m2dlNTMJKk8WEk/ABsvrqNKj2sg4QpZ2to975zw8noVIAr9ICj2NpsUpqw +TZjXLasFDsC45S6OEQCUQXHzyaa4tr1qRUPcybdTWwKWpYysVTHDeyjO3cyEVjqd +i8aSzUt3j/XVKzjVEcs3DNn+AQGu7DIRlfsWMTihy3oEQG3y2FZFFwAtJBpYUC3N +3ocREwU6p2NlFj8OOk8EP1feYVxmSmiWYnDp8qUpD0tKjfth6iKRijlTw18x5Io+ +pmtr3ZXVtYLiYFbrOVjfSE+tO+yCmSuZbyNnimFVPQscdF/yYrUZQmB0ittFdl8n +ZWObsItphNaRZP4Ucv+p367W43aZXD/MxemALN1p/aea9I4kkdLkZli/gOE2RFL4 +08gdws7EtR0YcsTOsAfGR29XFVap+KhFZt81Zz9yddTzd6kLjlfplOS6qeAhxff3 +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payee/tls/dfsp_client_cacert.pem b/docker/security/payee/tls/dfsp_client_cacert.pem new file mode 100644 index 00000000..f4773ae4 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUJipa/9I+YwLzo8+NQ76Gkmv+Mu8wDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMzM1oXDTI0MDMxNTAy +MDMzM1owgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAn9Vpygt4XKIPXSpTtINdU2yqncIid1ojQA5UkS58HPf03ZjKEnK0 +vs2h3EOImRaAbbcq+Sy+RAXL//jwxOsR4EgwccGVjqPPfvLONFkDfL799jGC/BtQ +sDOZPTWaesFo9PD6R5YtVAPrb7TYYYMfsyCJ2+tFgS8Nnmtv/aKupeXKIUo8Umsq +/P00oRtE9RjZOjglrUeCnWww/OZoUfoRDusxzS/pV8LD6K7/hqvNMbCGjXJjbsZ9 +P4RNbtXkDS4+x+0opfx5uAZryKqOXuOZaDOiEFAu7OHbztjbM3BobByMwO8q8j4E +O6j4nilyw+gY85Dv04y5M7EOvZtUytRosA3fDGAupb8YrLy8lENHmiFtz2UOYEAr +vUBuhgbk88GpqwBRygaz5uBsPGv6QvGb8PhGz2kmt/0iYomVCVv7QQgTReU10WcL +K35AnxINug9+VSZs7/bobPfLxmdXF+tGp5xGCwIs/raCgyZkk2+6PUBoM9Knj/Ed +LIsMVTa05grmLs/NWqDNXgHy1Cpk3yD3Y6P6Cc1Ei8VPjgt5AFLdFW+Ti89cq11O +bwSNUadwdx5Y1N4kQRATzYxLCSxgVh95Dz3afdT9Ae93K4ie6dFYnfiB6XOPOIfW +A0q1Zb/6UcwdmWcsZl1Jt6ij42VNBr+Drh/3NdJNTOS5JHBqX5h7WfMCAwEAAaNg +MF4wHQYDVR0OBBYEFB0bYT3mAavmu0V1MghGfGvqJpA3MB8GA1UdIwQYMBaAFB0b +YT3mAavmu0V1MghGfGvqJpA3MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQBiN9BtHuLO8ArrRoWJKxIebPIBAQqltcT0SHtt +XWZ3HcmLxMT7VdioNP+34ir0m1lRj0M1ppKbucwiGEnxs4f+Xo4tnQg0DUB6XISP +Lz9Jy7pncic9y+WZLP7Q7q8MS4Ppd8ET4Z6j9tIIeOueheR8bJlG2c+U8Or1Jo2C +CmFXyPDxpYOZX44ycIEieD/rQ6fekY+d5O1Q3xnH8FscX2g8GsF5uPFmtjdBGbA+ +Jq24G48q5gLhuIqd/RVAUEETt8q1jKcEVQJgYnjjyBBKq3UKypEG7Kc2aUXS466F +Zz4ZBe39EbrXxfqAP2bPlyg5ApnUnW7+st7FsGZJd2enKb5u+/DsixGCNaENV5Qo +qDSL/k+fErpgtTOQJGYySeGakcUHM9YHr4dp/bDdyjp9tIK5tpXGR8YQJskVEggX +cQPeSTm+OE+vJMheqTooqP6I5FVWpcQ54MqVTDxvfM/Mgl686Jbt7uWlpjQsaHwx +FEJJjQ9Cik5WwSLEzZgUPuH1vjO31gF9oJM5fSHIxiUYcdZdzUFynSX6il5H55w0 +NaKx8U6345GD+UmnNi4jemUz5jeU+/4smiwab2LgMLu3nS3JMsvr9dm2U0dJlzAH +wP4r6bD7CQQhHtxlEKHPReGVhn/CdmPERLdoSVY9iqaau8+rhOAWBNpEKxE57qTx +zVDsWw== +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_client_cakey.pem b/docker/security/payee/tls/dfsp_client_cakey.pem new file mode 100644 index 00000000..9aaa95d3 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCf1WnKC3hcog9d +KlO0g11TbKqdwiJ3WiNADlSRLnwc9/TdmMoScrS+zaHcQ4iZFoBttyr5LL5EBcv/ ++PDE6xHgSDBxwZWOo89+8s40WQN8vv32MYL8G1CwM5k9NZp6wWj08PpHli1UA+tv +tNhhgx+zIInb60WBLw2ea2/9oq6l5cohSjxSayr8/TShG0T1GNk6OCWtR4KdbDD8 +5mhR+hEO6zHNL+lXwsPorv+Gq80xsIaNcmNuxn0/hE1u1eQNLj7H7Sil/Hm4BmvI +qo5e45loM6IQUC7s4dvO2NszcGhsHIzA7yryPgQ7qPieKXLD6BjzkO/TjLkzsQ69 +m1TK1GiwDd8MYC6lvxisvLyUQ0eaIW3PZQ5gQCu9QG6GBuTzwamrAFHKBrPm4Gw8 +a/pC8Zvw+EbPaSa3/SJiiZUJW/tBCBNF5TXRZwsrfkCfEg26D35VJmzv9uhs98vG +Z1cX60annEYLAiz+toKDJmSTb7o9QGgz0qeP8R0siwxVNrTmCuYuz81aoM1eAfLU +KmTfIPdjo/oJzUSLxU+OC3kAUt0Vb5OLz1yrXU5vBI1Rp3B3HljU3iRBEBPNjEsJ +LGBWH3kPPdp91P0B73criJ7p0Vid+IHpc484h9YDSrVlv/pRzB2ZZyxmXUm3qKPj +ZU0Gv4OuH/c10k1M5LkkcGpfmHtZ8wIDAQABAoICAEencMQ77Ss2GgYt1hXMeJfQ +VRLhd/sixT/PzNjDSq/f934qo5iupNoPLNumyQO8gznsjk7j4K51HNX1/9Z//eUa +5+DvpMEsLfcfGhN8vmP76bWnz61+/2bm0vGOaOFUeN2qdMGIEW0jTranEARzONBg +q30UlfXKpuPZDX1bI8nK4RmYgr9+POjrCN+a7oikqaoAht+Oef9iA/o0vxrVLTWP +eiWfL5CBB7v2TCbPOW/n0AJ0gCAmyvqhMOeZ6yF/lHSjnQAA1n6KHmL5F1dx2JHO +5/5BPDBFNvod3PNMFvw0tmM+NXYhGFu4rjCVq1YpZJo45VNlOJf0bgPRsas2m3Fv +0wLfVy6GUIaY+MAsTx56HM1Rh9Up9cedhF5PNGr8iJKfjKwAQHeuivaOUBzu2MUv +tlq2LR/McHQlGjGH97a6FzDqbtlhzMq7/9kMKRZNkR3WzxRq7b9L43skJIE/gMno +rd36d67UPZuVrT0JHtzupeqznOwf1831NphEAcwxfpzISuvz3J/Yoa4XkR33ddtI +qVu2IrkVbBTjIU8VYl4WWsBFc8eDq/rpSj1VRgzcHU6EA5zZy8XnKjiKGfO+Gw3M +F0jWS0qAqP7wG0VLyQC3n5nra+BOf3A8HskYKaxErqb3LvBL72a+7T9bbhwuKnIX +rmXNia+bvJsXTd87O/9dAoIBAQC5jfvABv0lLXBDbldfdoozMz0nAasAWLrD/aKy +62vDrSFnSeqDfFzDuQuq6vbkWaiyDSIvKpl/tv0Kt/+AyedNbQLhA45H6bf1wtLW +Wc7jjyNBOUMxUwoHnueO/tDtFuMt2poj+gC6j6/3IPCBdonutNAo1x+tKE8TarXV +AN+vuR6M+KjcoamO0/EfGdsdYDkXCPdDDbemRiup4sG9Ay6QglGPMJL9HifBkP9D +kQOf7ZOaSESxiDM5yAzkdsMGb87QivH4jQyuHUJpLjudaiab+2kOJtFFAB/YvTml +DqHhHn/Iz2PZ1LxCl+o0OpB7A3qi87ff5b4ht9X2OlwF+jCVAoIBAQDcg5z8Bu7J +XvHbnCaMcACxhEcAHmqAAtB6ZLwI8V6c/6avmZJL2miLTygvxNyk9Zr2nKNhWBVc +usGRb+mV0wlVYnfbXRpBTpKX6cSMTJ+MQXz18fHFpb9+XnLda0XvJssdW5lLagbg +cPohY87t+BYY0Ukrn5FxeImMuuQnkDza5Y9hMdz5Dz7cqyRvW9GkWOzdZy+nwuxB +dhjTi8Kz7yQCqHQt1JRaUfwiMSP7sZnN+nKTMmIi/Bf6D/ApjRWtuJStuidaWOMX +yNwv5LGt0HrDSouTNftp7OgolyuGs412bmA4IIkc20hpi5KCOkxNVtvahSU83ASR +8FkCD/8r0RZnAoIBADAz6z9yUVbUHALYakg5YiN03yD/9O1NH4+ElzyFneQiWLgd +YpevueV6b8aB7Ytao1FFyiiYl3GvFsMvE2fgi374n7PWmaKi25AzgVP/1pgU+iKa +fpMUsFlUdXEXTy0YMgIadMp9yqysYRkA7JmlMqXZQO4rHGZ+PzSbFwtzg6iBnacf +fbZ7JLIe6teafup9sbcDNECuEpRWTEeAybWRWwpdYFSjWLv6lndZdIaX6GombJ66 +wWWhLTWIe5jqJTXJ298fCUb5VV7x6Our//6fsdH5mMv9V4XmR1+loJD5YSI7KxT+ +k0DmW9Ws40GYKSpbuAMW7yBx7VeTCzlA5eEDopUCggEAJO2JeY8zp9dVi2Bf+D69 +bvzm4vc1AJD4FrcN4jWBkasiX9/I5xkBTusHoNBH3vweYlQi7CdTFH9V8SQbqvJ3 +aqwdxEeYIP2mgPgt6Qzf3x4MbieBRIcYRXJNrBTN1lnZw+XWCxILasSgrrzHJ4TX +Nnq91SdYtPbpmf6mPJXkCwhMdYtjJPZPoaaraFapCeu2ZvFjwqVa6S98wthx164h +iqxpIE+sNF/saFFwZDL+vcbGLy5NzuwGm+LVZi/xRHFXvKwi8PdXuGDztrWGp8P0 ++wVd0F5G5xs8WafPKzSgaQfc5ylTrNhwDPTJqTNYGc+E69hGPyXdQg9M6JKDOfQ+ +2wKCAQA6hgq7PUIlX2uIq+3abqVJadu7ibS4RcmBc1WvLG8wV5NBWAtcwoaJ7OZn +JCDMAd9Rl5GkQpqN8pGln8w9vQUFtTjfV+KNf2UfWUeMNNdz+p7vm/FUDaVraTmx +BAFX69VaLKdbLzIeISkkUyqcZ7YZ4V7O6bQeG5uwXwjhHtRUqMKtdFeVS11rm+sS +X6C9jUVGgR1LLty0kRte7S9xo69pEXbMgHhVnC8khg5BaTsl7au0HeBr9Eaop8xz +91v4kh2nAFFs4qdKEMms4Ki3jifar+3t6oOHgFtI+dK+I3OdhLhh6aGCNszcoRq3 +e4KI/ofch6GEVu1tOSQmjJC2DZCG +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/dfsp_client_cert.pem b/docker/security/payee/tls/dfsp_client_cert.pem new file mode 100644 index 00000000..164aa797 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:38 2024 GMT + Not After : Nov 10 02:03:38 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:ce:c1:2a:2d:ee:97:f9:b5:16:5e:60:24:ce:23: + 8c:61:f9:c7:23:6a:12:d3:6b:61:2c:54:06:36:e4: + 70:e1:f5:68:81:9f:15:d8:69:df:fc:cf:44:6d:32: + 64:cd:26:2d:84:47:3e:74:3c:73:7e:75:ed:50:b1: + 64:ac:af:26:cf:e3:ec:71:5e:7d:bd:c9:de:19:10: + f4:2c:75:53:37:5a:83:9d:37:67:97:6d:b7:91:b4: + 48:27:cc:12:20:39:f7:c7:1f:ac:c4:4e:e9:72:e0: + 2d:13:2b:e5:35:9b:4a:a2:30:53:f0:c7:41:47:f5: + ba:e0:61:25:13:d2:c6:47:83:85:57:7b:56:9c:f8: + c4:9f:b8:f0:0c:ea:d1:92:01:9f:aa:ad:88:33:15: + a0:cf:a3:3a:0f:93:ab:75:40:9d:91:a8:64:49:dd: + b8:18:b7:a0:f6:a3:e0:74:5d:42:ed:8b:25:f2:c2: + 92:02:85:07:77:7f:24:65:c4:3b:22:4e:3e:cb:c0: + 75:fb:4e:79:bb:db:50:e7:8b:76:4b:ef:36:9f:8b: + af:15:37:5e:0a:6b:20:b8:6e:c7:fe:30:50:a8:39: + d2:d4:5a:59:f2:8e:2c:96:cb:37:af:96:e3:e6:1f: + 7a:54:79:81:96:16:70:2e:20:4f:a3:e7:d3:50:03: + 05:63:c8:8f:d1:01:e1:1c:11:af:a3:99:4e:6e:c0: + da:a0:32:50:43:4c:f4:70:bc:3b:71:48:b9:6e:42: + bb:c5:5f:60:00:35:bc:99:5a:bc:0a:82:de:a3:43: + 81:26:e5:0a:fd:39:1c:29:fa:4a:d5:77:41:a6:2a: + 20:da:8e:ed:61:4e:10:84:35:4c:c5:a1:16:06:ab: + 41:29:45:2f:73:2b:d7:27:73:15:88:18:94:f0:72: + eb:79:d4:43:1d:75:91:65:b6:a5:8c:29:4c:6b:84: + a5:77:16:b9:db:73:e6:1c:c3:35:8b:ed:e9:46:74: + 0e:f5:67:56:c3:94:07:cb:9d:ad:52:85:84:9f:df: + 6f:ab:fe:db:7b:89:db:c3:6a:49:e8:12:53:58:b1: + ea:3e:29:e2:1a:89:eb:00:c8:44:f4:e0:8d:16:dc: + fb:f5:e2:c5:aa:0f:7c:0f:81:08:92:39:d8:81:d9: + 80:49:da:56:b5:fd:12:4e:f2:52:b6:b8:31:53:3c: + a0:04:81:8c:1a:71:cd:b2:ca:f5:10:c0:57:39:b7: + e8:0f:50:31:08:57:a4:d5:e6:d8:42:2f:b6:4f:52: + c1:ac:cb:51:ab:f5:8b:70:42:fc:c7:4c:e5:b4:c4: + fa:97:f7:53:eb:53:37:79:51:2e:fe:10:80:14:65: + 3e:e2:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B7:98:30:3B:87:A0:9B:ED:F4:AE:71:51:25:E7:0F:2C:A4:5D:11:16 + X509v3 Authority Key Identifier: + EC:3A:E7:1E:CC:8B:EC:47:A3:1F:81:73:93:8D:A3:A5:FB:64:F5:A4 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 6e:1a:f5:a0:37:7a:d2:34:89:3e:99:eb:2a:9f:5d:ba:8d:0a: + 59:67:0b:04:16:3e:b3:49:6c:83:3b:7b:34:d2:ad:5c:9b:4f: + 34:79:15:36:f4:44:fb:55:1e:7f:64:65:21:31:6c:1b:69:39: + 6f:3a:a6:72:0c:dd:3c:e5:4b:76:44:ff:c7:91:33:c5:13:05: + 3c:45:88:10:95:be:a0:0d:17:db:ae:1c:6d:20:04:09:2c:53: + a8:ed:fa:61:7a:b6:fe:82:8f:a8:af:33:41:2b:0e:6b:f9:40: + d0:c8:70:40:26:23:c3:66:8b:0f:34:2f:05:b3:77:d1:b8:14: + a7:21:30:bb:1e:40:4e:6e:0b:02:72:2e:ac:1b:9d:fc:85:d6: + fb:59:e8:96:1f:c7:4c:02:90:dc:f8:5d:cd:89:d8:ec:31:e0: + 65:35:f5:f8:30:09:6d:d1:4d:fe:6a:97:90:7a:6a:04:6d:c4: + 5c:4b:d7:e5:ea:62:e6:0e:f3:3d:18:58:02:d3:ea:ca:cb:0f: + b8:dc:38:89:f4:bd:4d:16:24:ed:6f:70:49:de:d5:14:4b:9e: + ad:1c:f9:a7:dd:25:af:6f:5e:99:dd:ce:db:1f:f5:ab:0e:8c: + eb:bb:66:30:ab:5d:57:48:80:6b:50:91:24:bb:48:d4:01:d0: + 1c:72:7f:3d:9a:96:4f:47:38:d2:8a:9b:f1:b8:9b:98:99:e2: + 2a:7e:7b:86:47:86:74:f5:8b:17:30:b6:56:50:9b:fe:d2:8e: + e4:34:d2:ce:7d:bc:b1:1d:df:7d:a9:d2:74:68:b2:43:05:1b: + 10:1d:43:21:43:9b:b8:b8:e2:c9:ce:51:2f:8f:6b:d7:b5:49: + 40:ae:4a:8e:86:51:f8:55:1d:bc:3a:cd:73:eb:b5:f9:af:a4: + 5c:58:6f:bd:76:5d:a9:1a:e9:c9:85:ce:3a:d0:92:43:3a:bd: + 7f:c4:31:09:aa:0e:f0:4f:37:bf:d6:b0:c6:88:50:df:53:ff: + 25:b8:b8:02:ea:07:5f:ce:6d:11:ed:eb:46:13:30:4a:10:90: + 12:65:13:3a:46:3e:e7:99:a3:56:94:19:9f:a5:51:10:c8:c7: + ad:17:10:62:f4:7d:76:8f:9f:e9:a2:47:ac:77:de:32:cc:b9: + c7:81:7b:c4:a2:bc:bd:81:b1:18:1e:c5:6c:79:ae:60:96:01: + db:15:89:ee:10:ca:2f:04:db:78:6f:c3:ab:6c:cc:74:03:38: + cf:3b:7b:40:e6:71:f1:cf:22:8f:87:05:57:16:dd:bc:6c:90: + a6:f6:b7:45:96:f3:b7:5e:01:fc:51:17:9d:0a:aa:0a:56:f4: + c4:7d:de:bc:f1:32:df:48 +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzM4WhcNMjYxMTEwMDIwMzM4WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzsEqLe6X+bUWXmAkziOM +YfnHI2oS02thLFQGNuRw4fVogZ8V2Gnf/M9EbTJkzSYthEc+dDxzfnXtULFkrK8m +z+PscV59vcneGRD0LHVTN1qDnTdnl223kbRIJ8wSIDn3xx+sxE7pcuAtEyvlNZtK +ojBT8MdBR/W64GElE9LGR4OFV3tWnPjEn7jwDOrRkgGfqq2IMxWgz6M6D5OrdUCd +kahkSd24GLeg9qPgdF1C7Ysl8sKSAoUHd38kZcQ7Ik4+y8B1+055u9tQ54t2S+82 +n4uvFTdeCmsguG7H/jBQqDnS1FpZ8o4slss3r5bj5h96VHmBlhZwLiBPo+fTUAMF +Y8iP0QHhHBGvo5lObsDaoDJQQ0z0cLw7cUi5bkK7xV9gADW8mVq8CoLeo0OBJuUK +/TkcKfpK1XdBpiog2o7tYU4QhDVMxaEWBqtBKUUvcyvXJ3MViBiU8HLredRDHXWR +ZbaljClMa4Sldxa523PmHMM1i+3pRnQO9WdWw5QHy52tUoWEn99vq/7be4nbw2pJ +6BJTWLHqPiniGonrAMhE9OCNFtz79eLFqg98D4EIkjnYgdmASdpWtf0STvJStrgx +UzygBIGMGnHNssr1EMBXObfoD1AxCFek1ebYQi+2T1LBrMtRq/WLcEL8x0zltMT6 +l/dT61M3eVEu/hCAFGU+4vUCAwEAAaOB0jCBzzAdBgNVHQ4EFgQUt5gwO4egm+30 +rnFRJecPLKRdERYwHwYDVR0jBBgwFoAU7DrnHsyL7EejH4Fzk42jpftk9aQwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAbhr1oDd60jSJPpnrKp9duo0KWWcLBBY+s0lsgzt7NNKt +XJtPNHkVNvRE+1Uef2RlITFsG2k5bzqmcgzdPOVLdkT/x5EzxRMFPEWIEJW+oA0X +264cbSAECSxTqO36YXq2/oKPqK8zQSsOa/lA0MhwQCYjw2aLDzQvBbN30bgUpyEw +ux5ATm4LAnIurBud/IXW+1nolh/HTAKQ3PhdzYnY7DHgZTX1+DAJbdFN/mqXkHpq +BG3EXEvX5epi5g7zPRhYAtPqyssPuNw4ifS9TRYk7W9wSd7VFEuerRz5p90lr29e +md3O2x/1qw6M67tmMKtdV0iAa1CRJLtI1AHQHHJ/PZqWT0c40oqb8bibmJniKn57 +hkeGdPWLFzC2VlCb/tKO5DTSzn28sR3ffanSdGiyQwUbEB1DIUObuLjiyc5RL49r +17VJQK5KjoZR+FUdvDrNc+u1+a+kXFhvvXZdqRrpyYXOOtCSQzq9f8QxCaoO8E83 +v9awxohQ31P/Jbi4AuoHX85tEe3rRhMwShCQEmUTOkY+55mjVpQZn6VREMjHrRcQ +YvR9do+f6aJHrHfeMsy5x4F7xKK8vYGxGB7FbHmuYJYB2xWJ7hDKLwTbeG/Dq2zM +dAM4zzt7QOZx8c8ij4cFVxbdvGyQpva3RZbzt14B/FEXnQqqClb0xH3evPEy30g= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_client_key.key b/docker/security/payee/tls/dfsp_client_key.key new file mode 100644 index 00000000..e8f8be81 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDOwSot7pf5tRZe +YCTOI4xh+ccjahLTa2EsVAY25HDh9WiBnxXYad/8z0RtMmTNJi2ERz50PHN+de1Q +sWSsrybP4+xxXn29yd4ZEPQsdVM3WoOdN2eXbbeRtEgnzBIgOffHH6zETuly4C0T +K+U1m0qiMFPwx0FH9brgYSUT0sZHg4VXe1ac+MSfuPAM6tGSAZ+qrYgzFaDPozoP +k6t1QJ2RqGRJ3bgYt6D2o+B0XULtiyXywpIChQd3fyRlxDsiTj7LwHX7Tnm721Dn +i3ZL7zafi68VN14KayC4bsf+MFCoOdLUWlnyjiyWyzevluPmH3pUeYGWFnAuIE+j +59NQAwVjyI/RAeEcEa+jmU5uwNqgMlBDTPRwvDtxSLluQrvFX2AANbyZWrwKgt6j +Q4Em5Qr9ORwp+krVd0GmKiDaju1hThCENUzFoRYGq0EpRS9zK9cncxWIGJTwcut5 +1EMddZFltqWMKUxrhKV3Frnbc+YcwzWL7elGdA71Z1bDlAfLna1ShYSf32+r/tt7 +idvDaknoElNYseo+KeIaiesAyET04I0W3Pv14sWqD3wPgQiSOdiB2YBJ2la1/RJO +8lK2uDFTPKAEgYwacc2yyvUQwFc5t+gPUDEIV6TV5thCL7ZPUsGsy1Gr9YtwQvzH +TOW0xPqX91PrUzd5US7+EIAUZT7i9QIDAQABAoICAEfXliT8vaE+m+WySce5UXvv +85LqNl1xeAQTtE8ZpOHXSPeVhF09OOAbU18QPjeM1w8aRGjWYplkN9Csu1tHx1hA +jjW8jDvI69xQ6E+UexSGZqpYCK51KO6/srzla7z395Gg/4L9GqBYpkD9pTkx20at +PVWynwv2pnd2OhB/0nciC9DgojGMPaJ0fDE43RZ7avQ/NU7u6oCL6s5j1RW6nKXy +2dpS6TfpgsyBGCrHB00MZ2TJ2Dt45yXOL6MPAy9B+g8JstVeqO0uYZf7fWEYX6Yj +vvRD13EOVYHQuLyqJDS4VvqD5LJkVbkWJyTj7Q/XC0ZULEOvS06z2oiNMv+f9Rxd +L4cMAYSHZKSXeuEy7pkP5cDyQY/B/1NcG7IzEDji2oQAilCXFNukxhTrrh77CAzm +BvwPCEk0YPfep79UE1YYCMwYu2wA8iUFFJ3djTRVQ4CqxtNetTDiXdY7DoQQmg+6 +25CrdDGsKshQrxGsYI61LWM2DHN/CU5NJy6mzi/wvyvitA7irSMKc6cakIu8ONxf +J89+So4yeuioHd3dbF7WbWl1+IIqmFnUTgl6DzHEL6fu/eoMcZvcOXx1MPgoYza/ +E2zcXE10rVhACgNN3/9EpMoiDAfx19Rl8l+g3S45I95mgBkaSaQwGU5QPVDCaBHJ +mHkxldBuPH08yUJfMNi3AoIBAQDTjvtd22PyRYHKt/aNgp1wzxiSWxqPtdf/LT0C +8/YHu4gNWW8KFajQuzH7LTuSO4VDIt3dAw+HtEq3cqQoxaT0IioBhxjJAScDas8e +I6SvA8sKtYfDCsJLEe/nM9FdorD7Vf+oo2y1xzcGskProL1w0hSAZunkOY/WcqDi +ArkvIJ0rmkcj3KdD30kBfPAP4NcWNSRrIdIiKtcOIP9Ai9/47ikePrhdbBbCu5wU +BRTYqgG3d/1H72MrQI/xwlWvJdYSXturIwOBjU11oqrlUYR6PiFN0fGDCq8IuhKI +BnpPRFiPI6XWls51Fu2Xd2SD6JqWk+8186v3ZHEz7XNO5pc3AoIBAQD6L9a7FASo +H0HiMvk2LGBe32EPQQQ/+A0pP/K8takv+ju+n1+99tAdgqVLazXH26CQkeyIQHgV +6vxne4egnv8MoRTf8XEaFzk59FhuP/PCc9d0mEC1ffQ4pdwjIoThFreCX8rtWIJt +N9/UOyoczdViaCN/nK7vXf7fyPvLOyFWxyhjYxpq8BXiVwSUgQqv5APWask/2hUt +SjIe3ZJ+S1IyR3+IkO992I5aC+bKvpG9UxRV1ecFsLvKSgYb8CuwlgBLn5WUidDo +swzOiCJ2l4EyOBrpALuPpJZDcmhYCVNh/zVwqr41ogGgD2f1tBcduQ+IA5a2006W +7gGyyaTdctUzAoIBAQC1YRTp9zrNcAJDR02/LYjGOwgaErnHFGTHhoWUjo0VPBb9 +OvwUbVV6/8NuUe2NBjLOyInm/sTF2DFm7ocH3cv683+IJ8d8LdzA9UX11SFQW7Qs +zk5DTmod6pcAZlDOMroCAk1azCJcBxyKRTQuRHWm0LZ7D8DfxuonNcfxfdw/J3sY +8wCjIn7Vlg4FlJRNSLufcphysWBzor8WgfvV3xZ7WdUu9R8kGZO6CRdboq+owrkO +D3W7wuYHIydGYxMLQykyPtme9DoBTKBohrp2OVmXZMUw7xpc+z/t/3n73XHnm/VB +Y5K/VDRV9v5kqhwna7l99/9TBkMdq6PSnXYK43ApAoIBABgiWUJ+sdxN95sMc8Ho +EfvU7JX+HZzWHt7lzlKp64I3T2AaG7BFiNnv6mYWF4AKDbkken7CSVND8clBv1md +PNlJCKx5rAFqUBjpG0a3YJpXdmdG8KcRWWfFiDDTeaIFAPrQptCygxJqG2trsapJ +qNXvWc1Lngx1Msr/plp6f8LRP3Im8ztxoYrN/iEdOZyyEDS05GkGbpiJ2b/ke+c2 ++NzkzMatxIyNQV4qW78fFwv+Ya3ODpUb8WGYNnKnfm9waOLiqBlGGiL4crnRpBFw +mAPyKZZkfbNjmyMyfCJR8/s2FT+jGOovkJySH+Mx1jEF0xu5zOYiCCjDGOLYVNEP +7MUCggEAAXfLnBefyEXuJXE83xlbCvXRYaTjVwjKswRAjvPVS+yDMvPYkASg3phb +szbw61IZdfEzJMkSRhXX6C1/WVIje4eJHbNX3r7Z+QCq4gCBYClJ2DWg2IR0G+/4 +xA8xP+TWj65SNUBONCSM0/+M5ihu/46h9Ox/NWFd4ojYDJsny34xrk9IvXFsKHdg +tYj1cYHjq5yciowCu244xCvsTMrPYG09BsxLUZDGCQ2pp6aTdCeXtC7raXpCtpUd +GN4rTZRouVsMJ3HNjjdvao/2z2NpbTj21gv4sk6IgcwBBNMzjx1t1DxRjtWAK9Uh +k5H9czteaz/oxlfI794TWFUpTtK6NA== +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/dfsp_server.csr b/docker/security/payee/tls/dfsp_server.csr new file mode 100644 index 00000000..1064cf54 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server.csr @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFSjCCAzICAQAwKzEpMCcGA1UEAwwgcGF5ZWUtc2RrLXNjaGVtZS1hZGFwdGVy +LWFwaS1zdmMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCFREqTiwFg +1BuJq9KPqL1YAUaqBOU0dVM0Bv61N3IKpvDnxICfyQJQg/zeEonpV3Y0Sya7gBR1 +VXw4aTBn75HCgsPpitKjImJpDD3gEApdZz95tyAgSvhfCM+Hh4SDevq3YwW79HaN +nopRAl6kdd2K8qnoGSDcheKNTbIJZxvwxfcUkIDxOTpfKr2MuiZT0UG7KpoY4ik5 +nsYLh3Jwa1EZ/82DapX+0Tyc2mrJPeDFw/zliFLfQ3j/fw3iqTVdIxT948ZVJ9Pr +HH+2v2/kthoBONNQvh/4uRWzwiba+MdTHbw31sGNmLUBJTfwCs7e5zffU/Q5dgAV +KAEREQtq/DVj9QoNi9LBLLNcs7ufuP0HA5vWZkl2kpSaURPwCNR/xVOxfEVPUzb4 +JYtHk3B1Zl6ZczRSJOCqKepqV9f0I9tmKa4Kkhdm5nzzldgTcfC9wAAUAlldVLbP +8SP1hEX1AwrSSomc2mf/aZcR1qQPn+Fsiyn1ywNmOMTiRJMx4WBjxkXlhP5DmiOW +A68P6kNTB3avud5QfreCacUgD5Q/l9HAPsB9J7MZJayU/x39IMk0pXXtfFsbbpKm +1yRiNnZvpSnbi75PWkFRiYFsOmvHheTQMqjRpTdicOMJhQ5KtGKJQEFii0MNKkB6 +/JkAd1YK7TXL9u0gAfxa+IVaZPUY2+jnCwIDAQABoIHZMIHWBgkqhkiG9w0BCQ4x +gcgwgcUwHQYDVR0OBBYEFBmkYSJMJaNpX72JGelArLk/w3I0MAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB +BQUHAwMGCCsGAQUFBwMEMCsGA1UdEQQkMCKCIHBheWVlLXNkay1zY2hlbWUtYWRh +cHRlci1hcGktc3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD +ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAbNGUiLn+bx5S9HQ9CI8ac6oy +21hI0mFtuDQPp4PPkCxbdN/LiyjpYg6EC7ZSOWxkrsOU3spwR31nFlFTmTcdKjzb +Nhn09bdmc8FVNl6P+jlwIJozmShKuHiVzPGjVZEZcIRHXVPScnGCHaNmDt2IYAYq +9oMZULuN2q2dImFSA8gOFCeW+ZkmvTE+tb/zg+4kuZKEYYLdRAEACt0XX+K6tunv +h8l9OsbhAVl/mvke+ydsrUfMdi+larqKMYeP/ZVMBrQj31/YCSSxTEi/F9/QCgto +dNQ4hEHwHG6ZL9HMIdA4Ej55NIHBlYovAqCFSXPqM2C/6MoxbnQ7sM1JzBZ34uCV +wdpbGpnf59vZjSPxWUhCZ/gLfD/Zw7+msQqs2iht0TPvhSKraK2mxOkfy8UuOOPQ +TuYxLVMld7OIHC8L5jqRi/YS3zu3WwOemIiT8ObEh86NJKk2ofXuC/wcTmkQXlvN ++2r5xPq2fntxAwJnY5AkhzXVWZxNyUCe1If1MN5OW5Xc9foeni55HpZvWU9vYzMM +IPTYbo3I+PAA6IGwnaqfM6CoJJ6ImSdf0cu5DZROE5eAhqmyyNh/AyksRgohcNkx +TI/nalIJA98ooXoEFIZNKg/ouZTULiGLywkWBaMaz3l73MnQDHlYfKqWPxjHV8Kj +wd/CxO/6uqIyaSjuXc4= +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payee/tls/dfsp_server_cacert.pem b/docker/security/payee/tls/dfsp_server_cacert.pem new file mode 100644 index 00000000..bc208037 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUYOahCSI+t+iJCevDl20zaRkNbaYwDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyN1oXDTI0MDMxNTAy +MDMyN1owgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAiHaHFpgfb0FHsQ+i/gpR/YFZUUlfTW7UQlIf7BvYnp9p2wEiL2r7 +GtYnF6S+hSV5A1/qnHNzo8SGCy8RP3I+0d7ape0fYFJYyj2oFpn5F1QiskxVKPn0 +b4cxRO0Px/j9eZCybt0Ca/0FYAcXFJ2LBq6WrymZIbaC4owkIGT3EnSSUEcZ0K0f +cPEleD69gNpxGePISm2Ljcu5zUjuOfceNxPcGctKbP4sV0ldyskZzZl/omDK+gNM +BDl2vdYLbG2r/GDjVCeVGobEHdq9v0j6H06fZ7E4qmdXYTGKev+l8NWDOfuHUdvh +K60D6VDn8OZj2MMA7Xv01RErKZB/h9Jws7Ayj31OGr/WAbHpTn4V2HjqQdrbq0pq +lsvufDlPnUFKv0aGk70DlSQja99XPAuy0/5OjbsBrHvcCupw/HagBTR/hCGdcD4L +TPynPKbk6Ep3NEcf/nyYoKwy+wDh2bUgqSB3E/6UNrbYTTl42Ti/QItSYDBnd871 +mdZwIyhqWz8fFXVxs1M0K0HGTXMnRvEOT4djrL7okF31L/5LyHsZbwY+/Uw20nLN +LhTKOiSaNwpZws8f4dHgV+rnJD7lekzSxeSkkcayrROQVZEt1MDGshQzYR6bPQ3O +9dri3NaoTuGVSislRDAnnhAy010EewgizBWzjHsf+Z5bsMLikwVE1K0CAwEAAaNg +MF4wHQYDVR0OBBYEFEVYcAvlsnioq/2DujBIiaZMwsGYMB8GA1UdIwQYMBaAFEVY +cAvlsnioq/2DujBIiaZMwsGYMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQB1RK/7HKZ3yFxGMZ6gr1Cz4Aqj8jqXZU0Cu7lR +vUCH9EV/7dLsUp6wWjnZK2YlDN6sejAyMeOcGgiOmFZw7aKxLu0erypzrbMGuzGl +l8UFiYveJV0GSpBzCZ7gBbl8LLJD2YoTt3BuGTod7cJp95peY+m5ybWMnFUyuCSW +QtvxKS/Crv6FTpSTI3FXFIhJJgLQqqB2xb3fTp/Tuc0keYBZt1lgpMC/Yo5rhJPD +yqzV/LuQiuAGpuuy7SRKKBWAIlAYBwdHAfhrnfmQq84tE/LCgtgr4zcxhstoMZ0t +w6oeXYbEhDScpLMh/L5O5qPEJxwWXRVrHEiB2BrbZBzOREDt7HZdsmcRxdUm1A5G +Zd2wNKn2i+16hjCLo32O+whubkW5Oc3MFpW4wh8x5z11SLue+y8hKae53w1Dbj87 +VEGqYr3ZuUbSW7ODnuvhJ6y4oNcYDCiwC7A0cQ+lA0vLjYQGf7iLRaKOS40/JcyF +IPlBi2keQXlB16xgMFm1KGVOq00odlYP1HMI4QjMncC028NOJAP6dbcxDk9TZSkS +KPpMFAa8a3Hfd6x5nYTAwtCrc63MsC7CUUX6cvNNIege/Tveu/Epm+qcnE7DjJ7t +qQQtrlFWMQHmvKuFqt6yw6iHM2awlbluzPg+kDG8Rsiqs4Lt4bnfFO7iJ/5FDafu +Zh04Mw== +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_server_cakey.pem b/docker/security/payee/tls/dfsp_server_cakey.pem new file mode 100644 index 00000000..d5dd4da5 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCIdocWmB9vQUex +D6L+ClH9gVlRSV9NbtRCUh/sG9ien2nbASIvavsa1icXpL6FJXkDX+qcc3OjxIYL +LxE/cj7R3tql7R9gUljKPagWmfkXVCKyTFUo+fRvhzFE7Q/H+P15kLJu3QJr/QVg +BxcUnYsGrpavKZkhtoLijCQgZPcSdJJQRxnQrR9w8SV4Pr2A2nEZ48hKbYuNy7nN +SO459x43E9wZy0ps/ixXSV3KyRnNmX+iYMr6A0wEOXa91gtsbav8YONUJ5UahsQd +2r2/SPofTp9nsTiqZ1dhMYp6/6Xw1YM5+4dR2+ErrQPpUOfw5mPYwwDte/TVESsp +kH+H0nCzsDKPfU4av9YBselOfhXYeOpB2turSmqWy+58OU+dQUq/RoaTvQOVJCNr +31c8C7LT/k6NuwGse9wK6nD8dqAFNH+EIZ1wPgtM/Kc8puToSnc0Rx/+fJigrDL7 +AOHZtSCpIHcT/pQ2tthNOXjZOL9Ai1JgMGd3zvWZ1nAjKGpbPx8VdXGzUzQrQcZN +cydG8Q5Ph2OsvuiQXfUv/kvIexlvBj79TDbScs0uFMo6JJo3ClnCzx/h0eBX6uck +PuV6TNLF5KSRxrKtE5BVkS3UwMayFDNhHps9Dc712uLc1qhO4ZVKKyVEMCeeEDLT +XQR7CCLMFbOMex/5nluwwuKTBUTUrQIDAQABAoICAANW4THmmZhToOE+mHa+gmih +dnHUiZI/xM51q4XP3aJuFL1Q/wjphYkP1geQVsAz3Uz9lyRqd9k5WS1jYrjqfwqM +OU4HqjWldjpGvXsGHBAb1TiHQSs+SKLFDGnbIkB6wZsstQ0c9+70E2JY8hHlVA5f +Dd1t92sZiATquISZa+ll9GGmB8XxQpx1Lj1Nzb3eOpfPWOqnWRuocVzKbNf6yeC/ +qepwrNrTcnrVVwf8GVdMaxDqbPUmyQCudk8pcoCeA3Aq381CpbWvOBPh8zQ/4S0M +c76qGdCjtEHy4Chn4qPs2af81YAlkRJMStT2D6L3xFg812Q4XRKst6FuAYztk6fs +4Mv1RM/rwe8PqR1ZCVlUwTr28ftQ+Qe/y0ejnEd605fBYU/FjR4tMDM6figwwBHa +f6fm91Rivx27ieovjrwgacUH/E0RzyM0fpaDxdGI+DwplUnTXTUfeFrVmcV4qPsu +tolfrYGKUfjNebrmZS91Vr12wScPF2/jevkLw18LulLDG6Fy9BMfBqPusgy7ThEi +wda6JIwPO/sRoDMSJ6mdpmcMFtw6Zg4pS170A8IHukikw14qlh0vwI+TcTmjZmUc +eCnA6T+Scu+M7iXbqJoV0nwzU5sS3WcXAaCRWqq6ecb/ne+LvtTUwVSdTJ3FQEyG +fVlx18w4Wp6QhF6UfQzhAoIBAQC+421ASOAZv43Dqhl/KyTIen4+mlYkAYYTHLW1 +Sd7nojaWS0kq6mkcfsOA357sOT2FQYPuerHxau+fs+LimW2Z+fJnP6kShBO9Z39K +jSepXaetWSQRIVYPrzEXBKFbXiLPBQTdDzw8wBsEw0Z0hioahZ9DPKjme7CmvmkF +mbTMFEu7d8bc4K5jIhrovTPF8Hs8GPCktGbrqZlgNy7VAWNxCiy1nyPEt6eKSU5k +Ig5O4TEJBRhGg0VbsmAp6oxlF5NMpXM4ABdm74vbYoFY02PaQu8BWqGpg21CZida +fUWy4sG4zZkr8KIyRKPwVylFdjK5YQ2dmgpXFjWzB2Pr615hAoIBAQC3Ap6JW7dO +MmqT1KfIVVAvkZwTL190A1kj7HvJ1PakMSkd4kaP4ZX4+jDHR6gm5VvMp0roJTtB +xZeJNWwHhxn+iz6uinbmiWqM5m1zRpVdVd3hGPSS99UO+FjJKfLiaD3RJrOrxk93 +LezvyRuBhpHJo80ZSQHenrUzjCGJMDd+W0fr9M56odonqxue46RAazemPiqvpk1R +Pwyamw24VXU+xBZizwWYSjFI7p/JxhbbRCci4qZvGt0vlzPmPdbwYrkj3WcYdFVQ +SIPQvUXJ95OYi9aCU5QX9S7mgnGRM4XT1FaAKRxxDy9VGvDzPqXI43daqoorBdMo +99XydKYVN+HNAoIBAAflcoSBPzvxb5TTeYCIMVpVrtk6GywcIAa0XlPkfWMJk8Z9 +0MYEslpqZ/3xwio1Z/UWM7Xuv2OkL8tkbpM/E4iWDU/2EzFf400ndd2In0ZjSGdk +U5idz2iQr7ArEd2stDXqGDxov+4naDa3OTfiwOUd9+uZG8eFAFa1c7S2mgMDJ+rW +VpSWesBBDenowbaDbyWaRoIZsFQ5TM3tGnPXPdzUNetBbQJbMoQG6kY8Hmlm6Vdd +LZblIT5cz5uMR0h7RC2cfnqnjlBEwn1NwtoAzJWfxTFCJYPUmvVvMluM6RAwTyEs +6BQoPR1lN37erCdib1C50g1d7OWTVp9UQ+7jaqECggEBAJWTcnfZmkwzMKB6olc+ +Qzddzy5u/ZkYU3blBZfEk4FHHM/r7LgULDs+YTe+/VQtCYaPBM4QAAqVsHDYVN8i +MMC2lhiZ2uw5S/i1LKeW/OU4FQyxFNQ58s01dXuU6YraoAudkiPHBZPm2UxyFiUb +E3S2iB8uaHTHSlpDIfW6juCbQoE7qLbaKi9Zzk1iyRBNkUIydTjytya8XVTPfbs3 +PYh7Q8Cma3A402dEgRys5ml3nnUIwfb1Aeqvrh90U4RNa/xALM7z5fakDfhBehTE +YMHBKSWDofqizh5gZunCLpMfbUN6VmChhJIOXviwL1etchOMZzkanadSSG7NoCCf +d9ECggEATJoUlOptoxXAql4+ZLX3Q/79il+knNfGCNg7H37D5sBCXvMHt5fKVZ9y +xvp9vLgfaam3M3ztVjjdrKqbUg7JP0Ia7t1PIgXAt+67E4JkNK/ZdZB5l7+Hpux1 +wJp6cLnNqMsZmBVGw85gvcNBzNTtOuaegvwdG7DDGCH51cOWih0zD9LmMYBLTTQY +4zs6ljM1G+zxt9CvW0tDdshj1hqFnmaickdfRkD/j6gJu4mNa/d+ag1LvfrJCTYL +RaTIPxz7udtB9dQOnFfcdOy71Qq3ZEoUqevqbChghj2RAKSaccQkPml5Fq67pLf/ +64VVjWDKzRoaGBjDciVuzOwmonSJxQ== +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/dfsp_server_cert.pem b/docker/security/payee/tls/dfsp_server_cert.pem new file mode 100644 index 00000000..429ff28d --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:30 2024 GMT + Not After : Nov 10 02:03:30 2026 GMT + Subject: CN=payee-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:85:44:4a:93:8b:01:60:d4:1b:89:ab:d2:8f:a8: + bd:58:01:46:aa:04:e5:34:75:53:34:06:fe:b5:37: + 72:0a:a6:f0:e7:c4:80:9f:c9:02:50:83:fc:de:12: + 89:e9:57:76:34:4b:26:bb:80:14:75:55:7c:38:69: + 30:67:ef:91:c2:82:c3:e9:8a:d2:a3:22:62:69:0c: + 3d:e0:10:0a:5d:67:3f:79:b7:20:20:4a:f8:5f:08: + cf:87:87:84:83:7a:fa:b7:63:05:bb:f4:76:8d:9e: + 8a:51:02:5e:a4:75:dd:8a:f2:a9:e8:19:20:dc:85: + e2:8d:4d:b2:09:67:1b:f0:c5:f7:14:90:80:f1:39: + 3a:5f:2a:bd:8c:ba:26:53:d1:41:bb:2a:9a:18:e2: + 29:39:9e:c6:0b:87:72:70:6b:51:19:ff:cd:83:6a: + 95:fe:d1:3c:9c:da:6a:c9:3d:e0:c5:c3:fc:e5:88: + 52:df:43:78:ff:7f:0d:e2:a9:35:5d:23:14:fd:e3: + c6:55:27:d3:eb:1c:7f:b6:bf:6f:e4:b6:1a:01:38: + d3:50:be:1f:f8:b9:15:b3:c2:26:da:f8:c7:53:1d: + bc:37:d6:c1:8d:98:b5:01:25:37:f0:0a:ce:de:e7: + 37:df:53:f4:39:76:00:15:28:01:11:11:0b:6a:fc: + 35:63:f5:0a:0d:8b:d2:c1:2c:b3:5c:b3:bb:9f:b8: + fd:07:03:9b:d6:66:49:76:92:94:9a:51:13:f0:08: + d4:7f:c5:53:b1:7c:45:4f:53:36:f8:25:8b:47:93: + 70:75:66:5e:99:73:34:52:24:e0:aa:29:ea:6a:57: + d7:f4:23:db:66:29:ae:0a:92:17:66:e6:7c:f3:95: + d8:13:71:f0:bd:c0:00:14:02:59:5d:54:b6:cf:f1: + 23:f5:84:45:f5:03:0a:d2:4a:89:9c:da:67:ff:69: + 97:11:d6:a4:0f:9f:e1:6c:8b:29:f5:cb:03:66:38: + c4:e2:44:93:31:e1:60:63:c6:45:e5:84:fe:43:9a: + 23:96:03:af:0f:ea:43:53:07:76:af:b9:de:50:7e: + b7:82:69:c5:20:0f:94:3f:97:d1:c0:3e:c0:7d:27: + b3:19:25:ac:94:ff:1d:fd:20:c9:34:a5:75:ed:7c: + 5b:1b:6e:92:a6:d7:24:62:36:76:6f:a5:29:db:8b: + be:4f:5a:41:51:89:81:6c:3a:6b:c7:85:e4:d0:32: + a8:d1:a5:37:62:70:e3:09:85:0e:4a:b4:62:89:40: + 41:62:8b:43:0d:2a:40:7a:fc:99:00:77:56:0a:ed: + 35:cb:f6:ed:20:01:fc:5a:f8:85:5a:64:f5:18:db: + e8:e7:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 19:A4:61:22:4C:25:A3:69:5F:BD:89:19:E9:40:AC:B9:3F:C3:72:34 + X509v3 Authority Key Identifier: + 45:58:70:0B:E5:B2:78:A8:AB:FD:83:BA:30:48:89:A6:4C:C2:C1:98 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payee-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 54:1c:48:ec:77:f4:9a:07:78:2e:ee:b1:9d:26:98:69:af:ba: + 68:c4:31:56:3d:df:f1:c5:90:c4:76:07:a5:bb:09:dd:4b:a9: + 9a:4b:d5:13:a7:5e:45:e4:df:78:58:b2:a1:3d:ea:b2:cd:f4: + 15:01:a2:81:18:35:de:aa:ed:21:d0:76:58:29:b5:81:e1:38: + 35:d9:07:0e:db:de:f0:ec:7c:c3:57:78:7d:92:35:a3:3a:7d: + cc:17:fa:b5:6e:b1:66:79:6c:e3:b2:3d:76:e2:0c:b1:2f:c6: + d1:15:fa:34:56:4f:2e:1a:05:dd:7f:ab:1c:aa:55:90:6c:d2: + 52:d9:f6:d8:4b:4b:fe:2b:47:6f:ca:32:b9:83:23:3a:06:a9: + 6c:c6:7c:9a:e7:21:60:26:d4:15:8a:ac:42:8e:dc:f6:5c:12: + ed:e3:85:58:0f:bb:d9:bb:ed:de:a1:92:2e:9d:7c:30:bd:0d: + 81:fe:eb:c4:c1:51:f0:3a:7c:3e:7b:eb:6b:64:39:e0:b2:8f: + 38:a1:31:44:93:63:97:c5:22:97:98:9b:fd:7e:01:91:76:a9: + 7f:7b:34:f9:bb:ef:6e:e4:a5:bf:db:34:12:a7:e6:2b:e9:ea: + 00:7a:54:06:30:3e:c9:7e:af:49:c5:63:49:60:5d:fc:9c:57: + 47:23:20:d8:b7:e7:78:77:4c:8b:f6:e6:fc:8e:87:4a:c1:8b: + a7:b8:b2:81:0f:68:8e:56:7e:6e:f0:f3:a5:92:a2:3c:c8:75: + 95:bd:db:a2:5f:5d:1a:ff:5d:77:7d:02:e1:16:32:bf:51:4f: + 55:57:38:10:7b:ed:fc:b5:f1:83:0f:69:62:83:b8:bd:ba:88: + 08:fd:9f:97:57:75:0c:9e:b1:c3:0c:5f:95:da:1c:2a:bf:3a: + f2:cf:86:34:bc:1d:95:9d:f9:d4:16:2a:86:6d:70:c0:f7:1b: + f1:bd:7c:08:d2:d3:ee:10:25:c1:a3:9f:0c:4f:a0:57:18:6f: + 44:71:f5:14:c9:20:a4:88:50:ae:ac:ed:1c:fc:99:9b:45:95: + 4d:7a:23:c1:ad:b2:cd:6c:98:ae:e0:3a:f5:42:fe:b8:f6:14: + 30:50:b6:66:c2:3b:89:71:ed:7d:af:77:12:0d:a4:c9:3e:d3: + 0f:53:be:6a:63:e7:9c:98:25:ad:f5:ab:c0:42:5a:90:33:d2: + 63:d6:c5:73:fc:37:da:53:01:ad:fa:4f:13:53:62:cd:c1:92: + 66:61:0f:37:22:6c:f8:8d:92:c4:2b:f6:13:55:c8:11:93:6a: + 9d:5e:9d:c2:68:94:a9:95:0f:29:05:c7:ae:93:d8:4a:f5:4a: + ca:75:d6:4f:1f:57:78:5b +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzMwWhcNMjYxMTEwMDIwMzMwWjArMSkwJwYDVQQDDCBw +YXllZS1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAIVESpOLAWDUG4mr0o+ovVgBRqoE5TR1UzQG/rU3cgqm +8OfEgJ/JAlCD/N4SielXdjRLJruAFHVVfDhpMGfvkcKCw+mK0qMiYmkMPeAQCl1n +P3m3ICBK+F8Iz4eHhIN6+rdjBbv0do2eilECXqR13YryqegZINyF4o1NsglnG/DF +9xSQgPE5Ol8qvYy6JlPRQbsqmhjiKTmexguHcnBrURn/zYNqlf7RPJzaask94MXD +/OWIUt9DeP9/DeKpNV0jFP3jxlUn0+scf7a/b+S2GgE401C+H/i5FbPCJtr4x1Md +vDfWwY2YtQElN/AKzt7nN99T9Dl2ABUoARERC2r8NWP1Cg2L0sEss1yzu5+4/QcD +m9ZmSXaSlJpRE/AI1H/FU7F8RU9TNvgli0eTcHVmXplzNFIk4Kop6mpX1/Qj22Yp +rgqSF2bmfPOV2BNx8L3AABQCWV1Uts/xI/WERfUDCtJKiZzaZ/9plxHWpA+f4WyL +KfXLA2Y4xOJEkzHhYGPGReWE/kOaI5YDrw/qQ1MHdq+53lB+t4JpxSAPlD+X0cA+ +wH0nsxklrJT/Hf0gyTSlde18WxtukqbXJGI2dm+lKduLvk9aQVGJgWw6a8eF5NAy +qNGlN2Jw4wmFDkq0YolAQWKLQw0qQHr8mQB3VgrtNcv27SAB/Fr4hVpk9Rjb6OcL +AgMBAAGjgekwgeYwHQYDVR0OBBYEFBmkYSJMJaNpX72JGelArLk/w3I0MB8GA1Ud +IwQYMBaAFEVYcAvlsnioq/2DujBIiaZMwsGYMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVlLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAVBxI7Hf0mgd4Lu6xnSaYaa+6aMQxVj3f8cWQ +xHYHpbsJ3UupmkvVE6deReTfeFiyoT3qss30FQGigRg13qrtIdB2WCm1geE4NdkH +Dtve8Ox8w1d4fZI1ozp9zBf6tW6xZnls47I9duIMsS/G0RX6NFZPLhoF3X+rHKpV +kGzSUtn22EtL/itHb8oyuYMjOgapbMZ8muchYCbUFYqsQo7c9lwS7eOFWA+72bvt +3qGSLp18ML0Ngf7rxMFR8Dp8Pnvra2Q54LKPOKExRJNjl8Uil5ib/X4BkXapf3s0 ++bvvbuSlv9s0EqfmK+nqAHpUBjA+yX6vScVjSWBd/JxXRyMg2LfneHdMi/bm/I6H +SsGLp7iygQ9ojlZ+bvDzpZKiPMh1lb3bol9dGv9dd30C4RYyv1FPVVc4EHvt/LXx +gw9pYoO4vbqICP2fl1d1DJ6xwwxfldocKr868s+GNLwdlZ351BYqhm1wwPcb8b18 +CNLT7hAlwaOfDE+gVxhvRHH1FMkgpIhQrqztHPyZm0WVTXojwa2yzWyYruA69UL+ +uPYUMFC2ZsI7iXHtfa93Eg2kyT7TD1O+amPnnJglrfWrwEJakDPSY9bFc/w32lMB +rfpPE1NizcGSZmEPNyJs+I2SxCv2E1XIEZNqnV6dwmiUqZUPKQXHrpPYSvVKynXW +Tx9XeFs= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_server_key.key b/docker/security/payee/tls/dfsp_server_key.key new file mode 100644 index 00000000..e82a4988 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCFREqTiwFg1BuJ +q9KPqL1YAUaqBOU0dVM0Bv61N3IKpvDnxICfyQJQg/zeEonpV3Y0Sya7gBR1VXw4 +aTBn75HCgsPpitKjImJpDD3gEApdZz95tyAgSvhfCM+Hh4SDevq3YwW79HaNnopR +Al6kdd2K8qnoGSDcheKNTbIJZxvwxfcUkIDxOTpfKr2MuiZT0UG7KpoY4ik5nsYL +h3Jwa1EZ/82DapX+0Tyc2mrJPeDFw/zliFLfQ3j/fw3iqTVdIxT948ZVJ9PrHH+2 +v2/kthoBONNQvh/4uRWzwiba+MdTHbw31sGNmLUBJTfwCs7e5zffU/Q5dgAVKAER +EQtq/DVj9QoNi9LBLLNcs7ufuP0HA5vWZkl2kpSaURPwCNR/xVOxfEVPUzb4JYtH +k3B1Zl6ZczRSJOCqKepqV9f0I9tmKa4Kkhdm5nzzldgTcfC9wAAUAlldVLbP8SP1 +hEX1AwrSSomc2mf/aZcR1qQPn+Fsiyn1ywNmOMTiRJMx4WBjxkXlhP5DmiOWA68P +6kNTB3avud5QfreCacUgD5Q/l9HAPsB9J7MZJayU/x39IMk0pXXtfFsbbpKm1yRi +NnZvpSnbi75PWkFRiYFsOmvHheTQMqjRpTdicOMJhQ5KtGKJQEFii0MNKkB6/JkA +d1YK7TXL9u0gAfxa+IVaZPUY2+jnCwIDAQABAoICABOuz/L1u2jhOwX85jcInZqT +aavv2CiE0ZqkE9eRDltrZ7ZbjAHNjvV0YRMtmsfnfpJfrSNRWfQwgY3VX2xicl1P +sf7a3ZxxliZcxADFbbp45uOju+95EzD6HKiwR86hickvK2gkxaPKEDTBzFeu/t8o +UxbwKy3W6myjVpHT9Ej9/C3B4AGAydHHfsJ7tfB4PiSWOLdHI/6aKDcItMrM1ugn +o2NvCSNfJPwnuFDrvjiHZ2FBXrgR/5uA2PyqsDKG3XFYRHFMVhzqEyTbJnwZt0KJ +8ZAB3LgAIifwG4wI5WutvyBiLCktLkKyjA38kqxSayqlfDNGbeGyDGJIaa7N/FaG +B9mOMHuQDMnagRZiIxCG4VOhcWU4lQLb3i7xAuDYDbI+7JUYud/725vPNann6kyE +MFRmeOX+nLD4qH+uhT3QEApHBmukD/SGUwdwmd70DMbKDCEOSB3bkLFDhA+8IePb +I3nlPtmZxthGiHZ6mp57eeKTWvYn5/5QjO9LmQSySGSshNB5dqYMrE/NyaaoKAn7 +qqz+YKksy78wDhCe/G5ETdvpqhrNKq7t40nzFOjaJXyCfhPcvRQxa8zlr2vuQh0K +1m/AbzKw//we6LGhgc4dYPVvAn8oNEmTHwisTEsAgHtAndSPSY17DyioqSrIDBGT +WxioEqj72oNRBToB3aMZAoIBAQC7dYGhyb5wmgcJZxvT8x9Ux4iT+Nb2BDRDZKpF +/hsmK9yMTw8gRSu0mQR0yWDq22kClg/NuCU9sfsdQtSPe4ClnNbX5fuPeICpwlpo +ERA5GI2WJocydQSginGiVI0qD1ufwiYFPqosANRwKjOxapbxJtVI3lHM+Btuhf0Y +Tru8Qa5bedkET+tR/Fa5p24rS0YntxuGrdQvfSwfAh8HP5f4TkQthaM7GW1q4oQx +FRKDlFOFvl8tudWV/tKm+efcYwjFfzFY2uBX5N8TBpTn6arqw32dWeESx+QA3BoD +/uerg+Er9dcSki5Orkv0Bqu4Fa3/YSAWRo5M6xOlDeYWwISTAoIBAQC1/kuQ59ay +1T9qRocCcymNYH1NGPJkr/BkHUy89SfOoMg9QnxObKRyOgKeZT+uv9XiLNzMyh1/ +ui83XrLGAXF0oCtGi6QcOMKTO4k0XeybUN7NV8tYdPd6RECiScK3cX/sS171Mj/5 +KxKVtIhr2ZMLKKRAP+JYkYqWVSXa2MJ99eiP5Xq5ZUmEWBaB/VQd/hqXwX+Mwxcl +iPLLZFd3/IlKyyJCEzZUOGkCNYanIpE2Ax6jdWKWYVQoOFEk+SzTeTsw5bICiesZ +V1WuySRvlJCxbuaQkzI+gKiRIEcAhsWsnBUAHUUw5U21NnIHP60/tV8A9SseVfcG +n09lqaChmFapAoIBAEgcCYOs0V8LQQ2y5hd//FtmbflNzZLRRzFtdbp65wKl+K7Y +cp8dPJS6D+bE2E0/nYNrKiUeYuT6o/g7jvyqq3AJhvOB+mTUG9oxcwl5Ft5/vWc2 +5ubX8LG4z8F7+NlnEv2/d1SpKFjI8O88rKngsLOPFphzPNA12IeJbzR8hOcD9Qgn +NP3dqE3fXZUI/O4WhKQeYa5LC8ZAxkofTMRDCDhyEvPX5lSDkX1+KQ+gZYDL+90E +wCQcyjZq0al9lF1Ik0U1ikv91jK5Tb5J19nmHuMz1AxFWLkav3A9Opyy33cwwdth +NBxmsv19OqZiMogbftUwDWHEPlUEUIg7cnjqEZUCggEBAJwHX8vlKCn8L7kyrC9K +gpZl4idGOxJd0NBUWmUqHa3GJMZ4iNBHzpjr6TDZh0aPy5R0d/zPT4khG7fx5X1i +4V1msJNzxwg3FYJbKZ+O4vqp08ri+UBmT4Iwn+VDLcBOe6kfWVMIeNZruixFMiyc +xbdsaZ1359udM979M040RlLtkCxGRvhJwUTIrMtXYFWydCQlTfBlliOlDNuZtG/3 +P9Gy5DUX+Z0tG8I8F6yVMz/GXu8vBY399cPhvJfhVTAdIMUkOIB6s+fu+1O1uRo8 +mey1MtFCkXIKpfp+XMEzyqfYzRxi+94WyY+SFSLn0eXr3n6YsxX4B6hSzyRO0Jua +WrkCggEBAI+XztkmhvBkiLIcFMBHXFaM8L/y5GJ2w1AzWQJClIqGCPMBoG8FkT89 +ErFxUSIJd8xSVXc3RLJP9cYOyn6BdpAQk9e595AEpE/ww0YceS6+uumXKKGGlHAO +jbiSIChkonwsQ07vPH0VTuzPwyeU6ruzRriHB/Zm3N0ubm/hhA+GtVrr4wcc6zq7 +968cPQBi0uDfdMPqZFj/32Zs72cJfGEFTZWsecO05wUTRMsIAo8/Z2/5XesosOLj +3cHi3/QXi+bfmRreV9gbW5x/u+Dm0JE0jxG6u2TShwnQO792FxL2b9RfaI8J35PE +FQ5S4T6iBXRXvnmzOCFOjUaUlyEMv4s= +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/index.txt b/docker/security/payee/tls/index.txt new file mode 100644 index 00000000..5428516a --- /dev/null +++ b/docker/security/payee/tls/index.txt @@ -0,0 +1,10 @@ +V 261104175600Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180117Z 02 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261104185042Z 03 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110014005Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014041Z 05 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015001Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015242Z 07 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110015824Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020330Z 09 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110020345Z 0A unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient diff --git a/docker/security/payee/tls/index.txt.attr b/docker/security/payee/tls/index.txt.attr new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payee/tls/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payee/tls/index.txt.attr.old b/docker/security/payee/tls/index.txt.attr.old new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payee/tls/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payee/tls/index.txt.old b/docker/security/payee/tls/index.txt.old new file mode 100644 index 00000000..c8a571c1 --- /dev/null +++ b/docker/security/payee/tls/index.txt.old @@ -0,0 +1,9 @@ +V 261104175600Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180117Z 02 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261104185042Z 03 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110014005Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014041Z 05 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015001Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015242Z 07 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110015824Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020330Z 09 unknown /CN=payee-sdk-scheme-adapter-api-svc diff --git a/docker/security/payee/tls/openssl-client.cnf b/docker/security/payee/tls/openssl-client.cnf new file mode 100644 index 00000000..91de4acb --- /dev/null +++ b/docker/security/payee/tls/openssl-client.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_key.key +distinguished_name = client_distinguished_name +req_extensions = client_req_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ client_distinguished_name ] +countryName = US +stateOrProvinceName = MD +localityName = Baltimore +organizationName = DFSP Client +organizationalUnitName = Payments +commonName = dfspclient +emailAddress = dfspclient@example.com + +#################################################################### +[ client_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = localhost \ No newline at end of file diff --git a/docker/security/payee/tls/openssl-clientca.cnf b/docker/security/payee/tls/openssl-clientca.cnf new file mode 100644 index 00000000..1489f934 --- /dev/null +++ b/docker/security/payee/tls/openssl-clientca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_client_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_client_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Client CA +organizationalUnitName = Payments +commonName = dfspclientca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payee/tls/openssl-server.cnf b/docker/security/payee/tls/openssl-server.cnf new file mode 100644 index 00000000..c1098e1a --- /dev/null +++ b/docker/security/payee/tls/openssl-server.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = dfsp_server_key.key +distinguished_name = server_distinguished_name +req_extensions = server_req_extensions +string_mask = utf8only + +#################################################################### +[ server_distinguished_name ] +countryName_default = US +stateOrProvinceName_default = MD +localityName_default = Baltimore +organizationName_default = Test Server, Limited +organizationalUnitName_default = Payments +commonName = payee-sdk-scheme-adapter-api-svc +commonName_default = payee-sdk-scheme-adapter-api-svc +emailAddress_default = dfspserver@example.com + +#################################################################### +[ server_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = payee-sdk-scheme-adapter-api-svc diff --git a/docker/security/payee/tls/openssl-serverca.cnf b/docker/security/payee/tls/openssl-serverca.cnf new file mode 100644 index 00000000..b7e64d1f --- /dev/null +++ b/docker/security/payee/tls/openssl-serverca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_server_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_server_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_server_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Server CA +organizationalUnitName = Payments +commonName = dfspserverca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payee/tls/payer_server_cacert.pem b/docker/security/payee/tls/payer_server_cacert.pem new file mode 100644 index 00000000..16a5c9e4 --- /dev/null +++ b/docker/security/payee/tls/payer_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUErTej5L20NTAGVL24W21DuuqnqowDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyMVoXDTI0MDMxNTAy +MDMyMVowgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA10vW5SlyxXvn6QbGK6lHxH0Ea6npfGMKzvwzBwtUdDKryycUd3I2 +p6ahkMWzGJnb7uCi3W2BY67soLR9vLg/dE6SddwizMjrBNu6/W+wSr15lrtzNhDT +rextKvc74ywhB1ciu0zfwtv2i9Nkc865YXLw4KqJM5T3jTPSGu7OWpluQBHocLK6 +Q2SVc3vyOuFmMda7kxhAa0ysf3SfX3dHm83Bie+HTGmuYQJ7GQx1nBKPDsT8eCfJ +vkd1lsKuxYhPOdC6V+QXKxMdeLi62fy/7m5mAO21jh1uOF7RPW8FVGNt/aaXp12Z +KvlFh3N6lVXL2TEXWn893+Oey0nFl6R1kKXnib1mTAUYyS0sELDLTAQER4yTpgdj +t+tFJiPigZD1ULt4H3bl60fsii2Yr7LM2oO3hXQOdPXHD8nqHbR3p+phnV9SnG7W +dT5kFvGF5QqgwkOrAyXTDK5G2hP6iu3qunMNV8tLq+h2hmx6h/BMmkyJL8O/YvF4 +vBToMmL2mdX1/P8fSFYoFjVSngtAFt/YdMxFxOyH+Ji4MGM7ppRk7SnZM1NBZpHC +QENARhlUb2xadLy9Ubngqy3YFJSJBn50a70rXcziI0bZVXvvZY8nrdpFAmzODh5a +/6vH+fDPQewRRPKJnHw7JOnI0oezBH9OY2m2BJbG7X8tNQbrdtGSSA8CAwEAAaNg +MF4wHQYDVR0OBBYEFEO7crOJ1YRbsFgd0tHkNoOPGmpIMB8GA1UdIwQYMBaAFEO7 +crOJ1YRbsFgd0tHkNoOPGmpIMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQA6NSM20+9jxzwlY7xTrGyULuksydcoiannNZ/n +PfFd3Oj+mUAS3wNHiib39vhfHhSUYAYPxqOdOML9RIdn5MwDAzh4l1Dw1QvIViS0 +4MXgQABTY5r0h+yT9C4nR8aNQh2xPWNccHfB95A3CXno6tucBsptoxymlwYP5x24 +RCkMldQHOuB2EE3o4fq3NH1SHF2rKKRgzZYnjDaE/CTT27r1RPcSe1AZiuiCVnjf +vFbbQDyIvP2dzhcQWSdnJim8giWmazqtRETzBCRZL1BTErtQd0/GabJ9NCcADs62 +DuDsBzxgznh4ukhOqyy51t++hL47IeRgXh1zmu9zHlBVM4Wh7CwZc+7C+UvS2oVX +gGvkEp7t89IUUgVEgAN2LpAxcznp2mz+Izy/1CJgZhr9mWk/fIyBqbPTtRuPK8yR +pfOeyoNCLAjft13qPGzPT4ulT8J89SBO0j158d00kr1NdPWEsx0v8AbcKXlu9tTr +BR8KxSzFUGB2Ahd4MIZpISbdubbqm8kOCw4DErU+ZbJmIN9CKEGIVYHZ182T6skt +lDWxXgc2XspBQUZbCbPXlN6L0Eps3+fmSJ3gGin9lVXrpWCmekNyIeVIeuex0WlI +VInbq2oHxiI0m9l0+O+VvI8kWGhEZJuesBzWoDyWQwx4+7g78F9q1vD9v+Hqhamv +iTsxjg== +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/serial.txt b/docker/security/payee/tls/serial.txt new file mode 100644 index 00000000..eb589e9d --- /dev/null +++ b/docker/security/payee/tls/serial.txt @@ -0,0 +1 @@ +0B diff --git a/docker/security/payee/tls/serial.txt.old b/docker/security/payee/tls/serial.txt.old new file mode 100644 index 00000000..d9bb888f --- /dev/null +++ b/docker/security/payee/tls/serial.txt.old @@ -0,0 +1 @@ +0A diff --git a/docker/security/payer/jws/keygen.sh b/docker/security/payer/jws/keygen.sh new file mode 100644 index 00000000..14a7c757 --- /dev/null +++ b/docker/security/payer/jws/keygen.sh @@ -0,0 +1,2 @@ +openssl genrsa -out privatekey.pem 2048 +openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825 -subj "/CN=fspiopsimpayer/C=US/ST=Ohio/L=Columbus/O=User/OU=Testing" diff --git a/docker/security/payer/jws/privatekey.pem b/docker/security/payer/jws/privatekey.pem new file mode 100644 index 00000000..e245b410 --- /dev/null +++ b/docker/security/payer/jws/privatekey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/NERUW0kWP7sD +BZezMYuC/YIvjCVofKASQwGKkvd+kUhAPWahbIvkD5rRP0QZVtw/BlSDuq+aci7E +kJCgWXXU29+GHapsvqoYMpFcW+jvEdMoLK1LV7EMY3wV4quOBfhK94aCIHNk1+Zl +SzK0bFVE2kGXUj05yWmsRp45UmwVvm8GVXAVrSoDQ0XB4Bi4Ej6UbRZhXdEjOtUj +5XWPOu6NotpRQuD6o0vD8ZyiJC9ZOMswolICYao5WM4Tu3QCJk4Anj27PbyIZAMf +3n80B33IcnjDAiK3KpzpdeCMAoig23Yal2NU+PEvl/XAL5D7TK9CbMFA8irELhSN +0iLCrOf7AgMBAAECggEAWmhQVsLDEC4aMxeV3zjyCoHr6KePmJQ06+2a8PcE52ey +jg16VaGJk9B9F6uee4zCn1pS4+aF2bVbv73LZMZoHLnKOxQT3U9aBg8DBHTA8ymu +ejSFzDYulPkFVyPSkljoSio4A5dseKZNXl/sHbuLpf69PNu573T47miFr/z09mI/ +rc5lq1n6rg5E+CjfFP3HWoW/7ifoINPJUyGRXafc85XNARzxC6jEgekMYmzyQiIJ +NuNUprFeNQYBlkJiJbnHJweQ8mearRsppb1kt7is/JVt8kDoybXt5ZtcI1IdTtOw +ZxlJv4yZMeqqzsEpd3IlX+jEcxYuDdYSQdimIT98AQKBgQDV/vi/y6IvvwSYQRxQ +PUx0PazogfRKBS+/0AoeKA5tK9dhGRsjg0pajKO1Hg61yyKbJ72yL/cv53IiZeq/ +pAYuN5N4BFzOAvJhLCgWuquBzBhwHttA/HZu2VE36vQjKUFDnsctXbM8AlIqAkk7 +Ry/zAnnim46nJrRxy2sqy7LmewKBgQDkvAkF3IjUVKCZKQPUqGaVshP+hRn4MQMJ +HB5zqbdnvl1DblVCIxnCPKUO6PWdHn25IYpIbyHFcdIgydZzd19deUgrk3Mlquba +jPu/1gGRNPAafPhL0LjxENOmn9ChRV2ZVHFU2yokWkf4igTuw2Hb21/7Q6cdaBs5 +rUMuV1sMgQKBgQC2Vf9bZMX3ytm+ZVQbpm9baCXJItmkrFCoLjpAwb6xFLb6u+qc +0sRq7QScUVUVX1VIQI9ooWgMQDfGyXJBAiBmBuK3U3hD7MzbMUWjQEDcYqu79P66 +m6LKBo8mhyKoRwGd/U8W/4y1qACcXMBLKvfXJpf2FrdxAxCjGUFiAJiZuwKBgQCm +j5KWdRgiXhmwTiCe+53wBgPvRCc8BxypxpMaMI0Ae6vYTYDCL2MzgQvExrkMF8b/ +R8A1rM9Pwul7vN5vqI6GN6npKW8hD8kZfq5X7FOp1H2/HB+Gvc/eox0saZX3ydY1 +sDryysFuRVvBTWf4Icih26aSBpqrnEKvBk80cKI5gQKBgQDVDDZ1IoIzxbqjDH81 +m9Bl4Wcbh47p6WAJN0hkad0czqen4UW06djjDtDEnT0Kg2j+oN0LqlNZRNkUQZp9 +cl8pcZ2r3ME61BFoRLn13BtXxuHnyom4WUukfhLqYA+DI4dWXxnZHz39usWpmS8n +9m+4CXBd6FaOsVxJrBgt6YwUuw== +-----END PRIVATE KEY----- diff --git a/docker/security/payer/jws/publickey.cer b/docker/security/payer/jws/publickey.cer new file mode 100644 index 00000000..1080509b --- /dev/null +++ b/docker/security/payer/jws/publickey.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUWSaadyOlOZuikVJBgnVJm6sHmS0wDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZXIxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjBaFw0yOTAyMTIwMjAzMjBaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVyMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/NERUW0kW +P7sDBZezMYuC/YIvjCVofKASQwGKkvd+kUhAPWahbIvkD5rRP0QZVtw/BlSDuq+a +ci7EkJCgWXXU29+GHapsvqoYMpFcW+jvEdMoLK1LV7EMY3wV4quOBfhK94aCIHNk +1+ZlSzK0bFVE2kGXUj05yWmsRp45UmwVvm8GVXAVrSoDQ0XB4Bi4Ej6UbRZhXdEj +OtUj5XWPOu6NotpRQuD6o0vD8ZyiJC9ZOMswolICYao5WM4Tu3QCJk4Anj27PbyI +ZAMf3n80B33IcnjDAiK3KpzpdeCMAoig23Yal2NU+PEvl/XAL5D7TK9CbMFA8irE +LhSN0iLCrOf7AgMBAAGjUzBRMB0GA1UdDgQWBBREVDEKyvB0X1PF3l76TKKbr2nV +WzAfBgNVHSMEGDAWgBREVDEKyvB0X1PF3l76TKKbr2nVWzAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBmlox7S/6VOkl1ix2X4xaWZW7LUy/5UfA+ +Zxhy02zPY6puzbTd7O0TwK6WXQ0P41U24IksUj43FNgpcS2EcNy8yQTXyh2Sx7ro +wrBEX1R2kaf+vond4Yl7iVXC/127JeGPG8bnfgNeHY/NTJNedzUTJ4Ax5rTUAtCh +TVIjfhKXmR2091C4P1QMXpvHsYhWaWPUZkkrOZq8WkBxyuPaLMZE52IH5VyUqUna +w6ShQvkN48k0VrRGcejYLmpKtXMlx0bLf3/Noz8MF2HJK4sDvohPkHZlZPnyj4Zm +m/HGVUTzUiKtg8UEbEd20KDoktz2sCeOFpAk+nLmSBhvnMOvzAh4 +-----END CERTIFICATE----- diff --git a/docker/security/payer/jws/verification_keys/fspiopsimpayee.pem b/docker/security/payer/jws/verification_keys/fspiopsimpayee.pem new file mode 100644 index 00000000..90c2e9f5 --- /dev/null +++ b/docker/security/payer/jws/verification_keys/fspiopsimpayee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUIw60tmOgWtsoMuwSiCWhFAbgYQgwDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZWUxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjdaFw0yOTAyMTIwMjAzMjdaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVlMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEUZLuN584 +blSbM6KGpK+36rJsAw+jz8y5hcRh8EvU7lBnam39a/dAx/If8LqttMAqGfx+pNx1 +64PRCJpmdm/FcffA0XHyrmN+K76tRev4q/O80s8qLmLpxTh2P6L9unMEtKyl9bBe +uwV5PnwZ+cJHzy9wMUCpXouWGRK09csYqavGYNqV/zai/4earpi5HR8MJgTRnNXH +HHJw6Xo8lsA6Tu/6ELOa0QDXuOeb6gWUDmynewuqsLhZgurF/EPrbAebRgXzLZVe +GcDgi0jz0kfpNdqZ45AOWq6L1p5xWYvHJUE05KKkTMnUt7E1RzwzkU24W0smmrBq +G5S7UJB1772NAgMBAAGjUzBRMB0GA1UdDgQWBBQWsU9P5kdFZxLL1WU26BglFshR +HjAfBgNVHSMEGDAWgBQWsU9P5kdFZxLL1WU26BglFshRHjAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQALkRuzIU+FeKn0qg1xE16JRUbMktI7LcCc +vzg1E3kXUoZ7GsTfhySeAcmibvssPQPXrRx/pKwfgoR2O/v9++DumxPRff4UEWF2 +hS2WKOJu2ychQhn5H7cu9Jc7g1QTgLQJlvLR+8IZprC+xOEiaz19xvEW2aMWbE2W +Gr9S2WSxZA0aWOcq1imvVa27h+i8t51He0fwzfguH3+jz3pkkS+6vVwRl5JXke5a +/ufUzIeaRRbcVRnytlwNdgLQBKdwTEJWXFHhd9wMxTjRLa7TdA8et+VLdWF+WKai +GTCIYsiYqM0V5fSwobeH5zKT7DvDDDS5hs5OfkXs6be8vARZxn7b +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/0A.pem b/docker/security/payer/tls/0A.pem new file mode 100644 index 00000000..326fcef0 --- /dev/null +++ b/docker/security/payer/tls/0A.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:23 2024 GMT + Not After : Nov 10 02:03:23 2026 GMT + Subject: CN=payer-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:9e:31:7a:c9:98:4f:a2:74:78:ff:be:5c:ed:37: + d3:49:c2:9e:db:00:51:5e:6d:bf:28:d7:77:13:6a: + 5f:ba:77:f1:40:9d:7a:07:69:1d:81:52:64:e7:27: + bb:dc:ce:c0:8d:a5:38:1d:6f:41:74:33:12:78:80: + 28:be:b0:21:f2:6a:75:79:dc:2d:b0:4b:54:b4:82: + 19:68:bc:65:fa:ff:20:a6:a6:09:c1:05:e0:c0:f0: + 47:76:97:eb:27:81:ba:8a:11:0f:01:3d:6d:e7:74: + 15:f7:71:c7:39:73:98:4d:f1:ad:43:dd:b9:be:91: + 1b:17:98:fe:6a:5c:d9:51:89:75:41:51:ab:b6:c8: + 0b:e0:7e:fa:6a:09:ac:0f:f3:bd:65:f1:2b:9c:75: + 00:9f:e1:0d:24:7d:ed:68:54:7e:cd:55:80:11:65: + 64:72:73:43:d1:06:83:f8:99:4a:a3:a0:80:e1:60: + d7:59:14:45:fa:e3:93:74:79:37:17:40:5c:73:8a: + b2:44:cf:5e:8c:ba:bf:55:cd:8d:cb:3a:07:27:56: + 7f:ee:d2:fa:25:ca:6e:f4:cb:2c:a0:d8:fe:97:96: + 62:4c:a0:72:c0:2d:ef:d3:6b:2e:8a:95:7b:11:cd: + 00:00:bd:5a:41:13:26:95:4b:0e:81:a3:ba:75:9a: + 00:9f:df:2a:86:f9:4f:f9:b8:48:79:bf:20:8e:b4: + 19:52:e3:7e:97:55:8f:fd:8d:f2:25:c3:0c:ed:2a: + c9:5a:f7:d4:0d:32:ee:7a:24:22:49:6a:ce:17:2a: + 1e:9b:ec:77:43:22:27:cf:d2:18:7b:7b:6b:23:0c: + 35:02:80:b3:96:0e:ee:e0:7e:97:b5:ed:09:29:4b: + 9a:07:a2:62:cf:26:2f:28:ff:b3:f3:8f:98:46:4a: + c0:8e:c3:0a:67:7a:0b:b0:0c:cd:3c:fe:73:f6:89: + 64:a7:ea:97:ad:37:6d:d7:10:b2:60:cf:e8:6e:de: + 1e:11:3e:ce:8d:4a:b8:bf:89:3f:72:45:5e:06:bd: + c1:27:b0:19:5e:37:f6:6a:52:dd:93:58:6d:d3:fa: + c7:99:bd:ab:ca:15:91:0e:12:24:29:e6:2f:85:10: + 8f:3d:42:53:6f:1f:f2:10:d8:39:31:bc:bb:16:0e: + 12:28:d7:39:6e:88:5f:8d:f9:c9:7f:41:3f:80:85: + 82:fd:be:73:0a:64:2f:8d:7f:ac:1c:d6:46:52:6f: + 76:28:f7:69:95:cc:2d:ee:8c:a7:5f:b0:29:a3:ad: + dc:9b:a9:72:c3:5b:a3:92:04:61:01:58:37:d5:9d: + e1:c1:3a:9c:fd:d7:1d:82:65:a4:b2:b4:73:76:e8: + d2:45:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:DE:53:76:45:23:BB:9C:91:37:5A:0C:E4:01:FF:F1:2E:E7:79:C8 + X509v3 Authority Key Identifier: + 43:BB:72:B3:89:D5:84:5B:B0:58:1D:D2:D1:E4:36:83:8F:1A:6A:48 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payer-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 29:ef:16:bd:06:17:fc:04:04:f4:6c:94:28:db:db:de:a7:e6: + 7c:19:13:84:ab:6f:60:eb:e9:6d:a3:38:05:7f:5c:f2:5c:f2: + d6:4e:8a:c8:c4:e5:11:cd:5c:38:99:4b:48:08:41:0d:69:5f: + 63:9b:63:de:ce:a6:8a:b8:fa:fa:d0:6f:f8:c0:16:23:1f:ce: + 3c:b2:82:90:64:d9:45:40:87:fb:19:86:48:29:9b:b0:a2:f6: + 73:ba:f8:fc:03:4d:90:51:20:87:88:d6:b6:a1:aa:4d:2c:cf: + e5:f3:98:61:02:94:75:0c:f5:63:5f:33:a0:06:0e:f7:75:62: + 7f:88:4c:3a:25:64:58:44:cd:88:ae:c7:70:e2:0a:d3:63:13: + 39:7a:e8:0e:59:bd:f4:6b:b2:c6:2c:55:09:cc:9f:ea:fb:35: + 57:00:81:7b:c7:fd:7c:a6:c1:d4:de:16:42:66:97:53:aa:bd: + 4d:23:b1:f3:47:00:6c:4d:bb:34:9b:6b:9f:cd:f7:db:84:c7: + 82:15:88:7c:9d:cf:54:aa:6c:4e:4f:9e:00:0d:75:b4:30:b7: + 23:82:cb:05:7f:60:f6:83:ba:64:ea:3c:82:6c:9c:55:2a:ea: + 07:3f:20:de:02:53:9e:51:52:7a:70:8a:aa:86:24:6d:90:5f: + b0:60:eb:c8:c1:76:4c:05:0a:87:98:d4:25:e4:1a:3f:9e:38: + a8:a0:2c:ce:69:c3:a7:d3:7d:2c:0b:c0:83:34:13:84:f4:2e: + 05:6b:9e:c4:46:d5:64:3f:72:6c:cf:85:43:f5:8e:6a:d2:7c: + af:ae:a6:38:6d:74:e3:46:84:b4:23:ac:3d:42:e7:06:9e:39: + 0b:85:13:c1:29:dc:e3:96:fc:6f:88:6e:54:26:62:ef:50:4d: + a5:36:c6:a2:2e:c0:7e:52:ca:11:49:d8:9a:ff:8d:f3:1f:bd: + 85:8b:de:b0:ee:61:8e:c1:2c:31:ed:fe:0b:9e:4b:93:fc:4b: + 81:38:bc:67:36:b0:7e:94:28:24:9b:25:d5:6e:17:0a:71:5a: + 0d:19:10:2c:75:38:a2:21:b6:a6:58:1e:b9:de:be:e7:4f:c0: + 84:dd:6b:a8:4e:5a:4c:26:d8:84:d4:55:ad:aa:8a:20:92:dc: + eb:cd:0f:48:4b:16:bf:07:8a:fa:d6:73:47:23:bc:ea:30:df: + ec:f6:d7:83:50:d5:09:71:f9:d9:23:7d:44:ae:41:7e:9b:20: + 6e:5a:fb:4f:6a:22:f1:b6:bf:a1:6b:b1:88:73:76:ea:93:2b: + 9c:e0:d6:20:46:11:4f:b9:e5:19:b4:a6:d4:b3:a7:62:c5:16: + 47:7b:c4:eb:07:c8:76:8c +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzIzWhcNMjYxMTEwMDIwMzIzWjArMSkwJwYDVQQDDCBw +YXllci1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAJ4xesmYT6J0eP++XO0300nCntsAUV5tvyjXdxNqX7p3 +8UCdegdpHYFSZOcnu9zOwI2lOB1vQXQzEniAKL6wIfJqdXncLbBLVLSCGWi8Zfr/ +IKamCcEF4MDwR3aX6yeBuooRDwE9bed0FfdxxzlzmE3xrUPdub6RGxeY/mpc2VGJ +dUFRq7bIC+B++moJrA/zvWXxK5x1AJ/hDSR97WhUfs1VgBFlZHJzQ9EGg/iZSqOg +gOFg11kURfrjk3R5NxdAXHOKskTPXoy6v1XNjcs6BydWf+7S+iXKbvTLLKDY/peW +YkygcsAt79NrLoqVexHNAAC9WkETJpVLDoGjunWaAJ/fKob5T/m4SHm/II60GVLj +fpdVj/2N8iXDDO0qyVr31A0y7nokIklqzhcqHpvsd0MiJ8/SGHt7ayMMNQKAs5YO +7uB+l7XtCSlLmgeiYs8mLyj/s/OPmEZKwI7DCmd6C7AMzTz+c/aJZKfql603bdcQ +smDP6G7eHhE+zo1KuL+JP3JFXga9wSewGV439mpS3ZNYbdP6x5m9q8oVkQ4SJCnm +L4UQjz1CU28f8hDYOTG8uxYOEijXOW6IX435yX9BP4CFgv2+cwpkL41/rBzWRlJv +dij3aZXMLe6Mp1+wKaOt3JupcsNbo5IEYQFYN9Wd4cE6nP3XHYJlpLK0c3bo0kXj +AgMBAAGjgekwgeYwHQYDVR0OBBYEFLPeU3ZFI7uckTdaDOQB//Eu53nIMB8GA1Ud +IwQYMBaAFEO7crOJ1YRbsFgd0tHkNoOPGmpIMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVyLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAKe8WvQYX/AQE9GyUKNvb3qfmfBkThKtvYOvp +baM4BX9c8lzy1k6KyMTlEc1cOJlLSAhBDWlfY5tj3s6mirj6+tBv+MAWIx/OPLKC +kGTZRUCH+xmGSCmbsKL2c7r4/ANNkFEgh4jWtqGqTSzP5fOYYQKUdQz1Y18zoAYO +93Vif4hMOiVkWETNiK7HcOIK02MTOXroDlm99GuyxixVCcyf6vs1VwCBe8f9fKbB +1N4WQmaXU6q9TSOx80cAbE27NJtrn83324THghWIfJ3PVKpsTk+eAA11tDC3I4LL +BX9g9oO6ZOo8gmycVSrqBz8g3gJTnlFSenCKqoYkbZBfsGDryMF2TAUKh5jUJeQa +P544qKAszmnDp9N9LAvAgzQThPQuBWuexEbVZD9ybM+FQ/WOatJ8r66mOG1040aE +tCOsPULnBp45C4UTwSnc45b8b4huVCZi71BNpTbGoi7AflLKEUnYmv+N8x+9hYve +sO5hjsEsMe3+C55Lk/xLgTi8ZzawfpQoJJsl1W4XCnFaDRkQLHU4oiG2plgeud6+ +50/AhN1rqE5aTCbYhNRVraqKIJLc680PSEsWvweK+tZzRyO86jDf7PbXg1DVCXH5 +2SN9RK5Bfpsgblr7T2oi8ba/oWuxiHN26pMrnODWIEYRT7nlGbSm1LOnYsUWR3vE +6wfIdow= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/0B.pem b/docker/security/payer/tls/0B.pem new file mode 100644 index 00000000..164aa797 --- /dev/null +++ b/docker/security/payer/tls/0B.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:38 2024 GMT + Not After : Nov 10 02:03:38 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:ce:c1:2a:2d:ee:97:f9:b5:16:5e:60:24:ce:23: + 8c:61:f9:c7:23:6a:12:d3:6b:61:2c:54:06:36:e4: + 70:e1:f5:68:81:9f:15:d8:69:df:fc:cf:44:6d:32: + 64:cd:26:2d:84:47:3e:74:3c:73:7e:75:ed:50:b1: + 64:ac:af:26:cf:e3:ec:71:5e:7d:bd:c9:de:19:10: + f4:2c:75:53:37:5a:83:9d:37:67:97:6d:b7:91:b4: + 48:27:cc:12:20:39:f7:c7:1f:ac:c4:4e:e9:72:e0: + 2d:13:2b:e5:35:9b:4a:a2:30:53:f0:c7:41:47:f5: + ba:e0:61:25:13:d2:c6:47:83:85:57:7b:56:9c:f8: + c4:9f:b8:f0:0c:ea:d1:92:01:9f:aa:ad:88:33:15: + a0:cf:a3:3a:0f:93:ab:75:40:9d:91:a8:64:49:dd: + b8:18:b7:a0:f6:a3:e0:74:5d:42:ed:8b:25:f2:c2: + 92:02:85:07:77:7f:24:65:c4:3b:22:4e:3e:cb:c0: + 75:fb:4e:79:bb:db:50:e7:8b:76:4b:ef:36:9f:8b: + af:15:37:5e:0a:6b:20:b8:6e:c7:fe:30:50:a8:39: + d2:d4:5a:59:f2:8e:2c:96:cb:37:af:96:e3:e6:1f: + 7a:54:79:81:96:16:70:2e:20:4f:a3:e7:d3:50:03: + 05:63:c8:8f:d1:01:e1:1c:11:af:a3:99:4e:6e:c0: + da:a0:32:50:43:4c:f4:70:bc:3b:71:48:b9:6e:42: + bb:c5:5f:60:00:35:bc:99:5a:bc:0a:82:de:a3:43: + 81:26:e5:0a:fd:39:1c:29:fa:4a:d5:77:41:a6:2a: + 20:da:8e:ed:61:4e:10:84:35:4c:c5:a1:16:06:ab: + 41:29:45:2f:73:2b:d7:27:73:15:88:18:94:f0:72: + eb:79:d4:43:1d:75:91:65:b6:a5:8c:29:4c:6b:84: + a5:77:16:b9:db:73:e6:1c:c3:35:8b:ed:e9:46:74: + 0e:f5:67:56:c3:94:07:cb:9d:ad:52:85:84:9f:df: + 6f:ab:fe:db:7b:89:db:c3:6a:49:e8:12:53:58:b1: + ea:3e:29:e2:1a:89:eb:00:c8:44:f4:e0:8d:16:dc: + fb:f5:e2:c5:aa:0f:7c:0f:81:08:92:39:d8:81:d9: + 80:49:da:56:b5:fd:12:4e:f2:52:b6:b8:31:53:3c: + a0:04:81:8c:1a:71:cd:b2:ca:f5:10:c0:57:39:b7: + e8:0f:50:31:08:57:a4:d5:e6:d8:42:2f:b6:4f:52: + c1:ac:cb:51:ab:f5:8b:70:42:fc:c7:4c:e5:b4:c4: + fa:97:f7:53:eb:53:37:79:51:2e:fe:10:80:14:65: + 3e:e2:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B7:98:30:3B:87:A0:9B:ED:F4:AE:71:51:25:E7:0F:2C:A4:5D:11:16 + X509v3 Authority Key Identifier: + EC:3A:E7:1E:CC:8B:EC:47:A3:1F:81:73:93:8D:A3:A5:FB:64:F5:A4 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 6e:1a:f5:a0:37:7a:d2:34:89:3e:99:eb:2a:9f:5d:ba:8d:0a: + 59:67:0b:04:16:3e:b3:49:6c:83:3b:7b:34:d2:ad:5c:9b:4f: + 34:79:15:36:f4:44:fb:55:1e:7f:64:65:21:31:6c:1b:69:39: + 6f:3a:a6:72:0c:dd:3c:e5:4b:76:44:ff:c7:91:33:c5:13:05: + 3c:45:88:10:95:be:a0:0d:17:db:ae:1c:6d:20:04:09:2c:53: + a8:ed:fa:61:7a:b6:fe:82:8f:a8:af:33:41:2b:0e:6b:f9:40: + d0:c8:70:40:26:23:c3:66:8b:0f:34:2f:05:b3:77:d1:b8:14: + a7:21:30:bb:1e:40:4e:6e:0b:02:72:2e:ac:1b:9d:fc:85:d6: + fb:59:e8:96:1f:c7:4c:02:90:dc:f8:5d:cd:89:d8:ec:31:e0: + 65:35:f5:f8:30:09:6d:d1:4d:fe:6a:97:90:7a:6a:04:6d:c4: + 5c:4b:d7:e5:ea:62:e6:0e:f3:3d:18:58:02:d3:ea:ca:cb:0f: + b8:dc:38:89:f4:bd:4d:16:24:ed:6f:70:49:de:d5:14:4b:9e: + ad:1c:f9:a7:dd:25:af:6f:5e:99:dd:ce:db:1f:f5:ab:0e:8c: + eb:bb:66:30:ab:5d:57:48:80:6b:50:91:24:bb:48:d4:01:d0: + 1c:72:7f:3d:9a:96:4f:47:38:d2:8a:9b:f1:b8:9b:98:99:e2: + 2a:7e:7b:86:47:86:74:f5:8b:17:30:b6:56:50:9b:fe:d2:8e: + e4:34:d2:ce:7d:bc:b1:1d:df:7d:a9:d2:74:68:b2:43:05:1b: + 10:1d:43:21:43:9b:b8:b8:e2:c9:ce:51:2f:8f:6b:d7:b5:49: + 40:ae:4a:8e:86:51:f8:55:1d:bc:3a:cd:73:eb:b5:f9:af:a4: + 5c:58:6f:bd:76:5d:a9:1a:e9:c9:85:ce:3a:d0:92:43:3a:bd: + 7f:c4:31:09:aa:0e:f0:4f:37:bf:d6:b0:c6:88:50:df:53:ff: + 25:b8:b8:02:ea:07:5f:ce:6d:11:ed:eb:46:13:30:4a:10:90: + 12:65:13:3a:46:3e:e7:99:a3:56:94:19:9f:a5:51:10:c8:c7: + ad:17:10:62:f4:7d:76:8f:9f:e9:a2:47:ac:77:de:32:cc:b9: + c7:81:7b:c4:a2:bc:bd:81:b1:18:1e:c5:6c:79:ae:60:96:01: + db:15:89:ee:10:ca:2f:04:db:78:6f:c3:ab:6c:cc:74:03:38: + cf:3b:7b:40:e6:71:f1:cf:22:8f:87:05:57:16:dd:bc:6c:90: + a6:f6:b7:45:96:f3:b7:5e:01:fc:51:17:9d:0a:aa:0a:56:f4: + c4:7d:de:bc:f1:32:df:48 +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzM4WhcNMjYxMTEwMDIwMzM4WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzsEqLe6X+bUWXmAkziOM +YfnHI2oS02thLFQGNuRw4fVogZ8V2Gnf/M9EbTJkzSYthEc+dDxzfnXtULFkrK8m +z+PscV59vcneGRD0LHVTN1qDnTdnl223kbRIJ8wSIDn3xx+sxE7pcuAtEyvlNZtK +ojBT8MdBR/W64GElE9LGR4OFV3tWnPjEn7jwDOrRkgGfqq2IMxWgz6M6D5OrdUCd +kahkSd24GLeg9qPgdF1C7Ysl8sKSAoUHd38kZcQ7Ik4+y8B1+055u9tQ54t2S+82 +n4uvFTdeCmsguG7H/jBQqDnS1FpZ8o4slss3r5bj5h96VHmBlhZwLiBPo+fTUAMF +Y8iP0QHhHBGvo5lObsDaoDJQQ0z0cLw7cUi5bkK7xV9gADW8mVq8CoLeo0OBJuUK +/TkcKfpK1XdBpiog2o7tYU4QhDVMxaEWBqtBKUUvcyvXJ3MViBiU8HLredRDHXWR +ZbaljClMa4Sldxa523PmHMM1i+3pRnQO9WdWw5QHy52tUoWEn99vq/7be4nbw2pJ +6BJTWLHqPiniGonrAMhE9OCNFtz79eLFqg98D4EIkjnYgdmASdpWtf0STvJStrgx +UzygBIGMGnHNssr1EMBXObfoD1AxCFek1ebYQi+2T1LBrMtRq/WLcEL8x0zltMT6 +l/dT61M3eVEu/hCAFGU+4vUCAwEAAaOB0jCBzzAdBgNVHQ4EFgQUt5gwO4egm+30 +rnFRJecPLKRdERYwHwYDVR0jBBgwFoAU7DrnHsyL7EejH4Fzk42jpftk9aQwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAbhr1oDd60jSJPpnrKp9duo0KWWcLBBY+s0lsgzt7NNKt +XJtPNHkVNvRE+1Uef2RlITFsG2k5bzqmcgzdPOVLdkT/x5EzxRMFPEWIEJW+oA0X +264cbSAECSxTqO36YXq2/oKPqK8zQSsOa/lA0MhwQCYjw2aLDzQvBbN30bgUpyEw +ux5ATm4LAnIurBud/IXW+1nolh/HTAKQ3PhdzYnY7DHgZTX1+DAJbdFN/mqXkHpq +BG3EXEvX5epi5g7zPRhYAtPqyssPuNw4ifS9TRYk7W9wSd7VFEuerRz5p90lr29e +md3O2x/1qw6M67tmMKtdV0iAa1CRJLtI1AHQHHJ/PZqWT0c40oqb8bibmJniKn57 +hkeGdPWLFzC2VlCb/tKO5DTSzn28sR3ffanSdGiyQwUbEB1DIUObuLjiyc5RL49r +17VJQK5KjoZR+FUdvDrNc+u1+a+kXFhvvXZdqRrpyYXOOtCSQzq9f8QxCaoO8E83 +v9awxohQ31P/Jbi4AuoHX85tEe3rRhMwShCQEmUTOkY+55mjVpQZn6VREMjHrRcQ +YvR9do+f6aJHrHfeMsy5x4F7xKK8vYGxGB7FbHmuYJYB2xWJ7hDKLwTbeG/Dq2zM +dAM4zzt7QOZx8c8ij4cFVxbdvGyQpva3RZbzt14B/FEXnQqqClb0xH3evPEy30g= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/createSecrets.sh b/docker/security/payer/tls/createSecrets.sh new file mode 100644 index 00000000..e144b5ca --- /dev/null +++ b/docker/security/payer/tls/createSecrets.sh @@ -0,0 +1,27 @@ +OUTPUT_DIR="." +setopt +o nomatch + +rm -f *.key *.pem *.csr *.crt *.old *.attr + +## Generating Server CA certificate +openssl req -x509 -config openssl-serverca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server_cacert.pem -outform PEM + +## Generate server csr +openssl req -config openssl-server.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server.csr -outform PEM + +## Sign server cert +openssl ca -config openssl-serverca.cnf -policy signing_policy -extensions signing_req -out dfsp_server_cert.pem -infiles dfsp_server.csr + +##################### + +## Generating Client CA certificate +openssl req -x509 -config openssl-clientca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client_cacert.pem -outform PEM + +## Generate client csr +openssl req -config openssl-client.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client.csr -outform PEM + + +# Sign the hub client csr with clientca +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out hub_client_cert.pem -infiles hub_client.csr +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr + diff --git a/docker/security/payer/tls/dfsp_client.csr b/docker/security/payer/tls/dfsp_client.csr new file mode 100644 index 00000000..23fd2bda --- /dev/null +++ b/docker/security/payer/tls/dfsp_client.csr @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFnDCCA4QCAQAwgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDESMBAGA1UE +BwwJQmFsdGltb3JlMRQwEgYDVQQKDAtERlNQIENsaWVudDERMA8GA1UECwwIUGF5 +bWVudHMxEzARBgNVBAMMCmRmc3BjbGllbnQxJTAjBgkqhkiG9w0BCQEWFmRmc3Bj +bGllbnRAZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC061E7aK7y67nBnTmrKjJ0yJMH7a1dXoyPj+bEaX/mv98XVjwAk3PepynmNr+E +YN2YVvgW21+gZAj4qMncw+SYmgpAFw2QEyZqRZ4vltWHMM87l3R4M+q6fx8lOr4J +BAW4709YlKyN4hxkS6vK7FAUSMaHQvkhdcax3rINiHAqWHRMO+q2jauljfKk0fdB +AAs5FUDPOQLedBSEOV2EnuXJDUk2SL+sz3gS/gtwBirmb9ePuIv5fKoP0l0j00JV +ju6EHVG2QDWMrFKpcfsG4i5yiJmKUBsKYRU4yIA3l7l8uP7FF4UWE/GKhCLg2XkF +tSsh/ey4jFJZ4DcPIqS4m7mMXXOTNrFAuMEGQiJN+EKsyHusUpw2LrjgnxB1ZoQS +ZljAYG7LTxdS1TF6mN7muV0zIDSkWtnNPXBCLNSjllmlQBouXKWfsXYSyphsw3RM +BSmx8w4A9DpVKnlJGkIaidh7u/AkfHaa7kSmNH0ubhkpzTI4hbEm0WJwqIJkmS5O +Y1TUYF9xGoxR5BmPCseG2s55pPPb6MLhZ6+ypPY2nBiDs7fFxHGO52F0T6wPdpxU ++S5xhSLfT+S6Q5/Ch8PfGshAAHtYGFdlgEV85tS3ei/RF23deRzcza5M4tun+Yhy +KOI9RrXS+Go2CFXQ2+sMZOOSSVz+o/U72FM5R57jnbor3wIDAQABoIHCMIG/Bgkq +hkiG9w0BCQ4xgbEwga4wHQYDVR0OBBYEFPNRnBiPqfu1pPsnKTRRWkMPKo9TMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEF +BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAs +BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDQYJ +KoZIhvcNAQELBQADggIBAJRhd53vJh6WaNsqZXSggYv2LBeHaXoIoSo0tHsXTqoR +gR9I1ga8brxZnWwMnGck3QNoRiBiutozdpso9JafKyQ6fyLH6rYVrwNsfCVWX0Wk +UT81UQk9KrE/tc82bAnrRIxpnhr2Xlma4DFg0EMTu5VpoFp8KUFAPWc/6oJL/QVF +Bc37EQfvFCSMWzjp4vBKYWLwC4EyW8RACmrapZnnfxegr+55KxIWo9c5M8ZAGZBr +D2yafSvhEUh7sEFd1hnHcIWHBfk0daaYGqKygMB37TwCNEQhCpFrya93Z0Sxgg3w +3hMXgE2L3J7c/99jPVZUup3zSWBFJluQkA/aGvDbO8p2uYGjexOgm7i0DnXtgv0z +OXsLNFA0RVaziYoLLHPEeUliHmftC0zCRvoaR5zSDkIsm1X3kyhQJx6a/GnrG1mf +gQO9gw/vUXoOG3HNgH+7hvZaP5Wne9FsjLAWJ7B1AB9u4Ta77mv8zzPFUS6O8Rg3 +9ZOm0uEp6QJkhoFrrpETdpwUgcUz1a69FqVkTRhDRD1vCZq4uy59wC3gbUMZkpsq +bDu/Z4vkD8zVkcPUS6scUltwkkUzxNMq4HWzgUuc/WuoEBklSjiyn3fa8q/2LXA6 +3l5DhPLS/A290DEWX6ySBQMlt5B/NfOPAtVePaNjvGP5jhCphTVjUgAkswV5zOx2 +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payer/tls/dfsp_client_cacert.pem b/docker/security/payer/tls/dfsp_client_cacert.pem new file mode 100644 index 00000000..e69f1b76 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUTzcqRD5yOjCqM6oUCXUEouocPCswDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyNloXDTI0MDMxNTAy +MDMyNlowgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAuej9KkXWYObUEIxqF7IjFYR9snayNLvqb4ntaMmzH7AXKZKmPPtk +w1CMXx91vhLCSf013UXMxpBZLak/Can9pBgnxOe5BTwo/LH4x76yWW5JpPAVlYZN +emhBW7TXkPGS6Bqhfp/eHst6pA3I9x359wOkW3tkclwt76n1ANexRun3BLkjuMTX +fKrH+pAzIW7hb+czMlvSuUX8X4OlLKVBKoazLnFBJs7bBGDSDQL6TmWy1TB67VWF +iTIivyz6k8OC+OvWLKS6ImV+BjCWlDM77YBSFk5fKV8yqy7UW0+1pEnIMO/UiOpg +QpKRqu/kpJIodyWNDgNTFUKSfNSAYNkeRo8D9Jy//9+1AA9Ofwc7KCcTQDXcjKp6 +KCgbHcnBm+6uAqH2lIGq1caSyo4AgD36VU94jMkJCafJ8HzHSuTakPV4DcvkD+qw +5EZdIMgNinQ1QgCMAGVnL/+79R3EfZ2IF4FROA5JGfC1Sa3SQCPk0Ez6+QphG9J4 +oEFqEu6pVyKMGnauEQV16GBV6XIsOR8YUgh5yE+XK3uAoKE8jjdShaZ61lGMaf74 +sQ0SvoLWVi9hrTYZlteRfWikFhcbfGYkvGLWXK1oDmgogscUogrkdX1IptTB39Vi +9y6qEyuKxHGlMDoOHP6cIMh16wnoMorejVj0O26Md7Pl9W1k2jpj7IMCAwEAAaNg +MF4wHQYDVR0OBBYEFOw65x7Mi+xHox+Bc5ONo6X7ZPWkMB8GA1UdIwQYMBaAFOw6 +5x7Mi+xHox+Bc5ONo6X7ZPWkMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQAkAs7vlx6oOB+iqeKrRWqvtqC0IK56obMBU10C +CxLyjLdED18QaeDqXSSgU0jYcfWVNgoaXshA0IqbV8YRnWUfLsIUeaUHah+hA7OT +5oTM/1VD1ZtN7sugJDp/h5gt/mmML+iTKUGbfTOa4u6kKQYj6x4nK6fp5xaECom6 +Ut7Bi3pTBsf9zPGRGZOL9wC8ayNDUpIjmuJj6K5FJaEuzRLAnkt4LSJb+n+lPmc5 +XvGHY7nG949Qun16J8FIfj0VH7WuLTA0OHr9Eb0K6w0niXFIdgJZ1ifw2/6nk4Hl +S4uBp1yayrRq+9BCcxurOibk59f7bi5WRN7dE1ngAIJBem96wivLElx3lWz2yLEa +bUbM9nkr8PINwsNY1O1HDOl8Da4EUZdo8PrHYDXgCEHZzcWTWlkUTaGbwzvUPw87 +Cfcm0AA7lcgsdaI7t+N2IzTj6vL3SJsEsqeKD9mejvEkAARM24vKunEJIqjkoyZr +YVoi2S6UMoQYiFs7OpgY3aGNnymBwpDwcgdKoIYyFgSGHr62S4q/ocvd4CSdsXt4 +hOde7CXpNbYMX7K1/jcXvGtfCWXDlZ6Ic1QttDE/WFEeh+bJKOAV8II8FXDAoLeC +eeH38S9P9Y6Yv6LCkXzq7NFePDB1/jxR1zcZm6nrn5OhXvAKmn+VPwSOE8aQPqVI +j3HuUA== +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_client_cakey.pem b/docker/security/payer/tls/dfsp_client_cakey.pem new file mode 100644 index 00000000..6a6920f1 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC56P0qRdZg5tQQ +jGoXsiMVhH2ydrI0u+pvie1oybMfsBcpkqY8+2TDUIxfH3W+EsJJ/TXdRczGkFkt +qT8Jqf2kGCfE57kFPCj8sfjHvrJZbkmk8BWVhk16aEFbtNeQ8ZLoGqF+n94ey3qk +Dcj3Hfn3A6Rbe2RyXC3vqfUA17FG6fcEuSO4xNd8qsf6kDMhbuFv5zMyW9K5Rfxf +g6UspUEqhrMucUEmztsEYNINAvpOZbLVMHrtVYWJMiK/LPqTw4L469YspLoiZX4G +MJaUMzvtgFIWTl8pXzKrLtRbT7WkScgw79SI6mBCkpGq7+Skkih3JY0OA1MVQpJ8 +1IBg2R5GjwP0nL//37UAD05/BzsoJxNANdyMqnooKBsdycGb7q4CofaUgarVxpLK +jgCAPfpVT3iMyQkJp8nwfMdK5NqQ9XgNy+QP6rDkRl0gyA2KdDVCAIwAZWcv/7v1 +HcR9nYgXgVE4DkkZ8LVJrdJAI+TQTPr5CmEb0nigQWoS7qlXIowadq4RBXXoYFXp +ciw5HxhSCHnIT5cre4CgoTyON1KFpnrWUYxp/vixDRK+gtZWL2GtNhmW15F9aKQW +Fxt8ZiS8YtZcrWgOaCiCxxSiCuR1fUim1MHf1WL3LqoTK4rEcaUwOg4c/pwgyHXr +Cegyit6NWPQ7box3s+X1bWTaOmPsgwIDAQABAoICAAPLp++HAXt0+vtjgn79Wg4E +aHSOS9EbzQt962TqSUfqVm642cAA+euq51LB16uLwn+0NbdQx39+TvPJssnFuLHy +9Ezm1jYvJj8SexvI3udIgyRk6mvlFAvduQfgR05kQDWQ5Z8qMGS8jsJurZ2t9P6A +Coj7me9jxmRQOfpMbQgfmrVz+jC5hBS9f9uzufeCxgN82uS6TzENJrvkeijRLuVp +XpsiIMxkCMCsIV22o9mZ5e7IUJor1tAYP/FbP7pokXH3jqXWrx4oqEwEDe70pNKS +fhqKexLjKKuqBxfeJr017GpjWxl4f4Kcb3Dn+OkLOtxD3f9dPgL/GvKFfCF+DUom +k9DuUA0GWgT4Q65AffCCkuZ35wnjbM9ZgcsDcZ9F+hxRdba5u9w27HzBvdRQqxPx +fKHWP+TLiWRlJCyYasBt+8ZXewV58woZZbUWd9Hm6llEoAeX0EH3PKfJhQytmjUv +9acD2OhrGc6id5OJT/FQzWaBm1p71g0hmet5jEUAsBbSvO2Z4cjdX4Fir+yHiq4X +gvaCcxdDILJ/QnFGlKLq2XMsMyKzmbIvSs4G+XMEk3pz/9IClXIg0yXPjO4h1Esj +knFumxEuAaUf2oEv20VuwIptqP70RH039OzZIay3bE5micmntqvgtPzpY+HrkaNf +L1HMf9mgzz9+H25lo5IhAoIBAQDg+BM0h6BJ8VCgcec4BpHI8SgC44zrJNlqPfPs +tPqpK6sozHRmdVwKmHHWsAWerASPDgjDg9pHl/8MPRuY9DMQYfI6MMGJTWYoWLcF +N5pacOfhb4p4xrBJc4DxnW/wPEpwRv1jHOljIy/ooEevMoRm3Qbg/dUxxyQ61OHq +nxS+y83VWstElTo0v+0/AryKyRFpUCzMtFvraYj8MaV95L13An56vCCBrE4/gbK2 +E6yktBsu+ICsvf70oDp8yDZGCmy24+ED/NPtFks33O2Sz02pQEU8cNiIxAoDIOQM +abPH9myS6XBea/yCI+4ZMwUPq8Y0HJ8HokIOy7AcvRcERpCrAoIBAQDTjbJQsKfU +tCBDfyAA6ijUGwHZ6DOzVk6uVsADMZxfpd9maHaxe4MmmyAJ21+9pvnHk5b8Y0+g +1DRNm9Zn9YLfTq3jVDkl+kBs4eGAFD2j3Aq5dTI5MAnzAdkpUFfJ036Wz37gwoZE +cHol984xcqeYTMNIyvWooHZaLzKl9Feirmhn+UhG7SpQQB/AHQI66xDAooYx1p7s +UbYTEbHO3+kxUCjWwTDbvU/dEPwnKyFPRUowBYiBaVxYOCkmPMH2T7LOd3T0tR99 +NZaOI/18+DWZfaHX8sbFQ/OXCTitYP+dn9/O52lfdLdV1/4EEkvQ/7Q8b1bK20Lp +bmX2K65Xy4OJAoIBAQCrH6ikLYJcnIXC9cF2mXCtU9smj2Zyuz3yFZwE8wk0Q3ZX +e2YTRbQ0jw8QyiYMMzbohjleV15jVRf5fEYQy7hH/ukdIFcnFMvfZtQY0NnFb9rC +XXEMO75+sLBlmWc7avEIhMdba/OPqIVZwwmkF54lDH2eCRbxXVSOt739FPLXyvkQ +EJdL3ONAmrlhU7iNLTLkU8swDwVYhZdglncW0zbXXvtMauujF6kRn5uL6l1Jj4KZ +8QcX3xIfi/3RSw4VqvpVB/Pyb4/Y6TtgC9pe8PdXBf9kYUYkilI/XPZ7BrBtK2Id +QhpqiGOzrpb/bhKsf/ItU5QYX3E2BfQ5eBAY/YAvAoIBAQC/Uti/TOSb40OCh4fk +C+Fc4gfskKmhOR7zYJVKziVEA3lk3njpznAwC/8PqwyNMmOXcQ0NuKsdIo0i2xsu +7cSsPDXa8CK3C/oT/ry33pZYiPpR+4GuYpm84iEJ0hVy/AjyTznJ/2L6plZx3Ajo +g266uEGspZFCLcybhy/hEnfnMqBN2A7bxkWMSlHsps+LhWejL9j5XcZgpw1pdYk/ +NRVqebpVbmbHdBC0N1Yz/jejv2B2yapIj4bqafAdGrm4DyAAxdxKKzwNOtesOTRZ +PwkKhapG6NOHOAsmvzo44w6J+TqpnnOX1rCvvCWIfRuAKqFQPslZsK50+ljQJ3UH +BZExAoIBAQDV6C9Q6HUemG/UQrfLxsHY9QoerKIsKt9i3ftoVeL4VSbQwGinV9xE +Fb/jJGUlwpw/UdxjPll9rZH2WFmW5EtsDIUM8+qwCBZ6KIbKh5LMTWNCoTORW9e/ +v0p8Y6EvNqUYA06a2DCAO2keAUoCXuQ38NEN35jwPkVuo9fn1e3K4EYYIw+5ivvD +gd37d0tJhWOeX4QO93fwf7DiQTWG847hmlTUj/inLPDM0uYQt6kWcp0IMfJ8EfmD +niRlVRUbLYPImuVRgDtGWlCMsfkgQK7KIiJVlISvsszOs+hmqpGToyiiLs8sdgUa +neKBDj4ROtl+IzXy1+yYZY3SQ9ooJdqV +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/dfsp_client_cert.pem b/docker/security/payer/tls/dfsp_client_cert.pem new file mode 100644 index 00000000..cc839149 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:45 2024 GMT + Not After : Nov 10 02:03:45 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:b4:eb:51:3b:68:ae:f2:eb:b9:c1:9d:39:ab:2a: + 32:74:c8:93:07:ed:ad:5d:5e:8c:8f:8f:e6:c4:69: + 7f:e6:bf:df:17:56:3c:00:93:73:de:a7:29:e6:36: + bf:84:60:dd:98:56:f8:16:db:5f:a0:64:08:f8:a8: + c9:dc:c3:e4:98:9a:0a:40:17:0d:90:13:26:6a:45: + 9e:2f:96:d5:87:30:cf:3b:97:74:78:33:ea:ba:7f: + 1f:25:3a:be:09:04:05:b8:ef:4f:58:94:ac:8d:e2: + 1c:64:4b:ab:ca:ec:50:14:48:c6:87:42:f9:21:75: + c6:b1:de:b2:0d:88:70:2a:58:74:4c:3b:ea:b6:8d: + ab:a5:8d:f2:a4:d1:f7:41:00:0b:39:15:40:cf:39: + 02:de:74:14:84:39:5d:84:9e:e5:c9:0d:49:36:48: + bf:ac:cf:78:12:fe:0b:70:06:2a:e6:6f:d7:8f:b8: + 8b:f9:7c:aa:0f:d2:5d:23:d3:42:55:8e:ee:84:1d: + 51:b6:40:35:8c:ac:52:a9:71:fb:06:e2:2e:72:88: + 99:8a:50:1b:0a:61:15:38:c8:80:37:97:b9:7c:b8: + fe:c5:17:85:16:13:f1:8a:84:22:e0:d9:79:05:b5: + 2b:21:fd:ec:b8:8c:52:59:e0:37:0f:22:a4:b8:9b: + b9:8c:5d:73:93:36:b1:40:b8:c1:06:42:22:4d:f8: + 42:ac:c8:7b:ac:52:9c:36:2e:b8:e0:9f:10:75:66: + 84:12:66:58:c0:60:6e:cb:4f:17:52:d5:31:7a:98: + de:e6:b9:5d:33:20:34:a4:5a:d9:cd:3d:70:42:2c: + d4:a3:96:59:a5:40:1a:2e:5c:a5:9f:b1:76:12:ca: + 98:6c:c3:74:4c:05:29:b1:f3:0e:00:f4:3a:55:2a: + 79:49:1a:42:1a:89:d8:7b:bb:f0:24:7c:76:9a:ee: + 44:a6:34:7d:2e:6e:19:29:cd:32:38:85:b1:26:d1: + 62:70:a8:82:64:99:2e:4e:63:54:d4:60:5f:71:1a: + 8c:51:e4:19:8f:0a:c7:86:da:ce:79:a4:f3:db:e8: + c2:e1:67:af:b2:a4:f6:36:9c:18:83:b3:b7:c5:c4: + 71:8e:e7:61:74:4f:ac:0f:76:9c:54:f9:2e:71:85: + 22:df:4f:e4:ba:43:9f:c2:87:c3:df:1a:c8:40:00: + 7b:58:18:57:65:80:45:7c:e6:d4:b7:7a:2f:d1:17: + 6d:dd:79:1c:dc:cd:ae:4c:e2:db:a7:f9:88:72:28: + e2:3d:46:b5:d2:f8:6a:36:08:55:d0:db:eb:0c:64: + e3:92:49:5c:fe:a3:f5:3b:d8:53:39:47:9e:e3:9d: + ba:2b:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F3:51:9C:18:8F:A9:FB:B5:A4:FB:27:29:34:51:5A:43:0F:2A:8F:53 + X509v3 Authority Key Identifier: + 1D:1B:61:3D:E6:01:AB:E6:BB:45:75:32:08:46:7C:6B:EA:26:90:37 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 13:30:0a:2c:92:11:ab:48:ae:44:4b:da:54:59:2c:90:73:a1: + 71:ed:00:d8:ad:27:86:65:0c:f7:d2:95:d6:7c:85:06:25:51: + a0:74:6e:17:af:cd:88:d6:ec:58:a5:00:f8:4d:d5:dc:57:5c: + e6:d9:0d:75:83:9a:be:5a:bf:c3:18:f6:5a:84:6d:d8:14:8e: + 1f:31:fb:c8:ba:0d:35:51:af:89:a6:62:b8:be:d2:aa:1d:75: + 63:42:3f:89:f8:59:47:30:bc:f9:fd:35:33:92:1d:09:b7:74: + 03:0e:25:d6:80:a2:68:a8:6c:d4:3b:26:b3:cf:28:c7:ca:79: + 25:a6:6a:22:4d:78:70:53:68:47:c8:84:21:bd:ed:82:d4:8b: + 38:df:70:d8:dc:aa:dc:e2:bd:8d:c8:ce:57:f8:10:ee:d6:bc: + 81:b9:b4:07:61:47:53:79:53:c2:c0:48:13:74:9b:e7:51:aa: + 97:19:49:0e:d8:57:77:9b:0b:6d:52:c9:9e:cd:54:c7:55:23: + 21:e2:4f:c6:f0:fd:1d:8e:06:cd:03:3b:79:18:53:71:3a:fa: + b6:47:93:74:cb:fc:13:88:cb:72:82:84:bc:e1:8c:52:9f:38: + 7e:6f:df:74:ac:79:81:31:96:c3:52:46:49:e0:9d:15:9c:92: + dc:67:d6:87:33:33:95:89:75:af:7f:cb:7a:79:01:39:27:95: + 51:15:ca:0a:39:08:0d:87:1c:ba:da:29:17:d6:69:2c:d1:97: + 3a:3a:02:ff:30:72:11:39:d8:ad:ce:50:46:62:11:30:94:af: + d6:09:0b:10:7a:28:e9:a7:49:f6:3a:c1:53:cf:a6:c8:15:58: + 34:c5:33:c2:3c:54:0c:98:c6:8c:2f:71:ec:a7:9a:6d:af:c3: + af:0a:00:0a:09:f9:9f:41:9d:e6:b5:ca:79:e9:ac:a2:b7:01: + b4:82:91:2c:c1:49:37:40:a5:ec:a2:72:5f:30:47:17:c5:88: + 11:5b:ab:27:6a:94:28:f5:e8:62:01:ab:23:bf:4c:c8:9a:c0: + 61:b5:17:9c:5e:58:8e:96:d4:30:02:c7:11:e1:c1:3c:e0:5f: + 56:46:21:41:30:16:67:00:26:3d:34:4e:22:74:2c:a9:0c:cb: + dc:05:ba:19:56:b7:1b:55:8d:14:ca:5a:0e:7d:9b:0f:c9:c1: + b5:ae:42:f9:06:63:7e:9b:53:f1:05:67:c3:40:7e:f2:0e:bf: + 1b:c3:71:f3:13:a8:05:a3:f2:36:d4:35:76:39:f9:2d:8e:43: + 66:d5:0a:6b:35:d8:0f:63:a3:e7:90:5e:fe:00:16:4a:76:a0: + df:33:b0:62:26:f2:3a:8f +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzQ1WhcNMjYxMTEwMDIwMzQ1WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtOtRO2iu8uu5wZ05qyoy +dMiTB+2tXV6Mj4/mxGl/5r/fF1Y8AJNz3qcp5ja/hGDdmFb4FttfoGQI+KjJ3MPk +mJoKQBcNkBMmakWeL5bVhzDPO5d0eDPqun8fJTq+CQQFuO9PWJSsjeIcZEuryuxQ +FEjGh0L5IXXGsd6yDYhwKlh0TDvqto2rpY3ypNH3QQALORVAzzkC3nQUhDldhJ7l +yQ1JNki/rM94Ev4LcAYq5m/Xj7iL+XyqD9JdI9NCVY7uhB1RtkA1jKxSqXH7BuIu +coiZilAbCmEVOMiAN5e5fLj+xReFFhPxioQi4Nl5BbUrIf3suIxSWeA3DyKkuJu5 +jF1zkzaxQLjBBkIiTfhCrMh7rFKcNi644J8QdWaEEmZYwGBuy08XUtUxepje5rld +MyA0pFrZzT1wQizUo5ZZpUAaLlyln7F2EsqYbMN0TAUpsfMOAPQ6VSp5SRpCGonY +e7vwJHx2mu5EpjR9Lm4ZKc0yOIWxJtFicKiCZJkuTmNU1GBfcRqMUeQZjwrHhtrO +eaTz2+jC4WevsqT2NpwYg7O3xcRxjudhdE+sD3acVPkucYUi30/kukOfwofD3xrI +QAB7WBhXZYBFfObUt3ov0Rdt3Xkc3M2uTOLbp/mIcijiPUa10vhqNghV0NvrDGTj +kklc/qP1O9hTOUee4526K98CAwEAAaOB0jCBzzAdBgNVHQ4EFgQU81GcGI+p+7Wk ++ycpNFFaQw8qj1MwHwYDVR0jBBgwFoAUHRthPeYBq+a7RXUyCEZ8a+omkDcwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAEzAKLJIRq0iuREvaVFkskHOhce0A2K0nhmUM99KV1nyF +BiVRoHRuF6/NiNbsWKUA+E3V3Fdc5tkNdYOavlq/wxj2WoRt2BSOHzH7yLoNNVGv +iaZiuL7Sqh11Y0I/ifhZRzC8+f01M5IdCbd0Aw4l1oCiaKhs1Dsms88ox8p5JaZq +Ik14cFNoR8iEIb3tgtSLON9w2Nyq3OK9jcjOV/gQ7ta8gbm0B2FHU3lTwsBIE3Sb +51GqlxlJDthXd5sLbVLJns1Ux1UjIeJPxvD9HY4GzQM7eRhTcTr6tkeTdMv8E4jL +coKEvOGMUp84fm/fdKx5gTGWw1JGSeCdFZyS3GfWhzMzlYl1r3/LenkBOSeVURXK +CjkIDYccutopF9ZpLNGXOjoC/zByETnYrc5QRmIRMJSv1gkLEHoo6adJ9jrBU8+m +yBVYNMUzwjxUDJjGjC9x7Keaba/DrwoACgn5n0Gd5rXKeemsorcBtIKRLMFJN0Cl +7KJyXzBHF8WIEVurJ2qUKPXoYgGrI79MyJrAYbUXnF5YjpbUMALHEeHBPOBfVkYh +QTAWZwAmPTROInQsqQzL3AW6GVa3G1WNFMpaDn2bD8nBta5C+QZjfptT8QVnw0B+ +8g6/G8Nx8xOoBaPyNtQ1djn5LY5DZtUKazXYD2Oj55Be/gAWSnag3zOwYibyOo8= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_client_key.key b/docker/security/payer/tls/dfsp_client_key.key new file mode 100644 index 00000000..a80921a1 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC061E7aK7y67nB +nTmrKjJ0yJMH7a1dXoyPj+bEaX/mv98XVjwAk3PepynmNr+EYN2YVvgW21+gZAj4 +qMncw+SYmgpAFw2QEyZqRZ4vltWHMM87l3R4M+q6fx8lOr4JBAW4709YlKyN4hxk +S6vK7FAUSMaHQvkhdcax3rINiHAqWHRMO+q2jauljfKk0fdBAAs5FUDPOQLedBSE +OV2EnuXJDUk2SL+sz3gS/gtwBirmb9ePuIv5fKoP0l0j00JVju6EHVG2QDWMrFKp +cfsG4i5yiJmKUBsKYRU4yIA3l7l8uP7FF4UWE/GKhCLg2XkFtSsh/ey4jFJZ4DcP +IqS4m7mMXXOTNrFAuMEGQiJN+EKsyHusUpw2LrjgnxB1ZoQSZljAYG7LTxdS1TF6 +mN7muV0zIDSkWtnNPXBCLNSjllmlQBouXKWfsXYSyphsw3RMBSmx8w4A9DpVKnlJ +GkIaidh7u/AkfHaa7kSmNH0ubhkpzTI4hbEm0WJwqIJkmS5OY1TUYF9xGoxR5BmP +CseG2s55pPPb6MLhZ6+ypPY2nBiDs7fFxHGO52F0T6wPdpxU+S5xhSLfT+S6Q5/C +h8PfGshAAHtYGFdlgEV85tS3ei/RF23deRzcza5M4tun+YhyKOI9RrXS+Go2CFXQ +2+sMZOOSSVz+o/U72FM5R57jnbor3wIDAQABAoICAAzuNKQWW0qpZmFcJ18AaRLH +sxqB9j4SH+Gy2z92etm3JO66DxfLciCbufbmOtHvSmc08A5SJ4eDHtEG30aUCaaO +e+UQwLtnYvt9dkzYbvJ2npkXvg9JRqGFrGgwxpxGWVJaaEVgeuS5IGZasjCSqzaH +7QiF1OB7VnQoAnnNIpckM0uvjJr3jSkL+CenihBvPF4cEsG8xWO40C6TGwf7g1jX +RkBG+swTF/XjilW7Wx2VKMbw3bA7JLx0wItq8fbDfHCc19Y6yJkBR/csWlCnocI1 +2SN1jjkzrxyb1+4hPfSYFD1p7O0jB8RqpUOEx42M4URQrbaS8N/TkpvWUgePubcb +fxWqzRYgkysWKp+2BmEmR5QurEK3IRRmyozh7GTMdcEuEcn7h9Wp6Jqwln5FXZf3 +ZSPuCHA20eEUTDsDFMrgcnSyfnjeg4N0BAfRmPRFvx5vC2c42+iMNotvZF9sEDQN +Pdn0RfSiSK+q9Cke10dQd11YO5NDVFCoGk6pXvMt/GIn0pXcKLdnfOtL5ehQQpTa +EEssT8i1f6uAZFsLdw3RfU1I9fkrkiV+CydAJSZg6hSatJWHe+ZJrKM8K2pOQsRW +jIwLwZjW+5rvvJicjo9Rxh+aMyMTQNoi0fd5pWHV1BX+Jzki5oqJLllpKm9wuw4W +TSsVb19nswJyFplbPpgBAoIBAQC8qhfppYkG1a4fOCY+6lmBJqttBWghZz7sAcoL +tl1Wb5sdnBCFt97XeVTbm8BvZkfTDpgfYGt5p61qrF3kHMpOvpMV7WWtLJ2TUSix +xd0wQCH8NhP4oGl2OZ1PEQJLUsuJovB/04Q72aPKkbl99fP2eKOOHG3RbEDUz50H +5SGkCUkLYsBib7nq3+bbKfE2XT3wJU8k2eX55YIiJkIHzNM5vdcfmgpBX38Wn7VO +4p8MJglM3iSybLDr7vw7bVwwx46wcsz02MBYOa+LNBJ+MZCBp7H6aKKbaNNHRCjw +ZkuI5SiPFlpCRotJNc8IY61K+yFODxvVEjM6OZjWuaG5GG8BAoIBAQD1fY7flkUM +kwqsVLzI+J3KdlE5g32ibTP2AuHDq3ROE6+nqWiDwOQLzjHqq332PeWQNBN96di7 +lI5MsEobLzGqdAdwhVLimV0xn2CebZ7HnCmIj3CTXmFQLAPKU+tnbIqD9czm/7uF +T5NgT1xJ95Z7MmC9YPAmrgtLjo6GtEROg0ikheO5uEXDNZHXqniqn7zfl9QATiVV +SLa8+N4SUp1tWDkRiOsYYadijNP2g8sE1kLLHSWD0ArJbgv+JZ/mAkytVZLGDj5f +/NTTrG5EZooFoH4dRRm14e22Ce0FXrxrol1k617MdLH54m8pPCJfErLuAmM2YHlB +fkqu7PB3i3rfAoIBAQCWZPVJAPd5pk72fhkm4EPXS48uCjhXIGmtU0PQEGDZbYB2 +mxkkr02J8SOvKLq/UwaAfcrQgFlMklkQhzUVicnP+eVgfm0mHkHC1Nie1j8bnpQ4 +7JcBBEbtwsHe7I0qpGayYlxbWa640ybZbU8z1SPUX5jpyUnVvvjzbEkeqQ4nKGu9 +EsyP68aGMFRkc0vg7XVZgTRVCQpmKgmR1XOfqizbg7UAcRgpwsmZrFio+MiWs5+I +UjFotnJWsZ0KdoQeMoZRrEIsELlL2zhPvIPdav9qC9c56b1uK6L41aHY+YLPLvYl +EkmDOZ8BDk7qviK/ee+zvSGPucFyccWfrjz4Qz0BAoIBAQCXY0GbUlDsizUWxv7Q +tLih5Ur7u8HbS5qyiF5vSyljCLLXIxqHvYkkWpjfzbfVBaCux96JVI9KRjdmxYQ9 +tWHcasc3tZBCmy8kbdOof5NeJ0hZpZNX3ekHBs2jlRLjacUV0Zv1jBk5AbSxvN79 +4kgTWyLbRo9yWvwuMRBls384J6/BfavMmP20fzGcHM1i8zUHcdrUAVz2devzJ0nT +ZM0eZDx1Osk39OjDVnNUXzvwlK0GEshSvBYa19lfdhZgQmTEs7PanWgLy5/3lSs+ +1TkidTGwnS9YwaXVD9Px7tUlTzBnDtscHI6wudmxRRsxJBfhvOkv3FiKcfZeX1F/ +dy1jAoIBAECDRKHOP7QK0/7wR8qTK36tSCBGeoURYG+m/n+q2vtTTJpkpmPQ7SKh +LlzrZ6/0WV3bDvpo4qyWSl/QLFe0tQN7DBVRSI6PsLA6Fu4DfevZixqxI4J6tqi4 +oOdUyXfksXHO5fbfgPvA0G0Li5DcD7aTqemeCF37MV03Jhttb67zZpdPSn3dgdGW +c3JUskrt2pene4E9KM3PXE/f4h0AlwCJkil0IL4LRjJWXQu8oP4ZOkv5r2uopTJ2 +OP+rE7PeV+coxq19Gb4bnZDUUcbYRGSJoZrdXKNl0pU2Te2nEOeg3m8u/QhWOqUt +NcW4EhzNGuU0SsmWXTYwjHh+BLRYX7U= +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/dfsp_server.csr b/docker/security/payer/tls/dfsp_server.csr new file mode 100644 index 00000000..75019e51 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server.csr @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFSjCCAzICAQAwKzEpMCcGA1UEAwwgcGF5ZXItc2RrLXNjaGVtZS1hZGFwdGVy +LWFwaS1zdmMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCeMXrJmE+i +dHj/vlztN9NJwp7bAFFebb8o13cTal+6d/FAnXoHaR2BUmTnJ7vczsCNpTgdb0F0 +MxJ4gCi+sCHyanV53C2wS1S0ghlovGX6/yCmpgnBBeDA8Ed2l+sngbqKEQ8BPW3n +dBX3ccc5c5hN8a1D3bm+kRsXmP5qXNlRiXVBUau2yAvgfvpqCawP871l8SucdQCf +4Q0kfe1oVH7NVYARZWRyc0PRBoP4mUqjoIDhYNdZFEX645N0eTcXQFxzirJEz16M +ur9VzY3LOgcnVn/u0volym70yyyg2P6XlmJMoHLALe/Tay6KlXsRzQAAvVpBEyaV +Sw6Bo7p1mgCf3yqG+U/5uEh5vyCOtBlS436XVY/9jfIlwwztKsla99QNMu56JCJJ +as4XKh6b7HdDIifP0hh7e2sjDDUCgLOWDu7gfpe17QkpS5oHomLPJi8o/7Pzj5hG +SsCOwwpneguwDM08/nP2iWSn6petN23XELJgz+hu3h4RPs6NSri/iT9yRV4GvcEn +sBleN/ZqUt2TWG3T+seZvavKFZEOEiQp5i+FEI89QlNvH/IQ2DkxvLsWDhIo1zlu +iF+N+cl/QT+AhYL9vnMKZC+Nf6wc1kZSb3Yo92mVzC3ujKdfsCmjrdybqXLDW6OS +BGEBWDfVneHBOpz91x2CZaSytHN26NJF4wIDAQABoIHZMIHWBgkqhkiG9w0BCQ4x +gcgwgcUwHQYDVR0OBBYEFLPeU3ZFI7uckTdaDOQB//Eu53nIMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB +BQUHAwMGCCsGAQUFBwMEMCsGA1UdEQQkMCKCIHBheWVyLXNkay1zY2hlbWUtYWRh +cHRlci1hcGktc3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD +ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAKVaMQNtl1f8o3gChXS/v7H96 +T6jJqw8hCaANdMW876yhNC8ec6a+dz6LK3oXpJtYJpIcxw7mZWdNC7e1gHr+bNSG +Qkos9LqhgD27o1jSq80DtcqeEHVujmJLEbXOg7UDsGVKxxJeL2lx1dxC9ra8Mk1D +EDexjs6f+YE6J7/3Bj5MnK7Tnk4MKCl6Ig1K4Vx2TY2K4EEGsUAXGDoAHvHOtymh +DAVOgk5a56Del+m14mXmqNgmwZMFIzcfpEe35wWbkxWGBlWXvjOUBY+77ssRGJcJ +3zDasNbiIrOqz+kp8082vk5+po1KE1u1TcYuO+G4Rc+fO4rYvocHjDG7FwG+kyU+ +js3aktJLhVltTX5rfpIn1K0gXGiiyJJ9JHVqSNMn8NpC2EI+BOKbRkhK4D2jOG3n +hYNCE5t0pPX7zZnrc3PJJTsgjjbAIO2v2BslluwFomKr6J1IQdv1DYHCqqvssu0b +z5My94i5QANjk8z1Jeh/iejFrIL+jfouwyTLU3upeGOOz9+FagF0k+4BvqkDVA66 +S5n+IB1r2IZNSrk759OfInqF3QhyG+FSM3BbYTL/yQE523YvzzWH/GH+DAdjSanW +ZntZCuTzxCdyVqns0lIah3OgTR6s2Md947t0l5KzKsQL2jMaKQPtidZ6pQygLdz6 +Nw+FHzfnoS10cs306qw= +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payer/tls/dfsp_server_cacert.pem b/docker/security/payer/tls/dfsp_server_cacert.pem new file mode 100644 index 00000000..16a5c9e4 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUErTej5L20NTAGVL24W21DuuqnqowDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyMVoXDTI0MDMxNTAy +MDMyMVowgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA10vW5SlyxXvn6QbGK6lHxH0Ea6npfGMKzvwzBwtUdDKryycUd3I2 +p6ahkMWzGJnb7uCi3W2BY67soLR9vLg/dE6SddwizMjrBNu6/W+wSr15lrtzNhDT +rextKvc74ywhB1ciu0zfwtv2i9Nkc865YXLw4KqJM5T3jTPSGu7OWpluQBHocLK6 +Q2SVc3vyOuFmMda7kxhAa0ysf3SfX3dHm83Bie+HTGmuYQJ7GQx1nBKPDsT8eCfJ +vkd1lsKuxYhPOdC6V+QXKxMdeLi62fy/7m5mAO21jh1uOF7RPW8FVGNt/aaXp12Z +KvlFh3N6lVXL2TEXWn893+Oey0nFl6R1kKXnib1mTAUYyS0sELDLTAQER4yTpgdj +t+tFJiPigZD1ULt4H3bl60fsii2Yr7LM2oO3hXQOdPXHD8nqHbR3p+phnV9SnG7W +dT5kFvGF5QqgwkOrAyXTDK5G2hP6iu3qunMNV8tLq+h2hmx6h/BMmkyJL8O/YvF4 +vBToMmL2mdX1/P8fSFYoFjVSngtAFt/YdMxFxOyH+Ji4MGM7ppRk7SnZM1NBZpHC +QENARhlUb2xadLy9Ubngqy3YFJSJBn50a70rXcziI0bZVXvvZY8nrdpFAmzODh5a +/6vH+fDPQewRRPKJnHw7JOnI0oezBH9OY2m2BJbG7X8tNQbrdtGSSA8CAwEAAaNg +MF4wHQYDVR0OBBYEFEO7crOJ1YRbsFgd0tHkNoOPGmpIMB8GA1UdIwQYMBaAFEO7 +crOJ1YRbsFgd0tHkNoOPGmpIMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQA6NSM20+9jxzwlY7xTrGyULuksydcoiannNZ/n +PfFd3Oj+mUAS3wNHiib39vhfHhSUYAYPxqOdOML9RIdn5MwDAzh4l1Dw1QvIViS0 +4MXgQABTY5r0h+yT9C4nR8aNQh2xPWNccHfB95A3CXno6tucBsptoxymlwYP5x24 +RCkMldQHOuB2EE3o4fq3NH1SHF2rKKRgzZYnjDaE/CTT27r1RPcSe1AZiuiCVnjf +vFbbQDyIvP2dzhcQWSdnJim8giWmazqtRETzBCRZL1BTErtQd0/GabJ9NCcADs62 +DuDsBzxgznh4ukhOqyy51t++hL47IeRgXh1zmu9zHlBVM4Wh7CwZc+7C+UvS2oVX +gGvkEp7t89IUUgVEgAN2LpAxcznp2mz+Izy/1CJgZhr9mWk/fIyBqbPTtRuPK8yR +pfOeyoNCLAjft13qPGzPT4ulT8J89SBO0j158d00kr1NdPWEsx0v8AbcKXlu9tTr +BR8KxSzFUGB2Ahd4MIZpISbdubbqm8kOCw4DErU+ZbJmIN9CKEGIVYHZ182T6skt +lDWxXgc2XspBQUZbCbPXlN6L0Eps3+fmSJ3gGin9lVXrpWCmekNyIeVIeuex0WlI +VInbq2oHxiI0m9l0+O+VvI8kWGhEZJuesBzWoDyWQwx4+7g78F9q1vD9v+Hqhamv +iTsxjg== +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_server_cakey.pem b/docker/security/payer/tls/dfsp_server_cakey.pem new file mode 100644 index 00000000..889e977c --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDXS9blKXLFe+fp +BsYrqUfEfQRrqel8YwrO/DMHC1R0MqvLJxR3cjanpqGQxbMYmdvu4KLdbYFjruyg +tH28uD90TpJ13CLMyOsE27r9b7BKvXmWu3M2ENOt7G0q9zvjLCEHVyK7TN/C2/aL +02RzzrlhcvDgqokzlPeNM9Ia7s5amW5AEehwsrpDZJVze/I64WYx1ruTGEBrTKx/ +dJ9fd0ebzcGJ74dMaa5hAnsZDHWcEo8OxPx4J8m+R3WWwq7FiE850LpX5BcrEx14 +uLrZ/L/ubmYA7bWOHW44XtE9bwVUY239ppenXZkq+UWHc3qVVcvZMRdafz3f457L +ScWXpHWQpeeJvWZMBRjJLSwQsMtMBARHjJOmB2O360UmI+KBkPVQu3gfduXrR+yK +LZivsszag7eFdA509ccPyeodtHen6mGdX1KcbtZ1PmQW8YXlCqDCQ6sDJdMMrkba +E/qK7eq6cw1Xy0ur6HaGbHqH8EyaTIkvw79i8Xi8FOgyYvaZ1fX8/x9IVigWNVKe +C0AW39h0zEXE7If4mLgwYzumlGTtKdkzU0FmkcJAQ0BGGVRvbFp0vL1RueCrLdgU +lIkGfnRrvStdzOIjRtlVe+9ljyet2kUCbM4OHlr/q8f58M9B7BFE8omcfDsk6cjS +h7MEf05jabYElsbtfy01But20ZJIDwIDAQABAoICABj/f8ys8twWRneqpzDjn2cj +ovNDT853C4a8Bsq/GIfDaGoWuAwkcU8nDGRsaB6nor9KSu7N67Og2G3SdzUF6aw+ +AUh5DntbqtouDzilEsGi3W7QhhCVhJaRuJ1ABq6abZ1WEzzPML4F30sd+PBvZNv5 +Rhm4A2U/Wz0EctVYvBIN9Zyv157aScFQeP/nONl4WW7ZAX+TVct/pBnKd0TU6zYe +fmXfL4UCUlKGQLfIWBGOoBi1a6Eh8Y1L683c/gEGkjhi0XgqDjycpBPj0yJDdB+h +putdrnJ5XVZjQAVTkjlZsCg/AyXWOtYgCmAvWuDjDN/DkPQbiRopakMtZil02YeC +3z0wHeB0zFgGp6IDY9A0uA6g9Bud1YNmyx12sIPOEX8UEm0m3vVDytve5I13i1al +iRPYZ0zjJ/MmKGQNkJ8IqLwM+SB0P697ZsywR8trV4FaRbCxfK/K9BAWcIt0JH5u +xaj8mrDmJ3gzU1ARPilCA2mK+BJPITpfm2sLpH2i4UKF/fhE6FjNcflhlwlcuSc4 +iffGjodpWGWqjRvokpHeeq+B/N4Mk6s0htj+y7m5p6BWAwI/PCmHlc4C511fK+4D +eRVPafcSgMTW2qJmS3j6qynlz6+gnbukYOsd4r5YT8yNzt8ckDmacAPec7UOBVsl +E+xyMZN2XtIaxbYy+geNAoIBAQDYGSxTNiJRun1BM6WpffGIaGYGTuddCWJV5udT +dlfHpQLka35HaMFjd6SaAKMoFeEWMGPNZBStQpFveWnyN/EZcmp0zYwKbSogt6z7 +vO98sGvmBJ+BI9VqSpL9l2VVQmAqk9eB6FCZHKZkDGlEhHMmRLN9ByW+usiuue2K +q4SKhjlrcAelsQu5OqVaZvSwhU9U2Dhr0hilb0OA7N8XNxPuyr7TrqZBQ3etFItG +NqSzfxGn7/pgEP0MaVA3XB26YoEpTYRYiuPTCaZQ2chMDFgDXDU+tv4RCLi9YsTk +MUPQXi18wegZW0ho3RQBj1PVBIHSlJBdKLcWUFTQDHK9gp3DAoIBAQD/DMCUdROO +6C9TcsTaMaEL0vEELuRQHseevKdHlXE9UYs8E5pUTnsHY80TmtzibSgx1tEhEU+y ++8/hpZBReXlxhCR6A7IQVbkFnCDJJHWKnFwo5cn+XJTR16xzgRvZwciahlOvYpmA +sRSbDx4yuswGGZKvmGMsZjHyCcdkKMrdoc9X2ivaJMuujC1jm8nmK13LOWSV5Q8a +osQtwgFHtKNIqbJ+uDXlSYS9mP+vcsEjWzGjs9CfYuOuOw5JHK84QoXj0F3AmSuN +2ws1h/02QoCcWbPMQYEc+D3x7Py0i/PhDnORln0l4wBTt/m37V/mRouJM1WBfmYM +eM7eYbMpoovFAoIBAD2eF+x2MBz7vwFbd643kipiEk1ULFZz+Y0i9OzwfqEXpRZ6 +rBwye4ogMFgVPHCOpIrOK3cCRX8NzyhpB1Ogreein0ZE4dyLOgrwNKvnOKZmK63/ +vXd2P0E6mGUkySkhbwhU9Ys+MdUmvS8j9tQprCfKSR+qbRHQcq6Xp2r18yoIkdDX +teaB8CTV2xZG6xh2OqOnr5bW5l4ttqLJZ+dXtiBNwVHcp91OHo7En93acOYZonAv +VkYUMgNa+BuA8Z0Wv1uGleklWUbwpnLBVoKQtnvmy+vhA9rZkMu3oQqsHXkJkZDU +PZkVVTVJbI3xT2cbDOV9pRhbJrF/IF/eXM06tD8CggEBALzxD4FrMe/+JYEmVppl +ha6iuBWnP0/zXWJE049+MAOC8yiwRPYLpayVzIingtbikpJJV2et0WMAlMHOyxjw +an0jrXoOXs0nFAgJ32fi8IicyNErWfZrU3wY0BJJJP6uRhPjSv90hc8GYAN2saJX +K2mhbD9VHrL3iiyJ/gI/DfoeMuIcJ7xU4ecOxVkzQeCXY8Z3YAKDTCspRTe4rwYV +1ZiwziB+Cr8vNXzXaSLqWhX9KsrhHL3WnmCmMzEKZOvCrDlWVP2m+tL94FHpyjV2 +EpzA/ydjp2h0pj8glxyRSTwCXq8N0uxMPCPI+N++o/qNbDVZqBBkOOkoXef0bKt9 +VRkCggEBAJDqsxf6+DU/UGiGYb5H/k0Nez2QBtVzqvHBK3Jdei01Bvw/SqPx+xps +MWw1F3bcBgodtbuc42UC6Ndc4uyDZj65bxF4NYpIQbt7TQkX1kbSVCyBvsBab5st +mrEj5WDU7rbCU49lwrMiUw73DD9SCIpgs6NUz76xborwQxkjWVem5/b/xJF4NiCG +o7m+WFOSgZty7rton2tHS6MWdgPQ9xXU/dpBwJnyZmhXZlFgI9dYaAyYscdZk24x +vZBaztr7ANplZV1RmM3HXJ+sgFUxZzjh3niTVKMd7XwdYXjgTehwjYDPQI4HuHdI +UeOUUtcemzEK3btz/gJo3YcsfKRe+lI= +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/dfsp_server_cert.pem b/docker/security/payer/tls/dfsp_server_cert.pem new file mode 100644 index 00000000..326fcef0 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:23 2024 GMT + Not After : Nov 10 02:03:23 2026 GMT + Subject: CN=payer-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:9e:31:7a:c9:98:4f:a2:74:78:ff:be:5c:ed:37: + d3:49:c2:9e:db:00:51:5e:6d:bf:28:d7:77:13:6a: + 5f:ba:77:f1:40:9d:7a:07:69:1d:81:52:64:e7:27: + bb:dc:ce:c0:8d:a5:38:1d:6f:41:74:33:12:78:80: + 28:be:b0:21:f2:6a:75:79:dc:2d:b0:4b:54:b4:82: + 19:68:bc:65:fa:ff:20:a6:a6:09:c1:05:e0:c0:f0: + 47:76:97:eb:27:81:ba:8a:11:0f:01:3d:6d:e7:74: + 15:f7:71:c7:39:73:98:4d:f1:ad:43:dd:b9:be:91: + 1b:17:98:fe:6a:5c:d9:51:89:75:41:51:ab:b6:c8: + 0b:e0:7e:fa:6a:09:ac:0f:f3:bd:65:f1:2b:9c:75: + 00:9f:e1:0d:24:7d:ed:68:54:7e:cd:55:80:11:65: + 64:72:73:43:d1:06:83:f8:99:4a:a3:a0:80:e1:60: + d7:59:14:45:fa:e3:93:74:79:37:17:40:5c:73:8a: + b2:44:cf:5e:8c:ba:bf:55:cd:8d:cb:3a:07:27:56: + 7f:ee:d2:fa:25:ca:6e:f4:cb:2c:a0:d8:fe:97:96: + 62:4c:a0:72:c0:2d:ef:d3:6b:2e:8a:95:7b:11:cd: + 00:00:bd:5a:41:13:26:95:4b:0e:81:a3:ba:75:9a: + 00:9f:df:2a:86:f9:4f:f9:b8:48:79:bf:20:8e:b4: + 19:52:e3:7e:97:55:8f:fd:8d:f2:25:c3:0c:ed:2a: + c9:5a:f7:d4:0d:32:ee:7a:24:22:49:6a:ce:17:2a: + 1e:9b:ec:77:43:22:27:cf:d2:18:7b:7b:6b:23:0c: + 35:02:80:b3:96:0e:ee:e0:7e:97:b5:ed:09:29:4b: + 9a:07:a2:62:cf:26:2f:28:ff:b3:f3:8f:98:46:4a: + c0:8e:c3:0a:67:7a:0b:b0:0c:cd:3c:fe:73:f6:89: + 64:a7:ea:97:ad:37:6d:d7:10:b2:60:cf:e8:6e:de: + 1e:11:3e:ce:8d:4a:b8:bf:89:3f:72:45:5e:06:bd: + c1:27:b0:19:5e:37:f6:6a:52:dd:93:58:6d:d3:fa: + c7:99:bd:ab:ca:15:91:0e:12:24:29:e6:2f:85:10: + 8f:3d:42:53:6f:1f:f2:10:d8:39:31:bc:bb:16:0e: + 12:28:d7:39:6e:88:5f:8d:f9:c9:7f:41:3f:80:85: + 82:fd:be:73:0a:64:2f:8d:7f:ac:1c:d6:46:52:6f: + 76:28:f7:69:95:cc:2d:ee:8c:a7:5f:b0:29:a3:ad: + dc:9b:a9:72:c3:5b:a3:92:04:61:01:58:37:d5:9d: + e1:c1:3a:9c:fd:d7:1d:82:65:a4:b2:b4:73:76:e8: + d2:45:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:DE:53:76:45:23:BB:9C:91:37:5A:0C:E4:01:FF:F1:2E:E7:79:C8 + X509v3 Authority Key Identifier: + 43:BB:72:B3:89:D5:84:5B:B0:58:1D:D2:D1:E4:36:83:8F:1A:6A:48 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payer-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 29:ef:16:bd:06:17:fc:04:04:f4:6c:94:28:db:db:de:a7:e6: + 7c:19:13:84:ab:6f:60:eb:e9:6d:a3:38:05:7f:5c:f2:5c:f2: + d6:4e:8a:c8:c4:e5:11:cd:5c:38:99:4b:48:08:41:0d:69:5f: + 63:9b:63:de:ce:a6:8a:b8:fa:fa:d0:6f:f8:c0:16:23:1f:ce: + 3c:b2:82:90:64:d9:45:40:87:fb:19:86:48:29:9b:b0:a2:f6: + 73:ba:f8:fc:03:4d:90:51:20:87:88:d6:b6:a1:aa:4d:2c:cf: + e5:f3:98:61:02:94:75:0c:f5:63:5f:33:a0:06:0e:f7:75:62: + 7f:88:4c:3a:25:64:58:44:cd:88:ae:c7:70:e2:0a:d3:63:13: + 39:7a:e8:0e:59:bd:f4:6b:b2:c6:2c:55:09:cc:9f:ea:fb:35: + 57:00:81:7b:c7:fd:7c:a6:c1:d4:de:16:42:66:97:53:aa:bd: + 4d:23:b1:f3:47:00:6c:4d:bb:34:9b:6b:9f:cd:f7:db:84:c7: + 82:15:88:7c:9d:cf:54:aa:6c:4e:4f:9e:00:0d:75:b4:30:b7: + 23:82:cb:05:7f:60:f6:83:ba:64:ea:3c:82:6c:9c:55:2a:ea: + 07:3f:20:de:02:53:9e:51:52:7a:70:8a:aa:86:24:6d:90:5f: + b0:60:eb:c8:c1:76:4c:05:0a:87:98:d4:25:e4:1a:3f:9e:38: + a8:a0:2c:ce:69:c3:a7:d3:7d:2c:0b:c0:83:34:13:84:f4:2e: + 05:6b:9e:c4:46:d5:64:3f:72:6c:cf:85:43:f5:8e:6a:d2:7c: + af:ae:a6:38:6d:74:e3:46:84:b4:23:ac:3d:42:e7:06:9e:39: + 0b:85:13:c1:29:dc:e3:96:fc:6f:88:6e:54:26:62:ef:50:4d: + a5:36:c6:a2:2e:c0:7e:52:ca:11:49:d8:9a:ff:8d:f3:1f:bd: + 85:8b:de:b0:ee:61:8e:c1:2c:31:ed:fe:0b:9e:4b:93:fc:4b: + 81:38:bc:67:36:b0:7e:94:28:24:9b:25:d5:6e:17:0a:71:5a: + 0d:19:10:2c:75:38:a2:21:b6:a6:58:1e:b9:de:be:e7:4f:c0: + 84:dd:6b:a8:4e:5a:4c:26:d8:84:d4:55:ad:aa:8a:20:92:dc: + eb:cd:0f:48:4b:16:bf:07:8a:fa:d6:73:47:23:bc:ea:30:df: + ec:f6:d7:83:50:d5:09:71:f9:d9:23:7d:44:ae:41:7e:9b:20: + 6e:5a:fb:4f:6a:22:f1:b6:bf:a1:6b:b1:88:73:76:ea:93:2b: + 9c:e0:d6:20:46:11:4f:b9:e5:19:b4:a6:d4:b3:a7:62:c5:16: + 47:7b:c4:eb:07:c8:76:8c +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzIzWhcNMjYxMTEwMDIwMzIzWjArMSkwJwYDVQQDDCBw +YXllci1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAJ4xesmYT6J0eP++XO0300nCntsAUV5tvyjXdxNqX7p3 +8UCdegdpHYFSZOcnu9zOwI2lOB1vQXQzEniAKL6wIfJqdXncLbBLVLSCGWi8Zfr/ +IKamCcEF4MDwR3aX6yeBuooRDwE9bed0FfdxxzlzmE3xrUPdub6RGxeY/mpc2VGJ +dUFRq7bIC+B++moJrA/zvWXxK5x1AJ/hDSR97WhUfs1VgBFlZHJzQ9EGg/iZSqOg +gOFg11kURfrjk3R5NxdAXHOKskTPXoy6v1XNjcs6BydWf+7S+iXKbvTLLKDY/peW +YkygcsAt79NrLoqVexHNAAC9WkETJpVLDoGjunWaAJ/fKob5T/m4SHm/II60GVLj +fpdVj/2N8iXDDO0qyVr31A0y7nokIklqzhcqHpvsd0MiJ8/SGHt7ayMMNQKAs5YO +7uB+l7XtCSlLmgeiYs8mLyj/s/OPmEZKwI7DCmd6C7AMzTz+c/aJZKfql603bdcQ +smDP6G7eHhE+zo1KuL+JP3JFXga9wSewGV439mpS3ZNYbdP6x5m9q8oVkQ4SJCnm +L4UQjz1CU28f8hDYOTG8uxYOEijXOW6IX435yX9BP4CFgv2+cwpkL41/rBzWRlJv +dij3aZXMLe6Mp1+wKaOt3JupcsNbo5IEYQFYN9Wd4cE6nP3XHYJlpLK0c3bo0kXj +AgMBAAGjgekwgeYwHQYDVR0OBBYEFLPeU3ZFI7uckTdaDOQB//Eu53nIMB8GA1Ud +IwQYMBaAFEO7crOJ1YRbsFgd0tHkNoOPGmpIMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVyLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAKe8WvQYX/AQE9GyUKNvb3qfmfBkThKtvYOvp +baM4BX9c8lzy1k6KyMTlEc1cOJlLSAhBDWlfY5tj3s6mirj6+tBv+MAWIx/OPLKC +kGTZRUCH+xmGSCmbsKL2c7r4/ANNkFEgh4jWtqGqTSzP5fOYYQKUdQz1Y18zoAYO +93Vif4hMOiVkWETNiK7HcOIK02MTOXroDlm99GuyxixVCcyf6vs1VwCBe8f9fKbB +1N4WQmaXU6q9TSOx80cAbE27NJtrn83324THghWIfJ3PVKpsTk+eAA11tDC3I4LL +BX9g9oO6ZOo8gmycVSrqBz8g3gJTnlFSenCKqoYkbZBfsGDryMF2TAUKh5jUJeQa +P544qKAszmnDp9N9LAvAgzQThPQuBWuexEbVZD9ybM+FQ/WOatJ8r66mOG1040aE +tCOsPULnBp45C4UTwSnc45b8b4huVCZi71BNpTbGoi7AflLKEUnYmv+N8x+9hYve +sO5hjsEsMe3+C55Lk/xLgTi8ZzawfpQoJJsl1W4XCnFaDRkQLHU4oiG2plgeud6+ +50/AhN1rqE5aTCbYhNRVraqKIJLc680PSEsWvweK+tZzRyO86jDf7PbXg1DVCXH5 +2SN9RK5Bfpsgblr7T2oi8ba/oWuxiHN26pMrnODWIEYRT7nlGbSm1LOnYsUWR3vE +6wfIdow= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_server_key.key b/docker/security/payer/tls/dfsp_server_key.key new file mode 100644 index 00000000..cefa9b34 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCeMXrJmE+idHj/ +vlztN9NJwp7bAFFebb8o13cTal+6d/FAnXoHaR2BUmTnJ7vczsCNpTgdb0F0MxJ4 +gCi+sCHyanV53C2wS1S0ghlovGX6/yCmpgnBBeDA8Ed2l+sngbqKEQ8BPW3ndBX3 +ccc5c5hN8a1D3bm+kRsXmP5qXNlRiXVBUau2yAvgfvpqCawP871l8SucdQCf4Q0k +fe1oVH7NVYARZWRyc0PRBoP4mUqjoIDhYNdZFEX645N0eTcXQFxzirJEz16Mur9V +zY3LOgcnVn/u0volym70yyyg2P6XlmJMoHLALe/Tay6KlXsRzQAAvVpBEyaVSw6B +o7p1mgCf3yqG+U/5uEh5vyCOtBlS436XVY/9jfIlwwztKsla99QNMu56JCJJas4X +Kh6b7HdDIifP0hh7e2sjDDUCgLOWDu7gfpe17QkpS5oHomLPJi8o/7Pzj5hGSsCO +wwpneguwDM08/nP2iWSn6petN23XELJgz+hu3h4RPs6NSri/iT9yRV4GvcEnsBle +N/ZqUt2TWG3T+seZvavKFZEOEiQp5i+FEI89QlNvH/IQ2DkxvLsWDhIo1zluiF+N ++cl/QT+AhYL9vnMKZC+Nf6wc1kZSb3Yo92mVzC3ujKdfsCmjrdybqXLDW6OSBGEB +WDfVneHBOpz91x2CZaSytHN26NJF4wIDAQABAoICAA9G5f27+MzOhLTl9GFwR7ZS +1jZ+FF2TKafPDw/P8Qi39pNv4c3/Z7sKcvYjzy+mw8+qCf5FtUN8fycl8UlhBxY7 +E7c9/SeOTtLT0ZJcx1hy9PtDA6QhZjAbxDr+ttXs4E/fD9zlysxUWJ653Sx+LlIw +qbPpILv3lW809jTdXJtUM/+n3HZdYVA/0v0UjApKVpsWrEiCwBmwiS1h/+BYcJpx +zFlhuk6XNRBlma8TVrLwmCGr0YAnxg5Rlfbkkd5r98GsvkSI5i+fBUVLAYuDwhcZ +cmdk9oVZxFddm6S47/VBr6KIyCwpA4UeT7NQdj8k1gA8SRAJwmsegXshjas3wSGI +c1sCnT2To14mXFHVhocayNRhP4hf8FoF6SFWoSttQ9FzE4K4I/TBNh/g69kA7KOd +w8MBfV3ItjX7iOGKnx8wodhe2GeBM0H2WEieROY2+idWLtX91CesSfSMaNx9aXAx +UDs4sOHkZi4URLSAWQElz586pCcKsXcpbm3Y6fwoq0qeUER0eETFQnWZ8vMNcW5J +H6JdaO6+KzNe1OE/jVWJOn7j0RhibhNKB2r1IkZq/H1CLIndf8EVN5JpLP+vL+wZ +rg8Rjbwp066tFZ/YxQnK9aIEY+GFMfUfQIqnqh+s8Zq6mldABV6GdqUH199MwNH/ +TWGK6d5wgDB6jHkMy+bZAoIBAQDMHi1wUj4XlFrkodBbHbqikcraxg1b6EBUI4J6 +sKn8HlFD/ngHxllu6hd6o2+u+17cKmSNGcxLgt0f5tq7wMM97d8vYJEwEX+31oLy +6BhsATWNaHf/bY19zKqtZ1T046cyLU4O926qQ5G3nYic5o7i7DJQjbAMCJ8T3fat +Ilp0gwku8nchMi2OPM15u6YYAo6gohuEj3QgBlIE59BueMi+GL7RHSyC2Mwd8pYW +XQcMoNYFX2tNQycZMoxOEdEOCWx6gyNUNU7ewqm1Rw9GRUbSjeJKO8G9FAvf/TK4 +GqQmfpSp5ywWWd667vEhhTc5G1sBNjiVFCPrdI+JeaZL1wwHAoIBAQDGZwRkS0Px +4u2jbOXU8Ym4SrbLxU1KE4ZJh+zckcrkr0YcSDw1kmK671IePadBBHcWAJ+uTuxs +YNz4CntGj1PG4+wgdz2W9IqRsN94crnObe2btRZVY5KPABKV9tiBcCFV5TNMB2h4 +1Nyps+7tEFe39NFApL0rIaB8VtTaL7unv7c1xcVg6GZFU2jNvVW/oRD97+cEOQfX +aNCGcAsFP6k2pjNoBCh4WgGIQleBDT/KpAIzlQJM3AEYWKpu3bU7CKSKuuX1ZIjG +mDCnEiLIO4Lvz1xQzFm9LFE2XaaCUkApwfLtYYe5RREs12hpoGk3/k8+kEb3EYaB +r6Hx3TvfUbhFAoIBAHrnLMr16kc+X+BMgm1qoCclC/TgzchqNtmyq+z+FMwm4R3E +yjc8OjtrnomMgUHmP37n07WWNAm/mS+NTGVCswzF/t3DEojT8IgcFKr4D0RxEfK8 +VYyqRUjbBGX20xPFQ7YVy2t9ltfUaZgatdhrhtuiBsW0Gq2UP1yyCMbE6ZxADjaD +bjHByeZcPAixcVgBqimUkmcmDXD+/UHQ5xKtjYnQ0oyNOXDr4zOhDrgWeZkj+tov +UyepaJBmfE7BsZP3HqdB8PLSSlQc+Byb1dmk+vjqz7eM9aHIwUG0bmamO/KlwxPu +iwBGSrNaDjz1voOXMhuvrzAseVhbzdWkNvpxWN8CggEASMMRLkMYKQbDhlLyuzTW +ADuObI7weIFOl3r9GCtz0IijWs33HuKPyOTqJeMQity7W9tgtImHVXv0rhcR/N+l +puSB/aodcVY/14yZeFAC6r0QDjHMfgZlgoJRTqRX5Kid4SWMuY5h9yaBws8VieWb +dgCYGXARXFcZx2AE8fvdg3jhFRxx9cdlcnlTj1insP69/5NTEw5jXNG44AUJVaRy +R3OOmNAlk3XW6AUEmHSmd4fMsuQsEsoAsNAbuUsgIwVZavN+UI/NRaAc/7i7/tks +fQx8W7mGE8XEBv8ziMnndCkIEZzaLM0yrlJVnZ9R11Ix98zr6cKIpNknuE8dnRoY +TQKCAQBdkTZcqJ6nZ4HhuQ/Ax2gD2x589ILHSQWFVP77GFDNKpt6W2TfNh1FoZuP +9LNIdtVfdU0ecu1ub8gnc+O++zBsH5zyQxS12hydp5l2/8sgVcYCShT7Z9UIDLSM +0llc2ox3mdkwiEZ68cRriLlUniSlqc+WDOtx8w/hAtsfbpYyhDcYdiX0LOD9yVmN +Yv6jSROESLgKEmGnQtujOmK+rp3/uUOMetmIBVD+pWDkd0tB3YlUITdFXtDtwwGm +u/SgvC81AOmg/fgYVqsuRW7qeQTTtXlubnCg3DFGytU7RJl1SqNI4YtYxvKN47vX +yvkIHnzN33Bqy8kXJW8jwSSWFEy3 +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/index.txt b/docker/security/payer/tls/index.txt new file mode 100644 index 00000000..f621820c --- /dev/null +++ b/docker/security/payer/tls/index.txt @@ -0,0 +1,11 @@ +V 261104175619Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180055Z 02 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261104185106Z 03 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110013913Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014810Z 05 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110014953Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015226Z 07 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110015853Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020015Z 09 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020323Z 0A unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110020338Z 0B unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient diff --git a/docker/security/payer/tls/index.txt.attr b/docker/security/payer/tls/index.txt.attr new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payer/tls/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payer/tls/index.txt.attr.old b/docker/security/payer/tls/index.txt.attr.old new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payer/tls/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payer/tls/index.txt.old b/docker/security/payer/tls/index.txt.old new file mode 100644 index 00000000..bdd8992c --- /dev/null +++ b/docker/security/payer/tls/index.txt.old @@ -0,0 +1,10 @@ +V 261104175619Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180055Z 02 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261104185106Z 03 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110013913Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014810Z 05 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110014953Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015226Z 07 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110015853Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020015Z 09 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020323Z 0A unknown /CN=payer-sdk-scheme-adapter-api-svc diff --git a/docker/security/payer/tls/openssl-client.cnf b/docker/security/payer/tls/openssl-client.cnf new file mode 100644 index 00000000..91de4acb --- /dev/null +++ b/docker/security/payer/tls/openssl-client.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_key.key +distinguished_name = client_distinguished_name +req_extensions = client_req_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ client_distinguished_name ] +countryName = US +stateOrProvinceName = MD +localityName = Baltimore +organizationName = DFSP Client +organizationalUnitName = Payments +commonName = dfspclient +emailAddress = dfspclient@example.com + +#################################################################### +[ client_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = localhost \ No newline at end of file diff --git a/docker/security/payer/tls/openssl-clientca.cnf b/docker/security/payer/tls/openssl-clientca.cnf new file mode 100644 index 00000000..1489f934 --- /dev/null +++ b/docker/security/payer/tls/openssl-clientca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_client_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_client_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Client CA +organizationalUnitName = Payments +commonName = dfspclientca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payer/tls/openssl-server.cnf b/docker/security/payer/tls/openssl-server.cnf new file mode 100644 index 00000000..7d9a2afa --- /dev/null +++ b/docker/security/payer/tls/openssl-server.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = dfsp_server_key.key +distinguished_name = server_distinguished_name +req_extensions = server_req_extensions +string_mask = utf8only + +#################################################################### +[ server_distinguished_name ] +countryName_default = US +stateOrProvinceName_default = MD +localityName_default = Baltimore +organizationName_default = Test Server, Limited +organizationalUnitName_default = Payments +commonName = payer-sdk-scheme-adapter-api-svc +commonName_default = payer-sdk-scheme-adapter-api-svc +emailAddress_default = dfspserver@example.com + +#################################################################### +[ server_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = payer-sdk-scheme-adapter-api-svc diff --git a/docker/security/payer/tls/openssl-serverca.cnf b/docker/security/payer/tls/openssl-serverca.cnf new file mode 100644 index 00000000..b7e64d1f --- /dev/null +++ b/docker/security/payer/tls/openssl-serverca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_server_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_server_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_server_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Server CA +organizationalUnitName = Payments +commonName = dfspserverca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payer/tls/payee_server_cacert.pem b/docker/security/payer/tls/payee_server_cacert.pem new file mode 100644 index 00000000..bc208037 --- /dev/null +++ b/docker/security/payer/tls/payee_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUYOahCSI+t+iJCevDl20zaRkNbaYwDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyN1oXDTI0MDMxNTAy +MDMyN1owgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAiHaHFpgfb0FHsQ+i/gpR/YFZUUlfTW7UQlIf7BvYnp9p2wEiL2r7 +GtYnF6S+hSV5A1/qnHNzo8SGCy8RP3I+0d7ape0fYFJYyj2oFpn5F1QiskxVKPn0 +b4cxRO0Px/j9eZCybt0Ca/0FYAcXFJ2LBq6WrymZIbaC4owkIGT3EnSSUEcZ0K0f +cPEleD69gNpxGePISm2Ljcu5zUjuOfceNxPcGctKbP4sV0ldyskZzZl/omDK+gNM +BDl2vdYLbG2r/GDjVCeVGobEHdq9v0j6H06fZ7E4qmdXYTGKev+l8NWDOfuHUdvh +K60D6VDn8OZj2MMA7Xv01RErKZB/h9Jws7Ayj31OGr/WAbHpTn4V2HjqQdrbq0pq +lsvufDlPnUFKv0aGk70DlSQja99XPAuy0/5OjbsBrHvcCupw/HagBTR/hCGdcD4L +TPynPKbk6Ep3NEcf/nyYoKwy+wDh2bUgqSB3E/6UNrbYTTl42Ti/QItSYDBnd871 +mdZwIyhqWz8fFXVxs1M0K0HGTXMnRvEOT4djrL7okF31L/5LyHsZbwY+/Uw20nLN +LhTKOiSaNwpZws8f4dHgV+rnJD7lekzSxeSkkcayrROQVZEt1MDGshQzYR6bPQ3O +9dri3NaoTuGVSislRDAnnhAy010EewgizBWzjHsf+Z5bsMLikwVE1K0CAwEAAaNg +MF4wHQYDVR0OBBYEFEVYcAvlsnioq/2DujBIiaZMwsGYMB8GA1UdIwQYMBaAFEVY +cAvlsnioq/2DujBIiaZMwsGYMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQB1RK/7HKZ3yFxGMZ6gr1Cz4Aqj8jqXZU0Cu7lR +vUCH9EV/7dLsUp6wWjnZK2YlDN6sejAyMeOcGgiOmFZw7aKxLu0erypzrbMGuzGl +l8UFiYveJV0GSpBzCZ7gBbl8LLJD2YoTt3BuGTod7cJp95peY+m5ybWMnFUyuCSW +QtvxKS/Crv6FTpSTI3FXFIhJJgLQqqB2xb3fTp/Tuc0keYBZt1lgpMC/Yo5rhJPD +yqzV/LuQiuAGpuuy7SRKKBWAIlAYBwdHAfhrnfmQq84tE/LCgtgr4zcxhstoMZ0t +w6oeXYbEhDScpLMh/L5O5qPEJxwWXRVrHEiB2BrbZBzOREDt7HZdsmcRxdUm1A5G +Zd2wNKn2i+16hjCLo32O+whubkW5Oc3MFpW4wh8x5z11SLue+y8hKae53w1Dbj87 +VEGqYr3ZuUbSW7ODnuvhJ6y4oNcYDCiwC7A0cQ+lA0vLjYQGf7iLRaKOS40/JcyF +IPlBi2keQXlB16xgMFm1KGVOq00odlYP1HMI4QjMncC028NOJAP6dbcxDk9TZSkS +KPpMFAa8a3Hfd6x5nYTAwtCrc63MsC7CUUX6cvNNIege/Tveu/Epm+qcnE7DjJ7t +qQQtrlFWMQHmvKuFqt6yw6iHM2awlbluzPg+kDG8Rsiqs4Lt4bnfFO7iJ/5FDafu +Zh04Mw== +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/serial.txt b/docker/security/payer/tls/serial.txt new file mode 100644 index 00000000..d73cdef3 --- /dev/null +++ b/docker/security/payer/tls/serial.txt @@ -0,0 +1 @@ +0C diff --git a/docker/security/payer/tls/serial.txt.old b/docker/security/payer/tls/serial.txt.old new file mode 100644 index 00000000..eb589e9d --- /dev/null +++ b/docker/security/payer/tls/serial.txt.old @@ -0,0 +1 @@ +0B diff --git a/envs/fspiop-sim-security.env b/envs/fspiop-sim-security.env new file mode 100644 index 00000000..67fe91b7 --- /dev/null +++ b/envs/fspiop-sim-security.env @@ -0,0 +1,11 @@ +CBH_FSPIOP_FSP_ID=fspiopsimpayee +CBH_FSPIOP_CALLBACK_HTTP_KEEPALIVE=true + +### FSPIOP Handlers +CBH_FSPIOP_ALS_ENDPOINT_URL=http://payee-sdk-scheme-adapter:4000 +CBH_FSPIOP_QUOTES_ENDPOINT_URL=http://payee-sdk-scheme-adapter:4000 +CBH_FSPIOP_TRANSFERS_ENDPOINT_URL=http://payee-sdk-scheme-adapter:4000 + +CBH_FSPIOP_QUOTES_ILPPACKET='AYIDGQAAAAAAACcQIWcuZ3JlZW5iYW5rZnNwLm1zaXNkbi4yNzcxMzgwMzkxMoIC62V5SjBjbUZ1YzJGamRHbHZia2xrSWpvaU1ERXhaR1EyTldZdE5UQXpNeTAwTVdNMkxUazFaR1l0T1RFeFl6WTRPVFExWWpobUlpd2ljWFZ2ZEdWSlpDSTZJbVF3TXpJMU1EVTJMVE0xTldFdE5EUmxNUzFpT1RnMExXWXdZVFExTmpFMFkyRXpPQ0lzSW5CaGVXVmxJanA3SW5CaGNuUjVTV1JKYm1adklqcDdJbkJoY25SNVNXUlVlWEJsSWpvaVRWTkpVMFJPSWl3aWNHRnlkSGxKWkdWdWRHbG1hV1Z5SWpvaU1qYzNNVE00TURNNU1USWlMQ0ptYzNCSlpDSTZJbWR5WldWdVltRnVhMlp6Y0NKOWZTd2ljR0Y1WlhJaU9uc2ljR0Z5ZEhsSlpFbHVabThpT25zaWNHRnlkSGxKWkZSNWNHVWlPaUpOVTBsVFJFNGlMQ0p3WVhKMGVVbGtaVzUwYVdacFpYSWlPaUkwTkRFeU16UTFOamM0T1NJc0ltWnpjRWxrSWpvaWNHbHVhMkpoYm10bWMzQWlmU3dpY0dWeWMyOXVZV3hKYm1adklqcDdJbU52YlhCc1pYaE9ZVzFsSWpwN0ltWnBjbk4wVG1GdFpTSTZJa1pwY25OMGJtRnRaUzFVWlhOMElpd2liR0Z6ZEU1aGJXVWlPaUpNWVhOMGJtRnRaUzFVWlhOMEluMHNJbVJoZEdWUFprSnBjblJvSWpvaU1UazROQzB3TVMwd01TSjlmU3dpWVcxdmRXNTBJanA3SW1OMWNuSmxibU41SWpvaVZWTkVJaXdpWVcxdmRXNTBJam9pTVRBd0luMHNJblJ5WVc1ellXTjBhVzl1Vkhsd1pTSTZleUp6WTJWdVlYSnBieUk2SWxSU1FVNVRSa1ZTSWl3aWFXNXBkR2xoZEc5eUlqb2lVRUZaUlZJaUxDSnBibWwwYVdGMGIzSlVlWEJsSWpvaVEwOU9VMVZOUlZJaWZYMAA' +CBH_FSPIOP_QUOTES_CONDITION='5m0gq_5dLQlTSSRKQmLpj0MZ1MtWLWgSu1oLGVTJyYs' +CBH_QUOTE_EXPIRATION_WINDOW=60000 diff --git a/envs/payee-sdk-scheme-adapter-api-svc.env b/envs/payee-sdk-scheme-adapter-api-svc.env new file mode 100644 index 00000000..76432a33 --- /dev/null +++ b/envs/payee-sdk-scheme-adapter-api-svc.env @@ -0,0 +1,37 @@ +# FSPID of this DFSP +DFSP_ID=fspiopsimpayee + +ALLOW_TRANSFER_WITHOUT_QUOTE=true + +PEER_ENDPOINT=payer-sdk-scheme-adapter-api-svc:4000 +ALS_ENDPOINT=payer-sdk-scheme-adapter-api-svc:4000 + +BACKEND_ENDPOINT=sim-fspiop:3001/backend +UV_THREADPOOL_SIZE=24 +LOG_LEVEL=info + +INBOUND_MUTUAL_TLS_ENABLED=true +OUTBOUND_MUTUAL_TLS_ENABLED=true + +VALIDATE_INBOUND_JWS=true +VALIDATE_INBOUND_PUT_PARTIES_JWS=true +JWS_SIGN=true +JWS_SIGN_PUT_PARTIES=true + +# Path to JWS signing key (private key of THIS DFSP) +JWS_SIGNING_KEY_PATH=./secrets/jws/privatekey.pem +JWS_VERIFICATION_KEYS_DIRECTORY=./secrets/jws/verification_keys + +# Location of certs and key required for TLS +IN_CA_CERT_PATH=./secrets/tls/dfsp_client_cacert.pem +IN_SERVER_CERT_PATH=./secrets/tls/dfsp_server_cert.pem +IN_SERVER_KEY_PATH=./secrets/tls/dfsp_server_key.key + +OUT_CA_CERT_PATH=./secrets/tls/payer_server_cacert.pem +OUT_CLIENT_CERT_PATH=./secrets/tls/dfsp_client_cert.pem +OUT_CLIENT_KEY_PATH=./secrets/tls/dfsp_client_key.key + +ENABLE_FSPIOP_EVENT_HANDLER=false +ENABLE_BACKEND_EVENT_HANDLER=false + +CACHE_URL=redis://redis:6379 diff --git a/envs/payer-sdk-scheme-adapter-api-svc.env b/envs/payer-sdk-scheme-adapter-api-svc.env new file mode 100644 index 00000000..dfdef4d1 --- /dev/null +++ b/envs/payer-sdk-scheme-adapter-api-svc.env @@ -0,0 +1,37 @@ +# FSPID of this DFSP +DFSP_ID=fspiopsimpayer + +ALLOW_TRANSFER_WITHOUT_QUOTE=true + +PEER_ENDPOINT=payee-sdk-scheme-adapter-api-svc:4000 +ALS_ENDPOINT=payee-sdk-scheme-adapter-api-svc:4000 + +BACKEND_ENDPOINT=sim-fspiop:3001/backend +UV_THREADPOOL_SIZE=24 +LOG_LEVEL=info + +INBOUND_MUTUAL_TLS_ENABLED=true +OUTBOUND_MUTUAL_TLS_ENABLED=true + +VALIDATE_INBOUND_JWS=true +VALIDATE_INBOUND_PUT_PARTIES_JWS=true +JWS_SIGN=true +JWS_SIGN_PUT_PARTIES=true + +# Path to JWS signing key (private key of THIS DFSP) +JWS_SIGNING_KEY_PATH=./secrets/jws/privatekey.pem +JWS_VERIFICATION_KEYS_DIRECTORY=./secrets/jws/verification_keys + +# Location of certs and key required for TLS +IN_CA_CERT_PATH=./secrets/tls/dfsp_client_cacert.pem +IN_SERVER_CERT_PATH=./secrets/tls/dfsp_server_cert.pem +IN_SERVER_KEY_PATH=./secrets/tls/dfsp_server_key.key + +OUT_CA_CERT_PATH=./secrets/tls/payee_server_cacert.pem +OUT_CLIENT_CERT_PATH=./secrets/tls/dfsp_client_cert.pem +OUT_CLIENT_KEY_PATH=./secrets/tls/dfsp_client_key.key + +ENABLE_FSPIOP_EVENT_HANDLER=false +ENABLE_BACKEND_EVENT_HANDLER=false + +CACHE_URL=redis://redis:6379 diff --git a/packages/callback-handler-svc/handlers/backend.js b/packages/callback-handler-svc/handlers/backend.js index 6f9a4b86..c7f51b7e 100644 --- a/packages/callback-handler-svc/handlers/backend.js +++ b/packages/callback-handler-svc/handlers/backend.js @@ -81,8 +81,12 @@ const init = (config, logger, options = undefined) => { 'Ingress - Operation handler', ['success', 'operation'] ).startTimer() + const type = req.params.type + const id = req.params.id res.status(202).json({ + "idType": type, + "idValue": id, "fsp": "string" }) console.log('Handled GET request') diff --git a/perf.env b/perf.env index dae628a8..8af5c209 100644 --- a/perf.env +++ b/perf.env @@ -50,7 +50,6 @@ K6_SCRIPT_ORACLE_ENDPOINT_URL=http://callback-handler-svc-oracle-sim:3001/oracle K6_SCRIPT_FSPIOP_TRANSFERS_ENDPOINT_URL=http://ml-api-adapter:3000 # K6_SCRIPT_FSPIOP_TRANSFERS_ENDPOINT_URL=http://sim-perffsp2:3001/fspiop - K6_SCRIPT_FSPIOP_QUOTES_ENDPOINT_URL=http://quoting-service:3002 K6_SCRIPT_FSPIOP_QUOTES_AMOUNT=2 K6_SCRIPT_FSPIOP_QUOTES_CURRENCY=USD