diff --git a/.env b/.env index 8d3b38fe..75d23f1e 100644 --- a/.env +++ b/.env @@ -1,19 +1,23 @@ ## Mojaloop Docker Image Versions -ML_API_ADAPTER_VERSION=v14.0.1 +# ML_API_ADAPTER_VERSION=v14.0.1 +ML_API_ADAPTER_VERSION=v14.0.4 ## ALS initial baseline with version included in Mojaloop v15.1.0 Helm Release # ACCOUNT_LOOKUP_SERVICE_VERSION=v14.2.2 ## ALS published version with included fix: JSON.stringify disabled in logResponse function ACCOUNT_LOOKUP_SERVICE_VERSION=v14.2.3 ## ALS snapshot release with fix: v14.2.3 + caching for validateParticipant and resolve Participants via Oracles # ACCOUNT_LOOKUP_SERVICE_VERSION=v14.2.4-snapshot.3 -QUOTING_SERVICE_VERSION=v15.1.0 +# QUOTING_SERVICE_VERSION=v15.2.1 +QUOTING_SERVICE_VERSION=v15.4.0 ## CL initial baseline with version included in Mojaloop v15.1.0 Helm Release -CENTRAL_LEDGER_VERSION=v17.2.0 +# CENTRAL_LEDGER_VERSION=v17.0.3 +## Cl latest version +CENTRAL_LEDGER_VERSION=v17.2.1 ## CL snapshot release with included fix: JSON.stringify disabled in logResponse function # CENTRAL_LEDGER_VERSION=v17.0.4-snapshot.0 ## Central Ledger version with batch processing capability CENTRAL_LEDGER_BATCH_VERSION=v17.3.0-snapshot.5 - +SDK_SCHEME_ADAPTER_VERSION=v23.3.0 ## Testing & Sims TEST_SIMULATOR_VERSION=v11.1.3 TEST_TTK_SVC_VERSION=v16.1.1 @@ -42,8 +46,187 @@ K6_VERSION=0.50.0 ## Performance Testing Replicas QS_REPLICAS=1 ALS_REPLICAS=1 -CENTRAL_LEDGER_GENERAL_REPLICAS=4 -CENTRAL_LEDGER_POSITION_REPLICAS=8 +CENTRAL_LEDGER_GENERAL_REPLICAS=1 +CENTRAL_LEDGER_POSITION_REPLICAS=1 CENTRAL_LEDGER_POSITION_BATCH_REPLICAS=0 -ML_API_ADAPTER_REPLICAS=4 -ML_NOTIFICATION_REPLICAS=4 +ML_API_ADAPTER_REPLICAS=1 +ML_NOTIFICATION_REPLICAS=1 + +## ---------------------------------------------- + + + +# Port number that the inbound (Mojaloop API) HTTP server will listen on +INBOUND_LISTEN_PORT=4000 + +# Port number that the outbound (simplified DFSP outbound API) HTTP server will listen on +OUTBOUND_LISTEN_PORT=4001 + +# Enable mutual TLS authentication. Useful when not running in a secure +# environment, i.e. when you're running it locally against your own implementation. +INBOUND_MUTUAL_TLS_ENABLED=false +OUTBOUND_MUTUAL_TLS_ENABLED=false + +# Enable verification or incoming JWS signatures +# Note that signatures will be required on incoming messages +# and will be validated against a public key. +VALIDATE_INBOUND_JWS=false + +# applicable only if VALIDATE_INBOUND_JWS is "true" +# allows disabling of validation on incoming PUT /parties/{idType}/{idValue} requests +VALIDATE_INBOUND_PUT_PARTIES_JWS=false + +# Enable signing of outgoing requests +JWS_SIGN=false +VALIDATE_JWS_SIGN=false + +# applicable only if JWS_SIGN is "true" +# allows disabling of signing on outgoing PUT /parties/{idType}/{idValue} requests +JWS_SIGN_PUT_PARTIES=false + +# Path to JWS signing key (private key of THIS DFSP) +JWS_SIGNING_KEY_PATH=secrets/jwsSigningKey.key +JWS_VERIFICATION_KEYS_DIRECTORY=secrets/jwsVerificationKeys + +# Location of certs and key required for TLS +# IN_CA_CERT_PATH=./secrets/cacert.pem +# IN_SERVER_CERT_PATH=./secrets/servercert.pem +# IN_SERVER_KEY_PATH=./secrets/serverkey.pem + +# OUT_CA_CERT_PATH=./secrets/cacert.pem +# OUT_CLIENT_CERT_PATH=./secrets/servercert.pem +# OUT_CLIENT_KEY_PATH=./secrets/serverkey.pem + +# The number of space characters by which to indent pretty-printed logs. If set to zero, log events +# will each be printed on a single line. +LOG_INDENT=0 + +# REDIS CACHE CONNECTION +CACHE_URL=redis://redis:6379 + +# expiry period in seconds for quote and transfers issued by the SDK +EXPIRY_SECONDS=60 + +# if set to false the SDK will not automatically accept all returned quotes +# but will halt the transfer after a quote response is received. A further +# confirmation call will be required to complete the final transfer stage. +AUTO_ACCEPT_QUOTES=false + +# if set to false the SDK will not automatically accept a resolved party +# but will halt the transer after a party lookup response is received. A further +# cnofirmation call will be required to progress the transfer to quotes state. +AUTO_ACCEPT_PARTY=false + +# if set to false the SDK will not automatically accept a resolved party on a requestToPay operation +# but will halt the operation after a party lookup response is received. A further +# confirmation call will be required to progress the requestToPay to transactionRequest state. +AUTO_ACCEPT_R2P_PARTY=true + +# This parameter is only for the requestToPay transfers when the initiator is of type BUSINESS. +# if set to false the SDK will not automatically accept quote on a requestToPayTransfer. +# but will halt the operation after a quote response is received. A further +# confirmation call will be required to progress the requestToPayTransfer to authorization step. +AUTO_ACCEPT_R2P_BUSINESS_QUOTES=false + +# if set to false the SDK will not automatically accept OTP on a requestToPay operation +# but will halt the operation after receiving entered OTP from payee. A further +# confirmation call will be required to progress the requestToPayTransfer to transfer step. +AUTO_ACCEPT_R2P_DEVICE_OTP=false + +# this flag is for testing purpose only. sdk-scheme-adapter is not supposed to receive PUT /participants/{Type}/{ID}, +# but for testing we can enable it by setting this flag to true +AUTO_ACCEPT_PARTICIPANTS_PUT=false + +# when set to true, when sending money via the outbound API, the SDK will use the value +# of FSPIOP-Source header from the received quote response as the payeeFsp value in the +# transfer prepare request body instead of the value received in the payee party lookup. +# This behaviour should be enabled when the SDK user DFSP is in a forex enabled switch +# ecosystem and expects quotes and transfers to be rerouted by the switch to forex +# entities i.e. forex providing DFSPs. Please see the SDK documentation and switch +# operator documentation for more information on forex use cases. +USE_QUOTE_SOURCE_FSP_AS_TRANSFER_PAYEE_FSP=false + +# set to true to validate ILP, otherwise false to ignore ILP +CHECK_ILP=false + +# set to true to enable test features such as request cacheing and retrieval endpoints +ENABLE_TEST_FEATURES=false + +# set to true to mock WSO2 oauth2 token endpoint +ENABLE_OAUTH_TOKEN_ENDPOINT=false +OAUTH_TOKEN_ENDPOINT_CLIENT_KEY=test-client-key +OAUTH_TOKEN_ENDPOINT_CLIENT_SECRET=test-client-secret +OAUTH_TOKEN_ENDPOINT_LISTEN_PORT=6000 + +# WSO2 Bearer Token specific to golden-fsp instance and environment +WSO2_BEARER_TOKEN=7718fa9b-be13-3fe7-87f0-a12cf1628168 + +# OAuth2 data used to obtain WSO2 bearer token +OAUTH_TOKEN_ENDPOINT= +OAUTH_CLIENT_KEY= +OAUTH_CLIENT_SECRET= +OAUTH_REFRESH_SECONDS=3600 + +# Set to true to respect expirity timestamps +REJECT_EXPIRED_QUOTE_RESPONSES=false +REJECT_TRANSFERS_ON_EXPIRED_QUOTES=false +REJECT_EXPIRED_TRANSFER_FULFILS=false + +# Timeout for GET/POST/DELETE - PUT flow processing +REQUEST_PROCESSING_TIMEOUT_SECONDS=4 + +# Common Account Lookup System (ALS) +# ALS_ENDPOINT=ttkhubsim:4040 + +# # QUOTES_ENDPOINT +# QUOTES_ENDPOINT=ttkhubsim:4040 + +# # TRANSFERS_ENDPOINT +# TRANSFERS_ENDPOINT=ttkhubsim:4040 + +# To allow transfer without a previous quote request, set this value to true. +# The incoming transfer request should consists of an ILP packet and a matching condition in this case. +# The fulfilment will be generated from the provided ILP packet, and must hash to the provided condition. +ALLOW_TRANSFER_WITHOUT_QUOTE=false + +# To enable request for notification on fulfiled transfer +RESERVE_NOTIFICATION=true +# resources API versions should be string in format: "resourceOneName=1.0,resourceTwoName=1.1" +RESOURCE_VERSIONS="transfers=1.1,participants=1.1" + +# Management API websocket connection settings. +# The Management API uses this for exchanging connector management messages. +MGMT_API_WS_URL=mock-management-svc +MGMT_API_WS_PORT=4005 + +# Set to true to enable the use of PM4ML-related services e.g MCM, Management API service +# when running the scheme-adapter as a mojaloop connector component within Payment Manager for Mojaloop. +PM4ML_ENABLED=false + +BACKEND_EVENT_CONSUMER_BROKER_LIST=kafka:29092 +BACKEND_EVENT_PRODUCER_BROKER_LIST=kafka:29092 +FSPIOP_EVENT_CONSUMER_BROKER_LIST=kafka:29092 +FSPIOP_EVENT_PRODUCER_BROKER_LIST=kafka:29092 + +# Maximum payload limits +FSPIOP_API_SERVER_MAX_REQUEST_BYTES=209715200 +BACKEND_API_SERVER_MAX_REQUEST_BYTES=209715200 + +ENABLE_FSPIOP_EVENT_HANDLER=false +ENABLE_BACKEND_EVENT_HANDLER=false + +# Port number that the inbound (Mojaloop API) HTTP server will listen on +INBOUND_LISTEN_PORT=4000 + +# Port number that the outbound (simplified DFSP outbound API) HTTP server will listen on +OUTBOUND_LISTEN_PORT=4001 + +# ---- SDK Config ---- +# The option 'PEER_ENDPOINT' has no effect if the remaining options 'ALS_ENDPOINT', 'QUOTES_ENDPOINT', +# 'BULK_QUOTES_ENDPOINT', 'TRANSFERS_ENDPOINT', 'BULK_TRANSFERS_ENDPOINT', 'TRANSACTION_REQUESTS_ENDPOINT' are specified. +# ALS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend +# QUOTES_ENDPOINT=callback-handler-svc-cl-sim:3001/backend +# BULK_QUOTES_ENDPOINT=callback-handler-svc-cl-sim:3001/backend +# TRANSFERS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend +# BULK_TRANSFERS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend +# TRANSACTION_REQUESTS_ENDPOINT=callback-handler-svc-cl-sim:3001/backend diff --git a/README.md b/README.md index 0a39cf18..462a0182 100644 --- a/README.md +++ b/README.md @@ -226,11 +226,44 @@ docker compose --project-name ml-core -f docker-compose-perf.yml --profile quote > NOTE: `-v` argument is optional, and it will delete any volume data created by the monitoring docker compose +### Running Services for Full E2E (Discovery+Agreement+Transfers) characterization + +- Set `ALS_SWITCH_ENDPOINT` to "http://central-ledger:3001" in perf.env +- Set `QS_SWITCH_ENDPOINT` to "http://central-ledger:3001" in perf.env + +```bash +docker compose --project-name ml-core -f docker-compose-perf.yml --profile all-services --profile 8dfsp --profile ttk-provisioning-e2e up -d +``` + +Stop Services + +```bash +docker compose --project-name ml-core -f docker-compose-perf.yml --profile all-services --profile 8dfsp down -v +``` + +> NOTE: `-v` argument is optional, and it will delete any volume data created by the monitoring docker compose + +### Running Services for SDK characterization + +```bash +docker compose --project-name ml-core -f docker-compose-perf.yml --profile sdk-scheme-adapter up -d +``` + +Stop Services + +```bash +docker compose --project-name ml-core -f docker-compose-perf.yml --profile sdk-scheme-adapter down -v +``` + +#### Setting up the Inbound/Outbound Server variables +- Go to `perf.env` and comment out the inboundSDK variables. You'll need to do the same and restart the `docker-compose` in order to change test suite. + ### Configuration for Transfers with batch support - Set CENTRAL_LEDGER_POSITION_BATCH_REPLICAS to desired count in `.env` file - Enable line `CLEDG_KAFKA__EVENT_TYPE_ACTION_TOPIC_MAP__POSITION__PREPARE=topic-transfer-position-batch` in `perf.env` file - Set `CENTRAL_LEDGER_VERSION` to `v17.2.0` or higher + ### Monitoring Start Monitoring Services stack which uses: @@ -247,7 +280,7 @@ docker compose --project-name monitoring -f docker-compose-monitoring.yml up -d Stop Monitoring Services ```bash -docker compose --project-name monitoring --profile als-test -f docker-compose-monitoring.yml down -v +docker compose --project-name monitoring --profile als-test --profile transfers-test -f docker-compose-monitoring.yml down -v ``` Start monitoring with account lookup service mysql exporter @@ -270,6 +303,13 @@ docker compose --project-name monitoring --profile quotes-test -f docker-compose since the quoting service uses the central ledger database. +Start monitoring with all exporters + +```bash +docker compose --project-name monitoring --profile als-test --profile quotes-test --profile transfers-test -f docker-compose-monitoring.yml up -d +``` + + > NOTE: `-v` argument is optional, and it will delete any volume data created by the monitoring docker compose TODO: @@ -313,6 +353,14 @@ env K6_SCRIPT_CONFIG_FILE_NAME=fspiopTransfersUnidirectional.json docker compose env K6_SCRIPT_CONFIG_FILE_NAME=fspiopDiscovery.json docker compose --project-name load -f docker-compose-load.yml up ( or ) env K6_SCRIPT_CONFIG_FILE_NAME=fspiopQuotes.json docker compose --project-name load -f docker-compose-load.yml up +( or ) +env K6_SCRIPT_CONFIG_FILE_NAME=fspiopE2E.json docker compose --project-name load -f docker-compose-load.yml up +( or ) +env K6_SCRIPT_CONFIG_FILE_NAME=inboundSDKDiscovery.json docker compose --project-name load -f docker-compose-load.yml up +( or ) +env K6_SCRIPT_CONFIG_FILE_NAME=inboundSDKQuotes.json docker compose --project-name load -f docker-compose-load.yml up +( or ) +env K6_SCRIPT_CONFIG_FILE_NAME=inboundSDKTransfer.json docker compose --project-name load -f docker-compose-load.yml up ``` Cleanup tests @@ -321,6 +369,35 @@ Cleanup tests docker compose --project-name load -f docker-compose-load.yml down -v ``` +### SDK Security Overhead Testing + +#### Regenerating Certificates + +It's recommended that you do not trouble certificates and keys found in `docker/security/`. +If you do need to for whatever reason these are the steps. + +From the root `ml-core-test-harness` directory. Accept all defaults and enter `y` when prompted. + +- `cd docker/security/payer/jws/ && . keygen.sh && cd ../tls/ && . createSecrets.sh && cd ../../payee/jws && . keygen.sh && cd ../tls/ && . createSecrets.sh && cd ../../../../` +- `cp docker/security/payer/jws/publickey.cer docker/security/payee/jws/verification_keys/fspiopsimpayer.pem && cp docker/security/payee/jws/publickey.cer docker/security/payer/jws/verification_keys/fspiopsimpayee.pem` +- `cd docker/security/payer/tls/ && openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr && cp dfsp_server_cacert.pem ../../payee/tls/payer_server_cacert.pem && cd ../../../../` +- `cd docker/security/payee/tls/ && openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr && cp dfsp_server_cacert.pem ../../payer/tls/payee_server_cacert.pem && cd ../../../../` + +Here are more verbose hands on instructions of what above commands do. + +- Run `. keygen.sh` and `. createSecrets.sh` in the `/jws` and `/tls` folders respectively for both payer and payee. +- Move `payee/jws/publickey.cer` to `payer/jws/verification_keys/fspiopsimpayee.pem` and move `payer/jws/publickey.cer` to `payee/jws/verification_keys/fspiopsimpayer.pem` +- Switch directories to `docker/security/payer/tls/` +- Run `openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr` +- Switch directories to `docker/security/payee/tls/` +- Run `openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr` +- Move each others `dfsp_server_cacert.pem` into each others folder and rename to `payer_server_cacert.pem` and `payee_server_cacert.pem` + +#### Starting the Security Harness + +- Run `docker compose --project-name security -f docker-compose-security.yml --profile security-sdk-scheme-adapter up` + + ### Automate Load Tests This section describes the process to automate capturing of grafana rendered dashboards after running the performance testing scenarios. diff --git a/automate_perf.sh b/automate_perf.sh index cd9956e3..14b85add 100755 --- a/automate_perf.sh +++ b/automate_perf.sh @@ -81,7 +81,8 @@ declare -a dashboards=(\ "NodeJS%20Application%20Dashboard" \ "Official%20k6%20Test%20Result" \ "MySQL%20Overview" \ - "Supporting%20Services%20-%20Callback%20Hander%20Service" + "Supporting%20Services%20-%20Callback%20Hander%20Service" \ + "Mojaloop%20-%20Quoting%20Service" ) # # create a directory to store the results with date timestamp in the name, check if the directory exists diff --git a/docker-compose-perf.yml b/docker-compose-perf.yml index c69fdb95..df8a0f9d 100644 --- a/docker-compose-perf.yml +++ b/docker-compose-perf.yml @@ -138,7 +138,7 @@ services: deploy: mode: replicated replicas: ${CENTRAL_LEDGER_GENERAL_REPLICAS} - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/central-ledger-disabled-handlers.js /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/api/index.js" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_CL_SVC /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/api/index.js" # ports: # - "3001:3001" volumes: @@ -186,7 +186,7 @@ services: deploy: mode: replicated replicas: ${CENTRAL_LEDGER_GENERAL_REPLICAS} - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/central-handlers.js /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --prepare" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_CL_HANDLER_PREPARE /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --prepare" # ports: # - "3001:3001" volumes: @@ -230,7 +230,7 @@ services: deploy: mode: replicated replicas: ${CENTRAL_LEDGER_POSITION_REPLICAS} - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/central-handlers.js /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --position" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_CL_HANDLER_POSITION /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --position" # ports: # - "3001:3001" volumes: @@ -274,7 +274,7 @@ services: deploy: mode: replicated replicas: ${CENTRAL_LEDGER_POSITION_BATCH_REPLICAS} - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/central-handlers.js /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --positionbatch" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_CL_HANDLER_POSITION_BATCH /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --positionbatch" # ports: # - "3001:3001" volumes: @@ -314,7 +314,7 @@ services: deploy: mode: replicated replicas: ${CENTRAL_LEDGER_GENERAL_REPLICAS} - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/central-handlers.js /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --fulfil" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_CL_HANDLER_FULFIL /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --fulfil" # ports: # - "3001:3001" volumes: @@ -435,7 +435,7 @@ services: deploy: mode: replicated replicas: 1 # We dont need to scale this unless we are testing funds-in/out - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/central-handlers.js /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --admin" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_CL_HANDLER_ADMIN /opt/app/config/default.json && /opt/app/wait4/wait4.js central-ledger && node src/handlers/index.js handler --admin" # ports: # - "3001:3001" volumes: @@ -481,6 +481,7 @@ services: - mojaloop-net # ports: # - "3002:3002" + # - "9229:9229" depends_on: mysql-cl: condition: service_started @@ -498,6 +499,7 @@ services: interval: 15s user: root profiles: + - all-services - quotes-test # objstore: @@ -563,8 +565,8 @@ services: - mojaloop-net image: docker.io/bitnami/kafka:${DEP_KAFKA_VERSION} container_name: kafka - # ports: - # - "9092:9092" + ports: + - "9092:9092" environment: # BITNAMI_DEBUG: "yes" ALLOW_PLAINTEXT_LISTENER: "yes" @@ -591,6 +593,9 @@ services: - transfer - discovery - agreement + - sdk-scheme-adapter + - inbound-sdk-scheme-adapter + - outbound-sdk-scheme-adapter - all-services - transfers-test - quotes-test @@ -639,7 +644,7 @@ services: mode: replicated replicas: ${ML_API_ADAPTER_REPLICAS} # container_name: ml-api-adapter - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/ml-api-adapter-disabled-handlers.js /opt/app/config/default.json && /opt/app/wait4/wait4.js ml-api-adapter && node src/api/index.js" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_ML_API_ADAPTER /opt/app/config/default.json && /opt/app/wait4/wait4.js ml-api-adapter && node src/api/index.js" # ports: # - "3000:3000" volumes: @@ -648,7 +653,7 @@ services: environment: # - LOG_LEVEL=error - EVENT_SDK_TRACEID_PER_VENDOR=false - # - MLAPI_TRANSFERS__SEND_TRANSFER_CONFIRMATION_TO_PAYEE=false + - MLAPI_TRANSFERS__SEND_TRANSFER_CONFIRMATION_TO_PAYEE=false networks: - mojaloop-net depends_on: @@ -677,7 +682,7 @@ services: deploy: mode: replicated replicas: ${ML_NOTIFICATION_REPLICAS} - command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/ml-handler-notification.js /opt/app/config/default.json && /opt/app/wait4/wait4.js ml-api-adapter && node src/handlers/index.js handler --notification" + command: sh -c "/opt/app/config-modifier/run.js /opt/app/config/default.json /opt/app/config-modifier/configs/$$CONF_ML_HANDLER_NOTIFY /opt/app/config/default.json && /opt/app/wait4/wait4.js ml-api-adapter && node src/handlers/index.js handler --notification" # ports: # - "3000:3000" # - "9229:9229" @@ -758,7 +763,6 @@ services: - all-services - als-test - transfers-test - - quotes-test ttk-provisioning-als: image: mojaloop/ml-testing-toolkit-client-lib:${TEST_TTK_CLI_VERSION} @@ -869,6 +873,30 @@ services: profiles: - ttk-provisioning-quotes + ttk-provisioning-e2e: + image: mojaloop/ml-testing-toolkit-client-lib:${TEST_TTK_CLI_VERSION} + env_file: + - .env + - perf.env + volumes: + - "./docker/ml-testing-toolkit/test-cases/collections:/opt/app/collections" + - "./docker/ml-testing-toolkit/test-cases/environments:/opt/app/environments" + - "./reports:/opt/app/reports" + depends_on: + mojaloop-testing-toolkit: + condition: service_healthy + central-ledger: + condition: service_healthy + networks: + - mojaloop-net + command: + - sh + - -c + - "npm run cli -- -u http://mojaloop-testing-toolkit:5050 -l 2 -i collections/provisioning -e environments/perf-e2e-env.json --save-report --report-format html --report-target file://reports/ttk-provisioning-report.html" + user: root + profiles: + - ttk-provisioning-e2e + callback-handler-svc-oracle-sim: image: mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} deploy: @@ -903,6 +931,40 @@ services: - als-test - oracle + sdk-scheme-adapter-api-svc: + image: mojaloop/sdk-scheme-adapter:${SDK_SCHEME_ADAPTER_VERSION} + env_file: + - .env + - perf.env + container_name: sdk-scheme-adapter + command: yarn nx run modules-api-svc:start + ports: + - "4000:4000" + - "4001:4001" + networks: + - mojaloop-net + depends_on: + redis: + condition: service_healthy + volumes: + - ./docker/wait4:/opt/app/wait4 + - ./docker/config-modifier:/opt/app/config-modifier + healthcheck: + test: [ + "CMD" , + "apk", "add", "--no-cache", "curl", # Install curl + "&&", + "curl", "-f", "http://localhost:4001" # Check if api is up + ] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + user: root + profiles: + - sdk-scheme-adapter + - all-services + callback-handler-svc-cl-sim: image: mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} deploy: @@ -915,8 +977,8 @@ services: context: ./packages/callback-handler-svc cache_from: - mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} - # ports: - # - "3001:3001" + ports: + - "3001:3001" networks: - mojaloop-net volumes: @@ -938,6 +1000,20 @@ services: - transfers-test - quotes-test + redis: + networks: + - mojaloop-net + image: "redis:6.2.4-alpine" + container_name: redis + ports: + - "6379:6379" + healthcheck: + test: ["CMD" ,"sh", "-c", "redis-cli","ping"] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + sim-perffsp1: image: mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} deploy: @@ -968,7 +1044,6 @@ services: user: root profiles: - simulators - - callback-handler - all-services - als-test - 2dfsp @@ -977,9 +1052,9 @@ services: sim-perffsp2: image: mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} - deploy: - mode: replicated - replicas: 1 + # deploy: + # mode: replicated + # replicas: 1 env_file: - .env - ./envs/perffsp2.env @@ -1005,7 +1080,6 @@ services: user: root profiles: - simulators - - callback-handler - all-services - als-test - 2dfsp @@ -1199,3 +1273,38 @@ services: user: root profiles: - 8dfsp + + sim-fspiop: + image: mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} + # deploy: + # mode: replicated + # replicas: 5 + env_file: + - .env + - ./envs/fspiop-sim.env + build: + context: ./packages/callback-handler-svc + cache_from: + - mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} + ports: + - "3001:3001" + - "3002:3002" + networks: + - mojaloop-net + volumes: + - ./packages/callback-handler-svc/config:/opt/app/config + - ./packages/callback-handler-svc/handlers:/opt/app/handlers + environment: {} + # - LOG_LEVEL=error + healthcheck: + test: wget -q http://localhost:3001/health -O /dev/null || exit 1 + timeout: 20s + retries: 30 + interval: 15s + user: root + profiles: + - simulators + - callback-handler + - sdk-scheme-adapter + - all-services + - als-test diff --git a/docker-compose-security.yml b/docker-compose-security.yml new file mode 100644 index 00000000..0afc3048 --- /dev/null +++ b/docker-compose-security.yml @@ -0,0 +1,122 @@ +version: "3.7" + +networks: + mojaloop-net: + name: mojaloop-net + +services: + sim-fspiop: + image: mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} + env_file: + - .env + - ./envs/fspiop-sim-security.env + build: + context: ./packages/callback-handler-svc + cache_from: + - mojaloop/callback-handler-svc:${TEST_CALLBACK_HAND_SVC_VERSION} + ports: + - "3001:3001" + - "3002:3002" + networks: + - mojaloop-net + volumes: + - ./packages/callback-handler-svc/config:/opt/app/config + - ./packages/callback-handler-svc/handlers:/opt/app/handlers + - ./docker/config-modifier:/opt/app/config-modifier + environment: {} + # - LOG_LEVEL=error + healthcheck: + test: wget -q http://localhost:3001/health -O /dev/null || exit 1 + timeout: 20s + retries: 30 + interval: 15s + user: root + profiles: + - security-sdk-scheme-adapter + + payer-sdk-scheme-adapter-api-svc: + image: mojaloop/sdk-scheme-adapter:v23.3.0 + env_file: + - ./envs/payer-sdk-scheme-adapter-api-svc.env + container_name: payer-sdk-scheme-adapter-api-svc + command: yarn nx run modules-api-svc:start + ports: + - "5000:4000" + - "5001:4001" + networks: + - mojaloop-net + depends_on: + redis: + condition: service_healthy + volumes: + - ./docker/wait4:/opt/app/wait4 + - ./docker/config-modifier:/opt/app/config-modifier + - ./docker/security/payer:/opt/app/modules/api-svc/secrets + - ./docker/security/payer:/opt/app/secrets + - ./docker/security/payer:/secrets + healthcheck: + test: [ + "CMD" , + "apk", "add", "--no-cache", "curl", # Install curl + "&&", + "curl", "-f", "http://localhost:4001" # Check if api is up + ] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + user: root + profiles: + - security-sdk-scheme-adapter + + + payee-sdk-scheme-adapter-api-svc: + image: mojaloop/sdk-scheme-adapter:v23.3.0 + env_file: + - ./envs/payee-sdk-scheme-adapter-api-svc.env + container_name: payee-sdk-scheme-adapter-api-svc + command: yarn nx run modules-api-svc:start + ports: + - "4000:4000" + - "4001:4001" + networks: + - mojaloop-net + depends_on: + redis: + condition: service_healthy + volumes: + - ./docker/wait4:/opt/app/wait4 + - ./docker/config-modifier:/opt/app/config-modifier + - ./docker/security/payee:/opt/app/modules/api-svc/secrets + - ./docker/security/payee:/opt/app/secrets + - ./docker/security/payee:/secrets + healthcheck: + test: [ + "CMD" , + "apk", "add", "--no-cache", "curl", # Install curl + "&&", + "curl", "-f", "http://localhost:4001" # Check if api is up + ] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + user: root + profiles: + - security-sdk-scheme-adapter + + redis: + networks: + - mojaloop-net + image: "redis:6.2.4-alpine" + container_name: redis + ports: + - "6379:6379" + healthcheck: + test: ["CMD" ,"sh", "-c", "redis-cli","ping"] + timeout: 20s + retries: 10 + start_period: 40s + interval: 30s + profiles: + - security-sdk-scheme-adapter diff --git a/docker-compose.yml b/docker-compose.yml index a366c321..066dbfc0 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -27,7 +27,7 @@ services: kafka: condition: service_started objstore: - condition: service_started + condition: service_healthy healthcheck: test: wget -q http://localhost:3001/health -O /dev/null || exit 1 timeout: 20s @@ -240,6 +240,8 @@ services: condition: service_started central-ledger: condition: service_started + simulator: + condition: service_healthy volumes: - ./docker/wait4:/opt/app/wait4 - ./docker/config-modifier:/opt/app/config-modifier diff --git a/docker/config-modifier/configs/central-handlers-kafka.js b/docker/config-modifier/configs/central-handlers-kafka.js new file mode 100644 index 00000000..1bac4b6e --- /dev/null +++ b/docker/config-modifier/configs/central-handlers-kafka.js @@ -0,0 +1,205 @@ +module.exports = { + "HOSTNAME": "http://central-ledger", + "DATABASE": { + "HOST": "mysql-cl" + }, + "MIGRATIONS": { + "DISABLED": true, + "RUN_DATA_MIGRATIONS": true + }, + "MONGODB": { + "DISABLED": true, + "HOST": "objstore", + "PORT": 27017, + "USER": "", + "PASSWORD": "", + "DATABASE": "mlos" + }, + "CACHE": { + "CACHE_ENABLED": true, + "MAX_BYTE_SIZE": 10000000, + "EXPIRES_IN_MS": 1000 + }, + "KAFKA": { + "CONSUMER": { + "BULK": { + "PREPARE": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + }, + "PROCESSING": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + }, + "FULFIL": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + }, + "GET": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + } + }, + "TRANSFER": { + "PREPARE": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + }, + "GET": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + }, + "FULFIL": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + }, + "POSITION": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + } + }, + "ADMIN": { + "TRANSFER": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + } + } + }, + "PRODUCER": { + "BULK": { + "PROCESSING": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "queue.buffering.max.messages": 0, + "compression.codec": "lz4", + "metadata.broker.list": "kafka:29092" + } + } + } + }, + "TRANSFER": { + "PREPARE": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "queue.buffering.max.messages": 0, + "compression.codec": "lz4", + "metadata.broker.list": "kafka:29092" + } + } + }, + "FULFIL": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "queue.buffering.max.messages": 0, + "compression.codec": "lz4", + "metadata.broker.list": "kafka:29092" + } + } + }, + "POSITION": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "queue.buffering.max.messages": 0, + "compression.codec": "lz4", + "metadata.broker.list": "kafka:29092" + } + } + } + }, + "NOTIFICATION": { + "EVENT": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "queue.buffering.max.messages": 0, + "compression.codec": "lz4", + "metadata.broker.list": "kafka:29092" + } + } + } + }, + "ADMIN": { + "TRANSFER": { + "config": { + "options": { + "sync": false, + }, + "rdkafkaConf": { + "queue.buffering.max.messages": 0, + "compression.codec": "lz4", + "metadata.broker.list": "kafka:29092" + } + } + } + } + } + } +} \ No newline at end of file diff --git a/docker/config-modifier/configs/central-handlers.js b/docker/config-modifier/configs/central-handlers.js index 5b7d36c1..f968a777 100644 --- a/docker/config-modifier/configs/central-handlers.js +++ b/docker/config-modifier/configs/central-handlers.js @@ -15,6 +15,11 @@ module.exports = { "PASSWORD": "", "DATABASE": "mlos" }, + "CACHE": { + "CACHE_ENABLED": true, + "MAX_BYTE_SIZE": 10000000, + "EXPIRES_IN_MS": 1000 + }, "KAFKA": { "CONSUMER": { "BULK": { diff --git a/docker/config-modifier/configs/ml-api-adapter-disabled-handlers-kafka.js b/docker/config-modifier/configs/ml-api-adapter-disabled-handlers-kafka.js new file mode 100644 index 00000000..b248acae --- /dev/null +++ b/docker/config-modifier/configs/ml-api-adapter-disabled-handlers-kafka.js @@ -0,0 +1,71 @@ +module.exports = { + "HOSTNAME": "http://ml-api-adapter", + "ENDPOINT_SOURCE_URL": "http://central-ledger:3001", + "ENDPOINT_HEALTH_URL": "http://central-ledger:3001/health", + "HANDLERS": { + "DISABLED": true, + "API": { + "DISABLED": false + } + }, + "KAFKA": { + "CONSUMER": { + "NOTIFICATION": { + "EVENT": { + "config": { + "options": { + "mode": 2, + "batchSize": 4, + "syncConcurrency": 4, + "syncSingleMessage": true, + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + } + } + }, + "PRODUCER": { + "TRANSFER": { + "PREPARE": { + "config": { + "options": { + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092", + "queue.buffering.max.ms": 0, + // "compression.codec": "lz4", + } + } + }, + "FULFIL": { + "config": { + "options": { + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092", + "queue.buffering.max.ms": 0, + // "compression.codec": "lz4", + } + } + }, + "GET": { + "config": { + "options": { + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092", + "queue.buffering.max.ms": 0, + // "compression.codec": "lz4", + } + } + } + } + } + } +} diff --git a/docker/config-modifier/configs/ml-handler-notification-kafka.js b/docker/config-modifier/configs/ml-handler-notification-kafka.js new file mode 100644 index 00000000..055b9bf0 --- /dev/null +++ b/docker/config-modifier/configs/ml-handler-notification-kafka.js @@ -0,0 +1,68 @@ +module.exports = { + "HOSTNAME": "http://ml-handler-notification", + "ENDPOINT_SOURCE_URL": "http://central-ledger:3001", + "ENDPOINT_HEALTH_URL": "http://central-ledger:3001/health", + "TRANSFERS": { + "SEND_TRANSFER_CONFIRMATION_TO_PAYEE": false + }, + "KAFKA": { + "CONSUMER": { + "NOTIFICATION": { + "EVENT": { + "config": { + "options": { + "mode": 2, + "batchSize": 4, + "syncConcurrency": 4, + "syncSingleMessage": true, + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092" + } + } + } + } + }, + "PRODUCER": { + "TRANSFER": { + "PREPARE": { + "config": { + "options": { + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092", + "queue.buffering.max.ms": 0, + "compression.codec": "lz4", + } + } + }, + "FULFIL": { + "config": { + "options": { + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092", + "queue.buffering.max.ms": 0, + "compression.codec": "lz4", + } + } + }, + "GET": { + "config": { + "options": { + "sync": true + }, + "rdkafkaConf": { + "metadata.broker.list": "kafka:29092", + "queue.buffering.max.ms": 0, + "compression.codec": "lz4", + } + } + } + } + } + } +} \ No newline at end of file diff --git a/docker/grafana/provisioning/dashboards/dashboard-central-ledger-db.json b/docker/grafana/provisioning/dashboards/dashboard-central-ledger-db.json deleted file mode 100644 index c87603ca..00000000 --- a/docker/grafana/provisioning/dashboards/dashboard-central-ledger-db.json +++ /dev/null @@ -1,422 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "grafana", - "uid": "-- Grafana --" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "type": "dashboard" - } - ] - }, - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 5, - "links": [ - { - "asDropdown": false, - "icon": "external link", - "includeVars": false, - "keepTime": true, - "tags": [], - "targetBlank": true, - "title": "Image render", - "tooltip": "Image Render", - "type": "link", - "url": "/render/d/${__dashboard.uid}/${__dashboard}?height=1000&width=2000" - } - ], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 0 - }, - "id": 1, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.2", - "targets": [ - { - "dataset": "central_ledger", - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "editorMode": "code", - "format": "table", - "rawQuery": true, - "rawSql": "SELECT COUNT(t1.transferId) \nFROM central_ledger.transferStateChange t1 \nWHERE transferStateId = 'COMMITTED' \nAND createdDate between $__timeFrom() \nAND $__timeTo() AND t1.createdDate = (\n SELECT MAX(t2.createdDate)\n FROM central_ledger.transferStateChange t2\n WHERE t2.transferId = t1.transferId\n)\n ", - "refId": "A", - "sql": { - "columns": [ - { - "name": "COUNT", - "parameters": [ - { - "name": "transferStateId", - "type": "functionParameter" - } - ], - "type": "function" - } - ], - "groupBy": [ - { - "property": { - "name": "transferStateId", - "type": "string" - }, - "type": "groupBy" - } - ], - "limit": 50 - }, - "table": "transferStateChange" - } - ], - "title": "COMMITED State Changes In DB between time range", - "type": "stat" - }, - { - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 0 - }, - "id": 2, - "options": { - "colorMode": "value", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "10.0.2", - "targets": [ - { - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "editorMode": "code", - "format": "table", - "rawQuery": true, - "rawSql": "SELECT COUNT(transferId) FROM central_ledger.transferStateChange WHERE transferStateId != 'COMMITTED' AND createdDate between $__timeFrom() AND $__timeTo()", - "refId": "A", - "sql": { - "columns": [ - { - "parameters": [], - "type": "function" - } - ], - "groupBy": [ - { - "property": { - "type": "string" - }, - "type": "groupBy" - } - ], - "limit": 50 - } - } - ], - "title": "Transfer state changes excluding COMMITTED between time range", - "type": "stat" - }, - { - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 8 - }, - "id": 3, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "frameIndex": 1, - "showHeader": true - }, - "pluginVersion": "10.0.2", - "targets": [ - { - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "editorMode": "code", - "format": "table", - "hide": false, - "rawQuery": true, - "rawSql": "ANALYZE TABLE transfer;", - "refId": "A", - "sql": { - "columns": [ - { - "parameters": [], - "type": "function" - } - ], - "groupBy": [ - { - "property": { - "type": "string" - }, - "type": "groupBy" - } - ], - "limit": 50 - } - }, - { - "dataset": "performance_schema", - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "editorMode": "code", - "format": "table", - "rawQuery": true, - "rawSql": "SELECT table_schema \"DB Name\",\n ROUND(SUM(data_length + index_length) / 1024 / 1024, 1) \"DB Size in MB\" \nFROM information_schema.tables \nGROUP BY table_schema; ", - "refId": "B", - "sql": { - "columns": [ - { - "parameters": [], - "type": "function" - } - ], - "groupBy": [ - { - "property": { - "type": "string" - }, - "type": "groupBy" - } - ], - "limit": 50 - } - } - ], - "title": "Panel Title", - "type": "table" - }, - { - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "cellOptions": { - "type": "auto" - }, - "inspect": false - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 8 - }, - "id": 4, - "options": { - "cellHeight": "sm", - "footer": { - "countRows": false, - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "showHeader": true - }, - "pluginVersion": "10.0.2", - "targets": [ - { - "datasource": { - "type": "mysql", - "uid": "e6f1763f-dc6a-4521-8254-0dbe1515b837" - }, - "editorMode": "code", - "format": "table", - "rawQuery": true, - "rawSql": "SELECT COUNT(central_ledger.transfer.transferId), central_ledger.transferStateChange.transferStateId\nFROM central_ledger.transfer \nLEFT JOIN central_ledger.transferStateChange ON central_ledger.transfer.transferId=central_ledger.transferStateChange.transferId \nWHERE central_ledger.transferStateChange.transferStateChangeId IN (\n SELECT MAX(central_ledger.transferStateChange.transferStateChangeId)\n FROM central_ledger.transfer \n LEFT JOIN central_ledger.transferStateChange ON central_ledger.transfer.transferId=central_ledger.transferStateChange.transferId \n WHERE central_ledger.transferStateChange.createdDate between $__timeFrom() AND $__timeTo() \n GROUP BY central_ledger.transfer.transferId\n) \nGROUP BY central_ledger.transferStateChange.transferStateId", - "refId": "A", - "sql": { - "columns": [ - { - "parameters": [], - "type": "function" - } - ], - "groupBy": [ - { - "property": { - "type": "string" - }, - "type": "groupBy" - } - ], - "limit": 50 - } - } - ], - "title": "Last Transfer State Count", - "type": "table" - } - ], - "refresh": false, - "schemaVersion": 38, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, - "time": { - "from": "now-5m", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Central Ledger DB", - "uid": "d17cf1dd-8fbc-4841-a957-214387249f19", - "version": 1, - "weekStart": "" -} diff --git a/docker/grafana/provisioning/dashboards/dashboard-kafka.json b/docker/grafana/provisioning/dashboards/dependencies/dashboard-kafka.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-kafka.json rename to docker/grafana/provisioning/dashboards/dependencies/dashboard-kafka.json diff --git a/docker/grafana/provisioning/dashboards/dependencies/dashboard-mysql.json b/docker/grafana/provisioning/dashboards/dependencies/dashboard-mysql.json new file mode 100644 index 00000000..fc905874 --- /dev/null +++ b/docker/grafana/provisioning/dashboards/dependencies/dashboard-mysql.json @@ -0,0 +1,4463 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": false, + "iconColor": "#e0752d", + "limit": 100, + "name": "PMM Annotations", + "showIn": 0, + "tags": [ + "pmm_annotation" + ], + "type": "tags" + }, + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "#6ed0e0", + "limit": 100, + "name": "Annotations & Alerts", + "showIn": 0, + "tags": [], + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": 10, + "links": [ + { + "icon": "dashboard", + "includeVars": true, + "keepTime": true, + "tags": [ + "QAN" + ], + "targetBlank": false, + "title": "Query Analytics", + "type": "link", + "url": "/graph/dashboard/db/_pmm-query-analytics" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "OS" + ], + "targetBlank": false, + "title": "OS", + "type": "dashboards" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "MySQL" + ], + "targetBlank": false, + "title": "MySQL", + "type": "dashboards" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "MongoDB" + ], + "targetBlank": false, + "title": "MongoDB", + "type": "dashboards" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "PostgreSQL" + ], + "targetBlank": false, + "title": "PostgreSQL", + "type": "dashboards" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "HA" + ], + "targetBlank": false, + "title": "HA", + "type": "dashboards" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "Cloud" + ], + "targetBlank": false, + "title": "Cloud", + "type": "dashboards" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "Insight" + ], + "targetBlank": false, + "title": "Insight", + "type": "dashboards" + }, + { + "asDropdown": true, + "includeVars": true, + "keepTime": true, + "tags": [ + "PMM" + ], + "targetBlank": false, + "title": "PMM", + "type": "dashboards" + }, + { + "asDropdown": false, + "icon": "external link", + "includeVars": false, + "keepTime": true, + "tags": [], + "targetBlank": true, + "title": "Image render", + "tooltip": "Image Render", + "type": "link", + "url": "/render/d/${__dashboard.uid}/${__dashboard}?height=6500&width=2000" + } + ], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 382, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "description": "**MySQL Uptime**\n\nThe amount of time since the last restart of the MySQL server process.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 300 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 3600 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 6, + "x": 0, + "y": 1 + }, + "id": 12, + "interval": "$interval", + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "calculatedInterval": "10m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_uptime{instance=~\"$host\"}", + "format": "time_series", + "interval": "5m", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 300 + } + ], + "title": "MySQL Uptime", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "description": "**Current QPS**\n\nBased on the queries reported by MySQL's ``SHOW STATUS`` command, it is the number of statements executed by the server within the last second. This variable includes statements executed within stored programs, unlike the Questions variable. It does not count \n``COM_PING`` or ``COM_STATISTICS`` commands.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 35 + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 75 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 6, + "x": 6, + "y": 1 + }, + "id": 13, + "interval": "$interval", + "links": [ + { + "targetBlank": true, + "title": "MySQL Server Status Variables", + "url": "https://dev.mysql.com/doc/refman/5.7/en/server-status-variables.html#statvar_Queries" + } + ], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "calculatedInterval": "10m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_queries{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_queries{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 20 + } + ], + "title": "Current QPS", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "description": "**InnoDB Buffer Pool Size**\n\nInnoDB maintains a storage area called the buffer pool for caching data and indexes in memory. Knowing how the InnoDB buffer pool works, and taking advantage of it to keep frequently accessed data in memory, is one of the most important aspects of MySQL tuning. The goal is to keep the working set in memory. In most cases, this should be between 60%-90% of available memory on a dedicated database host, but depends on many factors.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 90 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 95 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 6, + "x": 12, + "y": 1 + }, + "id": 51, + "interval": "$interval", + "links": [ + { + "targetBlank": true, + "title": "Tuning the InnoDB Buffer Pool Size", + "url": "https://www.percona.com/blog/2015/06/02/80-ram-tune-innodb_buffer_pool_size/" + } + ], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "calculatedInterval": "10m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_variables_innodb_buffer_pool_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "5m", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 300 + } + ], + "title": "InnoDB Buffer Pool Size", + "type": "stat" + }, + { + "colorBackground": false, + "colorValue": true, + "colors": [ + "rgba(245, 54, 54, 0.9)", + "rgba(237, 129, 40, 0.89)", + "rgba(50, 172, 45, 0.97)" + ], + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 0, + "description": "**InnoDB Buffer Pool Size % of Total RAM**\n\nInnoDB maintains a storage area called the buffer pool for caching data and indexes in memory. Knowing how the InnoDB buffer pool works, and taking advantage of it to keep frequently accessed data in memory, is one of the most important aspects of MySQL tuning. The goal is to keep the working set in memory. In most cases, this should be between 60%-90% of available memory on a dedicated database host, but depends on many factors.", + "editable": true, + "error": false, + "format": "percent", + "gauge": { + "maxValue": 100, + "minValue": 0, + "show": false, + "thresholdLabels": false, + "thresholdMarkers": true + }, + "gridPos": { + "h": 2, + "w": 6, + "x": 18, + "y": 1 + }, + "height": "125px", + "id": 52, + "interval": "$interval", + "links": [ + { + "targetBlank": true, + "title": "Tuning the InnoDB Buffer Pool Size", + "url": "https://www.percona.com/blog/2015/06/02/80-ram-tune-innodb_buffer_pool_size/" + } + ], + "mappingType": 1, + "mappingTypes": [ + { + "name": "value to text", + "value": 1 + }, + { + "name": "range to text", + "value": 2 + } + ], + "maxDataPoints": 100, + "nullPointMode": "connected", + "postfix": "", + "postfixFontSize": "50%", + "prefix": "", + "prefixFontSize": "80%", + "rangeMaps": [ + { + "from": "null", + "text": "N/A", + "to": "null" + } + ], + "sparkline": { + "fillColor": "rgba(31, 118, 189, 0.18)", + "full": false, + "lineColor": "rgb(31, 120, 193)", + "maxValue": 100, + "minValue": 0, + "show": true + }, + "tableColumn": "", + "targets": [ + { + "calculatedInterval": "10m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "(mysql_global_variables_innodb_buffer_pool_size{instance=~\"$host\"} * 100) / on (instance) node_memory_MemTotal{instance=~\"$host\"}", + "format": "time_series", + "interval": "5m", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 300 + } + ], + "thresholds": "40,80", + "title": "Buffer Pool Size of Total RAM", + "type": "pmm-singlestat-panel", + "valueFontSize": "80%", + "valueMaps": [], + "valueName": "current" + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 3 + }, + "id": 383, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Connections", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 0, + "description": "**Max Connections** \n\nMax Connections is the maximum permitted number of simultaneous client connections. By default, this is 151. Increasing this value increases the number of file descriptors that mysqld requires. If the required number of descriptors are not available, the server reduces the value of Max Connections.\n\nmysqld actually permits Max Connections + 1 clients to connect. The extra connection is reserved for use by accounts that have the SUPER privilege, such as root.\n\nMax Used Connections is the maximum number of connections that have been in use simultaneously since the server started.\n\nConnections is the number of connection attempts (successful or not) to the MySQL server.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 4 + }, + "height": "250px", + "hiddenSeries": false, + "id": 92, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "MySQL Server System Variables", + "url": "https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_max_connections" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "Max Connections", + "fill": 0 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "max(max_over_time(mysql_global_status_threads_connected{instance=~\"$host\"}[$interval]) or mysql_global_status_threads_connected{instance=~\"$host\"} )", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Connections", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_max_used_connections{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Max Used Connections", + "metric": "", + "refId": "C", + "step": 20, + "target": "" + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_variables_max_connections{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Max Connections", + "metric": "", + "refId": "B", + "step": 20, + "target": "" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Connections", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Active Threads**\n\nThreads Connected is the number of open connections, while Threads Running is the number of threads not sleeping.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 4 + }, + "hiddenSeries": false, + "id": 10, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "Peak Threads Running", + "color": "#E24D42", + "lines": false, + "pointradius": 1, + "points": true + }, + { + "alias": "Peak Threads Connected", + "color": "#1F78C1" + }, + { + "alias": "Avg Threads Running", + "color": "#EAB839" + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "max_over_time(mysql_global_status_threads_connected{instance=~\"$host\"}[$interval]) or\nmax_over_time(mysql_global_status_threads_connected{instance=~\"$host\"}[5m])", + "format": "time_series", + "hide": false, + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Peak Threads Connected", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "max_over_time(mysql_global_status_threads_running{instance=~\"$host\"}[$interval]) or\nmax_over_time(mysql_global_status_threads_running{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Peak Threads Running", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "avg_over_time(mysql_global_status_threads_running{instance=~\"$host\"}[$interval]) or \navg_over_time(mysql_global_status_threads_running{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Avg Threads Running", + "refId": "C", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Client Thread Activity", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [ + "total" + ] + }, + "yaxes": [ + { + "format": "short", + "label": "Threads", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "min": 0, + "show": false + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 13 + }, + "id": 384, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Table Locks", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Questions**\n\nThe number of statements executed by the server. This includes only statements sent to the server by clients and not statements executed within stored programs, unlike the Queries used in the QPS calculation. \n\nThis variable does not count the following commands:\n* ``COM_PING``\n* ``COM_STATISTICS``\n* ``COM_STMT_PREPARE``\n* ``COM_STMT_CLOSE``\n* ``COM_STMT_RESET``", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 14 + }, + "hiddenSeries": false, + "id": 53, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "targetBlank": true, + "title": "MySQL Queries and Questions", + "url": "https://www.percona.com/blog/2014/05/29/how-mysql-queries-and-questions-are-measured/" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_questions{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_questions{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Questions", + "metric": "", + "refId": "A", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Questions", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Thread Cache**\n\nThe thread_cache_size variable sets how many threads the server should cache to reuse. When a client disconnects, the client's threads are put in the cache if the cache is not full. It is autosized in MySQL 5.6.8 and above (capped to 100). Requests for threads are satisfied by reusing threads taken from the cache if possible, and only when the cache is empty is a new thread created.\n\n* *Threads_created*: The number of threads created to handle connections.\n* *Threads_cached*: The number of threads in the thread cache.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 14 + }, + "hiddenSeries": false, + "id": 11, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "title": "Tuning information", + "url": "https://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_thread_cache_size" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "Threads Created", + "fill": 0 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_variables_thread_cache_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Thread Cache Size", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_threads_cached{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Threads Cached", + "metric": "", + "refId": "C", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_threads_created{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_threads_created{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Threads Created", + "metric": "", + "refId": "A", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Thread Cache", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 23 + }, + "id": 385, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Temporary Objects", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 24 + }, + "hiddenSeries": false, + "id": 22, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_created_tmp_tables{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_created_tmp_tables{instance=~\"$host\"}[5m])", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Created Tmp Tables", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_created_tmp_disk_tables{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_created_tmp_disk_tables{instance=~\"$host\"}[5m])", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Created Tmp Disk Tables", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_created_tmp_files{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_created_tmp_files{instance=~\"$host\"}[5m])", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Created Tmp Files", + "metric": "", + "refId": "C", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Temporary Objects", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Select Types**\n\nAs with most relational databases, selecting based on indexes is more efficient than scanning an entire table's data. Here we see the counters for selects not done with indexes.\n\n* ***Select Scan*** is how many queries caused full table scans, in which all the data in the table had to be read and either discarded or returned.\n* ***Select Range*** is how many queries used a range scan, which means MySQL scanned all rows in a given range.\n* ***Select Full Join*** is the number of joins that are not joined on an index, this is usually a huge performance hit.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 24 + }, + "height": "250px", + "hiddenSeries": false, + "id": 311, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideZero": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_select_full_join{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_select_full_join{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Select Full Join", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_select_full_range_join{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_select_full_range_join{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Select Full Range Join", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_select_range{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_select_range{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Select Range", + "metric": "", + "refId": "C", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_select_range_check{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_select_range_check{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Select Range Check", + "metric": "", + "refId": "D", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_select_scan{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_select_scan{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Select Scan", + "metric": "", + "refId": "E", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Select Types", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 386, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Sorts", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Sorts**\n\nDue to a query's structure, order, or other requirements, MySQL sorts the rows before returning them. For example, if a table is ordered 1 to 10 but you want the results reversed, MySQL then has to sort the rows to return 10 to 1.\n\nThis graph also shows when sorts had to scan a whole table or a given range of a table in order to return the results and which could not have been sorted via an index.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 34 + }, + "hiddenSeries": false, + "id": 30, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideZero": true, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_sort_rows{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_sort_rows{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Sort Rows", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_sort_range{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_sort_range{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Sort Range", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_sort_merge_passes{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_sort_merge_passes{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Sort Merge Passes", + "metric": "", + "refId": "C", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_sort_scan{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_sort_scan{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Sort Scan", + "metric": "", + "refId": "D", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Sorts", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Slow Queries**\n\nSlow queries are defined as queries being slower than the long_query_time setting. For example, if you have long_query_time set to 3, all queries that take longer than 3 seconds to complete will show on this graph.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 34 + }, + "hiddenSeries": false, + "id": 48, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_slow_queries{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_slow_queries{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Slow Queries", + "metric": "", + "refId": "A", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Slow Queries", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 387, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Aborted", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**Aborted Connections**\n\nWhen a given host connects to MySQL and the connection is interrupted in the middle (for example due to bad credentials), MySQL keeps that info in a system table (since 5.6 this table is exposed in performance_schema).\n\nIf the amount of failed requests without a successful connection reaches the value of max_connect_errors, mysqld assumes that something is wrong and blocks the host from further connection.\n\nTo allow connections from that host again, you need to issue the ``FLUSH HOSTS`` statement.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 42 + }, + "hiddenSeries": false, + "id": 47, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_aborted_connects{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_aborted_connects{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Aborted Connects (attempts)", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_aborted_clients{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_aborted_clients{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Aborted Clients (timeout)", + "metric": "", + "refId": "B", + "step": 20, + "target": "" + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Aborted Connections", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "cumulative" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "label": "", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "label": "", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**Table Locks**\n\nMySQL takes a number of different locks for varying reasons. In this graph we see how many Table level locks MySQL has requested from the storage engine. In the case of InnoDB, many times the locks could actually be row locks as it only takes table level locks in a few specific cases.\n\nIt is most useful to compare Locks Immediate and Locks Waited. If Locks waited is rising, it means you have lock contention. Otherwise, Locks Immediate rising and falling is normal activity.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 42 + }, + "hiddenSeries": false, + "id": 32, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_table_locks_immediate{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_locks_immediate{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Table Locks Immediate", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_table_locks_waited{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_locks_waited{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Table Locks Waited", + "metric": "", + "refId": "B", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Table Locks", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 49 + }, + "id": 388, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Network", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Network Traffic**\n\nHere we can see how much network traffic is generated by MySQL. Outbound is network traffic sent from MySQL and Inbound is network traffic MySQL has received.", + "editable": true, + "error": false, + "fill": 6, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 50 + }, + "hiddenSeries": false, + "id": 9, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_bytes_received{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_bytes_received{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Inbound", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_bytes_sent{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_bytes_sent{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Outbound", + "metric": "", + "refId": "B", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Network Traffic", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "Bps", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "none", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Network Usage Hourly**\n\nHere we can see how much network traffic is generated by MySQL per hour. You can use the bar graph to compare data sent by MySQL and data received by MySQL.", + "editable": true, + "error": false, + "fill": 6, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 50 + }, + "height": "250px", + "hiddenSeries": false, + "id": 381, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "increase(mysql_global_status_bytes_received{instance=~\"$host\"}[1h])", + "format": "time_series", + "interval": "1h", + "intervalFactor": 1, + "legendFormat": "Received", + "metric": "", + "refId": "A", + "step": 3600 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "increase(mysql_global_status_bytes_sent{instance=~\"$host\"}[1h])", + "format": "time_series", + "interval": "1h", + "intervalFactor": 1, + "legendFormat": "Sent", + "metric": "", + "refId": "B", + "step": 3600 + } + ], + "thresholds": [], + "timeFrom": "24h", + "timeRegions": [], + "title": "MySQL Network Usage Hourly", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "none", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 57 + }, + "id": 389, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Memory", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 0, + "description": "***System Memory***: Total Memory for the system.\\\n***InnoDB Buffer Pool Data***: InnoDB maintains a storage area called the buffer pool for caching data and indexes in memory.\\\n***TokuDB Cache Size***: Similar in function to the InnoDB Buffer Pool, TokuDB will allocate 50% of the installed RAM for its own cache.\\\n***Key Buffer Size***: Index blocks for MYISAM tables are buffered and are shared by all threads. key_buffer_size is the size of the buffer used for index blocks.\\\n***Adaptive Hash Index Size***: When InnoDB notices that some index values are being accessed very frequently, it builds a hash index for them in memory on top of B-Tree indexes.\\\n ***Query Cache Size***: The query cache stores the text of a SELECT statement together with the corresponding result that was sent to the client. The query cache has huge scalability problems in that only one thread can do an operation in the query cache at the same time.\\\n***InnoDB Dictionary Size***: The data dictionary is InnoDB ‘s internal catalog of tables. InnoDB stores the data dictionary on disk, and loads entries into memory while the server is running.\\\n***InnoDB Log Buffer Size***: The MySQL InnoDB log buffer allows transactions to run without having to write the log to disk before the transactions commit.", + "editable": true, + "error": false, + "fill": 6, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 58 + }, + "hiddenSeries": false, + "id": 50, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": true, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "title": "Detailed descriptions about metrics", + "url": "https://www.percona.com/doc/percona-monitoring-and-management/dashboard.mysql-overview.html#mysql-internal-memory-overview" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "System Memory", + "fill": 0, + "stack": false + } + ], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "node_memory_MemTotal{instance=~\"$host\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "System Memory", + "refId": "G", + "step": 4 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_status_innodb_page_size{instance=~\"$host\"} * on (instance) mysql_global_status_buffer_pool_pages{instance=~\"$host\",state=\"data\"}", + "format": "time_series", + "hide": false, + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "InnoDB Buffer Pool Data", + "refId": "A", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_variables_innodb_log_buffer_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "InnoDB Log Buffer Size", + "refId": "D", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_variables_innodb_additional_mem_pool_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 2, + "legendFormat": "InnoDB Additional Memory Pool Size", + "refId": "H", + "step": 40 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_status_innodb_mem_dictionary{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "InnoDB Dictionary Size", + "refId": "F", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_variables_key_buffer_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Key Buffer Size", + "refId": "B", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_variables_query_cache_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Query Cache Size", + "refId": "C", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_status_innodb_mem_adaptive_hash{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Adaptive Hash Index Size", + "refId": "E", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_variables_tokudb_cache_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "TokuDB Cache Size", + "refId": "I", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Internal Memory Overview", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "label": "", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 65 + }, + "id": 390, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Command, Handlers, Processes", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**Top Command Counters**\n\nThe Com_{{xxx}} statement counter variables indicate the number of times each xxx statement has been executed. There is one status variable for each type of statement. For example, Com_delete and Com_update count [``DELETE``](https://dev.mysql.com/doc/refman/5.7/en/delete.html) and [``UPDATE``](https://dev.mysql.com/doc/refman/5.7/en/update.html) statements, respectively. Com_delete_multi and Com_update_multi are similar but apply to [``DELETE``](https://dev.mysql.com/doc/refman/5.7/en/delete.html) and [``UPDATE``](https://dev.mysql.com/doc/refman/5.7/en/update.html) statements that use multiple-table syntax.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 66 + }, + "hiddenSeries": false, + "id": 14, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideEmpty": false, + "hideZero": false, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "title": "Server Status Variables (Com_xxx)", + "url": "https://dev.mysql.com/doc/refman/5.7/en/server-status-variables.html#statvar_Com_xxx" + } + ], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "topk(5, rate(mysql_global_status_commands_total{instance=~\"$host\"}[$interval])>0) or irate(mysql_global_status_commands_total{instance=~\"$host\"}[5m])>0", + "format": "time_series", + "hide": false, + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Com_{{ command }}", + "metric": "", + "refId": "B", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Top Command Counters", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**Top Command Counters Hourly**\n\nThe Com_{{xxx}} statement counter variables indicate the number of times each xxx statement has been executed. There is one status variable for each type of statement. For example, Com_delete and Com_update count [``DELETE``](https://dev.mysql.com/doc/refman/5.7/en/delete.html) and [``UPDATE``](https://dev.mysql.com/doc/refman/5.7/en/update.html) statements, respectively. Com_delete_multi and Com_update_multi are similar but apply to [``DELETE``](https://dev.mysql.com/doc/refman/5.7/en/delete.html) and [``UPDATE``](https://dev.mysql.com/doc/refman/5.7/en/update.html) statements that use multiple-table syntax.", + "editable": true, + "error": false, + "fill": 6, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 76 + }, + "hiddenSeries": false, + "id": 39, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 2, + "links": [ + { + "title": "Server Status Variables (Com_xxx)", + "url": "https://dev.mysql.com/doc/refman/5.7/en/server-status-variables.html#statvar_Com_xxx" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "topk(5, increase(mysql_global_status_commands_total{instance=~\"$host\"}[1h])>0)", + "format": "time_series", + "interval": "1h", + "intervalFactor": 1, + "legendFormat": "Com_{{ command }}", + "metric": "", + "refId": "A", + "step": 3600 + } + ], + "thresholds": [], + "timeFrom": "24h", + "timeRegions": [], + "title": "Top Command Counters Hourly", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Handlers**\n\nHandler statistics are internal statistics on how MySQL is selecting, updating, inserting, and modifying rows, tables, and indexes.\n\nThis is in fact the layer between the Storage Engine and MySQL.\n\n* `read_rnd_next` is incremented when the server performs a full table scan and this is a counter you don't really want to see with a high value.\n* `read_key` is incremented when a read is done with an index.\n* `read_next` is incremented when the storage engine is asked to 'read the next index entry'. A high value means a lot of index scans are being done.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 84 + }, + "hiddenSeries": false, + "id": 8, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_handlers_total{instance=~\"$host\", handler!~\"commit|rollback|savepoint.*|prepare\"}[$interval]) or irate(mysql_global_status_handlers_total{instance=~\"$host\", handler!~\"commit|rollback|savepoint.*|prepare\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "{{ handler }}", + "metric": "", + "refId": "J", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Handlers", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 92 + }, + "hiddenSeries": false, + "id": 28, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideZero": true, + "max": true, + "min": true, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_handlers_total{instance=~\"$host\", handler=~\"commit|rollback|savepoint.*|prepare\"}[$interval]) or irate(mysql_global_status_handlers_total{instance=~\"$host\", handler=~\"commit|rollback|savepoint.*|prepare\"}[5m])", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "{{ handler }}", + "metric": "", + "refId": "A", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Transaction Handlers", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "editable": true, + "error": false, + "fill": 0, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 99 + }, + "hiddenSeries": false, + "id": 40, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideZero": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null as zero", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_info_schema_threads{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "{{ state }}", + "metric": "", + "refId": "A", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "Process States", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": true, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "editable": true, + "error": false, + "fill": 6, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 106 + }, + "hiddenSeries": false, + "id": 49, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "hideZero": true, + "max": true, + "min": false, + "rightSide": true, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": false, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": true, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "topk(5, avg_over_time(mysql_info_schema_threads{instance=~\"$host\"}[1h]))", + "interval": "1h", + "intervalFactor": 1, + "legendFormat": "{{ state }}", + "metric": "", + "refId": "A", + "step": 3600 + } + ], + "thresholds": [], + "timeFrom": "24h", + "timeRegions": [], + "title": "Top Process States Hourly", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 113 + }, + "id": 391, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Query Cache", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Query Cache Memory**\n\nThe query cache has huge scalability problems in that only one thread can do an operation in the query cache at the same time. This serialization is true not only for SELECTs, but also for INSERT/UPDATE/DELETE.\n\nThis also means that the larger the `query_cache_size` is set to, the slower those operations become. In concurrent environments, the MySQL Query Cache quickly becomes a contention point, decreasing performance. MariaDB and AWS Aurora have done work to try and eliminate the query cache contention in their flavors of MySQL, while MySQL 8.0 has eliminated the query cache feature.\n\nThe recommended settings for most environments is to set:\n ``query_cache_type=0``\n ``query_cache_size=0``\n\nNote that while you can dynamically change these values, to completely remove the contention point you have to restart the database.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 114 + }, + "hiddenSeries": false, + "id": 46, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_qcache_free_memory{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Free Memory", + "metric": "", + "refId": "F", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_variables_query_cache_size{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Query Cache Size", + "metric": "", + "refId": "E", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Query Cache Memory", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "bytes", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Query Cache Activity**\n\nThe query cache has huge scalability problems in that only one thread can do an operation in the query cache at the same time. This serialization is true not only for SELECTs, but also for INSERT/UPDATE/DELETE.\n\nThis also means that the larger the `query_cache_size` is set to, the slower those operations become. In concurrent environments, the MySQL Query Cache quickly becomes a contention point, decreasing performance. MariaDB and AWS Aurora have done work to try and eliminate the query cache contention in their flavors of MySQL, while MySQL 8.0 has eliminated the query cache feature.\n\nThe recommended settings for most environments is to set:\n``query_cache_type=0``\n``query_cache_size=0``\n\nNote that while you can dynamically change these values, to completely remove the contention point you have to restart the database.", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 114 + }, + "height": "", + "hiddenSeries": false, + "id": 45, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_qcache_hits{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_qcache_hits{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Hits", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_qcache_inserts{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_qcache_inserts{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Inserts", + "metric": "", + "refId": "C", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_qcache_not_cached{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_qcache_not_cached{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Not Cached", + "metric": "", + "refId": "D", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_qcache_lowmem_prunes{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_qcache_lowmem_prunes{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Prunes", + "metric": "", + "refId": "F", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_qcache_queries_in_cache{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Queries in Cache", + "metric": "", + "refId": "E", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Query Cache Activity", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 121 + }, + "id": 392, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Files and Tables", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 122 + }, + "hiddenSeries": false, + "id": 43, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_opened_files{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_opened_files{instance=~\"$host\"}[5m])", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Openings", + "metric": "", + "refId": "A", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL File Openings", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 122 + }, + "hiddenSeries": false, + "id": 41, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_open_files{instance=~\"$host\"}", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Open Files", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_variables_open_files_limit{instance=~\"$host\"}", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Open Files Limit", + "metric": "", + "refId": "D", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "mysql_global_status_innodb_num_open_files{instance=~\"$host\"}", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "InnoDB Open Files", + "refId": "B", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Open Files", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 132 + }, + "id": 393, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "Table Openings", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Table Open Cache Status**\n\nThe recommendation is to set the `table_open_cache_instances` to a loose correlation to virtual CPUs, keeping in mind that more instances means the cache is split more times. If you have a cache set to 500 but it has 10 instances, each cache will only have 50 cached.\n\nThe `table_definition_cache` and `table_open_cache` can be left as default as they are auto-sized MySQL 5.6 and above (ie: do not set them to any value).", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 133 + }, + "hiddenSeries": false, + "id": 44, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "title": "Server Status Variables (table_open_cache)", + "url": "http://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_table_open_cache" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "Table Open Cache Hit Ratio", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "rate(mysql_global_status_opened_tables{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_opened_tables{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Openings", + "metric": "", + "refId": "A", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "rate(mysql_global_status_table_open_cache_hits{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_open_cache_hits{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Hits", + "refId": "B", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "rate(mysql_global_status_table_open_cache_misses{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_open_cache_misses{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Misses", + "refId": "C", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "rate(mysql_global_status_table_open_cache_overflows{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_open_cache_overflows{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Misses due to Overflows", + "refId": "D", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "(rate(mysql_global_status_table_open_cache_hits{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_open_cache_hits{instance=~\"$host\"}[5m]))/((rate(mysql_global_status_table_open_cache_hits{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_open_cache_hits{instance=~\"$host\"}[5m]))+(rate(mysql_global_status_table_open_cache_misses{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_table_open_cache_misses{instance=~\"$host\"}[5m])))", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Table Open Cache Hit Ratio", + "refId": "E", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Table Open Cache Status", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "$$hashKey": "object:141", + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "$$hashKey": "object:142", + "format": "percentunit", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Open Tables**\n\nThe recommendation is to set the `table_open_cache_instances` to a loose correlation to virtual CPUs, keeping in mind that more instances means the cache is split more times. If you have a cache set to 500 but it has 10 instances, each cache will only have 50 cached.\n\nThe `table_definition_cache` and `table_open_cache` can be left as default as they are auto-sized MySQL 5.6 and above (ie: do not set them to any value).", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 133 + }, + "hiddenSeries": false, + "id": 42, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "title": "Server Status Variables (table_open_cache)", + "url": "http://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_table_open_cache" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_open_tables{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Open Tables", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_variables_table_open_cache{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Table Open Cache", + "metric": "", + "refId": "C", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Open Tables", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + }, + { + "collapsed": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 145 + }, + "id": 394, + "panels": [], + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "refId": "A" + } + ], + "title": "MySQL Table Definition Cache", + "type": "row" + }, + { + "aliasColors": {}, + "bars": false, + "dashLength": 10, + "dashes": false, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "decimals": 2, + "description": "**MySQL Table Definition Cache**\n\nThe recommendation is to set the `table_open_cache_instances` to a loose correlation to virtual CPUs, keeping in mind that more instances means the cache is split more times. If you have a cache set to 500 but it has 10 instances, each cache will only have 50 cached.\n\nThe `table_definition_cache` and `table_open_cache` can be left as default as they are auto-sized MySQL 5.6 and above (ie: do not set them to any value).", + "editable": true, + "error": false, + "fill": 2, + "fillGradient": 0, + "grid": {}, + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 146 + }, + "hiddenSeries": false, + "id": 54, + "legend": { + "alignAsTable": true, + "avg": true, + "current": false, + "max": true, + "min": true, + "rightSide": false, + "show": true, + "sort": "avg", + "sortDesc": true, + "total": false, + "values": true + }, + "lines": true, + "linewidth": 2, + "links": [ + { + "title": "Server Status Variables (table_open_cache)", + "url": "http://dev.mysql.com/doc/refman/5.6/en/server-system-variables.html#sysvar_table_open_cache" + } + ], + "nullPointMode": "null", + "options": { + "alertThreshold": true + }, + "percentage": false, + "pluginVersion": "10.0.2", + "pointradius": 5, + "points": false, + "renderer": "flot", + "seriesOverrides": [ + { + "alias": "Opened Table Definitions", + "yaxis": 2 + } + ], + "spaceLength": 10, + "stack": false, + "steppedLine": false, + "targets": [ + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_status_open_table_definitions{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Open Table Definitions", + "metric": "", + "refId": "B", + "step": 20 + }, + { + "calculatedInterval": "2m", + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "datasourceErrors": {}, + "errors": {}, + "expr": "mysql_global_variables_table_definition_cache{instance=~\"$host\"}", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Table Definitions Cache Size", + "metric": "", + "refId": "C", + "step": 20 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "expr": "rate(mysql_global_status_opened_table_definitions{instance=~\"$host\"}[$interval]) or irate(mysql_global_status_opened_table_definitions{instance=~\"$host\"}[5m])", + "format": "time_series", + "interval": "$interval", + "intervalFactor": 1, + "legendFormat": "Opened Table Definitions", + "refId": "A", + "step": 20 + } + ], + "thresholds": [], + "timeRegions": [], + "title": "MySQL Table Definition Cache", + "tooltip": { + "msResolution": false, + "shared": true, + "sort": 0, + "value_type": "individual" + }, + "type": "graph", + "xaxis": { + "mode": "time", + "show": true, + "values": [] + }, + "yaxes": [ + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + }, + { + "format": "short", + "logBase": 1, + "min": 0, + "show": true + } + ], + "yaxis": { + "align": false + } + } + ], + "refresh": "10s", + "schemaVersion": 38, + "style": "dark", + "tags": [ + "Percona", + "MySQL" + ], + "templating": { + "list": [ + { + "allFormat": "glob", + "auto": true, + "auto_count": 200, + "auto_min": "1s", + "current": { + "selected": false, + "text": "auto", + "value": "$__auto_interval_interval" + }, + "datasource": "Prometheus", + "hide": 0, + "includeAll": false, + "label": "Interval", + "multi": false, + "multiFormat": "glob", + "name": "interval", + "options": [ + { + "selected": true, + "text": "auto", + "value": "$__auto_interval_interval" + }, + { + "selected": false, + "text": "1s", + "value": "1s" + }, + { + "selected": false, + "text": "5s", + "value": "5s" + }, + { + "selected": false, + "text": "1m", + "value": "1m" + }, + { + "selected": false, + "text": "5m", + "value": "5m" + }, + { + "selected": false, + "text": "1h", + "value": "1h" + }, + { + "selected": false, + "text": "6h", + "value": "6h" + }, + { + "selected": false, + "text": "1d", + "value": "1d" + } + ], + "query": "1s,5s,1m,5m,1h,6h,1d", + "refresh": 2, + "skipUrlSync": false, + "type": "interval" + }, + { + "allFormat": "glob", + "current": { + "selected": false, + "text": "mysqlexporter-cl:9104", + "value": "mysqlexporter-cl:9104" + }, + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "definition": "", + "hide": 0, + "includeAll": false, + "label": "Host", + "multi": false, + "multiFormat": "regex values", + "name": "host", + "options": [], + "query": "label_values(mysql_up, instance)", + "refresh": 2, + "refresh_on_load": false, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": { + "collapse": false, + "enable": true, + "hidden": false, + "notice": false, + "now": true, + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "status": "Stable", + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ], + "type": "timepicker" + }, + "timezone": "browser", + "title": "MySQL Overview", + "uid": "MQWgroiiz", + "version": 1, + "weekStart": "" +} diff --git a/docker/grafana/provisioning/dashboards/dashboard-node-monitoring.json b/docker/grafana/provisioning/dashboards/docker/dashboard-node-monitoring.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-node-monitoring.json rename to docker/grafana/provisioning/dashboards/docker/dashboard-node-monitoring.json diff --git a/docker/grafana/provisioning/dashboards/dashboard-k6-monitoring.json b/docker/grafana/provisioning/dashboards/k6/dashboard-k6-monitoring.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-k6-monitoring.json rename to docker/grafana/provisioning/dashboards/k6/dashboard-k6-monitoring.json diff --git a/docker/grafana/provisioning/dashboards/dashboard-NodeJSApplication.json b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-NodeJSApplication.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-NodeJSApplication.json rename to docker/grafana/provisioning/dashboards/mojaloop/dashboard-NodeJSApplication.json diff --git a/docker/grafana/provisioning/dashboards/dashboard-account-lookup-service.json b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-account-lookup-service.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-account-lookup-service.json rename to docker/grafana/provisioning/dashboards/mojaloop/dashboard-account-lookup-service.json diff --git a/docker/grafana/provisioning/dashboards/dashboard-mysql.json b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-central-ledger-db.json similarity index 98% rename from docker/grafana/provisioning/dashboards/dashboard-mysql.json rename to docker/grafana/provisioning/dashboards/mojaloop/dashboard-central-ledger-db.json index 4ff6532c..957d3a7d 100644 --- a/docker/grafana/provisioning/dashboards/dashboard-mysql.json +++ b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-central-ledger-db.json @@ -18,7 +18,7 @@ "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 14, + "id": 10, "links": [ { "asDropdown": false, @@ -247,7 +247,7 @@ ], "show": false }, - "frameIndex": 2, + "frameIndex": 3, "showHeader": true }, "pluginVersion": "10.0.2", @@ -616,7 +616,7 @@ "type": "stat" } ], - "refresh": false, + "refresh": "", "schemaVersion": 38, "style": "dark", "tags": [], @@ -624,13 +624,13 @@ "list": [] }, "time": { - "from": "2023-10-05T02:05:23.353Z", - "to": "2023-10-05T02:09:31.114Z" + "from": "now-5m", + "to": "now" }, "timepicker": {}, "timezone": "", - "title": "Central Ledger DB-", + "title": "Central Ledger DB", "uid": "d17cf1dd-8fbc-4841-a957-214387249f18", - "version": 2, + "version": 1, "weekStart": "" } diff --git a/docker/grafana/provisioning/dashboards/dashboard-central-services-characterization.json b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-central-services-characterization.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-central-services-characterization.json rename to docker/grafana/provisioning/dashboards/mojaloop/dashboard-central-services-characterization.json diff --git a/docker/grafana/provisioning/dashboards/dashboard-central-services.json b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-central-services.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-central-services.json rename to docker/grafana/provisioning/dashboards/mojaloop/dashboard-central-services.json diff --git a/docker/grafana/provisioning/dashboards/dashboard-ml-adapter.json b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-ml-adapter.json similarity index 100% rename from docker/grafana/provisioning/dashboards/dashboard-ml-adapter.json rename to docker/grafana/provisioning/dashboards/mojaloop/dashboard-ml-adapter.json diff --git a/docker/grafana/provisioning/dashboards/dashboard-quoting-service.json b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-quoting-service.json similarity index 83% rename from docker/grafana/provisioning/dashboards/dashboard-quoting-service.json rename to docker/grafana/provisioning/dashboards/mojaloop/dashboard-quoting-service.json index 251d4dba..4cc262f9 100644 --- a/docker/grafana/provisioning/dashboards/dashboard-quoting-service.json +++ b/docker/grafana/provisioning/dashboards/mojaloop/dashboard-quoting-service.json @@ -1,4 +1,47 @@ { + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "panel", + "id": "gauge", + "name": "Gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.2.3" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], "annotations": { "list": [ { @@ -18,7 +61,7 @@ "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 12, + "id": null, "links": [ { "asDropdown": false, @@ -43,6 +86,166 @@ "x": 0, "y": 0 }, + "id": 62, + "panels": [], + "title": "Database Cache Hits", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsZero", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byValue", + "options": { + "op": "gte", + "reducer": "allIsNull", + "value": 0 + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": true, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 13, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 61, + "links": [], + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max", + "min" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "10.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(moja_qs_database_get_cache_value_count[$__rate_interval])) by (queryName, hit) ", + "hide": false, + "legendFormat": "{{queryName}}-{{hit}}", + "range": true, + "refId": "D" + } + ], + "title": "Models - Cache Hits (True vs False)", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 14 + }, "id": 59, "panels": [], "title": "Quote Resource Metric Totals", @@ -51,7 +254,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -88,7 +291,7 @@ "h": 3, "w": 5, "x": 1, - "y": 1 + "y": 15 }, "id": 17, "interval": "1s", @@ -105,14 +308,15 @@ "values": false }, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.2", + "pluginVersion": "10.2.3", "targets": [ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "exemplar": false, @@ -149,7 +353,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -186,7 +390,7 @@ "h": 3, "w": 6, "x": 6, - "y": 1 + "y": 15 }, "id": 26, "interval": "1s", @@ -203,14 +407,15 @@ "values": false }, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.2", + "pluginVersion": "10.2.3", "targets": [ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "exemplar": false, @@ -247,7 +452,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -284,7 +489,7 @@ "h": 3, "w": 5, "x": 12, - "y": 1 + "y": 15 }, "id": 31, "interval": "1s", @@ -301,14 +506,15 @@ "values": false }, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.2", + "pluginVersion": "10.2.3", "targets": [ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(moja_qs_quotes_id_put_error_count)", @@ -341,7 +547,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -378,7 +584,7 @@ "h": 3, "w": 5, "x": 17, - "y": 1 + "y": 15 }, "id": 60, "interval": "1s", @@ -395,14 +601,15 @@ "values": false }, "text": {}, - "textMode": "auto" + "textMode": "auto", + "wideLayout": true }, - "pluginVersion": "10.0.2", + "pluginVersion": "10.2.3", "targets": [ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(moja_qs_quotes_post_count)", @@ -438,7 +645,7 @@ "h": 1, "w": 24, "x": 0, - "y": 4 + "y": 18 }, "id": 9, "panels": [], @@ -448,7 +655,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -456,6 +663,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -469,6 +677,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -507,7 +716,7 @@ "h": 8, "w": 12, "x": 0, - "y": 5 + "y": 19 }, "id": 1, "options": { @@ -533,7 +742,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "avg(rate(moja_qs_quotes_post_sum[$__rate_interval]) / rate(moja_qs_quotes_post_count[$__rate_interval]) >=0) by (success)", @@ -545,7 +754,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "avg(rate(moja_qs_quotes_id_put_sum[$__rate_interval]) / rate(moja_qs_quotes_id_put_count[$__rate_interval]) >=0) by (success)", @@ -558,7 +767,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "avg(rate(moja_qs_quotes_id_get_sum[$__rate_interval]) / rate(moja_qs_quotes_id_get_count[$__rate_interval]) >=0) by (success)", @@ -571,7 +780,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "avg(rate(moja_qs_quotes_id_put_error_sum[$__rate_interval]) / rate(moja_qs_quotes_id_put_error_count[$__rate_interval]) >=0) by (success)", @@ -588,7 +797,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -596,6 +805,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -609,6 +819,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -647,7 +858,7 @@ "h": 8, "w": 12, "x": 12, - "y": 5 + "y": 19 }, "id": 2, "options": { @@ -673,7 +884,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(rate(moja_qs_quotes_id_put_error_count[$__rate_interval])) by (success)", @@ -686,7 +897,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(rate(moja_qs_quotes_id_get_count[$__rate_interval])) by (success)", @@ -699,7 +910,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(rate(moja_qs_quotes_id_put_count[$__rate_interval])) by (success)", @@ -712,7 +923,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(rate(moja_qs_quotes_post_count[$__rate_interval])) by (success)", @@ -729,7 +940,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -737,6 +948,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -750,6 +962,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -788,7 +1001,7 @@ "h": 13, "w": 24, "x": 0, - "y": 13 + "y": 27 }, "id": 5, "options": { @@ -814,7 +1027,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "exemplar": false, @@ -832,7 +1045,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -840,6 +1053,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -853,13 +1067,14 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, - "showPoints": "auto", + "showPoints": "always", "spanNulls": false, "stacking": { "group": "A", @@ -888,10 +1103,10 @@ "overrides": [] }, "gridPos": { - "h": 12, + "h": 16, "w": 24, "x": 0, - "y": 26 + "y": 40 }, "id": 6, "options": { @@ -917,7 +1132,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(rate(moja_qs_model_quote_count[$__rate_interval])) by (success, queryName)", @@ -937,7 +1152,7 @@ "h": 1, "w": 24, "x": 0, - "y": 38 + "y": 56 }, "id": 25, "panels": [], @@ -947,7 +1162,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "description": "QS Total CPU Usage", "fieldConfig": { @@ -993,12 +1208,14 @@ "h": 3, "w": 4, "x": 0, - "y": 39 + "y": 57 }, "id": 24, "links": [], "maxDataPoints": 100, "options": { + "minVizHeight": 200, + "minVizWidth": 200, "orientation": "horizontal", "reduceOptions": { "calcs": [ @@ -1008,14 +1225,15 @@ "values": false }, "showThresholdLabels": false, - "showThresholdMarkers": true + "showThresholdMarkers": true, + "sizing": "auto" }, - "pluginVersion": "10.0.2", + "pluginVersion": "10.2.3", "targets": [ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum (irate (container_cpu_usage_seconds_total{pod_name=~'.*quoting-service.*'}[2m])) * 100", @@ -1028,7 +1246,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(irate (container_cpu_usage_seconds_total{pod_name=~'.*quoting-service.*'}[2m]))", @@ -1045,7 +1263,7 @@ "h": 1, "w": 24, "x": 0, - "y": 42 + "y": 60 }, "id": 21, "panels": [], @@ -1055,7 +1273,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -1063,6 +1281,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -1076,6 +1295,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1115,7 +1335,7 @@ "h": 8, "w": 24, "x": 0, - "y": 43 + "y": 61 }, "id": 22, "options": { @@ -1142,7 +1362,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "moja_qs_nodejs_heap_size_total_bytes{serviceName=~\"quoting-service.*\"}", @@ -1153,7 +1373,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "moja_qs_nodejs_heap_size_used_bytes{serviceName=~\"quoting-service.*\"}", @@ -1164,7 +1384,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "moja_qs_nodejs_external_memory_bytes{serviceName=~\"quoting-service.*\"}", @@ -1179,7 +1399,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "description": "QS - CPU Usage in Seconds by Pod", "fieldConfig": { @@ -1188,6 +1408,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -1201,6 +1422,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1240,7 +1462,7 @@ "h": 7, "w": 24, "x": 0, - "y": 51 + "y": 69 }, "id": 23, "links": [], @@ -1265,7 +1487,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum (rate (moja_qs_process_cpu_seconds_total{serviceName=~\"account-lookup.*\"}[2m])) by (kubernetes_pod_name)", @@ -1279,7 +1501,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(\n rate(container_cpu_usage_seconds_total{pod_name=~'.*account-lookup.*'}[2m]))\nby (pod_name)", @@ -1293,7 +1515,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "sum(rate(container_cpu_usage_seconds_total{pod_name=~'.*account-lookup.*'}[2m]))", @@ -1307,7 +1529,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "rate(moja_qs_process_cpu_seconds_total{serviceName=~\"account-lookup.*\"}[30s]) * 100", @@ -1325,7 +1547,7 @@ "h": 1, "w": 24, "x": 0, - "y": 58 + "y": 76 }, "id": 18, "panels": [], @@ -1335,7 +1557,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -1343,6 +1565,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -1356,6 +1579,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1396,7 +1620,7 @@ "h": 4, "w": 24, "x": 0, - "y": 59 + "y": 77 }, "id": 19, "links": [], @@ -1419,7 +1643,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "kube_deployment_spec_replicas{deployment=~\".*quoting-service.*\"}", @@ -1437,7 +1661,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "fieldConfig": { "defaults": { @@ -1445,6 +1669,7 @@ "mode": "palette-classic" }, "custom": { + "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", @@ -1458,6 +1683,7 @@ "tooltip": false, "viz": false }, + "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, @@ -1497,7 +1723,7 @@ "h": 7, "w": 24, "x": 0, - "y": 63 + "y": 81 }, "id": 20, "links": [], @@ -1518,7 +1744,7 @@ { "datasource": { "type": "prometheus", - "uid": "PBFA97CFB590B2093" + "uid": "${DS_PROMETHEUS}" }, "editorMode": "code", "expr": "avg(moja_qs_nodejs_eventloop_lag_seconds{serviceName=~\"quoting-service.*\"}) by (app)", @@ -1533,15 +1759,14 @@ "type": "timeseries" } ], - "refresh": "5s", - "schemaVersion": 38, - "style": "dark", + "refresh": "", + "schemaVersion": 39, "tags": [], "templating": { "list": [] }, "time": { - "from": "now-5m", + "from": "now-30m", "to": "now" }, "timepicker": {}, diff --git a/docker/grafana/provisioning/dashboards/Supporting Services - Callback Hander Service-1689261777383.json b/docker/grafana/provisioning/dashboards/simulators/Supporting Services - Callback Hander Service-1689261777383.json similarity index 100% rename from docker/grafana/provisioning/dashboards/Supporting Services - Callback Hander Service-1689261777383.json rename to docker/grafana/provisioning/dashboards/simulators/Supporting Services - Callback Hander Service-1689261777383.json diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/hub_setup.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/hub_setup.json index 6c7474f1..a5d91e5f 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/hub_setup.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/hub_setup.json @@ -699,4 +699,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp1.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp1.json index 1651f1cb..f11a2551 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp1.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp1.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp2.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp2.json index eff7d172..d211102b 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp2.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp2.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp3.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp3.json index 5738585f..70395bb6 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp3.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp3.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp4.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp4.json index 9f39767d..cf805ab6 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp4.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp4.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp5.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp5.json index b8ce73bc..9ff4874c 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp5.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp5.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp6.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp6.json index 50579855..b17aa037 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp6.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp6.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp7.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp7.json index 7e2f6ab7..ba657d85 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp7.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp7.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp8.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp8.json index 6c266914..fa37d212 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp8.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_perffsp8.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ @@ -1469,7 +1469,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_sender.json b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_sender.json index 6af8df3a..145cef75 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_sender.json +++ b/docker/ml-testing-toolkit/test-cases/collections/provisioning/participant_sender.json @@ -1304,7 +1304,7 @@ } ] }, - "delay": "500", + "delay": "2500", "scripts": { "postRequest": { "exec": [ diff --git a/docker/ml-testing-toolkit/test-cases/collections/tests/p2p.json b/docker/ml-testing-toolkit/test-cases/collections/tests/p2p.json index 25b2ccbd..96495f59 100644 --- a/docker/ml-testing-toolkit/test-cases/collections/tests/p2p.json +++ b/docker/ml-testing-toolkit/test-cases/collections/tests/p2p.json @@ -44,8 +44,7 @@ "fspId": "{$inputs.toFspId}", "currency": "{$inputs.currency}" }, - "url": "{$inputs.HOST_ACCOUNT_LOOKUP_SERVICE}", - "ignoreCallbacks": true + "url": "{$inputs.HOST_ACCOUNT_LOOKUP_SERVICE}" }, { "id": 3, @@ -433,4 +432,4 @@ ] } ] -} \ No newline at end of file +} diff --git a/docker/ml-testing-toolkit/test-cases/environments/perf-e2e-env.json b/docker/ml-testing-toolkit/test-cases/environments/perf-e2e-env.json new file mode 100644 index 00000000..2c03e8ca --- /dev/null +++ b/docker/ml-testing-toolkit/test-cases/environments/perf-e2e-env.json @@ -0,0 +1,75 @@ +{ + "inputValues": { + "CALLBACK_ENDPOINT_BASE_URL": "http://mojaloop-testing-toolkit:4040", + "HOST_ACCOUNT_LOOKUP_ADMIN": "http://account-lookup-service:4001", + "HOST_ACCOUNT_LOOKUP_SERVICE": "http://account-lookup-service:4002", + "HOST_CENTRAL_LEDGER": "http://central-ledger:3001", + "HOST_ML_API_ADAPTER": "http://ml-api-adapter:3000", + "HOST_QUOTING_SERVICE": "http://quoting-service:3002", + "HOST_SIMULATOR": "http://callback-handler-svc-oracle-sim:3001", + "ENABLE_WS_ASSERTIONS": true, + "WS_ASSERTION_TIMEOUT": 5000, + "accept": "application/vnd.interoperability.parties+json;version=1.0", + "acceptParticipants": "application/vnd.interoperability.participants+json;version=1.0", + "acceptQuotes": "application/vnd.interoperability.quotes+json;version=1.0", + "acceptTransfers": "application/vnd.interoperability.transfers+json;version=1.0", + "amount": "100", + "condition": "n2cwS3w4ekGlvNYoXg2uBAqssu3FCoXjADE2mziU5jU", + "contentType": "application/vnd.interoperability.parties+json;version=1.0", + "contentTypeParticipants": "application/vnd.interoperability.participants+json;version=1.0", + "contentTypeQuotes": "application/vnd.interoperability.quotes+json;version=1.0", + "currency": "USD", + "currency2": "BGN", + "cgscurrency": "INR", + "fromDOB": "1984-01-01", + "fromFirstName": "Firstname-Test", + "fromFspId": "pinkbankfsp", + "fromIdType": "MSISDN", + "fromIdValue": "44123456789", + "fromLastName": "Lastname-Test", + "hubEmail": "some.email@gmail.com", + "hub_operator": "NOT_APPLICABLE", + "ilpPacket": "AYIDBQAAAAAAACcQJGcucGF5ZWVmc3AubXNpc2RuLnt7cmVjZWl2ZXJtc2lzZG59fYIC1GV5SjBjbUZ1YzJGamRHbHZia2xrSWpvaVptVXhNREU0Wm1NdE1EaGxZeTAwWWpJM0xUbGpZalF0TnpjMk9URTFNR00zT1dKaklpd2ljWFZ2ZEdWSlpDSTZJbVpsTVRBeE9HWmpMVEE0WldNdE5HSXlOeTA1WTJJMExUYzNOamt4TlRCak56bGlZeUlzSW5CaGVXVmxJanA3SW5CaGNuUjVTV1JKYm1adklqcDdJbkJoY25SNVNXUlVlWEJsSWpvaVRWTkpVMFJPSWl3aWNHRnlkSGxKWkdWdWRHbG1hV1Z5SWpvaWUzdHlaV05sYVhabGNrMVRTVk5FVG4xOUlpd2labk53U1dRaU9pSndZWGxsWldaemNDSjlmU3dpY0dGNVpYSWlPbnNpY0dGeWRIbEpaRWx1Wm04aU9uc2ljR0Z5ZEhsSlpGUjVjR1VpT2lKTlUwbFRSRTRpTENKd1lYSjBlVWxrWlc1MGFXWnBaWElpT2lJeU56Y3hNemd3TXprd05TSXNJbVp6Y0Vsa0lqb2ljR0Y1WlhKbWMzQWlmU3dpY0dWeWMyOXVZV3hKYm1adklqcDdJbU52YlhCc1pYaE9ZVzFsSWpwN0ltWnBjbk4wVG1GdFpTSTZJazFoZEhNaUxDSnNZWE4wVG1GdFpTSTZJa2hoWjIxaGJpSjlMQ0prWVhSbFQyWkNhWEowYUNJNklqRTVPRE10TVRBdE1qVWlmWDBzSW1GdGIzVnVkQ0k2ZXlKaGJXOTFiblFpT2lJeE1EQWlMQ0pqZFhKeVpXNWplU0k2SWxWVFJDSjlMQ0owY21GdWMyRmpkR2x2YmxSNWNHVWlPbnNpYzJObGJtRnlhVzhpT2lKVVVrRk9VMFpGVWlJc0ltbHVhWFJwWVhSdmNpSTZJbEJCV1VWU0lpd2lhVzVwZEdsaGRHOXlWSGx3WlNJNklrTlBUbE5WVFVWU0luMTkA", + "note": "test", + "payeefsp": "greenbankfsp", + "payerfsp": "pinkbankfsp", + "toFspId": "greenbankfsp", + "toIdType": "MSISDN", + "toIdValue": "27713803912", + "mobileSimPayerFsp": "pinkbankfsp", + "mobileSimPayeeFsp": "greenbankfsp", + "expectedPartiesVersion": "1.0", + "expectedParticipantsVersion": "1.0", + "expectedQuotesVersion": "1.0", + "expectedTransfersVersion": "1.0", + "acceptParties": "application/vnd.interoperability.parties+json;version=1.1", + "contentTypeTransfers": "application/vnd.interoperability.transfers+json;version=1.1", + "contentTypeParties": "application/vnd.interoperability.parties+json;version=1.1", + "NET_DEBIT_CAP": "50000000", + "PERF_FSP1_ID": "perffsp1", + "PERF_FSP2_ID": "perffsp2", + "PERF_FSP3_ID": "perffsp3", + "PERF_FSP4_ID": "perffsp4", + "PERF_FSP5_ID": "perffsp5", + "PERF_FSP6_ID": "perffsp6", + "PERF_FSP7_ID": "perffsp7", + "PERF_FSP8_ID": "perffsp8", + "PERF_FSP1_MSISDN": "19012345001", + "PERF_FSP2_MSISDN": "19012345002", + "PERF_FSP3_MSISDN": "19012345003", + "PERF_FSP4_MSISDN": "19012345004", + "PERF_FSP5_MSISDN": "19012345005", + "PERF_FSP6_MSISDN": "19012345006", + "PERF_FSP7_MSISDN": "19012345007", + "PERF_FSP8_MSISDN": "19012345008", + "PERF_FSP1_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp1:3001/fspiop", + "PERF_FSP2_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp2:3001/fspiop", + "PERF_FSP3_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp3:3001/fspiop", + "PERF_FSP4_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp4:3001/fspiop", + "PERF_FSP5_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp5:3001/fspiop", + "PERF_FSP6_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp6:3001/fspiop", + "PERF_FSP7_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp7:3001/fspiop", + "PERF_FSP8_CALLBACK_ENDPOINT_BASE_URL": "http://sim-perffsp8:3001/fspiop", + "PERF_ORACLE_ENDPOINT_BASE_URL": "http://callback-handler-svc-oracle-sim:3001/oracle" + } +} diff --git a/docker/prometheus/prometheus.yml b/docker/prometheus/prometheus.yml index 986cfacb..a01928db 100644 --- a/docker/prometheus/prometheus.yml +++ b/docker/prometheus/prometheus.yml @@ -112,6 +112,12 @@ scrape_configs: 'ml-core-quoting-service-2:3002', 'ml-core-quoting-service-3:3002', 'ml-core-quoting-service-4:3002', + 'ml-core-quoting-service-5:3002', + 'ml-core-quoting-service-6:3002', + 'ml-core-quoting-service-7:3002', + 'ml-core-quoting-service-8:3002', + 'ml-core-quoting-service-9:3002', + 'ml-core-quoting-service-10:3002', # 'central-handler-get:3001', ] @@ -131,8 +137,12 @@ scrape_configs: 'sim-perffsp6:3001', 'sim-perffsp7:3001', 'sim-perffsp8:3001', + 'sim-fspiop:3001', 'callback-handler-svc-oracle-sim:3001', - 'callback-handler-svc-cl-sim:3001', + 'ml-core-callback-handler-svc-cl-sim-1:3001', + 'ml-core-callback-handler-svc-cl-sim-2:3001', + 'ml-core-callback-handler-svc-cl-sim-3:3001', + 'ml-core-callback-handler-svc-cl-sim-4:3001', 'mysqlexporter-als:9104', 'mysqlexporter-cl:9104', 'kafka-exporter:9308', diff --git a/docker/security/payee/jws/keygen.sh b/docker/security/payee/jws/keygen.sh new file mode 100644 index 00000000..1d99acaa --- /dev/null +++ b/docker/security/payee/jws/keygen.sh @@ -0,0 +1,2 @@ +openssl genrsa -out privatekey.pem 2048 +openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825 -subj "/CN=fspiopsimpayee/C=US/ST=Ohio/L=Columbus/O=User/OU=Testing" diff --git a/docker/security/payee/jws/privatekey.pem b/docker/security/payee/jws/privatekey.pem new file mode 100644 index 00000000..e2032473 --- /dev/null +++ b/docker/security/payee/jws/privatekey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDEUZLuN584blSb +M6KGpK+36rJsAw+jz8y5hcRh8EvU7lBnam39a/dAx/If8LqttMAqGfx+pNx164PR +CJpmdm/FcffA0XHyrmN+K76tRev4q/O80s8qLmLpxTh2P6L9unMEtKyl9bBeuwV5 +PnwZ+cJHzy9wMUCpXouWGRK09csYqavGYNqV/zai/4earpi5HR8MJgTRnNXHHHJw +6Xo8lsA6Tu/6ELOa0QDXuOeb6gWUDmynewuqsLhZgurF/EPrbAebRgXzLZVeGcDg +i0jz0kfpNdqZ45AOWq6L1p5xWYvHJUE05KKkTMnUt7E1RzwzkU24W0smmrBqG5S7 +UJB1772NAgMBAAECggEAA7F1kXXj0NF072iExBvg0sjSnqj3rqeJnLhEZ51E9LzS +ljRD3Nke0Sd4MBtv8s84/QtfgYudB1QTakExrZmVZII03K1A0GwK1h3njxkgi9CP +gmIq4IqRdMyV6wkrPUyFJM9rUg6+e/TwioV46ACXvZCxvhGtiDvAzEv52wRAU/a3 +GABg9gEmTqzQQPihiBHO1GV3GSflGQGRtoRpDmEFZd4ef4nTO9h+df8LZiIxFdS5 +3Sh/YfFjhjTJIOgi1x5y8jx7aIOQel5DGL6rdkbNyq7TO7mU+2dapmrjQ6EBdL2J +0+977J8hkzUagGw7PONwTx7FK2pvjO+PQrcvzB/uNwKBgQD4y0mLIcC+JizciThi +mL38xW5K/QYcdVqrJjzTYxPVhU4/d8xp5zcA+qPbbCzGFX7lYhm0LvvDcUz032nV +oun6kiSdwwFYIRvvtHVa3SdL0V7k5xOUf1k/MPRw76uM4vYmfsF96tDgsxCNjzrF +UoiUXwkfPq/oJTc9gVIptDOTywKBgQDKATOOqdAmFzhYA+KetwGyIPLs4oXaNZuW +5L0k2R8hLGnIj/yoXvYmIj8DQzJ1CkeU/9QjQNNx8wGLfImOBSGBW+PftPbwh3Fq ++Fk+5IJQhcLWBd2Plqj4DPgLzZQbJENVymaH+by8mvX/ze34XAuRuAe2t26UKEGX +xDCAmwu5BwKBgBJ82Lw0B+SZZaAFumDpRMTxzt5XqwqWVeR99OsoY6LsQwJIXrJH +8jhqZ564jSMzGbjl708KZr8BPly79Vtgvc5W6c2nXgQ0gaTwXgAgivkBV/Hekf/o +7rLZanCx/qd7fhsiNDKtLlRkOgiq6g0bsvaDkWP2/o9bpJ03bOmYcHS9AoGBALsk +T8psYczYGDfaKZnWe3i187gnx8+3eFRbxysbBy7pgXrwgibOCwabFXuFRnqNsnFE +bRjX1swrUBQUpS7wa/D2226FrXx6TkXGnI+ajWvh7/Xtayy6bAGZqjbtFrfqaYNS +RpjUcdjdSufYtQ0w4Pr33hWVbJlPjiz28eRDP6IDAoGBALyLXPp0t4AnR1LQlPiH +4ZXoM01Rq7AnonPEU6TmHgcjpdlOLObzZxICHN6XRrI9OVMBCfrAOpJjXHPei1aL +pfgn7auWbix2zpIGnDW+vXwd3NnD1YYiafxpC/JmZnv04x6Idsv3tTrNxjmluorz +zUxhZDWwyPNTjTjsumYx6Q1A +-----END PRIVATE KEY----- diff --git a/docker/security/payee/jws/publickey.cer b/docker/security/payee/jws/publickey.cer new file mode 100644 index 00000000..90c2e9f5 --- /dev/null +++ b/docker/security/payee/jws/publickey.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUIw60tmOgWtsoMuwSiCWhFAbgYQgwDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZWUxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjdaFw0yOTAyMTIwMjAzMjdaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVlMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEUZLuN584 +blSbM6KGpK+36rJsAw+jz8y5hcRh8EvU7lBnam39a/dAx/If8LqttMAqGfx+pNx1 +64PRCJpmdm/FcffA0XHyrmN+K76tRev4q/O80s8qLmLpxTh2P6L9unMEtKyl9bBe +uwV5PnwZ+cJHzy9wMUCpXouWGRK09csYqavGYNqV/zai/4earpi5HR8MJgTRnNXH +HHJw6Xo8lsA6Tu/6ELOa0QDXuOeb6gWUDmynewuqsLhZgurF/EPrbAebRgXzLZVe +GcDgi0jz0kfpNdqZ45AOWq6L1p5xWYvHJUE05KKkTMnUt7E1RzwzkU24W0smmrBq +G5S7UJB1772NAgMBAAGjUzBRMB0GA1UdDgQWBBQWsU9P5kdFZxLL1WU26BglFshR +HjAfBgNVHSMEGDAWgBQWsU9P5kdFZxLL1WU26BglFshRHjAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQALkRuzIU+FeKn0qg1xE16JRUbMktI7LcCc +vzg1E3kXUoZ7GsTfhySeAcmibvssPQPXrRx/pKwfgoR2O/v9++DumxPRff4UEWF2 +hS2WKOJu2ychQhn5H7cu9Jc7g1QTgLQJlvLR+8IZprC+xOEiaz19xvEW2aMWbE2W +Gr9S2WSxZA0aWOcq1imvVa27h+i8t51He0fwzfguH3+jz3pkkS+6vVwRl5JXke5a +/ufUzIeaRRbcVRnytlwNdgLQBKdwTEJWXFHhd9wMxTjRLa7TdA8et+VLdWF+WKai +GTCIYsiYqM0V5fSwobeH5zKT7DvDDDS5hs5OfkXs6be8vARZxn7b +-----END CERTIFICATE----- diff --git a/docker/security/payee/jws/verification_keys/fspiopsimpayer.pem b/docker/security/payee/jws/verification_keys/fspiopsimpayer.pem new file mode 100644 index 00000000..1080509b --- /dev/null +++ b/docker/security/payee/jws/verification_keys/fspiopsimpayer.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUWSaadyOlOZuikVJBgnVJm6sHmS0wDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZXIxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjBaFw0yOTAyMTIwMjAzMjBaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVyMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/NERUW0kW +P7sDBZezMYuC/YIvjCVofKASQwGKkvd+kUhAPWahbIvkD5rRP0QZVtw/BlSDuq+a +ci7EkJCgWXXU29+GHapsvqoYMpFcW+jvEdMoLK1LV7EMY3wV4quOBfhK94aCIHNk +1+ZlSzK0bFVE2kGXUj05yWmsRp45UmwVvm8GVXAVrSoDQ0XB4Bi4Ej6UbRZhXdEj +OtUj5XWPOu6NotpRQuD6o0vD8ZyiJC9ZOMswolICYao5WM4Tu3QCJk4Anj27PbyI +ZAMf3n80B33IcnjDAiK3KpzpdeCMAoig23Yal2NU+PEvl/XAL5D7TK9CbMFA8irE +LhSN0iLCrOf7AgMBAAGjUzBRMB0GA1UdDgQWBBREVDEKyvB0X1PF3l76TKKbr2nV +WzAfBgNVHSMEGDAWgBREVDEKyvB0X1PF3l76TKKbr2nVWzAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBmlox7S/6VOkl1ix2X4xaWZW7LUy/5UfA+ +Zxhy02zPY6puzbTd7O0TwK6WXQ0P41U24IksUj43FNgpcS2EcNy8yQTXyh2Sx7ro +wrBEX1R2kaf+vond4Yl7iVXC/127JeGPG8bnfgNeHY/NTJNedzUTJ4Ax5rTUAtCh +TVIjfhKXmR2091C4P1QMXpvHsYhWaWPUZkkrOZq8WkBxyuPaLMZE52IH5VyUqUna +w6ShQvkN48k0VrRGcejYLmpKtXMlx0bLf3/Noz8MF2HJK4sDvohPkHZlZPnyj4Zm +m/HGVUTzUiKtg8UEbEd20KDoktz2sCeOFpAk+nLmSBhvnMOvzAh4 +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/09.pem b/docker/security/payee/tls/09.pem new file mode 100644 index 00000000..429ff28d --- /dev/null +++ b/docker/security/payee/tls/09.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:30 2024 GMT + Not After : Nov 10 02:03:30 2026 GMT + Subject: CN=payee-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:85:44:4a:93:8b:01:60:d4:1b:89:ab:d2:8f:a8: + bd:58:01:46:aa:04:e5:34:75:53:34:06:fe:b5:37: + 72:0a:a6:f0:e7:c4:80:9f:c9:02:50:83:fc:de:12: + 89:e9:57:76:34:4b:26:bb:80:14:75:55:7c:38:69: + 30:67:ef:91:c2:82:c3:e9:8a:d2:a3:22:62:69:0c: + 3d:e0:10:0a:5d:67:3f:79:b7:20:20:4a:f8:5f:08: + cf:87:87:84:83:7a:fa:b7:63:05:bb:f4:76:8d:9e: + 8a:51:02:5e:a4:75:dd:8a:f2:a9:e8:19:20:dc:85: + e2:8d:4d:b2:09:67:1b:f0:c5:f7:14:90:80:f1:39: + 3a:5f:2a:bd:8c:ba:26:53:d1:41:bb:2a:9a:18:e2: + 29:39:9e:c6:0b:87:72:70:6b:51:19:ff:cd:83:6a: + 95:fe:d1:3c:9c:da:6a:c9:3d:e0:c5:c3:fc:e5:88: + 52:df:43:78:ff:7f:0d:e2:a9:35:5d:23:14:fd:e3: + c6:55:27:d3:eb:1c:7f:b6:bf:6f:e4:b6:1a:01:38: + d3:50:be:1f:f8:b9:15:b3:c2:26:da:f8:c7:53:1d: + bc:37:d6:c1:8d:98:b5:01:25:37:f0:0a:ce:de:e7: + 37:df:53:f4:39:76:00:15:28:01:11:11:0b:6a:fc: + 35:63:f5:0a:0d:8b:d2:c1:2c:b3:5c:b3:bb:9f:b8: + fd:07:03:9b:d6:66:49:76:92:94:9a:51:13:f0:08: + d4:7f:c5:53:b1:7c:45:4f:53:36:f8:25:8b:47:93: + 70:75:66:5e:99:73:34:52:24:e0:aa:29:ea:6a:57: + d7:f4:23:db:66:29:ae:0a:92:17:66:e6:7c:f3:95: + d8:13:71:f0:bd:c0:00:14:02:59:5d:54:b6:cf:f1: + 23:f5:84:45:f5:03:0a:d2:4a:89:9c:da:67:ff:69: + 97:11:d6:a4:0f:9f:e1:6c:8b:29:f5:cb:03:66:38: + c4:e2:44:93:31:e1:60:63:c6:45:e5:84:fe:43:9a: + 23:96:03:af:0f:ea:43:53:07:76:af:b9:de:50:7e: + b7:82:69:c5:20:0f:94:3f:97:d1:c0:3e:c0:7d:27: + b3:19:25:ac:94:ff:1d:fd:20:c9:34:a5:75:ed:7c: + 5b:1b:6e:92:a6:d7:24:62:36:76:6f:a5:29:db:8b: + be:4f:5a:41:51:89:81:6c:3a:6b:c7:85:e4:d0:32: + a8:d1:a5:37:62:70:e3:09:85:0e:4a:b4:62:89:40: + 41:62:8b:43:0d:2a:40:7a:fc:99:00:77:56:0a:ed: + 35:cb:f6:ed:20:01:fc:5a:f8:85:5a:64:f5:18:db: + e8:e7:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 19:A4:61:22:4C:25:A3:69:5F:BD:89:19:E9:40:AC:B9:3F:C3:72:34 + X509v3 Authority Key Identifier: + 45:58:70:0B:E5:B2:78:A8:AB:FD:83:BA:30:48:89:A6:4C:C2:C1:98 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payee-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 54:1c:48:ec:77:f4:9a:07:78:2e:ee:b1:9d:26:98:69:af:ba: + 68:c4:31:56:3d:df:f1:c5:90:c4:76:07:a5:bb:09:dd:4b:a9: + 9a:4b:d5:13:a7:5e:45:e4:df:78:58:b2:a1:3d:ea:b2:cd:f4: + 15:01:a2:81:18:35:de:aa:ed:21:d0:76:58:29:b5:81:e1:38: + 35:d9:07:0e:db:de:f0:ec:7c:c3:57:78:7d:92:35:a3:3a:7d: + cc:17:fa:b5:6e:b1:66:79:6c:e3:b2:3d:76:e2:0c:b1:2f:c6: + d1:15:fa:34:56:4f:2e:1a:05:dd:7f:ab:1c:aa:55:90:6c:d2: + 52:d9:f6:d8:4b:4b:fe:2b:47:6f:ca:32:b9:83:23:3a:06:a9: + 6c:c6:7c:9a:e7:21:60:26:d4:15:8a:ac:42:8e:dc:f6:5c:12: + ed:e3:85:58:0f:bb:d9:bb:ed:de:a1:92:2e:9d:7c:30:bd:0d: + 81:fe:eb:c4:c1:51:f0:3a:7c:3e:7b:eb:6b:64:39:e0:b2:8f: + 38:a1:31:44:93:63:97:c5:22:97:98:9b:fd:7e:01:91:76:a9: + 7f:7b:34:f9:bb:ef:6e:e4:a5:bf:db:34:12:a7:e6:2b:e9:ea: + 00:7a:54:06:30:3e:c9:7e:af:49:c5:63:49:60:5d:fc:9c:57: + 47:23:20:d8:b7:e7:78:77:4c:8b:f6:e6:fc:8e:87:4a:c1:8b: + a7:b8:b2:81:0f:68:8e:56:7e:6e:f0:f3:a5:92:a2:3c:c8:75: + 95:bd:db:a2:5f:5d:1a:ff:5d:77:7d:02:e1:16:32:bf:51:4f: + 55:57:38:10:7b:ed:fc:b5:f1:83:0f:69:62:83:b8:bd:ba:88: + 08:fd:9f:97:57:75:0c:9e:b1:c3:0c:5f:95:da:1c:2a:bf:3a: + f2:cf:86:34:bc:1d:95:9d:f9:d4:16:2a:86:6d:70:c0:f7:1b: + f1:bd:7c:08:d2:d3:ee:10:25:c1:a3:9f:0c:4f:a0:57:18:6f: + 44:71:f5:14:c9:20:a4:88:50:ae:ac:ed:1c:fc:99:9b:45:95: + 4d:7a:23:c1:ad:b2:cd:6c:98:ae:e0:3a:f5:42:fe:b8:f6:14: + 30:50:b6:66:c2:3b:89:71:ed:7d:af:77:12:0d:a4:c9:3e:d3: + 0f:53:be:6a:63:e7:9c:98:25:ad:f5:ab:c0:42:5a:90:33:d2: + 63:d6:c5:73:fc:37:da:53:01:ad:fa:4f:13:53:62:cd:c1:92: + 66:61:0f:37:22:6c:f8:8d:92:c4:2b:f6:13:55:c8:11:93:6a: + 9d:5e:9d:c2:68:94:a9:95:0f:29:05:c7:ae:93:d8:4a:f5:4a: + ca:75:d6:4f:1f:57:78:5b +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzMwWhcNMjYxMTEwMDIwMzMwWjArMSkwJwYDVQQDDCBw +YXllZS1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAIVESpOLAWDUG4mr0o+ovVgBRqoE5TR1UzQG/rU3cgqm +8OfEgJ/JAlCD/N4SielXdjRLJruAFHVVfDhpMGfvkcKCw+mK0qMiYmkMPeAQCl1n +P3m3ICBK+F8Iz4eHhIN6+rdjBbv0do2eilECXqR13YryqegZINyF4o1NsglnG/DF +9xSQgPE5Ol8qvYy6JlPRQbsqmhjiKTmexguHcnBrURn/zYNqlf7RPJzaask94MXD +/OWIUt9DeP9/DeKpNV0jFP3jxlUn0+scf7a/b+S2GgE401C+H/i5FbPCJtr4x1Md +vDfWwY2YtQElN/AKzt7nN99T9Dl2ABUoARERC2r8NWP1Cg2L0sEss1yzu5+4/QcD +m9ZmSXaSlJpRE/AI1H/FU7F8RU9TNvgli0eTcHVmXplzNFIk4Kop6mpX1/Qj22Yp +rgqSF2bmfPOV2BNx8L3AABQCWV1Uts/xI/WERfUDCtJKiZzaZ/9plxHWpA+f4WyL +KfXLA2Y4xOJEkzHhYGPGReWE/kOaI5YDrw/qQ1MHdq+53lB+t4JpxSAPlD+X0cA+ +wH0nsxklrJT/Hf0gyTSlde18WxtukqbXJGI2dm+lKduLvk9aQVGJgWw6a8eF5NAy +qNGlN2Jw4wmFDkq0YolAQWKLQw0qQHr8mQB3VgrtNcv27SAB/Fr4hVpk9Rjb6OcL +AgMBAAGjgekwgeYwHQYDVR0OBBYEFBmkYSJMJaNpX72JGelArLk/w3I0MB8GA1Ud +IwQYMBaAFEVYcAvlsnioq/2DujBIiaZMwsGYMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVlLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAVBxI7Hf0mgd4Lu6xnSaYaa+6aMQxVj3f8cWQ +xHYHpbsJ3UupmkvVE6deReTfeFiyoT3qss30FQGigRg13qrtIdB2WCm1geE4NdkH +Dtve8Ox8w1d4fZI1ozp9zBf6tW6xZnls47I9duIMsS/G0RX6NFZPLhoF3X+rHKpV +kGzSUtn22EtL/itHb8oyuYMjOgapbMZ8muchYCbUFYqsQo7c9lwS7eOFWA+72bvt +3qGSLp18ML0Ngf7rxMFR8Dp8Pnvra2Q54LKPOKExRJNjl8Uil5ib/X4BkXapf3s0 ++bvvbuSlv9s0EqfmK+nqAHpUBjA+yX6vScVjSWBd/JxXRyMg2LfneHdMi/bm/I6H +SsGLp7iygQ9ojlZ+bvDzpZKiPMh1lb3bol9dGv9dd30C4RYyv1FPVVc4EHvt/LXx +gw9pYoO4vbqICP2fl1d1DJ6xwwxfldocKr868s+GNLwdlZ351BYqhm1wwPcb8b18 +CNLT7hAlwaOfDE+gVxhvRHH1FMkgpIhQrqztHPyZm0WVTXojwa2yzWyYruA69UL+ +uPYUMFC2ZsI7iXHtfa93Eg2kyT7TD1O+amPnnJglrfWrwEJakDPSY9bFc/w32lMB +rfpPE1NizcGSZmEPNyJs+I2SxCv2E1XIEZNqnV6dwmiUqZUPKQXHrpPYSvVKynXW +Tx9XeFs= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/0A.pem b/docker/security/payee/tls/0A.pem new file mode 100644 index 00000000..cc839149 --- /dev/null +++ b/docker/security/payee/tls/0A.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:45 2024 GMT + Not After : Nov 10 02:03:45 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:b4:eb:51:3b:68:ae:f2:eb:b9:c1:9d:39:ab:2a: + 32:74:c8:93:07:ed:ad:5d:5e:8c:8f:8f:e6:c4:69: + 7f:e6:bf:df:17:56:3c:00:93:73:de:a7:29:e6:36: + bf:84:60:dd:98:56:f8:16:db:5f:a0:64:08:f8:a8: + c9:dc:c3:e4:98:9a:0a:40:17:0d:90:13:26:6a:45: + 9e:2f:96:d5:87:30:cf:3b:97:74:78:33:ea:ba:7f: + 1f:25:3a:be:09:04:05:b8:ef:4f:58:94:ac:8d:e2: + 1c:64:4b:ab:ca:ec:50:14:48:c6:87:42:f9:21:75: + c6:b1:de:b2:0d:88:70:2a:58:74:4c:3b:ea:b6:8d: + ab:a5:8d:f2:a4:d1:f7:41:00:0b:39:15:40:cf:39: + 02:de:74:14:84:39:5d:84:9e:e5:c9:0d:49:36:48: + bf:ac:cf:78:12:fe:0b:70:06:2a:e6:6f:d7:8f:b8: + 8b:f9:7c:aa:0f:d2:5d:23:d3:42:55:8e:ee:84:1d: + 51:b6:40:35:8c:ac:52:a9:71:fb:06:e2:2e:72:88: + 99:8a:50:1b:0a:61:15:38:c8:80:37:97:b9:7c:b8: + fe:c5:17:85:16:13:f1:8a:84:22:e0:d9:79:05:b5: + 2b:21:fd:ec:b8:8c:52:59:e0:37:0f:22:a4:b8:9b: + b9:8c:5d:73:93:36:b1:40:b8:c1:06:42:22:4d:f8: + 42:ac:c8:7b:ac:52:9c:36:2e:b8:e0:9f:10:75:66: + 84:12:66:58:c0:60:6e:cb:4f:17:52:d5:31:7a:98: + de:e6:b9:5d:33:20:34:a4:5a:d9:cd:3d:70:42:2c: + d4:a3:96:59:a5:40:1a:2e:5c:a5:9f:b1:76:12:ca: + 98:6c:c3:74:4c:05:29:b1:f3:0e:00:f4:3a:55:2a: + 79:49:1a:42:1a:89:d8:7b:bb:f0:24:7c:76:9a:ee: + 44:a6:34:7d:2e:6e:19:29:cd:32:38:85:b1:26:d1: + 62:70:a8:82:64:99:2e:4e:63:54:d4:60:5f:71:1a: + 8c:51:e4:19:8f:0a:c7:86:da:ce:79:a4:f3:db:e8: + c2:e1:67:af:b2:a4:f6:36:9c:18:83:b3:b7:c5:c4: + 71:8e:e7:61:74:4f:ac:0f:76:9c:54:f9:2e:71:85: + 22:df:4f:e4:ba:43:9f:c2:87:c3:df:1a:c8:40:00: + 7b:58:18:57:65:80:45:7c:e6:d4:b7:7a:2f:d1:17: + 6d:dd:79:1c:dc:cd:ae:4c:e2:db:a7:f9:88:72:28: + e2:3d:46:b5:d2:f8:6a:36:08:55:d0:db:eb:0c:64: + e3:92:49:5c:fe:a3:f5:3b:d8:53:39:47:9e:e3:9d: + ba:2b:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F3:51:9C:18:8F:A9:FB:B5:A4:FB:27:29:34:51:5A:43:0F:2A:8F:53 + X509v3 Authority Key Identifier: + 1D:1B:61:3D:E6:01:AB:E6:BB:45:75:32:08:46:7C:6B:EA:26:90:37 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 13:30:0a:2c:92:11:ab:48:ae:44:4b:da:54:59:2c:90:73:a1: + 71:ed:00:d8:ad:27:86:65:0c:f7:d2:95:d6:7c:85:06:25:51: + a0:74:6e:17:af:cd:88:d6:ec:58:a5:00:f8:4d:d5:dc:57:5c: + e6:d9:0d:75:83:9a:be:5a:bf:c3:18:f6:5a:84:6d:d8:14:8e: + 1f:31:fb:c8:ba:0d:35:51:af:89:a6:62:b8:be:d2:aa:1d:75: + 63:42:3f:89:f8:59:47:30:bc:f9:fd:35:33:92:1d:09:b7:74: + 03:0e:25:d6:80:a2:68:a8:6c:d4:3b:26:b3:cf:28:c7:ca:79: + 25:a6:6a:22:4d:78:70:53:68:47:c8:84:21:bd:ed:82:d4:8b: + 38:df:70:d8:dc:aa:dc:e2:bd:8d:c8:ce:57:f8:10:ee:d6:bc: + 81:b9:b4:07:61:47:53:79:53:c2:c0:48:13:74:9b:e7:51:aa: + 97:19:49:0e:d8:57:77:9b:0b:6d:52:c9:9e:cd:54:c7:55:23: + 21:e2:4f:c6:f0:fd:1d:8e:06:cd:03:3b:79:18:53:71:3a:fa: + b6:47:93:74:cb:fc:13:88:cb:72:82:84:bc:e1:8c:52:9f:38: + 7e:6f:df:74:ac:79:81:31:96:c3:52:46:49:e0:9d:15:9c:92: + dc:67:d6:87:33:33:95:89:75:af:7f:cb:7a:79:01:39:27:95: + 51:15:ca:0a:39:08:0d:87:1c:ba:da:29:17:d6:69:2c:d1:97: + 3a:3a:02:ff:30:72:11:39:d8:ad:ce:50:46:62:11:30:94:af: + d6:09:0b:10:7a:28:e9:a7:49:f6:3a:c1:53:cf:a6:c8:15:58: + 34:c5:33:c2:3c:54:0c:98:c6:8c:2f:71:ec:a7:9a:6d:af:c3: + af:0a:00:0a:09:f9:9f:41:9d:e6:b5:ca:79:e9:ac:a2:b7:01: + b4:82:91:2c:c1:49:37:40:a5:ec:a2:72:5f:30:47:17:c5:88: + 11:5b:ab:27:6a:94:28:f5:e8:62:01:ab:23:bf:4c:c8:9a:c0: + 61:b5:17:9c:5e:58:8e:96:d4:30:02:c7:11:e1:c1:3c:e0:5f: + 56:46:21:41:30:16:67:00:26:3d:34:4e:22:74:2c:a9:0c:cb: + dc:05:ba:19:56:b7:1b:55:8d:14:ca:5a:0e:7d:9b:0f:c9:c1: + b5:ae:42:f9:06:63:7e:9b:53:f1:05:67:c3:40:7e:f2:0e:bf: + 1b:c3:71:f3:13:a8:05:a3:f2:36:d4:35:76:39:f9:2d:8e:43: + 66:d5:0a:6b:35:d8:0f:63:a3:e7:90:5e:fe:00:16:4a:76:a0: + df:33:b0:62:26:f2:3a:8f +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzQ1WhcNMjYxMTEwMDIwMzQ1WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtOtRO2iu8uu5wZ05qyoy +dMiTB+2tXV6Mj4/mxGl/5r/fF1Y8AJNz3qcp5ja/hGDdmFb4FttfoGQI+KjJ3MPk +mJoKQBcNkBMmakWeL5bVhzDPO5d0eDPqun8fJTq+CQQFuO9PWJSsjeIcZEuryuxQ +FEjGh0L5IXXGsd6yDYhwKlh0TDvqto2rpY3ypNH3QQALORVAzzkC3nQUhDldhJ7l +yQ1JNki/rM94Ev4LcAYq5m/Xj7iL+XyqD9JdI9NCVY7uhB1RtkA1jKxSqXH7BuIu +coiZilAbCmEVOMiAN5e5fLj+xReFFhPxioQi4Nl5BbUrIf3suIxSWeA3DyKkuJu5 +jF1zkzaxQLjBBkIiTfhCrMh7rFKcNi644J8QdWaEEmZYwGBuy08XUtUxepje5rld +MyA0pFrZzT1wQizUo5ZZpUAaLlyln7F2EsqYbMN0TAUpsfMOAPQ6VSp5SRpCGonY +e7vwJHx2mu5EpjR9Lm4ZKc0yOIWxJtFicKiCZJkuTmNU1GBfcRqMUeQZjwrHhtrO +eaTz2+jC4WevsqT2NpwYg7O3xcRxjudhdE+sD3acVPkucYUi30/kukOfwofD3xrI +QAB7WBhXZYBFfObUt3ov0Rdt3Xkc3M2uTOLbp/mIcijiPUa10vhqNghV0NvrDGTj +kklc/qP1O9hTOUee4526K98CAwEAAaOB0jCBzzAdBgNVHQ4EFgQU81GcGI+p+7Wk ++ycpNFFaQw8qj1MwHwYDVR0jBBgwFoAUHRthPeYBq+a7RXUyCEZ8a+omkDcwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAEzAKLJIRq0iuREvaVFkskHOhce0A2K0nhmUM99KV1nyF +BiVRoHRuF6/NiNbsWKUA+E3V3Fdc5tkNdYOavlq/wxj2WoRt2BSOHzH7yLoNNVGv +iaZiuL7Sqh11Y0I/ifhZRzC8+f01M5IdCbd0Aw4l1oCiaKhs1Dsms88ox8p5JaZq +Ik14cFNoR8iEIb3tgtSLON9w2Nyq3OK9jcjOV/gQ7ta8gbm0B2FHU3lTwsBIE3Sb +51GqlxlJDthXd5sLbVLJns1Ux1UjIeJPxvD9HY4GzQM7eRhTcTr6tkeTdMv8E4jL +coKEvOGMUp84fm/fdKx5gTGWw1JGSeCdFZyS3GfWhzMzlYl1r3/LenkBOSeVURXK +CjkIDYccutopF9ZpLNGXOjoC/zByETnYrc5QRmIRMJSv1gkLEHoo6adJ9jrBU8+m +yBVYNMUzwjxUDJjGjC9x7Keaba/DrwoACgn5n0Gd5rXKeemsorcBtIKRLMFJN0Cl +7KJyXzBHF8WIEVurJ2qUKPXoYgGrI79MyJrAYbUXnF5YjpbUMALHEeHBPOBfVkYh +QTAWZwAmPTROInQsqQzL3AW6GVa3G1WNFMpaDn2bD8nBta5C+QZjfptT8QVnw0B+ +8g6/G8Nx8xOoBaPyNtQ1djn5LY5DZtUKazXYD2Oj55Be/gAWSnag3zOwYibyOo8= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/createSecrets.sh b/docker/security/payee/tls/createSecrets.sh new file mode 100644 index 00000000..ad0489d1 --- /dev/null +++ b/docker/security/payee/tls/createSecrets.sh @@ -0,0 +1,28 @@ +OUTPUT_DIR="." +setopt +o nomatch + +rm -f *.key *.pem *.csr *.crt *.old *.attr + +## Generating Server CA certificate +openssl req -x509 -config openssl-serverca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server_cacert.pem -outform PEM + +## Generate server csr +openssl req -config openssl-server.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server.csr -outform PEM + +## Sign server cert +openssl ca -config openssl-serverca.cnf -policy signing_policy -extensions signing_req -out dfsp_server_cert.pem -infiles dfsp_server.csr + +##################### + +## Generating Client CA certificate +openssl req -x509 -config openssl-clientca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client_cacert.pem -outform PEM + +## Generate client csr +openssl req -config openssl-client.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client.csr -outform PEM + + +# Sign the hub client csr with clientca +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out hub_client_cert.pem -infiles hub_client.csr +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payer/tls/dfsp_client_cert.pem -infiles ../../payer/tls/dfsp_client.csr + + diff --git a/docker/security/payee/tls/dfsp_client.csr b/docker/security/payee/tls/dfsp_client.csr new file mode 100644 index 00000000..4a3a7e9b --- /dev/null +++ b/docker/security/payee/tls/dfsp_client.csr @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFnDCCA4QCAQAwgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDESMBAGA1UE +BwwJQmFsdGltb3JlMRQwEgYDVQQKDAtERlNQIENsaWVudDERMA8GA1UECwwIUGF5 +bWVudHMxEzARBgNVBAMMCmRmc3BjbGllbnQxJTAjBgkqhkiG9w0BCQEWFmRmc3Bj +bGllbnRAZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQDOwSot7pf5tRZeYCTOI4xh+ccjahLTa2EsVAY25HDh9WiBnxXYad/8z0RtMmTN +Ji2ERz50PHN+de1QsWSsrybP4+xxXn29yd4ZEPQsdVM3WoOdN2eXbbeRtEgnzBIg +OffHH6zETuly4C0TK+U1m0qiMFPwx0FH9brgYSUT0sZHg4VXe1ac+MSfuPAM6tGS +AZ+qrYgzFaDPozoPk6t1QJ2RqGRJ3bgYt6D2o+B0XULtiyXywpIChQd3fyRlxDsi +Tj7LwHX7Tnm721Dni3ZL7zafi68VN14KayC4bsf+MFCoOdLUWlnyjiyWyzevluPm +H3pUeYGWFnAuIE+j59NQAwVjyI/RAeEcEa+jmU5uwNqgMlBDTPRwvDtxSLluQrvF +X2AANbyZWrwKgt6jQ4Em5Qr9ORwp+krVd0GmKiDaju1hThCENUzFoRYGq0EpRS9z +K9cncxWIGJTwcut51EMddZFltqWMKUxrhKV3Frnbc+YcwzWL7elGdA71Z1bDlAfL +na1ShYSf32+r/tt7idvDaknoElNYseo+KeIaiesAyET04I0W3Pv14sWqD3wPgQiS +OdiB2YBJ2la1/RJO8lK2uDFTPKAEgYwacc2yyvUQwFc5t+gPUDEIV6TV5thCL7ZP +UsGsy1Gr9YtwQvzHTOW0xPqX91PrUzd5US7+EIAUZT7i9QIDAQABoIHCMIG/Bgkq +hkiG9w0BCQ4xgbEwga4wHQYDVR0OBBYEFLeYMDuHoJvt9K5xUSXnDyykXREWMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEF +BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAs +BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDQYJ +KoZIhvcNAQELBQADggIBAC2Hs69FCzxxQziPIW4v/4zQL2AZCuqXeepVrb7br2ec +mhp/DymGr8FMlsZx6TVORyyM4ZAJeTJq8JitwAlw1rm7xo5c35DAlkEAl3k5CFsz +s/hXU/volXZAydudFzKqcn7QqreGWa9ug+A2/C33T58hdhw/DB40AgyQehj4P0Lm +u03k1SdVtYk2x7opzVRi/A6MQiDFKAPzNbdjjuKEOvgWCBlBosJLeDIwyiMuhmfb +ku+Cq2m2dlNTMJKk8WEk/ABsvrqNKj2sg4QpZ2to975zw8noVIAr9ICj2NpsUpqw +TZjXLasFDsC45S6OEQCUQXHzyaa4tr1qRUPcybdTWwKWpYysVTHDeyjO3cyEVjqd +i8aSzUt3j/XVKzjVEcs3DNn+AQGu7DIRlfsWMTihy3oEQG3y2FZFFwAtJBpYUC3N +3ocREwU6p2NlFj8OOk8EP1feYVxmSmiWYnDp8qUpD0tKjfth6iKRijlTw18x5Io+ +pmtr3ZXVtYLiYFbrOVjfSE+tO+yCmSuZbyNnimFVPQscdF/yYrUZQmB0ittFdl8n +ZWObsItphNaRZP4Ucv+p367W43aZXD/MxemALN1p/aea9I4kkdLkZli/gOE2RFL4 +08gdws7EtR0YcsTOsAfGR29XFVap+KhFZt81Zz9yddTzd6kLjlfplOS6qeAhxff3 +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payee/tls/dfsp_client_cacert.pem b/docker/security/payee/tls/dfsp_client_cacert.pem new file mode 100644 index 00000000..f4773ae4 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUJipa/9I+YwLzo8+NQ76Gkmv+Mu8wDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMzM1oXDTI0MDMxNTAy +MDMzM1owgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAn9Vpygt4XKIPXSpTtINdU2yqncIid1ojQA5UkS58HPf03ZjKEnK0 +vs2h3EOImRaAbbcq+Sy+RAXL//jwxOsR4EgwccGVjqPPfvLONFkDfL799jGC/BtQ +sDOZPTWaesFo9PD6R5YtVAPrb7TYYYMfsyCJ2+tFgS8Nnmtv/aKupeXKIUo8Umsq +/P00oRtE9RjZOjglrUeCnWww/OZoUfoRDusxzS/pV8LD6K7/hqvNMbCGjXJjbsZ9 +P4RNbtXkDS4+x+0opfx5uAZryKqOXuOZaDOiEFAu7OHbztjbM3BobByMwO8q8j4E +O6j4nilyw+gY85Dv04y5M7EOvZtUytRosA3fDGAupb8YrLy8lENHmiFtz2UOYEAr +vUBuhgbk88GpqwBRygaz5uBsPGv6QvGb8PhGz2kmt/0iYomVCVv7QQgTReU10WcL +K35AnxINug9+VSZs7/bobPfLxmdXF+tGp5xGCwIs/raCgyZkk2+6PUBoM9Knj/Ed +LIsMVTa05grmLs/NWqDNXgHy1Cpk3yD3Y6P6Cc1Ei8VPjgt5AFLdFW+Ti89cq11O +bwSNUadwdx5Y1N4kQRATzYxLCSxgVh95Dz3afdT9Ae93K4ie6dFYnfiB6XOPOIfW +A0q1Zb/6UcwdmWcsZl1Jt6ij42VNBr+Drh/3NdJNTOS5JHBqX5h7WfMCAwEAAaNg +MF4wHQYDVR0OBBYEFB0bYT3mAavmu0V1MghGfGvqJpA3MB8GA1UdIwQYMBaAFB0b +YT3mAavmu0V1MghGfGvqJpA3MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQBiN9BtHuLO8ArrRoWJKxIebPIBAQqltcT0SHtt +XWZ3HcmLxMT7VdioNP+34ir0m1lRj0M1ppKbucwiGEnxs4f+Xo4tnQg0DUB6XISP +Lz9Jy7pncic9y+WZLP7Q7q8MS4Ppd8ET4Z6j9tIIeOueheR8bJlG2c+U8Or1Jo2C +CmFXyPDxpYOZX44ycIEieD/rQ6fekY+d5O1Q3xnH8FscX2g8GsF5uPFmtjdBGbA+ +Jq24G48q5gLhuIqd/RVAUEETt8q1jKcEVQJgYnjjyBBKq3UKypEG7Kc2aUXS466F +Zz4ZBe39EbrXxfqAP2bPlyg5ApnUnW7+st7FsGZJd2enKb5u+/DsixGCNaENV5Qo +qDSL/k+fErpgtTOQJGYySeGakcUHM9YHr4dp/bDdyjp9tIK5tpXGR8YQJskVEggX +cQPeSTm+OE+vJMheqTooqP6I5FVWpcQ54MqVTDxvfM/Mgl686Jbt7uWlpjQsaHwx +FEJJjQ9Cik5WwSLEzZgUPuH1vjO31gF9oJM5fSHIxiUYcdZdzUFynSX6il5H55w0 +NaKx8U6345GD+UmnNi4jemUz5jeU+/4smiwab2LgMLu3nS3JMsvr9dm2U0dJlzAH +wP4r6bD7CQQhHtxlEKHPReGVhn/CdmPERLdoSVY9iqaau8+rhOAWBNpEKxE57qTx +zVDsWw== +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_client_cakey.pem b/docker/security/payee/tls/dfsp_client_cakey.pem new file mode 100644 index 00000000..9aaa95d3 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCf1WnKC3hcog9d +KlO0g11TbKqdwiJ3WiNADlSRLnwc9/TdmMoScrS+zaHcQ4iZFoBttyr5LL5EBcv/ ++PDE6xHgSDBxwZWOo89+8s40WQN8vv32MYL8G1CwM5k9NZp6wWj08PpHli1UA+tv +tNhhgx+zIInb60WBLw2ea2/9oq6l5cohSjxSayr8/TShG0T1GNk6OCWtR4KdbDD8 +5mhR+hEO6zHNL+lXwsPorv+Gq80xsIaNcmNuxn0/hE1u1eQNLj7H7Sil/Hm4BmvI +qo5e45loM6IQUC7s4dvO2NszcGhsHIzA7yryPgQ7qPieKXLD6BjzkO/TjLkzsQ69 +m1TK1GiwDd8MYC6lvxisvLyUQ0eaIW3PZQ5gQCu9QG6GBuTzwamrAFHKBrPm4Gw8 +a/pC8Zvw+EbPaSa3/SJiiZUJW/tBCBNF5TXRZwsrfkCfEg26D35VJmzv9uhs98vG +Z1cX60annEYLAiz+toKDJmSTb7o9QGgz0qeP8R0siwxVNrTmCuYuz81aoM1eAfLU +KmTfIPdjo/oJzUSLxU+OC3kAUt0Vb5OLz1yrXU5vBI1Rp3B3HljU3iRBEBPNjEsJ +LGBWH3kPPdp91P0B73criJ7p0Vid+IHpc484h9YDSrVlv/pRzB2ZZyxmXUm3qKPj +ZU0Gv4OuH/c10k1M5LkkcGpfmHtZ8wIDAQABAoICAEencMQ77Ss2GgYt1hXMeJfQ +VRLhd/sixT/PzNjDSq/f934qo5iupNoPLNumyQO8gznsjk7j4K51HNX1/9Z//eUa +5+DvpMEsLfcfGhN8vmP76bWnz61+/2bm0vGOaOFUeN2qdMGIEW0jTranEARzONBg +q30UlfXKpuPZDX1bI8nK4RmYgr9+POjrCN+a7oikqaoAht+Oef9iA/o0vxrVLTWP +eiWfL5CBB7v2TCbPOW/n0AJ0gCAmyvqhMOeZ6yF/lHSjnQAA1n6KHmL5F1dx2JHO +5/5BPDBFNvod3PNMFvw0tmM+NXYhGFu4rjCVq1YpZJo45VNlOJf0bgPRsas2m3Fv +0wLfVy6GUIaY+MAsTx56HM1Rh9Up9cedhF5PNGr8iJKfjKwAQHeuivaOUBzu2MUv +tlq2LR/McHQlGjGH97a6FzDqbtlhzMq7/9kMKRZNkR3WzxRq7b9L43skJIE/gMno +rd36d67UPZuVrT0JHtzupeqznOwf1831NphEAcwxfpzISuvz3J/Yoa4XkR33ddtI +qVu2IrkVbBTjIU8VYl4WWsBFc8eDq/rpSj1VRgzcHU6EA5zZy8XnKjiKGfO+Gw3M +F0jWS0qAqP7wG0VLyQC3n5nra+BOf3A8HskYKaxErqb3LvBL72a+7T9bbhwuKnIX +rmXNia+bvJsXTd87O/9dAoIBAQC5jfvABv0lLXBDbldfdoozMz0nAasAWLrD/aKy +62vDrSFnSeqDfFzDuQuq6vbkWaiyDSIvKpl/tv0Kt/+AyedNbQLhA45H6bf1wtLW +Wc7jjyNBOUMxUwoHnueO/tDtFuMt2poj+gC6j6/3IPCBdonutNAo1x+tKE8TarXV +AN+vuR6M+KjcoamO0/EfGdsdYDkXCPdDDbemRiup4sG9Ay6QglGPMJL9HifBkP9D +kQOf7ZOaSESxiDM5yAzkdsMGb87QivH4jQyuHUJpLjudaiab+2kOJtFFAB/YvTml +DqHhHn/Iz2PZ1LxCl+o0OpB7A3qi87ff5b4ht9X2OlwF+jCVAoIBAQDcg5z8Bu7J +XvHbnCaMcACxhEcAHmqAAtB6ZLwI8V6c/6avmZJL2miLTygvxNyk9Zr2nKNhWBVc +usGRb+mV0wlVYnfbXRpBTpKX6cSMTJ+MQXz18fHFpb9+XnLda0XvJssdW5lLagbg +cPohY87t+BYY0Ukrn5FxeImMuuQnkDza5Y9hMdz5Dz7cqyRvW9GkWOzdZy+nwuxB +dhjTi8Kz7yQCqHQt1JRaUfwiMSP7sZnN+nKTMmIi/Bf6D/ApjRWtuJStuidaWOMX +yNwv5LGt0HrDSouTNftp7OgolyuGs412bmA4IIkc20hpi5KCOkxNVtvahSU83ASR +8FkCD/8r0RZnAoIBADAz6z9yUVbUHALYakg5YiN03yD/9O1NH4+ElzyFneQiWLgd +YpevueV6b8aB7Ytao1FFyiiYl3GvFsMvE2fgi374n7PWmaKi25AzgVP/1pgU+iKa +fpMUsFlUdXEXTy0YMgIadMp9yqysYRkA7JmlMqXZQO4rHGZ+PzSbFwtzg6iBnacf +fbZ7JLIe6teafup9sbcDNECuEpRWTEeAybWRWwpdYFSjWLv6lndZdIaX6GombJ66 +wWWhLTWIe5jqJTXJ298fCUb5VV7x6Our//6fsdH5mMv9V4XmR1+loJD5YSI7KxT+ +k0DmW9Ws40GYKSpbuAMW7yBx7VeTCzlA5eEDopUCggEAJO2JeY8zp9dVi2Bf+D69 +bvzm4vc1AJD4FrcN4jWBkasiX9/I5xkBTusHoNBH3vweYlQi7CdTFH9V8SQbqvJ3 +aqwdxEeYIP2mgPgt6Qzf3x4MbieBRIcYRXJNrBTN1lnZw+XWCxILasSgrrzHJ4TX +Nnq91SdYtPbpmf6mPJXkCwhMdYtjJPZPoaaraFapCeu2ZvFjwqVa6S98wthx164h +iqxpIE+sNF/saFFwZDL+vcbGLy5NzuwGm+LVZi/xRHFXvKwi8PdXuGDztrWGp8P0 ++wVd0F5G5xs8WafPKzSgaQfc5ylTrNhwDPTJqTNYGc+E69hGPyXdQg9M6JKDOfQ+ +2wKCAQA6hgq7PUIlX2uIq+3abqVJadu7ibS4RcmBc1WvLG8wV5NBWAtcwoaJ7OZn +JCDMAd9Rl5GkQpqN8pGln8w9vQUFtTjfV+KNf2UfWUeMNNdz+p7vm/FUDaVraTmx +BAFX69VaLKdbLzIeISkkUyqcZ7YZ4V7O6bQeG5uwXwjhHtRUqMKtdFeVS11rm+sS +X6C9jUVGgR1LLty0kRte7S9xo69pEXbMgHhVnC8khg5BaTsl7au0HeBr9Eaop8xz +91v4kh2nAFFs4qdKEMms4Ki3jifar+3t6oOHgFtI+dK+I3OdhLhh6aGCNszcoRq3 +e4KI/ofch6GEVu1tOSQmjJC2DZCG +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/dfsp_client_cert.pem b/docker/security/payee/tls/dfsp_client_cert.pem new file mode 100644 index 00000000..164aa797 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:38 2024 GMT + Not After : Nov 10 02:03:38 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:ce:c1:2a:2d:ee:97:f9:b5:16:5e:60:24:ce:23: + 8c:61:f9:c7:23:6a:12:d3:6b:61:2c:54:06:36:e4: + 70:e1:f5:68:81:9f:15:d8:69:df:fc:cf:44:6d:32: + 64:cd:26:2d:84:47:3e:74:3c:73:7e:75:ed:50:b1: + 64:ac:af:26:cf:e3:ec:71:5e:7d:bd:c9:de:19:10: + f4:2c:75:53:37:5a:83:9d:37:67:97:6d:b7:91:b4: + 48:27:cc:12:20:39:f7:c7:1f:ac:c4:4e:e9:72:e0: + 2d:13:2b:e5:35:9b:4a:a2:30:53:f0:c7:41:47:f5: + ba:e0:61:25:13:d2:c6:47:83:85:57:7b:56:9c:f8: + c4:9f:b8:f0:0c:ea:d1:92:01:9f:aa:ad:88:33:15: + a0:cf:a3:3a:0f:93:ab:75:40:9d:91:a8:64:49:dd: + b8:18:b7:a0:f6:a3:e0:74:5d:42:ed:8b:25:f2:c2: + 92:02:85:07:77:7f:24:65:c4:3b:22:4e:3e:cb:c0: + 75:fb:4e:79:bb:db:50:e7:8b:76:4b:ef:36:9f:8b: + af:15:37:5e:0a:6b:20:b8:6e:c7:fe:30:50:a8:39: + d2:d4:5a:59:f2:8e:2c:96:cb:37:af:96:e3:e6:1f: + 7a:54:79:81:96:16:70:2e:20:4f:a3:e7:d3:50:03: + 05:63:c8:8f:d1:01:e1:1c:11:af:a3:99:4e:6e:c0: + da:a0:32:50:43:4c:f4:70:bc:3b:71:48:b9:6e:42: + bb:c5:5f:60:00:35:bc:99:5a:bc:0a:82:de:a3:43: + 81:26:e5:0a:fd:39:1c:29:fa:4a:d5:77:41:a6:2a: + 20:da:8e:ed:61:4e:10:84:35:4c:c5:a1:16:06:ab: + 41:29:45:2f:73:2b:d7:27:73:15:88:18:94:f0:72: + eb:79:d4:43:1d:75:91:65:b6:a5:8c:29:4c:6b:84: + a5:77:16:b9:db:73:e6:1c:c3:35:8b:ed:e9:46:74: + 0e:f5:67:56:c3:94:07:cb:9d:ad:52:85:84:9f:df: + 6f:ab:fe:db:7b:89:db:c3:6a:49:e8:12:53:58:b1: + ea:3e:29:e2:1a:89:eb:00:c8:44:f4:e0:8d:16:dc: + fb:f5:e2:c5:aa:0f:7c:0f:81:08:92:39:d8:81:d9: + 80:49:da:56:b5:fd:12:4e:f2:52:b6:b8:31:53:3c: + a0:04:81:8c:1a:71:cd:b2:ca:f5:10:c0:57:39:b7: + e8:0f:50:31:08:57:a4:d5:e6:d8:42:2f:b6:4f:52: + c1:ac:cb:51:ab:f5:8b:70:42:fc:c7:4c:e5:b4:c4: + fa:97:f7:53:eb:53:37:79:51:2e:fe:10:80:14:65: + 3e:e2:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B7:98:30:3B:87:A0:9B:ED:F4:AE:71:51:25:E7:0F:2C:A4:5D:11:16 + X509v3 Authority Key Identifier: + EC:3A:E7:1E:CC:8B:EC:47:A3:1F:81:73:93:8D:A3:A5:FB:64:F5:A4 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 6e:1a:f5:a0:37:7a:d2:34:89:3e:99:eb:2a:9f:5d:ba:8d:0a: + 59:67:0b:04:16:3e:b3:49:6c:83:3b:7b:34:d2:ad:5c:9b:4f: + 34:79:15:36:f4:44:fb:55:1e:7f:64:65:21:31:6c:1b:69:39: + 6f:3a:a6:72:0c:dd:3c:e5:4b:76:44:ff:c7:91:33:c5:13:05: + 3c:45:88:10:95:be:a0:0d:17:db:ae:1c:6d:20:04:09:2c:53: + a8:ed:fa:61:7a:b6:fe:82:8f:a8:af:33:41:2b:0e:6b:f9:40: + d0:c8:70:40:26:23:c3:66:8b:0f:34:2f:05:b3:77:d1:b8:14: + a7:21:30:bb:1e:40:4e:6e:0b:02:72:2e:ac:1b:9d:fc:85:d6: + fb:59:e8:96:1f:c7:4c:02:90:dc:f8:5d:cd:89:d8:ec:31:e0: + 65:35:f5:f8:30:09:6d:d1:4d:fe:6a:97:90:7a:6a:04:6d:c4: + 5c:4b:d7:e5:ea:62:e6:0e:f3:3d:18:58:02:d3:ea:ca:cb:0f: + b8:dc:38:89:f4:bd:4d:16:24:ed:6f:70:49:de:d5:14:4b:9e: + ad:1c:f9:a7:dd:25:af:6f:5e:99:dd:ce:db:1f:f5:ab:0e:8c: + eb:bb:66:30:ab:5d:57:48:80:6b:50:91:24:bb:48:d4:01:d0: + 1c:72:7f:3d:9a:96:4f:47:38:d2:8a:9b:f1:b8:9b:98:99:e2: + 2a:7e:7b:86:47:86:74:f5:8b:17:30:b6:56:50:9b:fe:d2:8e: + e4:34:d2:ce:7d:bc:b1:1d:df:7d:a9:d2:74:68:b2:43:05:1b: + 10:1d:43:21:43:9b:b8:b8:e2:c9:ce:51:2f:8f:6b:d7:b5:49: + 40:ae:4a:8e:86:51:f8:55:1d:bc:3a:cd:73:eb:b5:f9:af:a4: + 5c:58:6f:bd:76:5d:a9:1a:e9:c9:85:ce:3a:d0:92:43:3a:bd: + 7f:c4:31:09:aa:0e:f0:4f:37:bf:d6:b0:c6:88:50:df:53:ff: + 25:b8:b8:02:ea:07:5f:ce:6d:11:ed:eb:46:13:30:4a:10:90: + 12:65:13:3a:46:3e:e7:99:a3:56:94:19:9f:a5:51:10:c8:c7: + ad:17:10:62:f4:7d:76:8f:9f:e9:a2:47:ac:77:de:32:cc:b9: + c7:81:7b:c4:a2:bc:bd:81:b1:18:1e:c5:6c:79:ae:60:96:01: + db:15:89:ee:10:ca:2f:04:db:78:6f:c3:ab:6c:cc:74:03:38: + cf:3b:7b:40:e6:71:f1:cf:22:8f:87:05:57:16:dd:bc:6c:90: + a6:f6:b7:45:96:f3:b7:5e:01:fc:51:17:9d:0a:aa:0a:56:f4: + c4:7d:de:bc:f1:32:df:48 +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzM4WhcNMjYxMTEwMDIwMzM4WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzsEqLe6X+bUWXmAkziOM +YfnHI2oS02thLFQGNuRw4fVogZ8V2Gnf/M9EbTJkzSYthEc+dDxzfnXtULFkrK8m +z+PscV59vcneGRD0LHVTN1qDnTdnl223kbRIJ8wSIDn3xx+sxE7pcuAtEyvlNZtK +ojBT8MdBR/W64GElE9LGR4OFV3tWnPjEn7jwDOrRkgGfqq2IMxWgz6M6D5OrdUCd +kahkSd24GLeg9qPgdF1C7Ysl8sKSAoUHd38kZcQ7Ik4+y8B1+055u9tQ54t2S+82 +n4uvFTdeCmsguG7H/jBQqDnS1FpZ8o4slss3r5bj5h96VHmBlhZwLiBPo+fTUAMF +Y8iP0QHhHBGvo5lObsDaoDJQQ0z0cLw7cUi5bkK7xV9gADW8mVq8CoLeo0OBJuUK +/TkcKfpK1XdBpiog2o7tYU4QhDVMxaEWBqtBKUUvcyvXJ3MViBiU8HLredRDHXWR +ZbaljClMa4Sldxa523PmHMM1i+3pRnQO9WdWw5QHy52tUoWEn99vq/7be4nbw2pJ +6BJTWLHqPiniGonrAMhE9OCNFtz79eLFqg98D4EIkjnYgdmASdpWtf0STvJStrgx +UzygBIGMGnHNssr1EMBXObfoD1AxCFek1ebYQi+2T1LBrMtRq/WLcEL8x0zltMT6 +l/dT61M3eVEu/hCAFGU+4vUCAwEAAaOB0jCBzzAdBgNVHQ4EFgQUt5gwO4egm+30 +rnFRJecPLKRdERYwHwYDVR0jBBgwFoAU7DrnHsyL7EejH4Fzk42jpftk9aQwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAbhr1oDd60jSJPpnrKp9duo0KWWcLBBY+s0lsgzt7NNKt +XJtPNHkVNvRE+1Uef2RlITFsG2k5bzqmcgzdPOVLdkT/x5EzxRMFPEWIEJW+oA0X +264cbSAECSxTqO36YXq2/oKPqK8zQSsOa/lA0MhwQCYjw2aLDzQvBbN30bgUpyEw +ux5ATm4LAnIurBud/IXW+1nolh/HTAKQ3PhdzYnY7DHgZTX1+DAJbdFN/mqXkHpq +BG3EXEvX5epi5g7zPRhYAtPqyssPuNw4ifS9TRYk7W9wSd7VFEuerRz5p90lr29e +md3O2x/1qw6M67tmMKtdV0iAa1CRJLtI1AHQHHJ/PZqWT0c40oqb8bibmJniKn57 +hkeGdPWLFzC2VlCb/tKO5DTSzn28sR3ffanSdGiyQwUbEB1DIUObuLjiyc5RL49r +17VJQK5KjoZR+FUdvDrNc+u1+a+kXFhvvXZdqRrpyYXOOtCSQzq9f8QxCaoO8E83 +v9awxohQ31P/Jbi4AuoHX85tEe3rRhMwShCQEmUTOkY+55mjVpQZn6VREMjHrRcQ +YvR9do+f6aJHrHfeMsy5x4F7xKK8vYGxGB7FbHmuYJYB2xWJ7hDKLwTbeG/Dq2zM +dAM4zzt7QOZx8c8ij4cFVxbdvGyQpva3RZbzt14B/FEXnQqqClb0xH3evPEy30g= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_client_key.key b/docker/security/payee/tls/dfsp_client_key.key new file mode 100644 index 00000000..e8f8be81 --- /dev/null +++ b/docker/security/payee/tls/dfsp_client_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDOwSot7pf5tRZe +YCTOI4xh+ccjahLTa2EsVAY25HDh9WiBnxXYad/8z0RtMmTNJi2ERz50PHN+de1Q +sWSsrybP4+xxXn29yd4ZEPQsdVM3WoOdN2eXbbeRtEgnzBIgOffHH6zETuly4C0T +K+U1m0qiMFPwx0FH9brgYSUT0sZHg4VXe1ac+MSfuPAM6tGSAZ+qrYgzFaDPozoP +k6t1QJ2RqGRJ3bgYt6D2o+B0XULtiyXywpIChQd3fyRlxDsiTj7LwHX7Tnm721Dn +i3ZL7zafi68VN14KayC4bsf+MFCoOdLUWlnyjiyWyzevluPmH3pUeYGWFnAuIE+j +59NQAwVjyI/RAeEcEa+jmU5uwNqgMlBDTPRwvDtxSLluQrvFX2AANbyZWrwKgt6j +Q4Em5Qr9ORwp+krVd0GmKiDaju1hThCENUzFoRYGq0EpRS9zK9cncxWIGJTwcut5 +1EMddZFltqWMKUxrhKV3Frnbc+YcwzWL7elGdA71Z1bDlAfLna1ShYSf32+r/tt7 +idvDaknoElNYseo+KeIaiesAyET04I0W3Pv14sWqD3wPgQiSOdiB2YBJ2la1/RJO +8lK2uDFTPKAEgYwacc2yyvUQwFc5t+gPUDEIV6TV5thCL7ZPUsGsy1Gr9YtwQvzH +TOW0xPqX91PrUzd5US7+EIAUZT7i9QIDAQABAoICAEfXliT8vaE+m+WySce5UXvv +85LqNl1xeAQTtE8ZpOHXSPeVhF09OOAbU18QPjeM1w8aRGjWYplkN9Csu1tHx1hA +jjW8jDvI69xQ6E+UexSGZqpYCK51KO6/srzla7z395Gg/4L9GqBYpkD9pTkx20at +PVWynwv2pnd2OhB/0nciC9DgojGMPaJ0fDE43RZ7avQ/NU7u6oCL6s5j1RW6nKXy +2dpS6TfpgsyBGCrHB00MZ2TJ2Dt45yXOL6MPAy9B+g8JstVeqO0uYZf7fWEYX6Yj +vvRD13EOVYHQuLyqJDS4VvqD5LJkVbkWJyTj7Q/XC0ZULEOvS06z2oiNMv+f9Rxd +L4cMAYSHZKSXeuEy7pkP5cDyQY/B/1NcG7IzEDji2oQAilCXFNukxhTrrh77CAzm +BvwPCEk0YPfep79UE1YYCMwYu2wA8iUFFJ3djTRVQ4CqxtNetTDiXdY7DoQQmg+6 +25CrdDGsKshQrxGsYI61LWM2DHN/CU5NJy6mzi/wvyvitA7irSMKc6cakIu8ONxf +J89+So4yeuioHd3dbF7WbWl1+IIqmFnUTgl6DzHEL6fu/eoMcZvcOXx1MPgoYza/ +E2zcXE10rVhACgNN3/9EpMoiDAfx19Rl8l+g3S45I95mgBkaSaQwGU5QPVDCaBHJ +mHkxldBuPH08yUJfMNi3AoIBAQDTjvtd22PyRYHKt/aNgp1wzxiSWxqPtdf/LT0C +8/YHu4gNWW8KFajQuzH7LTuSO4VDIt3dAw+HtEq3cqQoxaT0IioBhxjJAScDas8e +I6SvA8sKtYfDCsJLEe/nM9FdorD7Vf+oo2y1xzcGskProL1w0hSAZunkOY/WcqDi +ArkvIJ0rmkcj3KdD30kBfPAP4NcWNSRrIdIiKtcOIP9Ai9/47ikePrhdbBbCu5wU +BRTYqgG3d/1H72MrQI/xwlWvJdYSXturIwOBjU11oqrlUYR6PiFN0fGDCq8IuhKI +BnpPRFiPI6XWls51Fu2Xd2SD6JqWk+8186v3ZHEz7XNO5pc3AoIBAQD6L9a7FASo +H0HiMvk2LGBe32EPQQQ/+A0pP/K8takv+ju+n1+99tAdgqVLazXH26CQkeyIQHgV +6vxne4egnv8MoRTf8XEaFzk59FhuP/PCc9d0mEC1ffQ4pdwjIoThFreCX8rtWIJt +N9/UOyoczdViaCN/nK7vXf7fyPvLOyFWxyhjYxpq8BXiVwSUgQqv5APWask/2hUt +SjIe3ZJ+S1IyR3+IkO992I5aC+bKvpG9UxRV1ecFsLvKSgYb8CuwlgBLn5WUidDo +swzOiCJ2l4EyOBrpALuPpJZDcmhYCVNh/zVwqr41ogGgD2f1tBcduQ+IA5a2006W +7gGyyaTdctUzAoIBAQC1YRTp9zrNcAJDR02/LYjGOwgaErnHFGTHhoWUjo0VPBb9 +OvwUbVV6/8NuUe2NBjLOyInm/sTF2DFm7ocH3cv683+IJ8d8LdzA9UX11SFQW7Qs +zk5DTmod6pcAZlDOMroCAk1azCJcBxyKRTQuRHWm0LZ7D8DfxuonNcfxfdw/J3sY +8wCjIn7Vlg4FlJRNSLufcphysWBzor8WgfvV3xZ7WdUu9R8kGZO6CRdboq+owrkO +D3W7wuYHIydGYxMLQykyPtme9DoBTKBohrp2OVmXZMUw7xpc+z/t/3n73XHnm/VB +Y5K/VDRV9v5kqhwna7l99/9TBkMdq6PSnXYK43ApAoIBABgiWUJ+sdxN95sMc8Ho +EfvU7JX+HZzWHt7lzlKp64I3T2AaG7BFiNnv6mYWF4AKDbkken7CSVND8clBv1md +PNlJCKx5rAFqUBjpG0a3YJpXdmdG8KcRWWfFiDDTeaIFAPrQptCygxJqG2trsapJ +qNXvWc1Lngx1Msr/plp6f8LRP3Im8ztxoYrN/iEdOZyyEDS05GkGbpiJ2b/ke+c2 ++NzkzMatxIyNQV4qW78fFwv+Ya3ODpUb8WGYNnKnfm9waOLiqBlGGiL4crnRpBFw +mAPyKZZkfbNjmyMyfCJR8/s2FT+jGOovkJySH+Mx1jEF0xu5zOYiCCjDGOLYVNEP +7MUCggEAAXfLnBefyEXuJXE83xlbCvXRYaTjVwjKswRAjvPVS+yDMvPYkASg3phb +szbw61IZdfEzJMkSRhXX6C1/WVIje4eJHbNX3r7Z+QCq4gCBYClJ2DWg2IR0G+/4 +xA8xP+TWj65SNUBONCSM0/+M5ihu/46h9Ox/NWFd4ojYDJsny34xrk9IvXFsKHdg +tYj1cYHjq5yciowCu244xCvsTMrPYG09BsxLUZDGCQ2pp6aTdCeXtC7raXpCtpUd +GN4rTZRouVsMJ3HNjjdvao/2z2NpbTj21gv4sk6IgcwBBNMzjx1t1DxRjtWAK9Uh +k5H9czteaz/oxlfI794TWFUpTtK6NA== +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/dfsp_server.csr b/docker/security/payee/tls/dfsp_server.csr new file mode 100644 index 00000000..1064cf54 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server.csr @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFSjCCAzICAQAwKzEpMCcGA1UEAwwgcGF5ZWUtc2RrLXNjaGVtZS1hZGFwdGVy +LWFwaS1zdmMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCFREqTiwFg +1BuJq9KPqL1YAUaqBOU0dVM0Bv61N3IKpvDnxICfyQJQg/zeEonpV3Y0Sya7gBR1 +VXw4aTBn75HCgsPpitKjImJpDD3gEApdZz95tyAgSvhfCM+Hh4SDevq3YwW79HaN +nopRAl6kdd2K8qnoGSDcheKNTbIJZxvwxfcUkIDxOTpfKr2MuiZT0UG7KpoY4ik5 +nsYLh3Jwa1EZ/82DapX+0Tyc2mrJPeDFw/zliFLfQ3j/fw3iqTVdIxT948ZVJ9Pr +HH+2v2/kthoBONNQvh/4uRWzwiba+MdTHbw31sGNmLUBJTfwCs7e5zffU/Q5dgAV +KAEREQtq/DVj9QoNi9LBLLNcs7ufuP0HA5vWZkl2kpSaURPwCNR/xVOxfEVPUzb4 +JYtHk3B1Zl6ZczRSJOCqKepqV9f0I9tmKa4Kkhdm5nzzldgTcfC9wAAUAlldVLbP +8SP1hEX1AwrSSomc2mf/aZcR1qQPn+Fsiyn1ywNmOMTiRJMx4WBjxkXlhP5DmiOW +A68P6kNTB3avud5QfreCacUgD5Q/l9HAPsB9J7MZJayU/x39IMk0pXXtfFsbbpKm +1yRiNnZvpSnbi75PWkFRiYFsOmvHheTQMqjRpTdicOMJhQ5KtGKJQEFii0MNKkB6 +/JkAd1YK7TXL9u0gAfxa+IVaZPUY2+jnCwIDAQABoIHZMIHWBgkqhkiG9w0BCQ4x +gcgwgcUwHQYDVR0OBBYEFBmkYSJMJaNpX72JGelArLk/w3I0MAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB +BQUHAwMGCCsGAQUFBwMEMCsGA1UdEQQkMCKCIHBheWVlLXNkay1zY2hlbWUtYWRh +cHRlci1hcGktc3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD +ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAbNGUiLn+bx5S9HQ9CI8ac6oy +21hI0mFtuDQPp4PPkCxbdN/LiyjpYg6EC7ZSOWxkrsOU3spwR31nFlFTmTcdKjzb +Nhn09bdmc8FVNl6P+jlwIJozmShKuHiVzPGjVZEZcIRHXVPScnGCHaNmDt2IYAYq +9oMZULuN2q2dImFSA8gOFCeW+ZkmvTE+tb/zg+4kuZKEYYLdRAEACt0XX+K6tunv +h8l9OsbhAVl/mvke+ydsrUfMdi+larqKMYeP/ZVMBrQj31/YCSSxTEi/F9/QCgto +dNQ4hEHwHG6ZL9HMIdA4Ej55NIHBlYovAqCFSXPqM2C/6MoxbnQ7sM1JzBZ34uCV +wdpbGpnf59vZjSPxWUhCZ/gLfD/Zw7+msQqs2iht0TPvhSKraK2mxOkfy8UuOOPQ +TuYxLVMld7OIHC8L5jqRi/YS3zu3WwOemIiT8ObEh86NJKk2ofXuC/wcTmkQXlvN ++2r5xPq2fntxAwJnY5AkhzXVWZxNyUCe1If1MN5OW5Xc9foeni55HpZvWU9vYzMM +IPTYbo3I+PAA6IGwnaqfM6CoJJ6ImSdf0cu5DZROE5eAhqmyyNh/AyksRgohcNkx +TI/nalIJA98ooXoEFIZNKg/ouZTULiGLywkWBaMaz3l73MnQDHlYfKqWPxjHV8Kj +wd/CxO/6uqIyaSjuXc4= +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payee/tls/dfsp_server_cacert.pem b/docker/security/payee/tls/dfsp_server_cacert.pem new file mode 100644 index 00000000..bc208037 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUYOahCSI+t+iJCevDl20zaRkNbaYwDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyN1oXDTI0MDMxNTAy +MDMyN1owgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAiHaHFpgfb0FHsQ+i/gpR/YFZUUlfTW7UQlIf7BvYnp9p2wEiL2r7 +GtYnF6S+hSV5A1/qnHNzo8SGCy8RP3I+0d7ape0fYFJYyj2oFpn5F1QiskxVKPn0 +b4cxRO0Px/j9eZCybt0Ca/0FYAcXFJ2LBq6WrymZIbaC4owkIGT3EnSSUEcZ0K0f +cPEleD69gNpxGePISm2Ljcu5zUjuOfceNxPcGctKbP4sV0ldyskZzZl/omDK+gNM +BDl2vdYLbG2r/GDjVCeVGobEHdq9v0j6H06fZ7E4qmdXYTGKev+l8NWDOfuHUdvh +K60D6VDn8OZj2MMA7Xv01RErKZB/h9Jws7Ayj31OGr/WAbHpTn4V2HjqQdrbq0pq +lsvufDlPnUFKv0aGk70DlSQja99XPAuy0/5OjbsBrHvcCupw/HagBTR/hCGdcD4L +TPynPKbk6Ep3NEcf/nyYoKwy+wDh2bUgqSB3E/6UNrbYTTl42Ti/QItSYDBnd871 +mdZwIyhqWz8fFXVxs1M0K0HGTXMnRvEOT4djrL7okF31L/5LyHsZbwY+/Uw20nLN +LhTKOiSaNwpZws8f4dHgV+rnJD7lekzSxeSkkcayrROQVZEt1MDGshQzYR6bPQ3O +9dri3NaoTuGVSislRDAnnhAy010EewgizBWzjHsf+Z5bsMLikwVE1K0CAwEAAaNg +MF4wHQYDVR0OBBYEFEVYcAvlsnioq/2DujBIiaZMwsGYMB8GA1UdIwQYMBaAFEVY +cAvlsnioq/2DujBIiaZMwsGYMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQB1RK/7HKZ3yFxGMZ6gr1Cz4Aqj8jqXZU0Cu7lR +vUCH9EV/7dLsUp6wWjnZK2YlDN6sejAyMeOcGgiOmFZw7aKxLu0erypzrbMGuzGl +l8UFiYveJV0GSpBzCZ7gBbl8LLJD2YoTt3BuGTod7cJp95peY+m5ybWMnFUyuCSW +QtvxKS/Crv6FTpSTI3FXFIhJJgLQqqB2xb3fTp/Tuc0keYBZt1lgpMC/Yo5rhJPD +yqzV/LuQiuAGpuuy7SRKKBWAIlAYBwdHAfhrnfmQq84tE/LCgtgr4zcxhstoMZ0t +w6oeXYbEhDScpLMh/L5O5qPEJxwWXRVrHEiB2BrbZBzOREDt7HZdsmcRxdUm1A5G +Zd2wNKn2i+16hjCLo32O+whubkW5Oc3MFpW4wh8x5z11SLue+y8hKae53w1Dbj87 +VEGqYr3ZuUbSW7ODnuvhJ6y4oNcYDCiwC7A0cQ+lA0vLjYQGf7iLRaKOS40/JcyF +IPlBi2keQXlB16xgMFm1KGVOq00odlYP1HMI4QjMncC028NOJAP6dbcxDk9TZSkS +KPpMFAa8a3Hfd6x5nYTAwtCrc63MsC7CUUX6cvNNIege/Tveu/Epm+qcnE7DjJ7t +qQQtrlFWMQHmvKuFqt6yw6iHM2awlbluzPg+kDG8Rsiqs4Lt4bnfFO7iJ/5FDafu +Zh04Mw== +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_server_cakey.pem b/docker/security/payee/tls/dfsp_server_cakey.pem new file mode 100644 index 00000000..d5dd4da5 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCIdocWmB9vQUex +D6L+ClH9gVlRSV9NbtRCUh/sG9ien2nbASIvavsa1icXpL6FJXkDX+qcc3OjxIYL +LxE/cj7R3tql7R9gUljKPagWmfkXVCKyTFUo+fRvhzFE7Q/H+P15kLJu3QJr/QVg +BxcUnYsGrpavKZkhtoLijCQgZPcSdJJQRxnQrR9w8SV4Pr2A2nEZ48hKbYuNy7nN +SO459x43E9wZy0ps/ixXSV3KyRnNmX+iYMr6A0wEOXa91gtsbav8YONUJ5UahsQd +2r2/SPofTp9nsTiqZ1dhMYp6/6Xw1YM5+4dR2+ErrQPpUOfw5mPYwwDte/TVESsp +kH+H0nCzsDKPfU4av9YBselOfhXYeOpB2turSmqWy+58OU+dQUq/RoaTvQOVJCNr +31c8C7LT/k6NuwGse9wK6nD8dqAFNH+EIZ1wPgtM/Kc8puToSnc0Rx/+fJigrDL7 +AOHZtSCpIHcT/pQ2tthNOXjZOL9Ai1JgMGd3zvWZ1nAjKGpbPx8VdXGzUzQrQcZN +cydG8Q5Ph2OsvuiQXfUv/kvIexlvBj79TDbScs0uFMo6JJo3ClnCzx/h0eBX6uck +PuV6TNLF5KSRxrKtE5BVkS3UwMayFDNhHps9Dc712uLc1qhO4ZVKKyVEMCeeEDLT +XQR7CCLMFbOMex/5nluwwuKTBUTUrQIDAQABAoICAANW4THmmZhToOE+mHa+gmih +dnHUiZI/xM51q4XP3aJuFL1Q/wjphYkP1geQVsAz3Uz9lyRqd9k5WS1jYrjqfwqM +OU4HqjWldjpGvXsGHBAb1TiHQSs+SKLFDGnbIkB6wZsstQ0c9+70E2JY8hHlVA5f +Dd1t92sZiATquISZa+ll9GGmB8XxQpx1Lj1Nzb3eOpfPWOqnWRuocVzKbNf6yeC/ +qepwrNrTcnrVVwf8GVdMaxDqbPUmyQCudk8pcoCeA3Aq381CpbWvOBPh8zQ/4S0M +c76qGdCjtEHy4Chn4qPs2af81YAlkRJMStT2D6L3xFg812Q4XRKst6FuAYztk6fs +4Mv1RM/rwe8PqR1ZCVlUwTr28ftQ+Qe/y0ejnEd605fBYU/FjR4tMDM6figwwBHa +f6fm91Rivx27ieovjrwgacUH/E0RzyM0fpaDxdGI+DwplUnTXTUfeFrVmcV4qPsu +tolfrYGKUfjNebrmZS91Vr12wScPF2/jevkLw18LulLDG6Fy9BMfBqPusgy7ThEi +wda6JIwPO/sRoDMSJ6mdpmcMFtw6Zg4pS170A8IHukikw14qlh0vwI+TcTmjZmUc +eCnA6T+Scu+M7iXbqJoV0nwzU5sS3WcXAaCRWqq6ecb/ne+LvtTUwVSdTJ3FQEyG +fVlx18w4Wp6QhF6UfQzhAoIBAQC+421ASOAZv43Dqhl/KyTIen4+mlYkAYYTHLW1 +Sd7nojaWS0kq6mkcfsOA357sOT2FQYPuerHxau+fs+LimW2Z+fJnP6kShBO9Z39K +jSepXaetWSQRIVYPrzEXBKFbXiLPBQTdDzw8wBsEw0Z0hioahZ9DPKjme7CmvmkF +mbTMFEu7d8bc4K5jIhrovTPF8Hs8GPCktGbrqZlgNy7VAWNxCiy1nyPEt6eKSU5k +Ig5O4TEJBRhGg0VbsmAp6oxlF5NMpXM4ABdm74vbYoFY02PaQu8BWqGpg21CZida +fUWy4sG4zZkr8KIyRKPwVylFdjK5YQ2dmgpXFjWzB2Pr615hAoIBAQC3Ap6JW7dO +MmqT1KfIVVAvkZwTL190A1kj7HvJ1PakMSkd4kaP4ZX4+jDHR6gm5VvMp0roJTtB +xZeJNWwHhxn+iz6uinbmiWqM5m1zRpVdVd3hGPSS99UO+FjJKfLiaD3RJrOrxk93 +LezvyRuBhpHJo80ZSQHenrUzjCGJMDd+W0fr9M56odonqxue46RAazemPiqvpk1R +Pwyamw24VXU+xBZizwWYSjFI7p/JxhbbRCci4qZvGt0vlzPmPdbwYrkj3WcYdFVQ +SIPQvUXJ95OYi9aCU5QX9S7mgnGRM4XT1FaAKRxxDy9VGvDzPqXI43daqoorBdMo +99XydKYVN+HNAoIBAAflcoSBPzvxb5TTeYCIMVpVrtk6GywcIAa0XlPkfWMJk8Z9 +0MYEslpqZ/3xwio1Z/UWM7Xuv2OkL8tkbpM/E4iWDU/2EzFf400ndd2In0ZjSGdk +U5idz2iQr7ArEd2stDXqGDxov+4naDa3OTfiwOUd9+uZG8eFAFa1c7S2mgMDJ+rW +VpSWesBBDenowbaDbyWaRoIZsFQ5TM3tGnPXPdzUNetBbQJbMoQG6kY8Hmlm6Vdd +LZblIT5cz5uMR0h7RC2cfnqnjlBEwn1NwtoAzJWfxTFCJYPUmvVvMluM6RAwTyEs +6BQoPR1lN37erCdib1C50g1d7OWTVp9UQ+7jaqECggEBAJWTcnfZmkwzMKB6olc+ +Qzddzy5u/ZkYU3blBZfEk4FHHM/r7LgULDs+YTe+/VQtCYaPBM4QAAqVsHDYVN8i +MMC2lhiZ2uw5S/i1LKeW/OU4FQyxFNQ58s01dXuU6YraoAudkiPHBZPm2UxyFiUb +E3S2iB8uaHTHSlpDIfW6juCbQoE7qLbaKi9Zzk1iyRBNkUIydTjytya8XVTPfbs3 +PYh7Q8Cma3A402dEgRys5ml3nnUIwfb1Aeqvrh90U4RNa/xALM7z5fakDfhBehTE +YMHBKSWDofqizh5gZunCLpMfbUN6VmChhJIOXviwL1etchOMZzkanadSSG7NoCCf +d9ECggEATJoUlOptoxXAql4+ZLX3Q/79il+knNfGCNg7H37D5sBCXvMHt5fKVZ9y +xvp9vLgfaam3M3ztVjjdrKqbUg7JP0Ia7t1PIgXAt+67E4JkNK/ZdZB5l7+Hpux1 +wJp6cLnNqMsZmBVGw85gvcNBzNTtOuaegvwdG7DDGCH51cOWih0zD9LmMYBLTTQY +4zs6ljM1G+zxt9CvW0tDdshj1hqFnmaickdfRkD/j6gJu4mNa/d+ag1LvfrJCTYL +RaTIPxz7udtB9dQOnFfcdOy71Qq3ZEoUqevqbChghj2RAKSaccQkPml5Fq67pLf/ +64VVjWDKzRoaGBjDciVuzOwmonSJxQ== +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/dfsp_server_cert.pem b/docker/security/payee/tls/dfsp_server_cert.pem new file mode 100644 index 00000000..429ff28d --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 9 (0x9) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:30 2024 GMT + Not After : Nov 10 02:03:30 2026 GMT + Subject: CN=payee-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:85:44:4a:93:8b:01:60:d4:1b:89:ab:d2:8f:a8: + bd:58:01:46:aa:04:e5:34:75:53:34:06:fe:b5:37: + 72:0a:a6:f0:e7:c4:80:9f:c9:02:50:83:fc:de:12: + 89:e9:57:76:34:4b:26:bb:80:14:75:55:7c:38:69: + 30:67:ef:91:c2:82:c3:e9:8a:d2:a3:22:62:69:0c: + 3d:e0:10:0a:5d:67:3f:79:b7:20:20:4a:f8:5f:08: + cf:87:87:84:83:7a:fa:b7:63:05:bb:f4:76:8d:9e: + 8a:51:02:5e:a4:75:dd:8a:f2:a9:e8:19:20:dc:85: + e2:8d:4d:b2:09:67:1b:f0:c5:f7:14:90:80:f1:39: + 3a:5f:2a:bd:8c:ba:26:53:d1:41:bb:2a:9a:18:e2: + 29:39:9e:c6:0b:87:72:70:6b:51:19:ff:cd:83:6a: + 95:fe:d1:3c:9c:da:6a:c9:3d:e0:c5:c3:fc:e5:88: + 52:df:43:78:ff:7f:0d:e2:a9:35:5d:23:14:fd:e3: + c6:55:27:d3:eb:1c:7f:b6:bf:6f:e4:b6:1a:01:38: + d3:50:be:1f:f8:b9:15:b3:c2:26:da:f8:c7:53:1d: + bc:37:d6:c1:8d:98:b5:01:25:37:f0:0a:ce:de:e7: + 37:df:53:f4:39:76:00:15:28:01:11:11:0b:6a:fc: + 35:63:f5:0a:0d:8b:d2:c1:2c:b3:5c:b3:bb:9f:b8: + fd:07:03:9b:d6:66:49:76:92:94:9a:51:13:f0:08: + d4:7f:c5:53:b1:7c:45:4f:53:36:f8:25:8b:47:93: + 70:75:66:5e:99:73:34:52:24:e0:aa:29:ea:6a:57: + d7:f4:23:db:66:29:ae:0a:92:17:66:e6:7c:f3:95: + d8:13:71:f0:bd:c0:00:14:02:59:5d:54:b6:cf:f1: + 23:f5:84:45:f5:03:0a:d2:4a:89:9c:da:67:ff:69: + 97:11:d6:a4:0f:9f:e1:6c:8b:29:f5:cb:03:66:38: + c4:e2:44:93:31:e1:60:63:c6:45:e5:84:fe:43:9a: + 23:96:03:af:0f:ea:43:53:07:76:af:b9:de:50:7e: + b7:82:69:c5:20:0f:94:3f:97:d1:c0:3e:c0:7d:27: + b3:19:25:ac:94:ff:1d:fd:20:c9:34:a5:75:ed:7c: + 5b:1b:6e:92:a6:d7:24:62:36:76:6f:a5:29:db:8b: + be:4f:5a:41:51:89:81:6c:3a:6b:c7:85:e4:d0:32: + a8:d1:a5:37:62:70:e3:09:85:0e:4a:b4:62:89:40: + 41:62:8b:43:0d:2a:40:7a:fc:99:00:77:56:0a:ed: + 35:cb:f6:ed:20:01:fc:5a:f8:85:5a:64:f5:18:db: + e8:e7:0b + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 19:A4:61:22:4C:25:A3:69:5F:BD:89:19:E9:40:AC:B9:3F:C3:72:34 + X509v3 Authority Key Identifier: + 45:58:70:0B:E5:B2:78:A8:AB:FD:83:BA:30:48:89:A6:4C:C2:C1:98 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payee-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 54:1c:48:ec:77:f4:9a:07:78:2e:ee:b1:9d:26:98:69:af:ba: + 68:c4:31:56:3d:df:f1:c5:90:c4:76:07:a5:bb:09:dd:4b:a9: + 9a:4b:d5:13:a7:5e:45:e4:df:78:58:b2:a1:3d:ea:b2:cd:f4: + 15:01:a2:81:18:35:de:aa:ed:21:d0:76:58:29:b5:81:e1:38: + 35:d9:07:0e:db:de:f0:ec:7c:c3:57:78:7d:92:35:a3:3a:7d: + cc:17:fa:b5:6e:b1:66:79:6c:e3:b2:3d:76:e2:0c:b1:2f:c6: + d1:15:fa:34:56:4f:2e:1a:05:dd:7f:ab:1c:aa:55:90:6c:d2: + 52:d9:f6:d8:4b:4b:fe:2b:47:6f:ca:32:b9:83:23:3a:06:a9: + 6c:c6:7c:9a:e7:21:60:26:d4:15:8a:ac:42:8e:dc:f6:5c:12: + ed:e3:85:58:0f:bb:d9:bb:ed:de:a1:92:2e:9d:7c:30:bd:0d: + 81:fe:eb:c4:c1:51:f0:3a:7c:3e:7b:eb:6b:64:39:e0:b2:8f: + 38:a1:31:44:93:63:97:c5:22:97:98:9b:fd:7e:01:91:76:a9: + 7f:7b:34:f9:bb:ef:6e:e4:a5:bf:db:34:12:a7:e6:2b:e9:ea: + 00:7a:54:06:30:3e:c9:7e:af:49:c5:63:49:60:5d:fc:9c:57: + 47:23:20:d8:b7:e7:78:77:4c:8b:f6:e6:fc:8e:87:4a:c1:8b: + a7:b8:b2:81:0f:68:8e:56:7e:6e:f0:f3:a5:92:a2:3c:c8:75: + 95:bd:db:a2:5f:5d:1a:ff:5d:77:7d:02:e1:16:32:bf:51:4f: + 55:57:38:10:7b:ed:fc:b5:f1:83:0f:69:62:83:b8:bd:ba:88: + 08:fd:9f:97:57:75:0c:9e:b1:c3:0c:5f:95:da:1c:2a:bf:3a: + f2:cf:86:34:bc:1d:95:9d:f9:d4:16:2a:86:6d:70:c0:f7:1b: + f1:bd:7c:08:d2:d3:ee:10:25:c1:a3:9f:0c:4f:a0:57:18:6f: + 44:71:f5:14:c9:20:a4:88:50:ae:ac:ed:1c:fc:99:9b:45:95: + 4d:7a:23:c1:ad:b2:cd:6c:98:ae:e0:3a:f5:42:fe:b8:f6:14: + 30:50:b6:66:c2:3b:89:71:ed:7d:af:77:12:0d:a4:c9:3e:d3: + 0f:53:be:6a:63:e7:9c:98:25:ad:f5:ab:c0:42:5a:90:33:d2: + 63:d6:c5:73:fc:37:da:53:01:ad:fa:4f:13:53:62:cd:c1:92: + 66:61:0f:37:22:6c:f8:8d:92:c4:2b:f6:13:55:c8:11:93:6a: + 9d:5e:9d:c2:68:94:a9:95:0f:29:05:c7:ae:93:d8:4a:f5:4a: + ca:75:d6:4f:1f:57:78:5b +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzMwWhcNMjYxMTEwMDIwMzMwWjArMSkwJwYDVQQDDCBw +YXllZS1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAIVESpOLAWDUG4mr0o+ovVgBRqoE5TR1UzQG/rU3cgqm +8OfEgJ/JAlCD/N4SielXdjRLJruAFHVVfDhpMGfvkcKCw+mK0qMiYmkMPeAQCl1n +P3m3ICBK+F8Iz4eHhIN6+rdjBbv0do2eilECXqR13YryqegZINyF4o1NsglnG/DF +9xSQgPE5Ol8qvYy6JlPRQbsqmhjiKTmexguHcnBrURn/zYNqlf7RPJzaask94MXD +/OWIUt9DeP9/DeKpNV0jFP3jxlUn0+scf7a/b+S2GgE401C+H/i5FbPCJtr4x1Md +vDfWwY2YtQElN/AKzt7nN99T9Dl2ABUoARERC2r8NWP1Cg2L0sEss1yzu5+4/QcD +m9ZmSXaSlJpRE/AI1H/FU7F8RU9TNvgli0eTcHVmXplzNFIk4Kop6mpX1/Qj22Yp +rgqSF2bmfPOV2BNx8L3AABQCWV1Uts/xI/WERfUDCtJKiZzaZ/9plxHWpA+f4WyL +KfXLA2Y4xOJEkzHhYGPGReWE/kOaI5YDrw/qQ1MHdq+53lB+t4JpxSAPlD+X0cA+ +wH0nsxklrJT/Hf0gyTSlde18WxtukqbXJGI2dm+lKduLvk9aQVGJgWw6a8eF5NAy +qNGlN2Jw4wmFDkq0YolAQWKLQw0qQHr8mQB3VgrtNcv27SAB/Fr4hVpk9Rjb6OcL +AgMBAAGjgekwgeYwHQYDVR0OBBYEFBmkYSJMJaNpX72JGelArLk/w3I0MB8GA1Ud +IwQYMBaAFEVYcAvlsnioq/2DujBIiaZMwsGYMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVlLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAVBxI7Hf0mgd4Lu6xnSaYaa+6aMQxVj3f8cWQ +xHYHpbsJ3UupmkvVE6deReTfeFiyoT3qss30FQGigRg13qrtIdB2WCm1geE4NdkH +Dtve8Ox8w1d4fZI1ozp9zBf6tW6xZnls47I9duIMsS/G0RX6NFZPLhoF3X+rHKpV +kGzSUtn22EtL/itHb8oyuYMjOgapbMZ8muchYCbUFYqsQo7c9lwS7eOFWA+72bvt +3qGSLp18ML0Ngf7rxMFR8Dp8Pnvra2Q54LKPOKExRJNjl8Uil5ib/X4BkXapf3s0 ++bvvbuSlv9s0EqfmK+nqAHpUBjA+yX6vScVjSWBd/JxXRyMg2LfneHdMi/bm/I6H +SsGLp7iygQ9ojlZ+bvDzpZKiPMh1lb3bol9dGv9dd30C4RYyv1FPVVc4EHvt/LXx +gw9pYoO4vbqICP2fl1d1DJ6xwwxfldocKr868s+GNLwdlZ351BYqhm1wwPcb8b18 +CNLT7hAlwaOfDE+gVxhvRHH1FMkgpIhQrqztHPyZm0WVTXojwa2yzWyYruA69UL+ +uPYUMFC2ZsI7iXHtfa93Eg2kyT7TD1O+amPnnJglrfWrwEJakDPSY9bFc/w32lMB +rfpPE1NizcGSZmEPNyJs+I2SxCv2E1XIEZNqnV6dwmiUqZUPKQXHrpPYSvVKynXW +Tx9XeFs= +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/dfsp_server_key.key b/docker/security/payee/tls/dfsp_server_key.key new file mode 100644 index 00000000..e82a4988 --- /dev/null +++ b/docker/security/payee/tls/dfsp_server_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCFREqTiwFg1BuJ +q9KPqL1YAUaqBOU0dVM0Bv61N3IKpvDnxICfyQJQg/zeEonpV3Y0Sya7gBR1VXw4 +aTBn75HCgsPpitKjImJpDD3gEApdZz95tyAgSvhfCM+Hh4SDevq3YwW79HaNnopR +Al6kdd2K8qnoGSDcheKNTbIJZxvwxfcUkIDxOTpfKr2MuiZT0UG7KpoY4ik5nsYL +h3Jwa1EZ/82DapX+0Tyc2mrJPeDFw/zliFLfQ3j/fw3iqTVdIxT948ZVJ9PrHH+2 +v2/kthoBONNQvh/4uRWzwiba+MdTHbw31sGNmLUBJTfwCs7e5zffU/Q5dgAVKAER +EQtq/DVj9QoNi9LBLLNcs7ufuP0HA5vWZkl2kpSaURPwCNR/xVOxfEVPUzb4JYtH +k3B1Zl6ZczRSJOCqKepqV9f0I9tmKa4Kkhdm5nzzldgTcfC9wAAUAlldVLbP8SP1 +hEX1AwrSSomc2mf/aZcR1qQPn+Fsiyn1ywNmOMTiRJMx4WBjxkXlhP5DmiOWA68P +6kNTB3avud5QfreCacUgD5Q/l9HAPsB9J7MZJayU/x39IMk0pXXtfFsbbpKm1yRi +NnZvpSnbi75PWkFRiYFsOmvHheTQMqjRpTdicOMJhQ5KtGKJQEFii0MNKkB6/JkA +d1YK7TXL9u0gAfxa+IVaZPUY2+jnCwIDAQABAoICABOuz/L1u2jhOwX85jcInZqT +aavv2CiE0ZqkE9eRDltrZ7ZbjAHNjvV0YRMtmsfnfpJfrSNRWfQwgY3VX2xicl1P +sf7a3ZxxliZcxADFbbp45uOju+95EzD6HKiwR86hickvK2gkxaPKEDTBzFeu/t8o +UxbwKy3W6myjVpHT9Ej9/C3B4AGAydHHfsJ7tfB4PiSWOLdHI/6aKDcItMrM1ugn +o2NvCSNfJPwnuFDrvjiHZ2FBXrgR/5uA2PyqsDKG3XFYRHFMVhzqEyTbJnwZt0KJ +8ZAB3LgAIifwG4wI5WutvyBiLCktLkKyjA38kqxSayqlfDNGbeGyDGJIaa7N/FaG +B9mOMHuQDMnagRZiIxCG4VOhcWU4lQLb3i7xAuDYDbI+7JUYud/725vPNann6kyE +MFRmeOX+nLD4qH+uhT3QEApHBmukD/SGUwdwmd70DMbKDCEOSB3bkLFDhA+8IePb +I3nlPtmZxthGiHZ6mp57eeKTWvYn5/5QjO9LmQSySGSshNB5dqYMrE/NyaaoKAn7 +qqz+YKksy78wDhCe/G5ETdvpqhrNKq7t40nzFOjaJXyCfhPcvRQxa8zlr2vuQh0K +1m/AbzKw//we6LGhgc4dYPVvAn8oNEmTHwisTEsAgHtAndSPSY17DyioqSrIDBGT +WxioEqj72oNRBToB3aMZAoIBAQC7dYGhyb5wmgcJZxvT8x9Ux4iT+Nb2BDRDZKpF +/hsmK9yMTw8gRSu0mQR0yWDq22kClg/NuCU9sfsdQtSPe4ClnNbX5fuPeICpwlpo +ERA5GI2WJocydQSginGiVI0qD1ufwiYFPqosANRwKjOxapbxJtVI3lHM+Btuhf0Y +Tru8Qa5bedkET+tR/Fa5p24rS0YntxuGrdQvfSwfAh8HP5f4TkQthaM7GW1q4oQx +FRKDlFOFvl8tudWV/tKm+efcYwjFfzFY2uBX5N8TBpTn6arqw32dWeESx+QA3BoD +/uerg+Er9dcSki5Orkv0Bqu4Fa3/YSAWRo5M6xOlDeYWwISTAoIBAQC1/kuQ59ay +1T9qRocCcymNYH1NGPJkr/BkHUy89SfOoMg9QnxObKRyOgKeZT+uv9XiLNzMyh1/ +ui83XrLGAXF0oCtGi6QcOMKTO4k0XeybUN7NV8tYdPd6RECiScK3cX/sS171Mj/5 +KxKVtIhr2ZMLKKRAP+JYkYqWVSXa2MJ99eiP5Xq5ZUmEWBaB/VQd/hqXwX+Mwxcl +iPLLZFd3/IlKyyJCEzZUOGkCNYanIpE2Ax6jdWKWYVQoOFEk+SzTeTsw5bICiesZ +V1WuySRvlJCxbuaQkzI+gKiRIEcAhsWsnBUAHUUw5U21NnIHP60/tV8A9SseVfcG +n09lqaChmFapAoIBAEgcCYOs0V8LQQ2y5hd//FtmbflNzZLRRzFtdbp65wKl+K7Y +cp8dPJS6D+bE2E0/nYNrKiUeYuT6o/g7jvyqq3AJhvOB+mTUG9oxcwl5Ft5/vWc2 +5ubX8LG4z8F7+NlnEv2/d1SpKFjI8O88rKngsLOPFphzPNA12IeJbzR8hOcD9Qgn +NP3dqE3fXZUI/O4WhKQeYa5LC8ZAxkofTMRDCDhyEvPX5lSDkX1+KQ+gZYDL+90E +wCQcyjZq0al9lF1Ik0U1ikv91jK5Tb5J19nmHuMz1AxFWLkav3A9Opyy33cwwdth +NBxmsv19OqZiMogbftUwDWHEPlUEUIg7cnjqEZUCggEBAJwHX8vlKCn8L7kyrC9K +gpZl4idGOxJd0NBUWmUqHa3GJMZ4iNBHzpjr6TDZh0aPy5R0d/zPT4khG7fx5X1i +4V1msJNzxwg3FYJbKZ+O4vqp08ri+UBmT4Iwn+VDLcBOe6kfWVMIeNZruixFMiyc +xbdsaZ1359udM979M040RlLtkCxGRvhJwUTIrMtXYFWydCQlTfBlliOlDNuZtG/3 +P9Gy5DUX+Z0tG8I8F6yVMz/GXu8vBY399cPhvJfhVTAdIMUkOIB6s+fu+1O1uRo8 +mey1MtFCkXIKpfp+XMEzyqfYzRxi+94WyY+SFSLn0eXr3n6YsxX4B6hSzyRO0Jua +WrkCggEBAI+XztkmhvBkiLIcFMBHXFaM8L/y5GJ2w1AzWQJClIqGCPMBoG8FkT89 +ErFxUSIJd8xSVXc3RLJP9cYOyn6BdpAQk9e595AEpE/ww0YceS6+uumXKKGGlHAO +jbiSIChkonwsQ07vPH0VTuzPwyeU6ruzRriHB/Zm3N0ubm/hhA+GtVrr4wcc6zq7 +968cPQBi0uDfdMPqZFj/32Zs72cJfGEFTZWsecO05wUTRMsIAo8/Z2/5XesosOLj +3cHi3/QXi+bfmRreV9gbW5x/u+Dm0JE0jxG6u2TShwnQO792FxL2b9RfaI8J35PE +FQ5S4T6iBXRXvnmzOCFOjUaUlyEMv4s= +-----END PRIVATE KEY----- diff --git a/docker/security/payee/tls/index.txt b/docker/security/payee/tls/index.txt new file mode 100644 index 00000000..5428516a --- /dev/null +++ b/docker/security/payee/tls/index.txt @@ -0,0 +1,10 @@ +V 261104175600Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180117Z 02 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261104185042Z 03 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110014005Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014041Z 05 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015001Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015242Z 07 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110015824Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020330Z 09 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110020345Z 0A unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient diff --git a/docker/security/payee/tls/index.txt.attr b/docker/security/payee/tls/index.txt.attr new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payee/tls/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payee/tls/index.txt.attr.old b/docker/security/payee/tls/index.txt.attr.old new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payee/tls/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payee/tls/index.txt.old b/docker/security/payee/tls/index.txt.old new file mode 100644 index 00000000..c8a571c1 --- /dev/null +++ b/docker/security/payee/tls/index.txt.old @@ -0,0 +1,9 @@ +V 261104175600Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180117Z 02 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261104185042Z 03 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110014005Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014041Z 05 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015001Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015242Z 07 unknown /CN=payee-sdk-scheme-adapter-api-svc +V 261110015824Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020330Z 09 unknown /CN=payee-sdk-scheme-adapter-api-svc diff --git a/docker/security/payee/tls/openssl-client.cnf b/docker/security/payee/tls/openssl-client.cnf new file mode 100644 index 00000000..91de4acb --- /dev/null +++ b/docker/security/payee/tls/openssl-client.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_key.key +distinguished_name = client_distinguished_name +req_extensions = client_req_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ client_distinguished_name ] +countryName = US +stateOrProvinceName = MD +localityName = Baltimore +organizationName = DFSP Client +organizationalUnitName = Payments +commonName = dfspclient +emailAddress = dfspclient@example.com + +#################################################################### +[ client_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = localhost \ No newline at end of file diff --git a/docker/security/payee/tls/openssl-clientca.cnf b/docker/security/payee/tls/openssl-clientca.cnf new file mode 100644 index 00000000..1489f934 --- /dev/null +++ b/docker/security/payee/tls/openssl-clientca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_client_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_client_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Client CA +organizationalUnitName = Payments +commonName = dfspclientca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payee/tls/openssl-server.cnf b/docker/security/payee/tls/openssl-server.cnf new file mode 100644 index 00000000..c1098e1a --- /dev/null +++ b/docker/security/payee/tls/openssl-server.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = dfsp_server_key.key +distinguished_name = server_distinguished_name +req_extensions = server_req_extensions +string_mask = utf8only + +#################################################################### +[ server_distinguished_name ] +countryName_default = US +stateOrProvinceName_default = MD +localityName_default = Baltimore +organizationName_default = Test Server, Limited +organizationalUnitName_default = Payments +commonName = payee-sdk-scheme-adapter-api-svc +commonName_default = payee-sdk-scheme-adapter-api-svc +emailAddress_default = dfspserver@example.com + +#################################################################### +[ server_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = payee-sdk-scheme-adapter-api-svc diff --git a/docker/security/payee/tls/openssl-serverca.cnf b/docker/security/payee/tls/openssl-serverca.cnf new file mode 100644 index 00000000..b7e64d1f --- /dev/null +++ b/docker/security/payee/tls/openssl-serverca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_server_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_server_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_server_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Server CA +organizationalUnitName = Payments +commonName = dfspserverca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payee/tls/payer_server_cacert.pem b/docker/security/payee/tls/payer_server_cacert.pem new file mode 100644 index 00000000..16a5c9e4 --- /dev/null +++ b/docker/security/payee/tls/payer_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUErTej5L20NTAGVL24W21DuuqnqowDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyMVoXDTI0MDMxNTAy +MDMyMVowgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA10vW5SlyxXvn6QbGK6lHxH0Ea6npfGMKzvwzBwtUdDKryycUd3I2 +p6ahkMWzGJnb7uCi3W2BY67soLR9vLg/dE6SddwizMjrBNu6/W+wSr15lrtzNhDT +rextKvc74ywhB1ciu0zfwtv2i9Nkc865YXLw4KqJM5T3jTPSGu7OWpluQBHocLK6 +Q2SVc3vyOuFmMda7kxhAa0ysf3SfX3dHm83Bie+HTGmuYQJ7GQx1nBKPDsT8eCfJ +vkd1lsKuxYhPOdC6V+QXKxMdeLi62fy/7m5mAO21jh1uOF7RPW8FVGNt/aaXp12Z +KvlFh3N6lVXL2TEXWn893+Oey0nFl6R1kKXnib1mTAUYyS0sELDLTAQER4yTpgdj +t+tFJiPigZD1ULt4H3bl60fsii2Yr7LM2oO3hXQOdPXHD8nqHbR3p+phnV9SnG7W +dT5kFvGF5QqgwkOrAyXTDK5G2hP6iu3qunMNV8tLq+h2hmx6h/BMmkyJL8O/YvF4 +vBToMmL2mdX1/P8fSFYoFjVSngtAFt/YdMxFxOyH+Ji4MGM7ppRk7SnZM1NBZpHC +QENARhlUb2xadLy9Ubngqy3YFJSJBn50a70rXcziI0bZVXvvZY8nrdpFAmzODh5a +/6vH+fDPQewRRPKJnHw7JOnI0oezBH9OY2m2BJbG7X8tNQbrdtGSSA8CAwEAAaNg +MF4wHQYDVR0OBBYEFEO7crOJ1YRbsFgd0tHkNoOPGmpIMB8GA1UdIwQYMBaAFEO7 +crOJ1YRbsFgd0tHkNoOPGmpIMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQA6NSM20+9jxzwlY7xTrGyULuksydcoiannNZ/n +PfFd3Oj+mUAS3wNHiib39vhfHhSUYAYPxqOdOML9RIdn5MwDAzh4l1Dw1QvIViS0 +4MXgQABTY5r0h+yT9C4nR8aNQh2xPWNccHfB95A3CXno6tucBsptoxymlwYP5x24 +RCkMldQHOuB2EE3o4fq3NH1SHF2rKKRgzZYnjDaE/CTT27r1RPcSe1AZiuiCVnjf +vFbbQDyIvP2dzhcQWSdnJim8giWmazqtRETzBCRZL1BTErtQd0/GabJ9NCcADs62 +DuDsBzxgznh4ukhOqyy51t++hL47IeRgXh1zmu9zHlBVM4Wh7CwZc+7C+UvS2oVX +gGvkEp7t89IUUgVEgAN2LpAxcznp2mz+Izy/1CJgZhr9mWk/fIyBqbPTtRuPK8yR +pfOeyoNCLAjft13qPGzPT4ulT8J89SBO0j158d00kr1NdPWEsx0v8AbcKXlu9tTr +BR8KxSzFUGB2Ahd4MIZpISbdubbqm8kOCw4DErU+ZbJmIN9CKEGIVYHZ182T6skt +lDWxXgc2XspBQUZbCbPXlN6L0Eps3+fmSJ3gGin9lVXrpWCmekNyIeVIeuex0WlI +VInbq2oHxiI0m9l0+O+VvI8kWGhEZJuesBzWoDyWQwx4+7g78F9q1vD9v+Hqhamv +iTsxjg== +-----END CERTIFICATE----- diff --git a/docker/security/payee/tls/serial.txt b/docker/security/payee/tls/serial.txt new file mode 100644 index 00000000..eb589e9d --- /dev/null +++ b/docker/security/payee/tls/serial.txt @@ -0,0 +1 @@ +0B diff --git a/docker/security/payee/tls/serial.txt.old b/docker/security/payee/tls/serial.txt.old new file mode 100644 index 00000000..d9bb888f --- /dev/null +++ b/docker/security/payee/tls/serial.txt.old @@ -0,0 +1 @@ +0A diff --git a/docker/security/payer/jws/keygen.sh b/docker/security/payer/jws/keygen.sh new file mode 100644 index 00000000..14a7c757 --- /dev/null +++ b/docker/security/payer/jws/keygen.sh @@ -0,0 +1,2 @@ +openssl genrsa -out privatekey.pem 2048 +openssl req -new -x509 -key privatekey.pem -out publickey.cer -days 1825 -subj "/CN=fspiopsimpayer/C=US/ST=Ohio/L=Columbus/O=User/OU=Testing" diff --git a/docker/security/payer/jws/privatekey.pem b/docker/security/payer/jws/privatekey.pem new file mode 100644 index 00000000..e245b410 --- /dev/null +++ b/docker/security/payer/jws/privatekey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/NERUW0kWP7sD +BZezMYuC/YIvjCVofKASQwGKkvd+kUhAPWahbIvkD5rRP0QZVtw/BlSDuq+aci7E +kJCgWXXU29+GHapsvqoYMpFcW+jvEdMoLK1LV7EMY3wV4quOBfhK94aCIHNk1+Zl +SzK0bFVE2kGXUj05yWmsRp45UmwVvm8GVXAVrSoDQ0XB4Bi4Ej6UbRZhXdEjOtUj +5XWPOu6NotpRQuD6o0vD8ZyiJC9ZOMswolICYao5WM4Tu3QCJk4Anj27PbyIZAMf +3n80B33IcnjDAiK3KpzpdeCMAoig23Yal2NU+PEvl/XAL5D7TK9CbMFA8irELhSN +0iLCrOf7AgMBAAECggEAWmhQVsLDEC4aMxeV3zjyCoHr6KePmJQ06+2a8PcE52ey +jg16VaGJk9B9F6uee4zCn1pS4+aF2bVbv73LZMZoHLnKOxQT3U9aBg8DBHTA8ymu +ejSFzDYulPkFVyPSkljoSio4A5dseKZNXl/sHbuLpf69PNu573T47miFr/z09mI/ +rc5lq1n6rg5E+CjfFP3HWoW/7ifoINPJUyGRXafc85XNARzxC6jEgekMYmzyQiIJ +NuNUprFeNQYBlkJiJbnHJweQ8mearRsppb1kt7is/JVt8kDoybXt5ZtcI1IdTtOw +ZxlJv4yZMeqqzsEpd3IlX+jEcxYuDdYSQdimIT98AQKBgQDV/vi/y6IvvwSYQRxQ +PUx0PazogfRKBS+/0AoeKA5tK9dhGRsjg0pajKO1Hg61yyKbJ72yL/cv53IiZeq/ +pAYuN5N4BFzOAvJhLCgWuquBzBhwHttA/HZu2VE36vQjKUFDnsctXbM8AlIqAkk7 +Ry/zAnnim46nJrRxy2sqy7LmewKBgQDkvAkF3IjUVKCZKQPUqGaVshP+hRn4MQMJ +HB5zqbdnvl1DblVCIxnCPKUO6PWdHn25IYpIbyHFcdIgydZzd19deUgrk3Mlquba +jPu/1gGRNPAafPhL0LjxENOmn9ChRV2ZVHFU2yokWkf4igTuw2Hb21/7Q6cdaBs5 +rUMuV1sMgQKBgQC2Vf9bZMX3ytm+ZVQbpm9baCXJItmkrFCoLjpAwb6xFLb6u+qc +0sRq7QScUVUVX1VIQI9ooWgMQDfGyXJBAiBmBuK3U3hD7MzbMUWjQEDcYqu79P66 +m6LKBo8mhyKoRwGd/U8W/4y1qACcXMBLKvfXJpf2FrdxAxCjGUFiAJiZuwKBgQCm +j5KWdRgiXhmwTiCe+53wBgPvRCc8BxypxpMaMI0Ae6vYTYDCL2MzgQvExrkMF8b/ +R8A1rM9Pwul7vN5vqI6GN6npKW8hD8kZfq5X7FOp1H2/HB+Gvc/eox0saZX3ydY1 +sDryysFuRVvBTWf4Icih26aSBpqrnEKvBk80cKI5gQKBgQDVDDZ1IoIzxbqjDH81 +m9Bl4Wcbh47p6WAJN0hkad0czqen4UW06djjDtDEnT0Kg2j+oN0LqlNZRNkUQZp9 +cl8pcZ2r3ME61BFoRLn13BtXxuHnyom4WUukfhLqYA+DI4dWXxnZHz39usWpmS8n +9m+4CXBd6FaOsVxJrBgt6YwUuw== +-----END PRIVATE KEY----- diff --git a/docker/security/payer/jws/publickey.cer b/docker/security/payer/jws/publickey.cer new file mode 100644 index 00000000..1080509b --- /dev/null +++ b/docker/security/payer/jws/publickey.cer @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUWSaadyOlOZuikVJBgnVJm6sHmS0wDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZXIxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjBaFw0yOTAyMTIwMjAzMjBaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVyMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/NERUW0kW +P7sDBZezMYuC/YIvjCVofKASQwGKkvd+kUhAPWahbIvkD5rRP0QZVtw/BlSDuq+a +ci7EkJCgWXXU29+GHapsvqoYMpFcW+jvEdMoLK1LV7EMY3wV4quOBfhK94aCIHNk +1+ZlSzK0bFVE2kGXUj05yWmsRp45UmwVvm8GVXAVrSoDQ0XB4Bi4Ej6UbRZhXdEj +OtUj5XWPOu6NotpRQuD6o0vD8ZyiJC9ZOMswolICYao5WM4Tu3QCJk4Anj27PbyI +ZAMf3n80B33IcnjDAiK3KpzpdeCMAoig23Yal2NU+PEvl/XAL5D7TK9CbMFA8irE +LhSN0iLCrOf7AgMBAAGjUzBRMB0GA1UdDgQWBBREVDEKyvB0X1PF3l76TKKbr2nV +WzAfBgNVHSMEGDAWgBREVDEKyvB0X1PF3l76TKKbr2nVWzAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBmlox7S/6VOkl1ix2X4xaWZW7LUy/5UfA+ +Zxhy02zPY6puzbTd7O0TwK6WXQ0P41U24IksUj43FNgpcS2EcNy8yQTXyh2Sx7ro +wrBEX1R2kaf+vond4Yl7iVXC/127JeGPG8bnfgNeHY/NTJNedzUTJ4Ax5rTUAtCh +TVIjfhKXmR2091C4P1QMXpvHsYhWaWPUZkkrOZq8WkBxyuPaLMZE52IH5VyUqUna +w6ShQvkN48k0VrRGcejYLmpKtXMlx0bLf3/Noz8MF2HJK4sDvohPkHZlZPnyj4Zm +m/HGVUTzUiKtg8UEbEd20KDoktz2sCeOFpAk+nLmSBhvnMOvzAh4 +-----END CERTIFICATE----- diff --git a/docker/security/payer/jws/verification_keys/fspiopsimpayee.pem b/docker/security/payer/jws/verification_keys/fspiopsimpayee.pem new file mode 100644 index 00000000..90c2e9f5 --- /dev/null +++ b/docker/security/payer/jws/verification_keys/fspiopsimpayee.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIUIw60tmOgWtsoMuwSiCWhFAbgYQgwDQYJKoZIhvcNAQEL +BQAwaTEXMBUGA1UEAwwOZnNwaW9wc2ltcGF5ZWUxCzAJBgNVBAYTAlVTMQ0wCwYD +VQQIDARPaGlvMREwDwYDVQQHDAhDb2x1bWJ1czENMAsGA1UECgwEVXNlcjEQMA4G +A1UECwwHVGVzdGluZzAeFw0yNDAyMTQwMjAzMjdaFw0yOTAyMTIwMjAzMjdaMGkx +FzAVBgNVBAMMDmZzcGlvcHNpbXBheWVlMQswCQYDVQQGEwJVUzENMAsGA1UECAwE +T2hpbzERMA8GA1UEBwwIQ29sdW1idXMxDTALBgNVBAoMBFVzZXIxEDAOBgNVBAsM +B1Rlc3RpbmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEUZLuN584 +blSbM6KGpK+36rJsAw+jz8y5hcRh8EvU7lBnam39a/dAx/If8LqttMAqGfx+pNx1 +64PRCJpmdm/FcffA0XHyrmN+K76tRev4q/O80s8qLmLpxTh2P6L9unMEtKyl9bBe +uwV5PnwZ+cJHzy9wMUCpXouWGRK09csYqavGYNqV/zai/4earpi5HR8MJgTRnNXH +HHJw6Xo8lsA6Tu/6ELOa0QDXuOeb6gWUDmynewuqsLhZgurF/EPrbAebRgXzLZVe +GcDgi0jz0kfpNdqZ45AOWq6L1p5xWYvHJUE05KKkTMnUt7E1RzwzkU24W0smmrBq +G5S7UJB1772NAgMBAAGjUzBRMB0GA1UdDgQWBBQWsU9P5kdFZxLL1WU26BglFshR +HjAfBgNVHSMEGDAWgBQWsU9P5kdFZxLL1WU26BglFshRHjAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQALkRuzIU+FeKn0qg1xE16JRUbMktI7LcCc +vzg1E3kXUoZ7GsTfhySeAcmibvssPQPXrRx/pKwfgoR2O/v9++DumxPRff4UEWF2 +hS2WKOJu2ychQhn5H7cu9Jc7g1QTgLQJlvLR+8IZprC+xOEiaz19xvEW2aMWbE2W +Gr9S2WSxZA0aWOcq1imvVa27h+i8t51He0fwzfguH3+jz3pkkS+6vVwRl5JXke5a +/ufUzIeaRRbcVRnytlwNdgLQBKdwTEJWXFHhd9wMxTjRLa7TdA8et+VLdWF+WKai +GTCIYsiYqM0V5fSwobeH5zKT7DvDDDS5hs5OfkXs6be8vARZxn7b +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/0A.pem b/docker/security/payer/tls/0A.pem new file mode 100644 index 00000000..326fcef0 --- /dev/null +++ b/docker/security/payer/tls/0A.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:23 2024 GMT + Not After : Nov 10 02:03:23 2026 GMT + Subject: CN=payer-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:9e:31:7a:c9:98:4f:a2:74:78:ff:be:5c:ed:37: + d3:49:c2:9e:db:00:51:5e:6d:bf:28:d7:77:13:6a: + 5f:ba:77:f1:40:9d:7a:07:69:1d:81:52:64:e7:27: + bb:dc:ce:c0:8d:a5:38:1d:6f:41:74:33:12:78:80: + 28:be:b0:21:f2:6a:75:79:dc:2d:b0:4b:54:b4:82: + 19:68:bc:65:fa:ff:20:a6:a6:09:c1:05:e0:c0:f0: + 47:76:97:eb:27:81:ba:8a:11:0f:01:3d:6d:e7:74: + 15:f7:71:c7:39:73:98:4d:f1:ad:43:dd:b9:be:91: + 1b:17:98:fe:6a:5c:d9:51:89:75:41:51:ab:b6:c8: + 0b:e0:7e:fa:6a:09:ac:0f:f3:bd:65:f1:2b:9c:75: + 00:9f:e1:0d:24:7d:ed:68:54:7e:cd:55:80:11:65: + 64:72:73:43:d1:06:83:f8:99:4a:a3:a0:80:e1:60: + d7:59:14:45:fa:e3:93:74:79:37:17:40:5c:73:8a: + b2:44:cf:5e:8c:ba:bf:55:cd:8d:cb:3a:07:27:56: + 7f:ee:d2:fa:25:ca:6e:f4:cb:2c:a0:d8:fe:97:96: + 62:4c:a0:72:c0:2d:ef:d3:6b:2e:8a:95:7b:11:cd: + 00:00:bd:5a:41:13:26:95:4b:0e:81:a3:ba:75:9a: + 00:9f:df:2a:86:f9:4f:f9:b8:48:79:bf:20:8e:b4: + 19:52:e3:7e:97:55:8f:fd:8d:f2:25:c3:0c:ed:2a: + c9:5a:f7:d4:0d:32:ee:7a:24:22:49:6a:ce:17:2a: + 1e:9b:ec:77:43:22:27:cf:d2:18:7b:7b:6b:23:0c: + 35:02:80:b3:96:0e:ee:e0:7e:97:b5:ed:09:29:4b: + 9a:07:a2:62:cf:26:2f:28:ff:b3:f3:8f:98:46:4a: + c0:8e:c3:0a:67:7a:0b:b0:0c:cd:3c:fe:73:f6:89: + 64:a7:ea:97:ad:37:6d:d7:10:b2:60:cf:e8:6e:de: + 1e:11:3e:ce:8d:4a:b8:bf:89:3f:72:45:5e:06:bd: + c1:27:b0:19:5e:37:f6:6a:52:dd:93:58:6d:d3:fa: + c7:99:bd:ab:ca:15:91:0e:12:24:29:e6:2f:85:10: + 8f:3d:42:53:6f:1f:f2:10:d8:39:31:bc:bb:16:0e: + 12:28:d7:39:6e:88:5f:8d:f9:c9:7f:41:3f:80:85: + 82:fd:be:73:0a:64:2f:8d:7f:ac:1c:d6:46:52:6f: + 76:28:f7:69:95:cc:2d:ee:8c:a7:5f:b0:29:a3:ad: + dc:9b:a9:72:c3:5b:a3:92:04:61:01:58:37:d5:9d: + e1:c1:3a:9c:fd:d7:1d:82:65:a4:b2:b4:73:76:e8: + d2:45:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:DE:53:76:45:23:BB:9C:91:37:5A:0C:E4:01:FF:F1:2E:E7:79:C8 + X509v3 Authority Key Identifier: + 43:BB:72:B3:89:D5:84:5B:B0:58:1D:D2:D1:E4:36:83:8F:1A:6A:48 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payer-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 29:ef:16:bd:06:17:fc:04:04:f4:6c:94:28:db:db:de:a7:e6: + 7c:19:13:84:ab:6f:60:eb:e9:6d:a3:38:05:7f:5c:f2:5c:f2: + d6:4e:8a:c8:c4:e5:11:cd:5c:38:99:4b:48:08:41:0d:69:5f: + 63:9b:63:de:ce:a6:8a:b8:fa:fa:d0:6f:f8:c0:16:23:1f:ce: + 3c:b2:82:90:64:d9:45:40:87:fb:19:86:48:29:9b:b0:a2:f6: + 73:ba:f8:fc:03:4d:90:51:20:87:88:d6:b6:a1:aa:4d:2c:cf: + e5:f3:98:61:02:94:75:0c:f5:63:5f:33:a0:06:0e:f7:75:62: + 7f:88:4c:3a:25:64:58:44:cd:88:ae:c7:70:e2:0a:d3:63:13: + 39:7a:e8:0e:59:bd:f4:6b:b2:c6:2c:55:09:cc:9f:ea:fb:35: + 57:00:81:7b:c7:fd:7c:a6:c1:d4:de:16:42:66:97:53:aa:bd: + 4d:23:b1:f3:47:00:6c:4d:bb:34:9b:6b:9f:cd:f7:db:84:c7: + 82:15:88:7c:9d:cf:54:aa:6c:4e:4f:9e:00:0d:75:b4:30:b7: + 23:82:cb:05:7f:60:f6:83:ba:64:ea:3c:82:6c:9c:55:2a:ea: + 07:3f:20:de:02:53:9e:51:52:7a:70:8a:aa:86:24:6d:90:5f: + b0:60:eb:c8:c1:76:4c:05:0a:87:98:d4:25:e4:1a:3f:9e:38: + a8:a0:2c:ce:69:c3:a7:d3:7d:2c:0b:c0:83:34:13:84:f4:2e: + 05:6b:9e:c4:46:d5:64:3f:72:6c:cf:85:43:f5:8e:6a:d2:7c: + af:ae:a6:38:6d:74:e3:46:84:b4:23:ac:3d:42:e7:06:9e:39: + 0b:85:13:c1:29:dc:e3:96:fc:6f:88:6e:54:26:62:ef:50:4d: + a5:36:c6:a2:2e:c0:7e:52:ca:11:49:d8:9a:ff:8d:f3:1f:bd: + 85:8b:de:b0:ee:61:8e:c1:2c:31:ed:fe:0b:9e:4b:93:fc:4b: + 81:38:bc:67:36:b0:7e:94:28:24:9b:25:d5:6e:17:0a:71:5a: + 0d:19:10:2c:75:38:a2:21:b6:a6:58:1e:b9:de:be:e7:4f:c0: + 84:dd:6b:a8:4e:5a:4c:26:d8:84:d4:55:ad:aa:8a:20:92:dc: + eb:cd:0f:48:4b:16:bf:07:8a:fa:d6:73:47:23:bc:ea:30:df: + ec:f6:d7:83:50:d5:09:71:f9:d9:23:7d:44:ae:41:7e:9b:20: + 6e:5a:fb:4f:6a:22:f1:b6:bf:a1:6b:b1:88:73:76:ea:93:2b: + 9c:e0:d6:20:46:11:4f:b9:e5:19:b4:a6:d4:b3:a7:62:c5:16: + 47:7b:c4:eb:07:c8:76:8c +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzIzWhcNMjYxMTEwMDIwMzIzWjArMSkwJwYDVQQDDCBw +YXllci1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAJ4xesmYT6J0eP++XO0300nCntsAUV5tvyjXdxNqX7p3 +8UCdegdpHYFSZOcnu9zOwI2lOB1vQXQzEniAKL6wIfJqdXncLbBLVLSCGWi8Zfr/ +IKamCcEF4MDwR3aX6yeBuooRDwE9bed0FfdxxzlzmE3xrUPdub6RGxeY/mpc2VGJ +dUFRq7bIC+B++moJrA/zvWXxK5x1AJ/hDSR97WhUfs1VgBFlZHJzQ9EGg/iZSqOg +gOFg11kURfrjk3R5NxdAXHOKskTPXoy6v1XNjcs6BydWf+7S+iXKbvTLLKDY/peW +YkygcsAt79NrLoqVexHNAAC9WkETJpVLDoGjunWaAJ/fKob5T/m4SHm/II60GVLj +fpdVj/2N8iXDDO0qyVr31A0y7nokIklqzhcqHpvsd0MiJ8/SGHt7ayMMNQKAs5YO +7uB+l7XtCSlLmgeiYs8mLyj/s/OPmEZKwI7DCmd6C7AMzTz+c/aJZKfql603bdcQ +smDP6G7eHhE+zo1KuL+JP3JFXga9wSewGV439mpS3ZNYbdP6x5m9q8oVkQ4SJCnm +L4UQjz1CU28f8hDYOTG8uxYOEijXOW6IX435yX9BP4CFgv2+cwpkL41/rBzWRlJv +dij3aZXMLe6Mp1+wKaOt3JupcsNbo5IEYQFYN9Wd4cE6nP3XHYJlpLK0c3bo0kXj +AgMBAAGjgekwgeYwHQYDVR0OBBYEFLPeU3ZFI7uckTdaDOQB//Eu53nIMB8GA1Ud +IwQYMBaAFEO7crOJ1YRbsFgd0tHkNoOPGmpIMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVyLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAKe8WvQYX/AQE9GyUKNvb3qfmfBkThKtvYOvp +baM4BX9c8lzy1k6KyMTlEc1cOJlLSAhBDWlfY5tj3s6mirj6+tBv+MAWIx/OPLKC +kGTZRUCH+xmGSCmbsKL2c7r4/ANNkFEgh4jWtqGqTSzP5fOYYQKUdQz1Y18zoAYO +93Vif4hMOiVkWETNiK7HcOIK02MTOXroDlm99GuyxixVCcyf6vs1VwCBe8f9fKbB +1N4WQmaXU6q9TSOx80cAbE27NJtrn83324THghWIfJ3PVKpsTk+eAA11tDC3I4LL +BX9g9oO6ZOo8gmycVSrqBz8g3gJTnlFSenCKqoYkbZBfsGDryMF2TAUKh5jUJeQa +P544qKAszmnDp9N9LAvAgzQThPQuBWuexEbVZD9ybM+FQ/WOatJ8r66mOG1040aE +tCOsPULnBp45C4UTwSnc45b8b4huVCZi71BNpTbGoi7AflLKEUnYmv+N8x+9hYve +sO5hjsEsMe3+C55Lk/xLgTi8ZzawfpQoJJsl1W4XCnFaDRkQLHU4oiG2plgeud6+ +50/AhN1rqE5aTCbYhNRVraqKIJLc680PSEsWvweK+tZzRyO86jDf7PbXg1DVCXH5 +2SN9RK5Bfpsgblr7T2oi8ba/oWuxiHN26pMrnODWIEYRT7nlGbSm1LOnYsUWR3vE +6wfIdow= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/0B.pem b/docker/security/payer/tls/0B.pem new file mode 100644 index 00000000..164aa797 --- /dev/null +++ b/docker/security/payer/tls/0B.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 11 (0xb) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:38 2024 GMT + Not After : Nov 10 02:03:38 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:ce:c1:2a:2d:ee:97:f9:b5:16:5e:60:24:ce:23: + 8c:61:f9:c7:23:6a:12:d3:6b:61:2c:54:06:36:e4: + 70:e1:f5:68:81:9f:15:d8:69:df:fc:cf:44:6d:32: + 64:cd:26:2d:84:47:3e:74:3c:73:7e:75:ed:50:b1: + 64:ac:af:26:cf:e3:ec:71:5e:7d:bd:c9:de:19:10: + f4:2c:75:53:37:5a:83:9d:37:67:97:6d:b7:91:b4: + 48:27:cc:12:20:39:f7:c7:1f:ac:c4:4e:e9:72:e0: + 2d:13:2b:e5:35:9b:4a:a2:30:53:f0:c7:41:47:f5: + ba:e0:61:25:13:d2:c6:47:83:85:57:7b:56:9c:f8: + c4:9f:b8:f0:0c:ea:d1:92:01:9f:aa:ad:88:33:15: + a0:cf:a3:3a:0f:93:ab:75:40:9d:91:a8:64:49:dd: + b8:18:b7:a0:f6:a3:e0:74:5d:42:ed:8b:25:f2:c2: + 92:02:85:07:77:7f:24:65:c4:3b:22:4e:3e:cb:c0: + 75:fb:4e:79:bb:db:50:e7:8b:76:4b:ef:36:9f:8b: + af:15:37:5e:0a:6b:20:b8:6e:c7:fe:30:50:a8:39: + d2:d4:5a:59:f2:8e:2c:96:cb:37:af:96:e3:e6:1f: + 7a:54:79:81:96:16:70:2e:20:4f:a3:e7:d3:50:03: + 05:63:c8:8f:d1:01:e1:1c:11:af:a3:99:4e:6e:c0: + da:a0:32:50:43:4c:f4:70:bc:3b:71:48:b9:6e:42: + bb:c5:5f:60:00:35:bc:99:5a:bc:0a:82:de:a3:43: + 81:26:e5:0a:fd:39:1c:29:fa:4a:d5:77:41:a6:2a: + 20:da:8e:ed:61:4e:10:84:35:4c:c5:a1:16:06:ab: + 41:29:45:2f:73:2b:d7:27:73:15:88:18:94:f0:72: + eb:79:d4:43:1d:75:91:65:b6:a5:8c:29:4c:6b:84: + a5:77:16:b9:db:73:e6:1c:c3:35:8b:ed:e9:46:74: + 0e:f5:67:56:c3:94:07:cb:9d:ad:52:85:84:9f:df: + 6f:ab:fe:db:7b:89:db:c3:6a:49:e8:12:53:58:b1: + ea:3e:29:e2:1a:89:eb:00:c8:44:f4:e0:8d:16:dc: + fb:f5:e2:c5:aa:0f:7c:0f:81:08:92:39:d8:81:d9: + 80:49:da:56:b5:fd:12:4e:f2:52:b6:b8:31:53:3c: + a0:04:81:8c:1a:71:cd:b2:ca:f5:10:c0:57:39:b7: + e8:0f:50:31:08:57:a4:d5:e6:d8:42:2f:b6:4f:52: + c1:ac:cb:51:ab:f5:8b:70:42:fc:c7:4c:e5:b4:c4: + fa:97:f7:53:eb:53:37:79:51:2e:fe:10:80:14:65: + 3e:e2:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B7:98:30:3B:87:A0:9B:ED:F4:AE:71:51:25:E7:0F:2C:A4:5D:11:16 + X509v3 Authority Key Identifier: + EC:3A:E7:1E:CC:8B:EC:47:A3:1F:81:73:93:8D:A3:A5:FB:64:F5:A4 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 6e:1a:f5:a0:37:7a:d2:34:89:3e:99:eb:2a:9f:5d:ba:8d:0a: + 59:67:0b:04:16:3e:b3:49:6c:83:3b:7b:34:d2:ad:5c:9b:4f: + 34:79:15:36:f4:44:fb:55:1e:7f:64:65:21:31:6c:1b:69:39: + 6f:3a:a6:72:0c:dd:3c:e5:4b:76:44:ff:c7:91:33:c5:13:05: + 3c:45:88:10:95:be:a0:0d:17:db:ae:1c:6d:20:04:09:2c:53: + a8:ed:fa:61:7a:b6:fe:82:8f:a8:af:33:41:2b:0e:6b:f9:40: + d0:c8:70:40:26:23:c3:66:8b:0f:34:2f:05:b3:77:d1:b8:14: + a7:21:30:bb:1e:40:4e:6e:0b:02:72:2e:ac:1b:9d:fc:85:d6: + fb:59:e8:96:1f:c7:4c:02:90:dc:f8:5d:cd:89:d8:ec:31:e0: + 65:35:f5:f8:30:09:6d:d1:4d:fe:6a:97:90:7a:6a:04:6d:c4: + 5c:4b:d7:e5:ea:62:e6:0e:f3:3d:18:58:02:d3:ea:ca:cb:0f: + b8:dc:38:89:f4:bd:4d:16:24:ed:6f:70:49:de:d5:14:4b:9e: + ad:1c:f9:a7:dd:25:af:6f:5e:99:dd:ce:db:1f:f5:ab:0e:8c: + eb:bb:66:30:ab:5d:57:48:80:6b:50:91:24:bb:48:d4:01:d0: + 1c:72:7f:3d:9a:96:4f:47:38:d2:8a:9b:f1:b8:9b:98:99:e2: + 2a:7e:7b:86:47:86:74:f5:8b:17:30:b6:56:50:9b:fe:d2:8e: + e4:34:d2:ce:7d:bc:b1:1d:df:7d:a9:d2:74:68:b2:43:05:1b: + 10:1d:43:21:43:9b:b8:b8:e2:c9:ce:51:2f:8f:6b:d7:b5:49: + 40:ae:4a:8e:86:51:f8:55:1d:bc:3a:cd:73:eb:b5:f9:af:a4: + 5c:58:6f:bd:76:5d:a9:1a:e9:c9:85:ce:3a:d0:92:43:3a:bd: + 7f:c4:31:09:aa:0e:f0:4f:37:bf:d6:b0:c6:88:50:df:53:ff: + 25:b8:b8:02:ea:07:5f:ce:6d:11:ed:eb:46:13:30:4a:10:90: + 12:65:13:3a:46:3e:e7:99:a3:56:94:19:9f:a5:51:10:c8:c7: + ad:17:10:62:f4:7d:76:8f:9f:e9:a2:47:ac:77:de:32:cc:b9: + c7:81:7b:c4:a2:bc:bd:81:b1:18:1e:c5:6c:79:ae:60:96:01: + db:15:89:ee:10:ca:2f:04:db:78:6f:c3:ab:6c:cc:74:03:38: + cf:3b:7b:40:e6:71:f1:cf:22:8f:87:05:57:16:dd:bc:6c:90: + a6:f6:b7:45:96:f3:b7:5e:01:fc:51:17:9d:0a:aa:0a:56:f4: + c4:7d:de:bc:f1:32:df:48 +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCzANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzM4WhcNMjYxMTEwMDIwMzM4WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzsEqLe6X+bUWXmAkziOM +YfnHI2oS02thLFQGNuRw4fVogZ8V2Gnf/M9EbTJkzSYthEc+dDxzfnXtULFkrK8m +z+PscV59vcneGRD0LHVTN1qDnTdnl223kbRIJ8wSIDn3xx+sxE7pcuAtEyvlNZtK +ojBT8MdBR/W64GElE9LGR4OFV3tWnPjEn7jwDOrRkgGfqq2IMxWgz6M6D5OrdUCd +kahkSd24GLeg9qPgdF1C7Ysl8sKSAoUHd38kZcQ7Ik4+y8B1+055u9tQ54t2S+82 +n4uvFTdeCmsguG7H/jBQqDnS1FpZ8o4slss3r5bj5h96VHmBlhZwLiBPo+fTUAMF +Y8iP0QHhHBGvo5lObsDaoDJQQ0z0cLw7cUi5bkK7xV9gADW8mVq8CoLeo0OBJuUK +/TkcKfpK1XdBpiog2o7tYU4QhDVMxaEWBqtBKUUvcyvXJ3MViBiU8HLredRDHXWR +ZbaljClMa4Sldxa523PmHMM1i+3pRnQO9WdWw5QHy52tUoWEn99vq/7be4nbw2pJ +6BJTWLHqPiniGonrAMhE9OCNFtz79eLFqg98D4EIkjnYgdmASdpWtf0STvJStrgx +UzygBIGMGnHNssr1EMBXObfoD1AxCFek1ebYQi+2T1LBrMtRq/WLcEL8x0zltMT6 +l/dT61M3eVEu/hCAFGU+4vUCAwEAAaOB0jCBzzAdBgNVHQ4EFgQUt5gwO4egm+30 +rnFRJecPLKRdERYwHwYDVR0jBBgwFoAU7DrnHsyL7EejH4Fzk42jpftk9aQwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAbhr1oDd60jSJPpnrKp9duo0KWWcLBBY+s0lsgzt7NNKt +XJtPNHkVNvRE+1Uef2RlITFsG2k5bzqmcgzdPOVLdkT/x5EzxRMFPEWIEJW+oA0X +264cbSAECSxTqO36YXq2/oKPqK8zQSsOa/lA0MhwQCYjw2aLDzQvBbN30bgUpyEw +ux5ATm4LAnIurBud/IXW+1nolh/HTAKQ3PhdzYnY7DHgZTX1+DAJbdFN/mqXkHpq +BG3EXEvX5epi5g7zPRhYAtPqyssPuNw4ifS9TRYk7W9wSd7VFEuerRz5p90lr29e +md3O2x/1qw6M67tmMKtdV0iAa1CRJLtI1AHQHHJ/PZqWT0c40oqb8bibmJniKn57 +hkeGdPWLFzC2VlCb/tKO5DTSzn28sR3ffanSdGiyQwUbEB1DIUObuLjiyc5RL49r +17VJQK5KjoZR+FUdvDrNc+u1+a+kXFhvvXZdqRrpyYXOOtCSQzq9f8QxCaoO8E83 +v9awxohQ31P/Jbi4AuoHX85tEe3rRhMwShCQEmUTOkY+55mjVpQZn6VREMjHrRcQ +YvR9do+f6aJHrHfeMsy5x4F7xKK8vYGxGB7FbHmuYJYB2xWJ7hDKLwTbeG/Dq2zM +dAM4zzt7QOZx8c8ij4cFVxbdvGyQpva3RZbzt14B/FEXnQqqClb0xH3evPEy30g= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/createSecrets.sh b/docker/security/payer/tls/createSecrets.sh new file mode 100644 index 00000000..e144b5ca --- /dev/null +++ b/docker/security/payer/tls/createSecrets.sh @@ -0,0 +1,27 @@ +OUTPUT_DIR="." +setopt +o nomatch + +rm -f *.key *.pem *.csr *.crt *.old *.attr + +## Generating Server CA certificate +openssl req -x509 -config openssl-serverca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server_cacert.pem -outform PEM + +## Generate server csr +openssl req -config openssl-server.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_server.csr -outform PEM + +## Sign server cert +openssl ca -config openssl-serverca.cnf -policy signing_policy -extensions signing_req -out dfsp_server_cert.pem -infiles dfsp_server.csr + +##################### + +## Generating Client CA certificate +openssl req -x509 -config openssl-clientca.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client_cacert.pem -outform PEM + +## Generate client csr +openssl req -config openssl-client.cnf -newkey rsa:4096 -sha256 -nodes -out dfsp_client.csr -outform PEM + + +# Sign the hub client csr with clientca +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out hub_client_cert.pem -infiles hub_client.csr +# openssl ca -config openssl-clientca.cnf -policy signing_policy -extensions signing_req -out ../../payee/tls/dfsp_client_cert.pem -infiles ../../payee/tls/dfsp_client.csr + diff --git a/docker/security/payer/tls/dfsp_client.csr b/docker/security/payer/tls/dfsp_client.csr new file mode 100644 index 00000000..23fd2bda --- /dev/null +++ b/docker/security/payer/tls/dfsp_client.csr @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFnDCCA4QCAQAwgZMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDESMBAGA1UE +BwwJQmFsdGltb3JlMRQwEgYDVQQKDAtERlNQIENsaWVudDERMA8GA1UECwwIUGF5 +bWVudHMxEzARBgNVBAMMCmRmc3BjbGllbnQxJTAjBgkqhkiG9w0BCQEWFmRmc3Bj +bGllbnRAZXhhbXBsZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC +AQC061E7aK7y67nBnTmrKjJ0yJMH7a1dXoyPj+bEaX/mv98XVjwAk3PepynmNr+E +YN2YVvgW21+gZAj4qMncw+SYmgpAFw2QEyZqRZ4vltWHMM87l3R4M+q6fx8lOr4J +BAW4709YlKyN4hxkS6vK7FAUSMaHQvkhdcax3rINiHAqWHRMO+q2jauljfKk0fdB +AAs5FUDPOQLedBSEOV2EnuXJDUk2SL+sz3gS/gtwBirmb9ePuIv5fKoP0l0j00JV +ju6EHVG2QDWMrFKpcfsG4i5yiJmKUBsKYRU4yIA3l7l8uP7FF4UWE/GKhCLg2XkF +tSsh/ey4jFJZ4DcPIqS4m7mMXXOTNrFAuMEGQiJN+EKsyHusUpw2LrjgnxB1ZoQS +ZljAYG7LTxdS1TF6mN7muV0zIDSkWtnNPXBCLNSjllmlQBouXKWfsXYSyphsw3RM +BSmx8w4A9DpVKnlJGkIaidh7u/AkfHaa7kSmNH0ubhkpzTI4hbEm0WJwqIJkmS5O +Y1TUYF9xGoxR5BmPCseG2s55pPPb6MLhZ6+ypPY2nBiDs7fFxHGO52F0T6wPdpxU ++S5xhSLfT+S6Q5/Ch8PfGshAAHtYGFdlgEV85tS3ei/RF23deRzcza5M4tun+Yhy +KOI9RrXS+Go2CFXQ2+sMZOOSSVz+o/U72FM5R57jnbor3wIDAQABoIHCMIG/Bgkq +hkiG9w0BCQ4xgbEwga4wHQYDVR0OBBYEFPNRnBiPqfu1pPsnKTRRWkMPKo9TMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEF +BQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAs +BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwDQYJ +KoZIhvcNAQELBQADggIBAJRhd53vJh6WaNsqZXSggYv2LBeHaXoIoSo0tHsXTqoR +gR9I1ga8brxZnWwMnGck3QNoRiBiutozdpso9JafKyQ6fyLH6rYVrwNsfCVWX0Wk +UT81UQk9KrE/tc82bAnrRIxpnhr2Xlma4DFg0EMTu5VpoFp8KUFAPWc/6oJL/QVF +Bc37EQfvFCSMWzjp4vBKYWLwC4EyW8RACmrapZnnfxegr+55KxIWo9c5M8ZAGZBr +D2yafSvhEUh7sEFd1hnHcIWHBfk0daaYGqKygMB37TwCNEQhCpFrya93Z0Sxgg3w +3hMXgE2L3J7c/99jPVZUup3zSWBFJluQkA/aGvDbO8p2uYGjexOgm7i0DnXtgv0z +OXsLNFA0RVaziYoLLHPEeUliHmftC0zCRvoaR5zSDkIsm1X3kyhQJx6a/GnrG1mf +gQO9gw/vUXoOG3HNgH+7hvZaP5Wne9FsjLAWJ7B1AB9u4Ta77mv8zzPFUS6O8Rg3 +9ZOm0uEp6QJkhoFrrpETdpwUgcUz1a69FqVkTRhDRD1vCZq4uy59wC3gbUMZkpsq +bDu/Z4vkD8zVkcPUS6scUltwkkUzxNMq4HWzgUuc/WuoEBklSjiyn3fa8q/2LXA6 +3l5DhPLS/A290DEWX6ySBQMlt5B/NfOPAtVePaNjvGP5jhCphTVjUgAkswV5zOx2 +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payer/tls/dfsp_client_cacert.pem b/docker/security/payer/tls/dfsp_client_cacert.pem new file mode 100644 index 00000000..e69f1b76 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUTzcqRD5yOjCqM6oUCXUEouocPCswDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyNloXDTI0MDMxNTAy +MDMyNlowgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIENsaWVudCBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BjbGllbnRjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAuej9KkXWYObUEIxqF7IjFYR9snayNLvqb4ntaMmzH7AXKZKmPPtk +w1CMXx91vhLCSf013UXMxpBZLak/Can9pBgnxOe5BTwo/LH4x76yWW5JpPAVlYZN +emhBW7TXkPGS6Bqhfp/eHst6pA3I9x359wOkW3tkclwt76n1ANexRun3BLkjuMTX +fKrH+pAzIW7hb+czMlvSuUX8X4OlLKVBKoazLnFBJs7bBGDSDQL6TmWy1TB67VWF +iTIivyz6k8OC+OvWLKS6ImV+BjCWlDM77YBSFk5fKV8yqy7UW0+1pEnIMO/UiOpg +QpKRqu/kpJIodyWNDgNTFUKSfNSAYNkeRo8D9Jy//9+1AA9Ofwc7KCcTQDXcjKp6 +KCgbHcnBm+6uAqH2lIGq1caSyo4AgD36VU94jMkJCafJ8HzHSuTakPV4DcvkD+qw +5EZdIMgNinQ1QgCMAGVnL/+79R3EfZ2IF4FROA5JGfC1Sa3SQCPk0Ez6+QphG9J4 +oEFqEu6pVyKMGnauEQV16GBV6XIsOR8YUgh5yE+XK3uAoKE8jjdShaZ61lGMaf74 +sQ0SvoLWVi9hrTYZlteRfWikFhcbfGYkvGLWXK1oDmgogscUogrkdX1IptTB39Vi +9y6qEyuKxHGlMDoOHP6cIMh16wnoMorejVj0O26Md7Pl9W1k2jpj7IMCAwEAAaNg +MF4wHQYDVR0OBBYEFOw65x7Mi+xHox+Bc5ONo6X7ZPWkMB8GA1UdIwQYMBaAFOw6 +5x7Mi+xHox+Bc5ONo6X7ZPWkMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQAkAs7vlx6oOB+iqeKrRWqvtqC0IK56obMBU10C +CxLyjLdED18QaeDqXSSgU0jYcfWVNgoaXshA0IqbV8YRnWUfLsIUeaUHah+hA7OT +5oTM/1VD1ZtN7sugJDp/h5gt/mmML+iTKUGbfTOa4u6kKQYj6x4nK6fp5xaECom6 +Ut7Bi3pTBsf9zPGRGZOL9wC8ayNDUpIjmuJj6K5FJaEuzRLAnkt4LSJb+n+lPmc5 +XvGHY7nG949Qun16J8FIfj0VH7WuLTA0OHr9Eb0K6w0niXFIdgJZ1ifw2/6nk4Hl +S4uBp1yayrRq+9BCcxurOibk59f7bi5WRN7dE1ngAIJBem96wivLElx3lWz2yLEa +bUbM9nkr8PINwsNY1O1HDOl8Da4EUZdo8PrHYDXgCEHZzcWTWlkUTaGbwzvUPw87 +Cfcm0AA7lcgsdaI7t+N2IzTj6vL3SJsEsqeKD9mejvEkAARM24vKunEJIqjkoyZr +YVoi2S6UMoQYiFs7OpgY3aGNnymBwpDwcgdKoIYyFgSGHr62S4q/ocvd4CSdsXt4 +hOde7CXpNbYMX7K1/jcXvGtfCWXDlZ6Ic1QttDE/WFEeh+bJKOAV8II8FXDAoLeC +eeH38S9P9Y6Yv6LCkXzq7NFePDB1/jxR1zcZm6nrn5OhXvAKmn+VPwSOE8aQPqVI +j3HuUA== +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_client_cakey.pem b/docker/security/payer/tls/dfsp_client_cakey.pem new file mode 100644 index 00000000..6a6920f1 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC56P0qRdZg5tQQ +jGoXsiMVhH2ydrI0u+pvie1oybMfsBcpkqY8+2TDUIxfH3W+EsJJ/TXdRczGkFkt +qT8Jqf2kGCfE57kFPCj8sfjHvrJZbkmk8BWVhk16aEFbtNeQ8ZLoGqF+n94ey3qk +Dcj3Hfn3A6Rbe2RyXC3vqfUA17FG6fcEuSO4xNd8qsf6kDMhbuFv5zMyW9K5Rfxf +g6UspUEqhrMucUEmztsEYNINAvpOZbLVMHrtVYWJMiK/LPqTw4L469YspLoiZX4G +MJaUMzvtgFIWTl8pXzKrLtRbT7WkScgw79SI6mBCkpGq7+Skkih3JY0OA1MVQpJ8 +1IBg2R5GjwP0nL//37UAD05/BzsoJxNANdyMqnooKBsdycGb7q4CofaUgarVxpLK +jgCAPfpVT3iMyQkJp8nwfMdK5NqQ9XgNy+QP6rDkRl0gyA2KdDVCAIwAZWcv/7v1 +HcR9nYgXgVE4DkkZ8LVJrdJAI+TQTPr5CmEb0nigQWoS7qlXIowadq4RBXXoYFXp +ciw5HxhSCHnIT5cre4CgoTyON1KFpnrWUYxp/vixDRK+gtZWL2GtNhmW15F9aKQW +Fxt8ZiS8YtZcrWgOaCiCxxSiCuR1fUim1MHf1WL3LqoTK4rEcaUwOg4c/pwgyHXr +Cegyit6NWPQ7box3s+X1bWTaOmPsgwIDAQABAoICAAPLp++HAXt0+vtjgn79Wg4E +aHSOS9EbzQt962TqSUfqVm642cAA+euq51LB16uLwn+0NbdQx39+TvPJssnFuLHy +9Ezm1jYvJj8SexvI3udIgyRk6mvlFAvduQfgR05kQDWQ5Z8qMGS8jsJurZ2t9P6A +Coj7me9jxmRQOfpMbQgfmrVz+jC5hBS9f9uzufeCxgN82uS6TzENJrvkeijRLuVp +XpsiIMxkCMCsIV22o9mZ5e7IUJor1tAYP/FbP7pokXH3jqXWrx4oqEwEDe70pNKS +fhqKexLjKKuqBxfeJr017GpjWxl4f4Kcb3Dn+OkLOtxD3f9dPgL/GvKFfCF+DUom +k9DuUA0GWgT4Q65AffCCkuZ35wnjbM9ZgcsDcZ9F+hxRdba5u9w27HzBvdRQqxPx +fKHWP+TLiWRlJCyYasBt+8ZXewV58woZZbUWd9Hm6llEoAeX0EH3PKfJhQytmjUv +9acD2OhrGc6id5OJT/FQzWaBm1p71g0hmet5jEUAsBbSvO2Z4cjdX4Fir+yHiq4X +gvaCcxdDILJ/QnFGlKLq2XMsMyKzmbIvSs4G+XMEk3pz/9IClXIg0yXPjO4h1Esj +knFumxEuAaUf2oEv20VuwIptqP70RH039OzZIay3bE5micmntqvgtPzpY+HrkaNf +L1HMf9mgzz9+H25lo5IhAoIBAQDg+BM0h6BJ8VCgcec4BpHI8SgC44zrJNlqPfPs +tPqpK6sozHRmdVwKmHHWsAWerASPDgjDg9pHl/8MPRuY9DMQYfI6MMGJTWYoWLcF +N5pacOfhb4p4xrBJc4DxnW/wPEpwRv1jHOljIy/ooEevMoRm3Qbg/dUxxyQ61OHq +nxS+y83VWstElTo0v+0/AryKyRFpUCzMtFvraYj8MaV95L13An56vCCBrE4/gbK2 +E6yktBsu+ICsvf70oDp8yDZGCmy24+ED/NPtFks33O2Sz02pQEU8cNiIxAoDIOQM +abPH9myS6XBea/yCI+4ZMwUPq8Y0HJ8HokIOy7AcvRcERpCrAoIBAQDTjbJQsKfU +tCBDfyAA6ijUGwHZ6DOzVk6uVsADMZxfpd9maHaxe4MmmyAJ21+9pvnHk5b8Y0+g +1DRNm9Zn9YLfTq3jVDkl+kBs4eGAFD2j3Aq5dTI5MAnzAdkpUFfJ036Wz37gwoZE +cHol984xcqeYTMNIyvWooHZaLzKl9Feirmhn+UhG7SpQQB/AHQI66xDAooYx1p7s +UbYTEbHO3+kxUCjWwTDbvU/dEPwnKyFPRUowBYiBaVxYOCkmPMH2T7LOd3T0tR99 +NZaOI/18+DWZfaHX8sbFQ/OXCTitYP+dn9/O52lfdLdV1/4EEkvQ/7Q8b1bK20Lp +bmX2K65Xy4OJAoIBAQCrH6ikLYJcnIXC9cF2mXCtU9smj2Zyuz3yFZwE8wk0Q3ZX +e2YTRbQ0jw8QyiYMMzbohjleV15jVRf5fEYQy7hH/ukdIFcnFMvfZtQY0NnFb9rC +XXEMO75+sLBlmWc7avEIhMdba/OPqIVZwwmkF54lDH2eCRbxXVSOt739FPLXyvkQ +EJdL3ONAmrlhU7iNLTLkU8swDwVYhZdglncW0zbXXvtMauujF6kRn5uL6l1Jj4KZ +8QcX3xIfi/3RSw4VqvpVB/Pyb4/Y6TtgC9pe8PdXBf9kYUYkilI/XPZ7BrBtK2Id +QhpqiGOzrpb/bhKsf/ItU5QYX3E2BfQ5eBAY/YAvAoIBAQC/Uti/TOSb40OCh4fk +C+Fc4gfskKmhOR7zYJVKziVEA3lk3njpznAwC/8PqwyNMmOXcQ0NuKsdIo0i2xsu +7cSsPDXa8CK3C/oT/ry33pZYiPpR+4GuYpm84iEJ0hVy/AjyTznJ/2L6plZx3Ajo +g266uEGspZFCLcybhy/hEnfnMqBN2A7bxkWMSlHsps+LhWejL9j5XcZgpw1pdYk/ +NRVqebpVbmbHdBC0N1Yz/jejv2B2yapIj4bqafAdGrm4DyAAxdxKKzwNOtesOTRZ +PwkKhapG6NOHOAsmvzo44w6J+TqpnnOX1rCvvCWIfRuAKqFQPslZsK50+ljQJ3UH +BZExAoIBAQDV6C9Q6HUemG/UQrfLxsHY9QoerKIsKt9i3ftoVeL4VSbQwGinV9xE +Fb/jJGUlwpw/UdxjPll9rZH2WFmW5EtsDIUM8+qwCBZ6KIbKh5LMTWNCoTORW9e/ +v0p8Y6EvNqUYA06a2DCAO2keAUoCXuQ38NEN35jwPkVuo9fn1e3K4EYYIw+5ivvD +gd37d0tJhWOeX4QO93fwf7DiQTWG847hmlTUj/inLPDM0uYQt6kWcp0IMfJ8EfmD +niRlVRUbLYPImuVRgDtGWlCMsfkgQK7KIiJVlISvsszOs+hmqpGToyiiLs8sdgUa +neKBDj4ROtl+IzXy1+yYZY3SQ9ooJdqV +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/dfsp_client_cert.pem b/docker/security/payer/tls/dfsp_client_cert.pem new file mode 100644 index 00000000..cc839149 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Client CA, OU=Payments, CN=dfspclientca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:45 2024 GMT + Not After : Nov 10 02:03:45 2026 GMT + Subject: C=US, ST=MD, L=Baltimore, O=DFSP Client, OU=Payments, CN=dfspclient + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:b4:eb:51:3b:68:ae:f2:eb:b9:c1:9d:39:ab:2a: + 32:74:c8:93:07:ed:ad:5d:5e:8c:8f:8f:e6:c4:69: + 7f:e6:bf:df:17:56:3c:00:93:73:de:a7:29:e6:36: + bf:84:60:dd:98:56:f8:16:db:5f:a0:64:08:f8:a8: + c9:dc:c3:e4:98:9a:0a:40:17:0d:90:13:26:6a:45: + 9e:2f:96:d5:87:30:cf:3b:97:74:78:33:ea:ba:7f: + 1f:25:3a:be:09:04:05:b8:ef:4f:58:94:ac:8d:e2: + 1c:64:4b:ab:ca:ec:50:14:48:c6:87:42:f9:21:75: + c6:b1:de:b2:0d:88:70:2a:58:74:4c:3b:ea:b6:8d: + ab:a5:8d:f2:a4:d1:f7:41:00:0b:39:15:40:cf:39: + 02:de:74:14:84:39:5d:84:9e:e5:c9:0d:49:36:48: + bf:ac:cf:78:12:fe:0b:70:06:2a:e6:6f:d7:8f:b8: + 8b:f9:7c:aa:0f:d2:5d:23:d3:42:55:8e:ee:84:1d: + 51:b6:40:35:8c:ac:52:a9:71:fb:06:e2:2e:72:88: + 99:8a:50:1b:0a:61:15:38:c8:80:37:97:b9:7c:b8: + fe:c5:17:85:16:13:f1:8a:84:22:e0:d9:79:05:b5: + 2b:21:fd:ec:b8:8c:52:59:e0:37:0f:22:a4:b8:9b: + b9:8c:5d:73:93:36:b1:40:b8:c1:06:42:22:4d:f8: + 42:ac:c8:7b:ac:52:9c:36:2e:b8:e0:9f:10:75:66: + 84:12:66:58:c0:60:6e:cb:4f:17:52:d5:31:7a:98: + de:e6:b9:5d:33:20:34:a4:5a:d9:cd:3d:70:42:2c: + d4:a3:96:59:a5:40:1a:2e:5c:a5:9f:b1:76:12:ca: + 98:6c:c3:74:4c:05:29:b1:f3:0e:00:f4:3a:55:2a: + 79:49:1a:42:1a:89:d8:7b:bb:f0:24:7c:76:9a:ee: + 44:a6:34:7d:2e:6e:19:29:cd:32:38:85:b1:26:d1: + 62:70:a8:82:64:99:2e:4e:63:54:d4:60:5f:71:1a: + 8c:51:e4:19:8f:0a:c7:86:da:ce:79:a4:f3:db:e8: + c2:e1:67:af:b2:a4:f6:36:9c:18:83:b3:b7:c5:c4: + 71:8e:e7:61:74:4f:ac:0f:76:9c:54:f9:2e:71:85: + 22:df:4f:e4:ba:43:9f:c2:87:c3:df:1a:c8:40:00: + 7b:58:18:57:65:80:45:7c:e6:d4:b7:7a:2f:d1:17: + 6d:dd:79:1c:dc:cd:ae:4c:e2:db:a7:f9:88:72:28: + e2:3d:46:b5:d2:f8:6a:36:08:55:d0:db:eb:0c:64: + e3:92:49:5c:fe:a3:f5:3b:d8:53:39:47:9e:e3:9d: + ba:2b:df + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + F3:51:9C:18:8F:A9:FB:B5:A4:FB:27:29:34:51:5A:43:0F:2A:8F:53 + X509v3 Authority Key Identifier: + 1D:1B:61:3D:E6:01:AB:E6:BB:45:75:32:08:46:7C:6B:EA:26:90:37 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:localhost + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 13:30:0a:2c:92:11:ab:48:ae:44:4b:da:54:59:2c:90:73:a1: + 71:ed:00:d8:ad:27:86:65:0c:f7:d2:95:d6:7c:85:06:25:51: + a0:74:6e:17:af:cd:88:d6:ec:58:a5:00:f8:4d:d5:dc:57:5c: + e6:d9:0d:75:83:9a:be:5a:bf:c3:18:f6:5a:84:6d:d8:14:8e: + 1f:31:fb:c8:ba:0d:35:51:af:89:a6:62:b8:be:d2:aa:1d:75: + 63:42:3f:89:f8:59:47:30:bc:f9:fd:35:33:92:1d:09:b7:74: + 03:0e:25:d6:80:a2:68:a8:6c:d4:3b:26:b3:cf:28:c7:ca:79: + 25:a6:6a:22:4d:78:70:53:68:47:c8:84:21:bd:ed:82:d4:8b: + 38:df:70:d8:dc:aa:dc:e2:bd:8d:c8:ce:57:f8:10:ee:d6:bc: + 81:b9:b4:07:61:47:53:79:53:c2:c0:48:13:74:9b:e7:51:aa: + 97:19:49:0e:d8:57:77:9b:0b:6d:52:c9:9e:cd:54:c7:55:23: + 21:e2:4f:c6:f0:fd:1d:8e:06:cd:03:3b:79:18:53:71:3a:fa: + b6:47:93:74:cb:fc:13:88:cb:72:82:84:bc:e1:8c:52:9f:38: + 7e:6f:df:74:ac:79:81:31:96:c3:52:46:49:e0:9d:15:9c:92: + dc:67:d6:87:33:33:95:89:75:af:7f:cb:7a:79:01:39:27:95: + 51:15:ca:0a:39:08:0d:87:1c:ba:da:29:17:d6:69:2c:d1:97: + 3a:3a:02:ff:30:72:11:39:d8:ad:ce:50:46:62:11:30:94:af: + d6:09:0b:10:7a:28:e9:a7:49:f6:3a:c1:53:cf:a6:c8:15:58: + 34:c5:33:c2:3c:54:0c:98:c6:8c:2f:71:ec:a7:9a:6d:af:c3: + af:0a:00:0a:09:f9:9f:41:9d:e6:b5:ca:79:e9:ac:a2:b7:01: + b4:82:91:2c:c1:49:37:40:a5:ec:a2:72:5f:30:47:17:c5:88: + 11:5b:ab:27:6a:94:28:f5:e8:62:01:ab:23:bf:4c:c8:9a:c0: + 61:b5:17:9c:5e:58:8e:96:d4:30:02:c7:11:e1:c1:3c:e0:5f: + 56:46:21:41:30:16:67:00:26:3d:34:4e:22:74:2c:a9:0c:cb: + dc:05:ba:19:56:b7:1b:55:8d:14:ca:5a:0e:7d:9b:0f:c9:c1: + b5:ae:42:f9:06:63:7e:9b:53:f1:05:67:c3:40:7e:f2:0e:bf: + 1b:c3:71:f3:13:a8:05:a3:f2:36:d4:35:76:39:f9:2d:8e:43: + 66:d5:0a:6b:35:d8:0f:63:a3:e7:90:5e:fe:00:16:4a:76:a0: + df:33:b0:62:26:f2:3a:8f +-----BEGIN CERTIFICATE----- +MIIGWzCCBEOgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgQ2xpZW50IENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cGNsaWVudGNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzQ1WhcNMjYxMTEwMDIwMzQ1WjBsMQswCQYDVQQGEwJV +UzELMAkGA1UECAwCTUQxEjAQBgNVBAcMCUJhbHRpbW9yZTEUMBIGA1UECgwLREZT +UCBDbGllbnQxETAPBgNVBAsMCFBheW1lbnRzMRMwEQYDVQQDDApkZnNwY2xpZW50 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtOtRO2iu8uu5wZ05qyoy +dMiTB+2tXV6Mj4/mxGl/5r/fF1Y8AJNz3qcp5ja/hGDdmFb4FttfoGQI+KjJ3MPk +mJoKQBcNkBMmakWeL5bVhzDPO5d0eDPqun8fJTq+CQQFuO9PWJSsjeIcZEuryuxQ +FEjGh0L5IXXGsd6yDYhwKlh0TDvqto2rpY3ypNH3QQALORVAzzkC3nQUhDldhJ7l +yQ1JNki/rM94Ev4LcAYq5m/Xj7iL+XyqD9JdI9NCVY7uhB1RtkA1jKxSqXH7BuIu +coiZilAbCmEVOMiAN5e5fLj+xReFFhPxioQi4Nl5BbUrIf3suIxSWeA3DyKkuJu5 +jF1zkzaxQLjBBkIiTfhCrMh7rFKcNi644J8QdWaEEmZYwGBuy08XUtUxepje5rld +MyA0pFrZzT1wQizUo5ZZpUAaLlyln7F2EsqYbMN0TAUpsfMOAPQ6VSp5SRpCGonY +e7vwJHx2mu5EpjR9Lm4ZKc0yOIWxJtFicKiCZJkuTmNU1GBfcRqMUeQZjwrHhtrO +eaTz2+jC4WevsqT2NpwYg7O3xcRxjudhdE+sD3acVPkucYUi30/kukOfwofD3xrI +QAB7WBhXZYBFfObUt3ov0Rdt3Xkc3M2uTOLbp/mIcijiPUa10vhqNghV0NvrDGTj +kklc/qP1O9hTOUee4526K98CAwEAAaOB0jCBzzAdBgNVHQ4EFgQU81GcGI+p+7Wk ++ycpNFFaQw8qj1MwHwYDVR0jBBgwFoAUHRthPeYBq+a7RXUyCEZ8a+omkDcwCQYD +VR0TBAIwADALBgNVHQ8EBAMCBaAwMQYDVR0lBCowKAYIKwYBBQUHAwEGCCsGAQUF +BwMCBggrBgEFBQcDAwYIKwYBBQUHAwQwFAYDVR0RBA0wC4IJbG9jYWxob3N0MCwG +CWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTANBgkq +hkiG9w0BAQsFAAOCAgEAEzAKLJIRq0iuREvaVFkskHOhce0A2K0nhmUM99KV1nyF +BiVRoHRuF6/NiNbsWKUA+E3V3Fdc5tkNdYOavlq/wxj2WoRt2BSOHzH7yLoNNVGv +iaZiuL7Sqh11Y0I/ifhZRzC8+f01M5IdCbd0Aw4l1oCiaKhs1Dsms88ox8p5JaZq +Ik14cFNoR8iEIb3tgtSLON9w2Nyq3OK9jcjOV/gQ7ta8gbm0B2FHU3lTwsBIE3Sb +51GqlxlJDthXd5sLbVLJns1Ux1UjIeJPxvD9HY4GzQM7eRhTcTr6tkeTdMv8E4jL +coKEvOGMUp84fm/fdKx5gTGWw1JGSeCdFZyS3GfWhzMzlYl1r3/LenkBOSeVURXK +CjkIDYccutopF9ZpLNGXOjoC/zByETnYrc5QRmIRMJSv1gkLEHoo6adJ9jrBU8+m +yBVYNMUzwjxUDJjGjC9x7Keaba/DrwoACgn5n0Gd5rXKeemsorcBtIKRLMFJN0Cl +7KJyXzBHF8WIEVurJ2qUKPXoYgGrI79MyJrAYbUXnF5YjpbUMALHEeHBPOBfVkYh +QTAWZwAmPTROInQsqQzL3AW6GVa3G1WNFMpaDn2bD8nBta5C+QZjfptT8QVnw0B+ +8g6/G8Nx8xOoBaPyNtQ1djn5LY5DZtUKazXYD2Oj55Be/gAWSnag3zOwYibyOo8= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_client_key.key b/docker/security/payer/tls/dfsp_client_key.key new file mode 100644 index 00000000..a80921a1 --- /dev/null +++ b/docker/security/payer/tls/dfsp_client_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC061E7aK7y67nB +nTmrKjJ0yJMH7a1dXoyPj+bEaX/mv98XVjwAk3PepynmNr+EYN2YVvgW21+gZAj4 +qMncw+SYmgpAFw2QEyZqRZ4vltWHMM87l3R4M+q6fx8lOr4JBAW4709YlKyN4hxk +S6vK7FAUSMaHQvkhdcax3rINiHAqWHRMO+q2jauljfKk0fdBAAs5FUDPOQLedBSE +OV2EnuXJDUk2SL+sz3gS/gtwBirmb9ePuIv5fKoP0l0j00JVju6EHVG2QDWMrFKp +cfsG4i5yiJmKUBsKYRU4yIA3l7l8uP7FF4UWE/GKhCLg2XkFtSsh/ey4jFJZ4DcP +IqS4m7mMXXOTNrFAuMEGQiJN+EKsyHusUpw2LrjgnxB1ZoQSZljAYG7LTxdS1TF6 +mN7muV0zIDSkWtnNPXBCLNSjllmlQBouXKWfsXYSyphsw3RMBSmx8w4A9DpVKnlJ +GkIaidh7u/AkfHaa7kSmNH0ubhkpzTI4hbEm0WJwqIJkmS5OY1TUYF9xGoxR5BmP +CseG2s55pPPb6MLhZ6+ypPY2nBiDs7fFxHGO52F0T6wPdpxU+S5xhSLfT+S6Q5/C +h8PfGshAAHtYGFdlgEV85tS3ei/RF23deRzcza5M4tun+YhyKOI9RrXS+Go2CFXQ +2+sMZOOSSVz+o/U72FM5R57jnbor3wIDAQABAoICAAzuNKQWW0qpZmFcJ18AaRLH +sxqB9j4SH+Gy2z92etm3JO66DxfLciCbufbmOtHvSmc08A5SJ4eDHtEG30aUCaaO +e+UQwLtnYvt9dkzYbvJ2npkXvg9JRqGFrGgwxpxGWVJaaEVgeuS5IGZasjCSqzaH +7QiF1OB7VnQoAnnNIpckM0uvjJr3jSkL+CenihBvPF4cEsG8xWO40C6TGwf7g1jX +RkBG+swTF/XjilW7Wx2VKMbw3bA7JLx0wItq8fbDfHCc19Y6yJkBR/csWlCnocI1 +2SN1jjkzrxyb1+4hPfSYFD1p7O0jB8RqpUOEx42M4URQrbaS8N/TkpvWUgePubcb +fxWqzRYgkysWKp+2BmEmR5QurEK3IRRmyozh7GTMdcEuEcn7h9Wp6Jqwln5FXZf3 +ZSPuCHA20eEUTDsDFMrgcnSyfnjeg4N0BAfRmPRFvx5vC2c42+iMNotvZF9sEDQN +Pdn0RfSiSK+q9Cke10dQd11YO5NDVFCoGk6pXvMt/GIn0pXcKLdnfOtL5ehQQpTa +EEssT8i1f6uAZFsLdw3RfU1I9fkrkiV+CydAJSZg6hSatJWHe+ZJrKM8K2pOQsRW +jIwLwZjW+5rvvJicjo9Rxh+aMyMTQNoi0fd5pWHV1BX+Jzki5oqJLllpKm9wuw4W +TSsVb19nswJyFplbPpgBAoIBAQC8qhfppYkG1a4fOCY+6lmBJqttBWghZz7sAcoL +tl1Wb5sdnBCFt97XeVTbm8BvZkfTDpgfYGt5p61qrF3kHMpOvpMV7WWtLJ2TUSix +xd0wQCH8NhP4oGl2OZ1PEQJLUsuJovB/04Q72aPKkbl99fP2eKOOHG3RbEDUz50H +5SGkCUkLYsBib7nq3+bbKfE2XT3wJU8k2eX55YIiJkIHzNM5vdcfmgpBX38Wn7VO +4p8MJglM3iSybLDr7vw7bVwwx46wcsz02MBYOa+LNBJ+MZCBp7H6aKKbaNNHRCjw +ZkuI5SiPFlpCRotJNc8IY61K+yFODxvVEjM6OZjWuaG5GG8BAoIBAQD1fY7flkUM +kwqsVLzI+J3KdlE5g32ibTP2AuHDq3ROE6+nqWiDwOQLzjHqq332PeWQNBN96di7 +lI5MsEobLzGqdAdwhVLimV0xn2CebZ7HnCmIj3CTXmFQLAPKU+tnbIqD9czm/7uF +T5NgT1xJ95Z7MmC9YPAmrgtLjo6GtEROg0ikheO5uEXDNZHXqniqn7zfl9QATiVV +SLa8+N4SUp1tWDkRiOsYYadijNP2g8sE1kLLHSWD0ArJbgv+JZ/mAkytVZLGDj5f +/NTTrG5EZooFoH4dRRm14e22Ce0FXrxrol1k617MdLH54m8pPCJfErLuAmM2YHlB +fkqu7PB3i3rfAoIBAQCWZPVJAPd5pk72fhkm4EPXS48uCjhXIGmtU0PQEGDZbYB2 +mxkkr02J8SOvKLq/UwaAfcrQgFlMklkQhzUVicnP+eVgfm0mHkHC1Nie1j8bnpQ4 +7JcBBEbtwsHe7I0qpGayYlxbWa640ybZbU8z1SPUX5jpyUnVvvjzbEkeqQ4nKGu9 +EsyP68aGMFRkc0vg7XVZgTRVCQpmKgmR1XOfqizbg7UAcRgpwsmZrFio+MiWs5+I +UjFotnJWsZ0KdoQeMoZRrEIsELlL2zhPvIPdav9qC9c56b1uK6L41aHY+YLPLvYl +EkmDOZ8BDk7qviK/ee+zvSGPucFyccWfrjz4Qz0BAoIBAQCXY0GbUlDsizUWxv7Q +tLih5Ur7u8HbS5qyiF5vSyljCLLXIxqHvYkkWpjfzbfVBaCux96JVI9KRjdmxYQ9 +tWHcasc3tZBCmy8kbdOof5NeJ0hZpZNX3ekHBs2jlRLjacUV0Zv1jBk5AbSxvN79 +4kgTWyLbRo9yWvwuMRBls384J6/BfavMmP20fzGcHM1i8zUHcdrUAVz2devzJ0nT +ZM0eZDx1Osk39OjDVnNUXzvwlK0GEshSvBYa19lfdhZgQmTEs7PanWgLy5/3lSs+ +1TkidTGwnS9YwaXVD9Px7tUlTzBnDtscHI6wudmxRRsxJBfhvOkv3FiKcfZeX1F/ +dy1jAoIBAECDRKHOP7QK0/7wR8qTK36tSCBGeoURYG+m/n+q2vtTTJpkpmPQ7SKh +LlzrZ6/0WV3bDvpo4qyWSl/QLFe0tQN7DBVRSI6PsLA6Fu4DfevZixqxI4J6tqi4 +oOdUyXfksXHO5fbfgPvA0G0Li5DcD7aTqemeCF37MV03Jhttb67zZpdPSn3dgdGW +c3JUskrt2pene4E9KM3PXE/f4h0AlwCJkil0IL4LRjJWXQu8oP4ZOkv5r2uopTJ2 +OP+rE7PeV+coxq19Gb4bnZDUUcbYRGSJoZrdXKNl0pU2Te2nEOeg3m8u/QhWOqUt +NcW4EhzNGuU0SsmWXTYwjHh+BLRYX7U= +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/dfsp_server.csr b/docker/security/payer/tls/dfsp_server.csr new file mode 100644 index 00000000..75019e51 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server.csr @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIIFSjCCAzICAQAwKzEpMCcGA1UEAwwgcGF5ZXItc2RrLXNjaGVtZS1hZGFwdGVy +LWFwaS1zdmMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCeMXrJmE+i +dHj/vlztN9NJwp7bAFFebb8o13cTal+6d/FAnXoHaR2BUmTnJ7vczsCNpTgdb0F0 +MxJ4gCi+sCHyanV53C2wS1S0ghlovGX6/yCmpgnBBeDA8Ed2l+sngbqKEQ8BPW3n +dBX3ccc5c5hN8a1D3bm+kRsXmP5qXNlRiXVBUau2yAvgfvpqCawP871l8SucdQCf +4Q0kfe1oVH7NVYARZWRyc0PRBoP4mUqjoIDhYNdZFEX645N0eTcXQFxzirJEz16M +ur9VzY3LOgcnVn/u0volym70yyyg2P6XlmJMoHLALe/Tay6KlXsRzQAAvVpBEyaV +Sw6Bo7p1mgCf3yqG+U/5uEh5vyCOtBlS436XVY/9jfIlwwztKsla99QNMu56JCJJ +as4XKh6b7HdDIifP0hh7e2sjDDUCgLOWDu7gfpe17QkpS5oHomLPJi8o/7Pzj5hG +SsCOwwpneguwDM08/nP2iWSn6petN23XELJgz+hu3h4RPs6NSri/iT9yRV4GvcEn +sBleN/ZqUt2TWG3T+seZvavKFZEOEiQp5i+FEI89QlNvH/IQ2DkxvLsWDhIo1zlu +iF+N+cl/QT+AhYL9vnMKZC+Nf6wc1kZSb3Yo92mVzC3ujKdfsCmjrdybqXLDW6OS +BGEBWDfVneHBOpz91x2CZaSytHN26NJF4wIDAQABoIHZMIHWBgkqhkiG9w0BCQ4x +gcgwgcUwHQYDVR0OBBYEFLPeU3ZFI7uckTdaDOQB//Eu53nIMAkGA1UdEwQCMAAw +CwYDVR0PBAQDAgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYB +BQUHAwMGCCsGAQUFBwMEMCsGA1UdEQQkMCKCIHBheWVyLXNkay1zY2hlbWUtYWRh +cHRlci1hcGktc3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD +ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAgEAKVaMQNtl1f8o3gChXS/v7H96 +T6jJqw8hCaANdMW876yhNC8ec6a+dz6LK3oXpJtYJpIcxw7mZWdNC7e1gHr+bNSG +Qkos9LqhgD27o1jSq80DtcqeEHVujmJLEbXOg7UDsGVKxxJeL2lx1dxC9ra8Mk1D +EDexjs6f+YE6J7/3Bj5MnK7Tnk4MKCl6Ig1K4Vx2TY2K4EEGsUAXGDoAHvHOtymh +DAVOgk5a56Del+m14mXmqNgmwZMFIzcfpEe35wWbkxWGBlWXvjOUBY+77ssRGJcJ +3zDasNbiIrOqz+kp8082vk5+po1KE1u1TcYuO+G4Rc+fO4rYvocHjDG7FwG+kyU+ +js3aktJLhVltTX5rfpIn1K0gXGiiyJJ9JHVqSNMn8NpC2EI+BOKbRkhK4D2jOG3n +hYNCE5t0pPX7zZnrc3PJJTsgjjbAIO2v2BslluwFomKr6J1IQdv1DYHCqqvssu0b +z5My94i5QANjk8z1Jeh/iejFrIL+jfouwyTLU3upeGOOz9+FagF0k+4BvqkDVA66 +S5n+IB1r2IZNSrk759OfInqF3QhyG+FSM3BbYTL/yQE523YvzzWH/GH+DAdjSanW +ZntZCuTzxCdyVqns0lIah3OgTR6s2Md947t0l5KzKsQL2jMaKQPtidZ6pQygLdz6 +Nw+FHzfnoS10cs306qw= +-----END CERTIFICATE REQUEST----- diff --git a/docker/security/payer/tls/dfsp_server_cacert.pem b/docker/security/payer/tls/dfsp_server_cacert.pem new file mode 100644 index 00000000..16a5c9e4 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUErTej5L20NTAGVL24W21DuuqnqowDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyMVoXDTI0MDMxNTAy +MDMyMVowgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEA10vW5SlyxXvn6QbGK6lHxH0Ea6npfGMKzvwzBwtUdDKryycUd3I2 +p6ahkMWzGJnb7uCi3W2BY67soLR9vLg/dE6SddwizMjrBNu6/W+wSr15lrtzNhDT +rextKvc74ywhB1ciu0zfwtv2i9Nkc865YXLw4KqJM5T3jTPSGu7OWpluQBHocLK6 +Q2SVc3vyOuFmMda7kxhAa0ysf3SfX3dHm83Bie+HTGmuYQJ7GQx1nBKPDsT8eCfJ +vkd1lsKuxYhPOdC6V+QXKxMdeLi62fy/7m5mAO21jh1uOF7RPW8FVGNt/aaXp12Z +KvlFh3N6lVXL2TEXWn893+Oey0nFl6R1kKXnib1mTAUYyS0sELDLTAQER4yTpgdj +t+tFJiPigZD1ULt4H3bl60fsii2Yr7LM2oO3hXQOdPXHD8nqHbR3p+phnV9SnG7W +dT5kFvGF5QqgwkOrAyXTDK5G2hP6iu3qunMNV8tLq+h2hmx6h/BMmkyJL8O/YvF4 +vBToMmL2mdX1/P8fSFYoFjVSngtAFt/YdMxFxOyH+Ji4MGM7ppRk7SnZM1NBZpHC +QENARhlUb2xadLy9Ubngqy3YFJSJBn50a70rXcziI0bZVXvvZY8nrdpFAmzODh5a +/6vH+fDPQewRRPKJnHw7JOnI0oezBH9OY2m2BJbG7X8tNQbrdtGSSA8CAwEAAaNg +MF4wHQYDVR0OBBYEFEO7crOJ1YRbsFgd0tHkNoOPGmpIMB8GA1UdIwQYMBaAFEO7 +crOJ1YRbsFgd0tHkNoOPGmpIMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQA6NSM20+9jxzwlY7xTrGyULuksydcoiannNZ/n +PfFd3Oj+mUAS3wNHiib39vhfHhSUYAYPxqOdOML9RIdn5MwDAzh4l1Dw1QvIViS0 +4MXgQABTY5r0h+yT9C4nR8aNQh2xPWNccHfB95A3CXno6tucBsptoxymlwYP5x24 +RCkMldQHOuB2EE3o4fq3NH1SHF2rKKRgzZYnjDaE/CTT27r1RPcSe1AZiuiCVnjf +vFbbQDyIvP2dzhcQWSdnJim8giWmazqtRETzBCRZL1BTErtQd0/GabJ9NCcADs62 +DuDsBzxgznh4ukhOqyy51t++hL47IeRgXh1zmu9zHlBVM4Wh7CwZc+7C+UvS2oVX +gGvkEp7t89IUUgVEgAN2LpAxcznp2mz+Izy/1CJgZhr9mWk/fIyBqbPTtRuPK8yR +pfOeyoNCLAjft13qPGzPT4ulT8J89SBO0j158d00kr1NdPWEsx0v8AbcKXlu9tTr +BR8KxSzFUGB2Ahd4MIZpISbdubbqm8kOCw4DErU+ZbJmIN9CKEGIVYHZ182T6skt +lDWxXgc2XspBQUZbCbPXlN6L0Eps3+fmSJ3gGin9lVXrpWCmekNyIeVIeuex0WlI +VInbq2oHxiI0m9l0+O+VvI8kWGhEZJuesBzWoDyWQwx4+7g78F9q1vD9v+Hqhamv +iTsxjg== +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_server_cakey.pem b/docker/security/payer/tls/dfsp_server_cakey.pem new file mode 100644 index 00000000..889e977c --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_cakey.pem @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDXS9blKXLFe+fp +BsYrqUfEfQRrqel8YwrO/DMHC1R0MqvLJxR3cjanpqGQxbMYmdvu4KLdbYFjruyg +tH28uD90TpJ13CLMyOsE27r9b7BKvXmWu3M2ENOt7G0q9zvjLCEHVyK7TN/C2/aL +02RzzrlhcvDgqokzlPeNM9Ia7s5amW5AEehwsrpDZJVze/I64WYx1ruTGEBrTKx/ +dJ9fd0ebzcGJ74dMaa5hAnsZDHWcEo8OxPx4J8m+R3WWwq7FiE850LpX5BcrEx14 +uLrZ/L/ubmYA7bWOHW44XtE9bwVUY239ppenXZkq+UWHc3qVVcvZMRdafz3f457L +ScWXpHWQpeeJvWZMBRjJLSwQsMtMBARHjJOmB2O360UmI+KBkPVQu3gfduXrR+yK +LZivsszag7eFdA509ccPyeodtHen6mGdX1KcbtZ1PmQW8YXlCqDCQ6sDJdMMrkba +E/qK7eq6cw1Xy0ur6HaGbHqH8EyaTIkvw79i8Xi8FOgyYvaZ1fX8/x9IVigWNVKe +C0AW39h0zEXE7If4mLgwYzumlGTtKdkzU0FmkcJAQ0BGGVRvbFp0vL1RueCrLdgU +lIkGfnRrvStdzOIjRtlVe+9ljyet2kUCbM4OHlr/q8f58M9B7BFE8omcfDsk6cjS +h7MEf05jabYElsbtfy01But20ZJIDwIDAQABAoICABj/f8ys8twWRneqpzDjn2cj +ovNDT853C4a8Bsq/GIfDaGoWuAwkcU8nDGRsaB6nor9KSu7N67Og2G3SdzUF6aw+ +AUh5DntbqtouDzilEsGi3W7QhhCVhJaRuJ1ABq6abZ1WEzzPML4F30sd+PBvZNv5 +Rhm4A2U/Wz0EctVYvBIN9Zyv157aScFQeP/nONl4WW7ZAX+TVct/pBnKd0TU6zYe +fmXfL4UCUlKGQLfIWBGOoBi1a6Eh8Y1L683c/gEGkjhi0XgqDjycpBPj0yJDdB+h +putdrnJ5XVZjQAVTkjlZsCg/AyXWOtYgCmAvWuDjDN/DkPQbiRopakMtZil02YeC +3z0wHeB0zFgGp6IDY9A0uA6g9Bud1YNmyx12sIPOEX8UEm0m3vVDytve5I13i1al +iRPYZ0zjJ/MmKGQNkJ8IqLwM+SB0P697ZsywR8trV4FaRbCxfK/K9BAWcIt0JH5u +xaj8mrDmJ3gzU1ARPilCA2mK+BJPITpfm2sLpH2i4UKF/fhE6FjNcflhlwlcuSc4 +iffGjodpWGWqjRvokpHeeq+B/N4Mk6s0htj+y7m5p6BWAwI/PCmHlc4C511fK+4D +eRVPafcSgMTW2qJmS3j6qynlz6+gnbukYOsd4r5YT8yNzt8ckDmacAPec7UOBVsl +E+xyMZN2XtIaxbYy+geNAoIBAQDYGSxTNiJRun1BM6WpffGIaGYGTuddCWJV5udT +dlfHpQLka35HaMFjd6SaAKMoFeEWMGPNZBStQpFveWnyN/EZcmp0zYwKbSogt6z7 +vO98sGvmBJ+BI9VqSpL9l2VVQmAqk9eB6FCZHKZkDGlEhHMmRLN9ByW+usiuue2K +q4SKhjlrcAelsQu5OqVaZvSwhU9U2Dhr0hilb0OA7N8XNxPuyr7TrqZBQ3etFItG +NqSzfxGn7/pgEP0MaVA3XB26YoEpTYRYiuPTCaZQ2chMDFgDXDU+tv4RCLi9YsTk +MUPQXi18wegZW0ho3RQBj1PVBIHSlJBdKLcWUFTQDHK9gp3DAoIBAQD/DMCUdROO +6C9TcsTaMaEL0vEELuRQHseevKdHlXE9UYs8E5pUTnsHY80TmtzibSgx1tEhEU+y ++8/hpZBReXlxhCR6A7IQVbkFnCDJJHWKnFwo5cn+XJTR16xzgRvZwciahlOvYpmA +sRSbDx4yuswGGZKvmGMsZjHyCcdkKMrdoc9X2ivaJMuujC1jm8nmK13LOWSV5Q8a +osQtwgFHtKNIqbJ+uDXlSYS9mP+vcsEjWzGjs9CfYuOuOw5JHK84QoXj0F3AmSuN +2ws1h/02QoCcWbPMQYEc+D3x7Py0i/PhDnORln0l4wBTt/m37V/mRouJM1WBfmYM +eM7eYbMpoovFAoIBAD2eF+x2MBz7vwFbd643kipiEk1ULFZz+Y0i9OzwfqEXpRZ6 +rBwye4ogMFgVPHCOpIrOK3cCRX8NzyhpB1Ogreein0ZE4dyLOgrwNKvnOKZmK63/ +vXd2P0E6mGUkySkhbwhU9Ys+MdUmvS8j9tQprCfKSR+qbRHQcq6Xp2r18yoIkdDX +teaB8CTV2xZG6xh2OqOnr5bW5l4ttqLJZ+dXtiBNwVHcp91OHo7En93acOYZonAv +VkYUMgNa+BuA8Z0Wv1uGleklWUbwpnLBVoKQtnvmy+vhA9rZkMu3oQqsHXkJkZDU +PZkVVTVJbI3xT2cbDOV9pRhbJrF/IF/eXM06tD8CggEBALzxD4FrMe/+JYEmVppl +ha6iuBWnP0/zXWJE049+MAOC8yiwRPYLpayVzIingtbikpJJV2et0WMAlMHOyxjw +an0jrXoOXs0nFAgJ32fi8IicyNErWfZrU3wY0BJJJP6uRhPjSv90hc8GYAN2saJX +K2mhbD9VHrL3iiyJ/gI/DfoeMuIcJ7xU4ecOxVkzQeCXY8Z3YAKDTCspRTe4rwYV +1ZiwziB+Cr8vNXzXaSLqWhX9KsrhHL3WnmCmMzEKZOvCrDlWVP2m+tL94FHpyjV2 +EpzA/ydjp2h0pj8glxyRSTwCXq8N0uxMPCPI+N++o/qNbDVZqBBkOOkoXef0bKt9 +VRkCggEBAJDqsxf6+DU/UGiGYb5H/k0Nez2QBtVzqvHBK3Jdei01Bvw/SqPx+xps +MWw1F3bcBgodtbuc42UC6Ndc4uyDZj65bxF4NYpIQbt7TQkX1kbSVCyBvsBab5st +mrEj5WDU7rbCU49lwrMiUw73DD9SCIpgs6NUz76xborwQxkjWVem5/b/xJF4NiCG +o7m+WFOSgZty7rton2tHS6MWdgPQ9xXU/dpBwJnyZmhXZlFgI9dYaAyYscdZk24x +vZBaztr7ANplZV1RmM3HXJ+sgFUxZzjh3niTVKMd7XwdYXjgTehwjYDPQI4HuHdI +UeOUUtcemzEK3btz/gJo3YcsfKRe+lI= +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/dfsp_server_cert.pem b/docker/security/payer/tls/dfsp_server_cert.pem new file mode 100644 index 00000000..326fcef0 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_cert.pem @@ -0,0 +1,132 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 10 (0xa) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Maryland, L=Baltimore, O=DFSP Server CA, OU=Payments, CN=dfspserverca/emailAddress=dfspserverca@example.com + Validity + Not Before: Feb 14 02:03:23 2024 GMT + Not After : Nov 10 02:03:23 2026 GMT + Subject: CN=payer-sdk-scheme-adapter-api-svc + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (4096 bit) + Modulus: + 00:9e:31:7a:c9:98:4f:a2:74:78:ff:be:5c:ed:37: + d3:49:c2:9e:db:00:51:5e:6d:bf:28:d7:77:13:6a: + 5f:ba:77:f1:40:9d:7a:07:69:1d:81:52:64:e7:27: + bb:dc:ce:c0:8d:a5:38:1d:6f:41:74:33:12:78:80: + 28:be:b0:21:f2:6a:75:79:dc:2d:b0:4b:54:b4:82: + 19:68:bc:65:fa:ff:20:a6:a6:09:c1:05:e0:c0:f0: + 47:76:97:eb:27:81:ba:8a:11:0f:01:3d:6d:e7:74: + 15:f7:71:c7:39:73:98:4d:f1:ad:43:dd:b9:be:91: + 1b:17:98:fe:6a:5c:d9:51:89:75:41:51:ab:b6:c8: + 0b:e0:7e:fa:6a:09:ac:0f:f3:bd:65:f1:2b:9c:75: + 00:9f:e1:0d:24:7d:ed:68:54:7e:cd:55:80:11:65: + 64:72:73:43:d1:06:83:f8:99:4a:a3:a0:80:e1:60: + d7:59:14:45:fa:e3:93:74:79:37:17:40:5c:73:8a: + b2:44:cf:5e:8c:ba:bf:55:cd:8d:cb:3a:07:27:56: + 7f:ee:d2:fa:25:ca:6e:f4:cb:2c:a0:d8:fe:97:96: + 62:4c:a0:72:c0:2d:ef:d3:6b:2e:8a:95:7b:11:cd: + 00:00:bd:5a:41:13:26:95:4b:0e:81:a3:ba:75:9a: + 00:9f:df:2a:86:f9:4f:f9:b8:48:79:bf:20:8e:b4: + 19:52:e3:7e:97:55:8f:fd:8d:f2:25:c3:0c:ed:2a: + c9:5a:f7:d4:0d:32:ee:7a:24:22:49:6a:ce:17:2a: + 1e:9b:ec:77:43:22:27:cf:d2:18:7b:7b:6b:23:0c: + 35:02:80:b3:96:0e:ee:e0:7e:97:b5:ed:09:29:4b: + 9a:07:a2:62:cf:26:2f:28:ff:b3:f3:8f:98:46:4a: + c0:8e:c3:0a:67:7a:0b:b0:0c:cd:3c:fe:73:f6:89: + 64:a7:ea:97:ad:37:6d:d7:10:b2:60:cf:e8:6e:de: + 1e:11:3e:ce:8d:4a:b8:bf:89:3f:72:45:5e:06:bd: + c1:27:b0:19:5e:37:f6:6a:52:dd:93:58:6d:d3:fa: + c7:99:bd:ab:ca:15:91:0e:12:24:29:e6:2f:85:10: + 8f:3d:42:53:6f:1f:f2:10:d8:39:31:bc:bb:16:0e: + 12:28:d7:39:6e:88:5f:8d:f9:c9:7f:41:3f:80:85: + 82:fd:be:73:0a:64:2f:8d:7f:ac:1c:d6:46:52:6f: + 76:28:f7:69:95:cc:2d:ee:8c:a7:5f:b0:29:a3:ad: + dc:9b:a9:72:c3:5b:a3:92:04:61:01:58:37:d5:9d: + e1:c1:3a:9c:fd:d7:1d:82:65:a4:b2:b4:73:76:e8: + d2:45:e3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:DE:53:76:45:23:BB:9C:91:37:5A:0C:E4:01:FF:F1:2E:E7:79:C8 + X509v3 Authority Key Identifier: + 43:BB:72:B3:89:D5:84:5B:B0:58:1D:D2:D1:E4:36:83:8F:1A:6A:48 + X509v3 Basic Constraints: + CA:FALSE + X509v3 Key Usage: + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication, Code Signing, E-mail Protection + X509v3 Subject Alternative Name: + DNS:payer-sdk-scheme-adapter-api-svc + Netscape Comment: + OpenSSL Generated Certificate + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 29:ef:16:bd:06:17:fc:04:04:f4:6c:94:28:db:db:de:a7:e6: + 7c:19:13:84:ab:6f:60:eb:e9:6d:a3:38:05:7f:5c:f2:5c:f2: + d6:4e:8a:c8:c4:e5:11:cd:5c:38:99:4b:48:08:41:0d:69:5f: + 63:9b:63:de:ce:a6:8a:b8:fa:fa:d0:6f:f8:c0:16:23:1f:ce: + 3c:b2:82:90:64:d9:45:40:87:fb:19:86:48:29:9b:b0:a2:f6: + 73:ba:f8:fc:03:4d:90:51:20:87:88:d6:b6:a1:aa:4d:2c:cf: + e5:f3:98:61:02:94:75:0c:f5:63:5f:33:a0:06:0e:f7:75:62: + 7f:88:4c:3a:25:64:58:44:cd:88:ae:c7:70:e2:0a:d3:63:13: + 39:7a:e8:0e:59:bd:f4:6b:b2:c6:2c:55:09:cc:9f:ea:fb:35: + 57:00:81:7b:c7:fd:7c:a6:c1:d4:de:16:42:66:97:53:aa:bd: + 4d:23:b1:f3:47:00:6c:4d:bb:34:9b:6b:9f:cd:f7:db:84:c7: + 82:15:88:7c:9d:cf:54:aa:6c:4e:4f:9e:00:0d:75:b4:30:b7: + 23:82:cb:05:7f:60:f6:83:ba:64:ea:3c:82:6c:9c:55:2a:ea: + 07:3f:20:de:02:53:9e:51:52:7a:70:8a:aa:86:24:6d:90:5f: + b0:60:eb:c8:c1:76:4c:05:0a:87:98:d4:25:e4:1a:3f:9e:38: + a8:a0:2c:ce:69:c3:a7:d3:7d:2c:0b:c0:83:34:13:84:f4:2e: + 05:6b:9e:c4:46:d5:64:3f:72:6c:cf:85:43:f5:8e:6a:d2:7c: + af:ae:a6:38:6d:74:e3:46:84:b4:23:ac:3d:42:e7:06:9e:39: + 0b:85:13:c1:29:dc:e3:96:fc:6f:88:6e:54:26:62:ef:50:4d: + a5:36:c6:a2:2e:c0:7e:52:ca:11:49:d8:9a:ff:8d:f3:1f:bd: + 85:8b:de:b0:ee:61:8e:c1:2c:31:ed:fe:0b:9e:4b:93:fc:4b: + 81:38:bc:67:36:b0:7e:94:28:24:9b:25:d5:6e:17:0a:71:5a: + 0d:19:10:2c:75:38:a2:21:b6:a6:58:1e:b9:de:be:e7:4f:c0: + 84:dd:6b:a8:4e:5a:4c:26:d8:84:d4:55:ad:aa:8a:20:92:dc: + eb:cd:0f:48:4b:16:bf:07:8a:fa:d6:73:47:23:bc:ea:30:df: + ec:f6:d7:83:50:d5:09:71:f9:d9:23:7d:44:ae:41:7e:9b:20: + 6e:5a:fb:4f:6a:22:f1:b6:bf:a1:6b:b1:88:73:76:ea:93:2b: + 9c:e0:d6:20:46:11:4f:b9:e5:19:b4:a6:d4:b3:a7:62:c5:16: + 47:7b:c4:eb:07:c8:76:8c +-----BEGIN CERTIFICATE----- +MIIGMTCCBBmgAwIBAgIBCjANBgkqhkiG9w0BAQsFADCBoDELMAkGA1UEBhMCVVMx +ETAPBgNVBAgMCE1hcnlsYW5kMRIwEAYDVQQHDAlCYWx0aW1vcmUxFzAVBgNVBAoM +DkRGU1AgU2VydmVyIENBMREwDwYDVQQLDAhQYXltZW50czEVMBMGA1UEAwwMZGZz +cHNlcnZlcmNhMScwJQYJKoZIhvcNAQkBFhhkZnNwc2VydmVyY2FAZXhhbXBsZS5j +b20wHhcNMjQwMjE0MDIwMzIzWhcNMjYxMTEwMDIwMzIzWjArMSkwJwYDVQQDDCBw +YXllci1zZGstc2NoZW1lLWFkYXB0ZXItYXBpLXN2YzCCAiIwDQYJKoZIhvcNAQEB +BQADggIPADCCAgoCggIBAJ4xesmYT6J0eP++XO0300nCntsAUV5tvyjXdxNqX7p3 +8UCdegdpHYFSZOcnu9zOwI2lOB1vQXQzEniAKL6wIfJqdXncLbBLVLSCGWi8Zfr/ +IKamCcEF4MDwR3aX6yeBuooRDwE9bed0FfdxxzlzmE3xrUPdub6RGxeY/mpc2VGJ +dUFRq7bIC+B++moJrA/zvWXxK5x1AJ/hDSR97WhUfs1VgBFlZHJzQ9EGg/iZSqOg +gOFg11kURfrjk3R5NxdAXHOKskTPXoy6v1XNjcs6BydWf+7S+iXKbvTLLKDY/peW +YkygcsAt79NrLoqVexHNAAC9WkETJpVLDoGjunWaAJ/fKob5T/m4SHm/II60GVLj +fpdVj/2N8iXDDO0qyVr31A0y7nokIklqzhcqHpvsd0MiJ8/SGHt7ayMMNQKAs5YO +7uB+l7XtCSlLmgeiYs8mLyj/s/OPmEZKwI7DCmd6C7AMzTz+c/aJZKfql603bdcQ +smDP6G7eHhE+zo1KuL+JP3JFXga9wSewGV439mpS3ZNYbdP6x5m9q8oVkQ4SJCnm +L4UQjz1CU28f8hDYOTG8uxYOEijXOW6IX435yX9BP4CFgv2+cwpkL41/rBzWRlJv +dij3aZXMLe6Mp1+wKaOt3JupcsNbo5IEYQFYN9Wd4cE6nP3XHYJlpLK0c3bo0kXj +AgMBAAGjgekwgeYwHQYDVR0OBBYEFLPeU3ZFI7uckTdaDOQB//Eu53nIMB8GA1Ud +IwQYMBaAFEO7crOJ1YRbsFgd0tHkNoOPGmpIMAkGA1UdEwQCMAAwCwYDVR0PBAQD +AgWgMDEGA1UdJQQqMCgGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsG +AQUFBwMEMCsGA1UdEQQkMCKCIHBheWVyLXNkay1zY2hlbWUtYWRhcHRlci1hcGkt +c3ZjMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 +ZTANBgkqhkiG9w0BAQsFAAOCAgEAKe8WvQYX/AQE9GyUKNvb3qfmfBkThKtvYOvp +baM4BX9c8lzy1k6KyMTlEc1cOJlLSAhBDWlfY5tj3s6mirj6+tBv+MAWIx/OPLKC +kGTZRUCH+xmGSCmbsKL2c7r4/ANNkFEgh4jWtqGqTSzP5fOYYQKUdQz1Y18zoAYO +93Vif4hMOiVkWETNiK7HcOIK02MTOXroDlm99GuyxixVCcyf6vs1VwCBe8f9fKbB +1N4WQmaXU6q9TSOx80cAbE27NJtrn83324THghWIfJ3PVKpsTk+eAA11tDC3I4LL +BX9g9oO6ZOo8gmycVSrqBz8g3gJTnlFSenCKqoYkbZBfsGDryMF2TAUKh5jUJeQa +P544qKAszmnDp9N9LAvAgzQThPQuBWuexEbVZD9ybM+FQ/WOatJ8r66mOG1040aE +tCOsPULnBp45C4UTwSnc45b8b4huVCZi71BNpTbGoi7AflLKEUnYmv+N8x+9hYve +sO5hjsEsMe3+C55Lk/xLgTi8ZzawfpQoJJsl1W4XCnFaDRkQLHU4oiG2plgeud6+ +50/AhN1rqE5aTCbYhNRVraqKIJLc680PSEsWvweK+tZzRyO86jDf7PbXg1DVCXH5 +2SN9RK5Bfpsgblr7T2oi8ba/oWuxiHN26pMrnODWIEYRT7nlGbSm1LOnYsUWR3vE +6wfIdow= +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/dfsp_server_key.key b/docker/security/payer/tls/dfsp_server_key.key new file mode 100644 index 00000000..cefa9b34 --- /dev/null +++ b/docker/security/payer/tls/dfsp_server_key.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQCeMXrJmE+idHj/ +vlztN9NJwp7bAFFebb8o13cTal+6d/FAnXoHaR2BUmTnJ7vczsCNpTgdb0F0MxJ4 +gCi+sCHyanV53C2wS1S0ghlovGX6/yCmpgnBBeDA8Ed2l+sngbqKEQ8BPW3ndBX3 +ccc5c5hN8a1D3bm+kRsXmP5qXNlRiXVBUau2yAvgfvpqCawP871l8SucdQCf4Q0k +fe1oVH7NVYARZWRyc0PRBoP4mUqjoIDhYNdZFEX645N0eTcXQFxzirJEz16Mur9V +zY3LOgcnVn/u0volym70yyyg2P6XlmJMoHLALe/Tay6KlXsRzQAAvVpBEyaVSw6B +o7p1mgCf3yqG+U/5uEh5vyCOtBlS436XVY/9jfIlwwztKsla99QNMu56JCJJas4X +Kh6b7HdDIifP0hh7e2sjDDUCgLOWDu7gfpe17QkpS5oHomLPJi8o/7Pzj5hGSsCO +wwpneguwDM08/nP2iWSn6petN23XELJgz+hu3h4RPs6NSri/iT9yRV4GvcEnsBle +N/ZqUt2TWG3T+seZvavKFZEOEiQp5i+FEI89QlNvH/IQ2DkxvLsWDhIo1zluiF+N ++cl/QT+AhYL9vnMKZC+Nf6wc1kZSb3Yo92mVzC3ujKdfsCmjrdybqXLDW6OSBGEB +WDfVneHBOpz91x2CZaSytHN26NJF4wIDAQABAoICAA9G5f27+MzOhLTl9GFwR7ZS +1jZ+FF2TKafPDw/P8Qi39pNv4c3/Z7sKcvYjzy+mw8+qCf5FtUN8fycl8UlhBxY7 +E7c9/SeOTtLT0ZJcx1hy9PtDA6QhZjAbxDr+ttXs4E/fD9zlysxUWJ653Sx+LlIw +qbPpILv3lW809jTdXJtUM/+n3HZdYVA/0v0UjApKVpsWrEiCwBmwiS1h/+BYcJpx +zFlhuk6XNRBlma8TVrLwmCGr0YAnxg5Rlfbkkd5r98GsvkSI5i+fBUVLAYuDwhcZ +cmdk9oVZxFddm6S47/VBr6KIyCwpA4UeT7NQdj8k1gA8SRAJwmsegXshjas3wSGI +c1sCnT2To14mXFHVhocayNRhP4hf8FoF6SFWoSttQ9FzE4K4I/TBNh/g69kA7KOd +w8MBfV3ItjX7iOGKnx8wodhe2GeBM0H2WEieROY2+idWLtX91CesSfSMaNx9aXAx +UDs4sOHkZi4URLSAWQElz586pCcKsXcpbm3Y6fwoq0qeUER0eETFQnWZ8vMNcW5J +H6JdaO6+KzNe1OE/jVWJOn7j0RhibhNKB2r1IkZq/H1CLIndf8EVN5JpLP+vL+wZ +rg8Rjbwp066tFZ/YxQnK9aIEY+GFMfUfQIqnqh+s8Zq6mldABV6GdqUH199MwNH/ +TWGK6d5wgDB6jHkMy+bZAoIBAQDMHi1wUj4XlFrkodBbHbqikcraxg1b6EBUI4J6 +sKn8HlFD/ngHxllu6hd6o2+u+17cKmSNGcxLgt0f5tq7wMM97d8vYJEwEX+31oLy +6BhsATWNaHf/bY19zKqtZ1T046cyLU4O926qQ5G3nYic5o7i7DJQjbAMCJ8T3fat +Ilp0gwku8nchMi2OPM15u6YYAo6gohuEj3QgBlIE59BueMi+GL7RHSyC2Mwd8pYW +XQcMoNYFX2tNQycZMoxOEdEOCWx6gyNUNU7ewqm1Rw9GRUbSjeJKO8G9FAvf/TK4 +GqQmfpSp5ywWWd667vEhhTc5G1sBNjiVFCPrdI+JeaZL1wwHAoIBAQDGZwRkS0Px +4u2jbOXU8Ym4SrbLxU1KE4ZJh+zckcrkr0YcSDw1kmK671IePadBBHcWAJ+uTuxs +YNz4CntGj1PG4+wgdz2W9IqRsN94crnObe2btRZVY5KPABKV9tiBcCFV5TNMB2h4 +1Nyps+7tEFe39NFApL0rIaB8VtTaL7unv7c1xcVg6GZFU2jNvVW/oRD97+cEOQfX +aNCGcAsFP6k2pjNoBCh4WgGIQleBDT/KpAIzlQJM3AEYWKpu3bU7CKSKuuX1ZIjG +mDCnEiLIO4Lvz1xQzFm9LFE2XaaCUkApwfLtYYe5RREs12hpoGk3/k8+kEb3EYaB +r6Hx3TvfUbhFAoIBAHrnLMr16kc+X+BMgm1qoCclC/TgzchqNtmyq+z+FMwm4R3E +yjc8OjtrnomMgUHmP37n07WWNAm/mS+NTGVCswzF/t3DEojT8IgcFKr4D0RxEfK8 +VYyqRUjbBGX20xPFQ7YVy2t9ltfUaZgatdhrhtuiBsW0Gq2UP1yyCMbE6ZxADjaD +bjHByeZcPAixcVgBqimUkmcmDXD+/UHQ5xKtjYnQ0oyNOXDr4zOhDrgWeZkj+tov +UyepaJBmfE7BsZP3HqdB8PLSSlQc+Byb1dmk+vjqz7eM9aHIwUG0bmamO/KlwxPu +iwBGSrNaDjz1voOXMhuvrzAseVhbzdWkNvpxWN8CggEASMMRLkMYKQbDhlLyuzTW +ADuObI7weIFOl3r9GCtz0IijWs33HuKPyOTqJeMQity7W9tgtImHVXv0rhcR/N+l +puSB/aodcVY/14yZeFAC6r0QDjHMfgZlgoJRTqRX5Kid4SWMuY5h9yaBws8VieWb +dgCYGXARXFcZx2AE8fvdg3jhFRxx9cdlcnlTj1insP69/5NTEw5jXNG44AUJVaRy +R3OOmNAlk3XW6AUEmHSmd4fMsuQsEsoAsNAbuUsgIwVZavN+UI/NRaAc/7i7/tks +fQx8W7mGE8XEBv8ziMnndCkIEZzaLM0yrlJVnZ9R11Ix98zr6cKIpNknuE8dnRoY +TQKCAQBdkTZcqJ6nZ4HhuQ/Ax2gD2x589ILHSQWFVP77GFDNKpt6W2TfNh1FoZuP +9LNIdtVfdU0ecu1ub8gnc+O++zBsH5zyQxS12hydp5l2/8sgVcYCShT7Z9UIDLSM +0llc2ox3mdkwiEZ68cRriLlUniSlqc+WDOtx8w/hAtsfbpYyhDcYdiX0LOD9yVmN +Yv6jSROESLgKEmGnQtujOmK+rp3/uUOMetmIBVD+pWDkd0tB3YlUITdFXtDtwwGm +u/SgvC81AOmg/fgYVqsuRW7qeQTTtXlubnCg3DFGytU7RJl1SqNI4YtYxvKN47vX +yvkIHnzN33Bqy8kXJW8jwSSWFEy3 +-----END PRIVATE KEY----- diff --git a/docker/security/payer/tls/index.txt b/docker/security/payer/tls/index.txt new file mode 100644 index 00000000..f621820c --- /dev/null +++ b/docker/security/payer/tls/index.txt @@ -0,0 +1,11 @@ +V 261104175619Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180055Z 02 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261104185106Z 03 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110013913Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014810Z 05 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110014953Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015226Z 07 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110015853Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020015Z 09 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020323Z 0A unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110020338Z 0B unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient diff --git a/docker/security/payer/tls/index.txt.attr b/docker/security/payer/tls/index.txt.attr new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payer/tls/index.txt.attr @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payer/tls/index.txt.attr.old b/docker/security/payer/tls/index.txt.attr.old new file mode 100644 index 00000000..3a7e39e6 --- /dev/null +++ b/docker/security/payer/tls/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = no diff --git a/docker/security/payer/tls/index.txt.old b/docker/security/payer/tls/index.txt.old new file mode 100644 index 00000000..bdd8992c --- /dev/null +++ b/docker/security/payer/tls/index.txt.old @@ -0,0 +1,10 @@ +V 261104175619Z 01 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261104180055Z 02 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261104185106Z 03 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110013913Z 04 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110014810Z 05 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110014953Z 06 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110015226Z 07 unknown /CN=payer-sdk-scheme-adapter-api-svc +V 261110015853Z 08 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020015Z 09 unknown /C=US/ST=MD/L=Baltimore/O=DFSP Client/OU=Payments/CN=dfspclient +V 261110020323Z 0A unknown /CN=payer-sdk-scheme-adapter-api-svc diff --git a/docker/security/payer/tls/openssl-client.cnf b/docker/security/payer/tls/openssl-client.cnf new file mode 100644 index 00000000..91de4acb --- /dev/null +++ b/docker/security/payer/tls/openssl-client.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_key.key +distinguished_name = client_distinguished_name +req_extensions = client_req_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ client_distinguished_name ] +countryName = US +stateOrProvinceName = MD +localityName = Baltimore +organizationName = DFSP Client +organizationalUnitName = Payments +commonName = dfspclient +emailAddress = dfspclient@example.com + +#################################################################### +[ client_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = localhost \ No newline at end of file diff --git a/docker/security/payer/tls/openssl-clientca.cnf b/docker/security/payer/tls/openssl-clientca.cnf new file mode 100644 index 00000000..1489f934 --- /dev/null +++ b/docker/security/payer/tls/openssl-clientca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_client_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_client_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_client_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Client CA +organizationalUnitName = Payments +commonName = dfspclientca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payer/tls/openssl-server.cnf b/docker/security/payer/tls/openssl-server.cnf new file mode 100644 index 00000000..7d9a2afa --- /dev/null +++ b/docker/security/payer/tls/openssl-server.cnf @@ -0,0 +1,36 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ req ] +default_bits = 2048 +default_keyfile = dfsp_server_key.key +distinguished_name = server_distinguished_name +req_extensions = server_req_extensions +string_mask = utf8only + +#################################################################### +[ server_distinguished_name ] +countryName_default = US +stateOrProvinceName_default = MD +localityName_default = Baltimore +organizationName_default = Test Server, Limited +organizationalUnitName_default = Payments +commonName = payer-sdk-scheme-adapter-api-svc +commonName_default = payer-sdk-scheme-adapter-api-svc +emailAddress_default = dfspserver@example.com + +#################################################################### +[ server_req_extensions ] + +subjectKeyIdentifier = hash +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection +subjectAltName = @alternate_names +nsComment = "OpenSSL Generated Certificate" + +#################################################################### +[ alternate_names ] + +DNS.1 = payer-sdk-scheme-adapter-api-svc diff --git a/docker/security/payer/tls/openssl-serverca.cnf b/docker/security/payer/tls/openssl-serverca.cnf new file mode 100644 index 00000000..b7e64d1f --- /dev/null +++ b/docker/security/payer/tls/openssl-serverca.cnf @@ -0,0 +1,71 @@ +HOME = . +RANDFILE = $ENV::HOME/.rnd + +#################################################################### +[ ca ] +default_ca = CA_default # The default ca section + +[ CA_default ] + +base_dir = . +certificate = $base_dir/dfsp_server_cacert.pem # The CA certifcate +private_key = $base_dir/dfsp_server_cakey.pem # The CA private key +new_certs_dir = $base_dir # Location for new certs after signing +database = $base_dir/index.txt # Database index file +serial = $base_dir/serial.txt # The current serial number + +unique_subject = no + +default_days = 1000 # How long to certify for +default_crl_days = 30 # How long before next CRL +default_md = sha256 # Use public key default MD +preserve = no # Keep passed DN ordering + +x509_extensions = ca_extensions # The extensions to add to the cert + +email_in_dn = no # Don't concat the email in the DN +copy_extensions = copy # Required to copy SANs from CSR to cert + +#################################################################### +[ req ] +default_bits = 4096 +default_keyfile = dfsp_server_cakey.pem +distinguished_name = ca_distinguished_name +x509_extensions = ca_extensions +string_mask = utf8only +prompt = no + +#################################################################### +[ ca_distinguished_name ] +countryName = US +stateOrProvinceName = Maryland +localityName = Baltimore +organizationName = DFSP Server CA +organizationalUnitName = Payments +commonName = dfspserverca +emailAddress = dfspserverca@example.com + +#################################################################### +[ ca_extensions ] + +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid:always, issuer +basicConstraints = critical, CA:true +keyUsage = keyCertSign, cRLSign + +#################################################################### +[ signing_policy ] +countryName = optional +stateOrProvinceName = optional +localityName = optional +organizationName = optional +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + +#################################################################### +[ signing_req ] +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer +basicConstraints = CA:FALSE +keyUsage = digitalSignature, keyEncipherment \ No newline at end of file diff --git a/docker/security/payer/tls/payee_server_cacert.pem b/docker/security/payer/tls/payee_server_cacert.pem new file mode 100644 index 00000000..bc208037 --- /dev/null +++ b/docker/security/payer/tls/payee_server_cacert.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGMDCCBBigAwIBAgIUYOahCSI+t+iJCevDl20zaRkNbaYwDQYJKoZIhvcNAQEL +BQAwgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UEBwwJ +QmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwIUGF5 +bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYYZGZz +cHNlcnZlcmNhQGV4YW1wbGUuY29tMB4XDTI0MDIxNDAyMDMyN1oXDTI0MDMxNTAy +MDMyN1owgaAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhNYXJ5bGFuZDESMBAGA1UE +BwwJQmFsdGltb3JlMRcwFQYDVQQKDA5ERlNQIFNlcnZlciBDQTERMA8GA1UECwwI +UGF5bWVudHMxFTATBgNVBAMMDGRmc3BzZXJ2ZXJjYTEnMCUGCSqGSIb3DQEJARYY +ZGZzcHNlcnZlcmNhQGV4YW1wbGUuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A +MIICCgKCAgEAiHaHFpgfb0FHsQ+i/gpR/YFZUUlfTW7UQlIf7BvYnp9p2wEiL2r7 +GtYnF6S+hSV5A1/qnHNzo8SGCy8RP3I+0d7ape0fYFJYyj2oFpn5F1QiskxVKPn0 +b4cxRO0Px/j9eZCybt0Ca/0FYAcXFJ2LBq6WrymZIbaC4owkIGT3EnSSUEcZ0K0f +cPEleD69gNpxGePISm2Ljcu5zUjuOfceNxPcGctKbP4sV0ldyskZzZl/omDK+gNM +BDl2vdYLbG2r/GDjVCeVGobEHdq9v0j6H06fZ7E4qmdXYTGKev+l8NWDOfuHUdvh +K60D6VDn8OZj2MMA7Xv01RErKZB/h9Jws7Ayj31OGr/WAbHpTn4V2HjqQdrbq0pq +lsvufDlPnUFKv0aGk70DlSQja99XPAuy0/5OjbsBrHvcCupw/HagBTR/hCGdcD4L +TPynPKbk6Ep3NEcf/nyYoKwy+wDh2bUgqSB3E/6UNrbYTTl42Ti/QItSYDBnd871 +mdZwIyhqWz8fFXVxs1M0K0HGTXMnRvEOT4djrL7okF31L/5LyHsZbwY+/Uw20nLN +LhTKOiSaNwpZws8f4dHgV+rnJD7lekzSxeSkkcayrROQVZEt1MDGshQzYR6bPQ3O +9dri3NaoTuGVSislRDAnnhAy010EewgizBWzjHsf+Z5bsMLikwVE1K0CAwEAAaNg +MF4wHQYDVR0OBBYEFEVYcAvlsnioq/2DujBIiaZMwsGYMB8GA1UdIwQYMBaAFEVY +cAvlsnioq/2DujBIiaZMwsGYMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG +MA0GCSqGSIb3DQEBCwUAA4ICAQB1RK/7HKZ3yFxGMZ6gr1Cz4Aqj8jqXZU0Cu7lR +vUCH9EV/7dLsUp6wWjnZK2YlDN6sejAyMeOcGgiOmFZw7aKxLu0erypzrbMGuzGl +l8UFiYveJV0GSpBzCZ7gBbl8LLJD2YoTt3BuGTod7cJp95peY+m5ybWMnFUyuCSW +QtvxKS/Crv6FTpSTI3FXFIhJJgLQqqB2xb3fTp/Tuc0keYBZt1lgpMC/Yo5rhJPD +yqzV/LuQiuAGpuuy7SRKKBWAIlAYBwdHAfhrnfmQq84tE/LCgtgr4zcxhstoMZ0t +w6oeXYbEhDScpLMh/L5O5qPEJxwWXRVrHEiB2BrbZBzOREDt7HZdsmcRxdUm1A5G +Zd2wNKn2i+16hjCLo32O+whubkW5Oc3MFpW4wh8x5z11SLue+y8hKae53w1Dbj87 +VEGqYr3ZuUbSW7ODnuvhJ6y4oNcYDCiwC7A0cQ+lA0vLjYQGf7iLRaKOS40/JcyF +IPlBi2keQXlB16xgMFm1KGVOq00odlYP1HMI4QjMncC028NOJAP6dbcxDk9TZSkS +KPpMFAa8a3Hfd6x5nYTAwtCrc63MsC7CUUX6cvNNIege/Tveu/Epm+qcnE7DjJ7t +qQQtrlFWMQHmvKuFqt6yw6iHM2awlbluzPg+kDG8Rsiqs4Lt4bnfFO7iJ/5FDafu +Zh04Mw== +-----END CERTIFICATE----- diff --git a/docker/security/payer/tls/serial.txt b/docker/security/payer/tls/serial.txt new file mode 100644 index 00000000..d73cdef3 --- /dev/null +++ b/docker/security/payer/tls/serial.txt @@ -0,0 +1 @@ +0C diff --git a/docker/security/payer/tls/serial.txt.old b/docker/security/payer/tls/serial.txt.old new file mode 100644 index 00000000..eb589e9d --- /dev/null +++ b/docker/security/payer/tls/serial.txt.old @@ -0,0 +1 @@ +0B diff --git a/docker/wait4/wait4.config.js b/docker/wait4/wait4.config.js index e2b50d9e..8fd8f45c 100644 --- a/docker/wait4/wait4.config.js +++ b/docker/wait4/wait4.config.js @@ -32,12 +32,12 @@ module.exports = { configPath: '../config/default.json' }, retries: 60 - }, - { - description: 'MongoDB object store', - uri: 'mongodb://objstore:27017/mlos', - method: 'mongo' } + // { + // description: 'MongoDB object store', + // uri: 'mongodb://objstore:27017/mlos', + // method: 'mongo' + // } ] }, { diff --git a/envs/fspiop-sim-security.env b/envs/fspiop-sim-security.env new file mode 100644 index 00000000..67fe91b7 --- /dev/null +++ b/envs/fspiop-sim-security.env @@ -0,0 +1,11 @@ +CBH_FSPIOP_FSP_ID=fspiopsimpayee +CBH_FSPIOP_CALLBACK_HTTP_KEEPALIVE=true + +### FSPIOP Handlers +CBH_FSPIOP_ALS_ENDPOINT_URL=http://payee-sdk-scheme-adapter:4000 +CBH_FSPIOP_QUOTES_ENDPOINT_URL=http://payee-sdk-scheme-adapter:4000 +CBH_FSPIOP_TRANSFERS_ENDPOINT_URL=http://payee-sdk-scheme-adapter:4000 + +CBH_FSPIOP_QUOTES_ILPPACKET='AYIDGQAAAAAAACcQIWcuZ3JlZW5iYW5rZnNwLm1zaXNkbi4yNzcxMzgwMzkxMoIC62V5SjBjbUZ1YzJGamRHbHZia2xrSWpvaU1ERXhaR1EyTldZdE5UQXpNeTAwTVdNMkxUazFaR1l0T1RFeFl6WTRPVFExWWpobUlpd2ljWFZ2ZEdWSlpDSTZJbVF3TXpJMU1EVTJMVE0xTldFdE5EUmxNUzFpT1RnMExXWXdZVFExTmpFMFkyRXpPQ0lzSW5CaGVXVmxJanA3SW5CaGNuUjVTV1JKYm1adklqcDdJbkJoY25SNVNXUlVlWEJsSWpvaVRWTkpVMFJPSWl3aWNHRnlkSGxKWkdWdWRHbG1hV1Z5SWpvaU1qYzNNVE00TURNNU1USWlMQ0ptYzNCSlpDSTZJbWR5WldWdVltRnVhMlp6Y0NKOWZTd2ljR0Y1WlhJaU9uc2ljR0Z5ZEhsSlpFbHVabThpT25zaWNHRnlkSGxKWkZSNWNHVWlPaUpOVTBsVFJFNGlMQ0p3WVhKMGVVbGtaVzUwYVdacFpYSWlPaUkwTkRFeU16UTFOamM0T1NJc0ltWnpjRWxrSWpvaWNHbHVhMkpoYm10bWMzQWlmU3dpY0dWeWMyOXVZV3hKYm1adklqcDdJbU52YlhCc1pYaE9ZVzFsSWpwN0ltWnBjbk4wVG1GdFpTSTZJa1pwY25OMGJtRnRaUzFVWlhOMElpd2liR0Z6ZEU1aGJXVWlPaUpNWVhOMGJtRnRaUzFVWlhOMEluMHNJbVJoZEdWUFprSnBjblJvSWpvaU1UazROQzB3TVMwd01TSjlmU3dpWVcxdmRXNTBJanA3SW1OMWNuSmxibU41SWpvaVZWTkVJaXdpWVcxdmRXNTBJam9pTVRBd0luMHNJblJ5WVc1ellXTjBhVzl1Vkhsd1pTSTZleUp6WTJWdVlYSnBieUk2SWxSU1FVNVRSa1ZTSWl3aWFXNXBkR2xoZEc5eUlqb2lVRUZaUlZJaUxDSnBibWwwYVdGMGIzSlVlWEJsSWpvaVEwOU9VMVZOUlZJaWZYMAA' +CBH_FSPIOP_QUOTES_CONDITION='5m0gq_5dLQlTSSRKQmLpj0MZ1MtWLWgSu1oLGVTJyYs' +CBH_QUOTE_EXPIRATION_WINDOW=60000 diff --git a/envs/fspiop-sim.env b/envs/fspiop-sim.env new file mode 100644 index 00000000..e284f02a --- /dev/null +++ b/envs/fspiop-sim.env @@ -0,0 +1,11 @@ +CBH_FSPIOP_FSP_ID=fspiopsim +CBH_FSPIOP_CALLBACK_HTTP_KEEPALIVE=true + +### FSPIOP Handlers +CBH_FSPIOP_ALS_ENDPOINT_URL=http://sdk-scheme-adapter:4000 +CBH_FSPIOP_QUOTES_ENDPOINT_URL=http://sdk-scheme-adapter:4000 +CBH_FSPIOP_TRANSFERS_ENDPOINT_URL=http://sdk-scheme-adapter:4000 + +CBH_FSPIOP_QUOTES_ILPPACKET='AYIDGQAAAAAAACcQIWcuZ3JlZW5iYW5rZnNwLm1zaXNkbi4yNzcxMzgwMzkxMoIC62V5SjBjbUZ1YzJGamRHbHZia2xrSWpvaU1ERXhaR1EyTldZdE5UQXpNeTAwTVdNMkxUazFaR1l0T1RFeFl6WTRPVFExWWpobUlpd2ljWFZ2ZEdWSlpDSTZJbVF3TXpJMU1EVTJMVE0xTldFdE5EUmxNUzFpT1RnMExXWXdZVFExTmpFMFkyRXpPQ0lzSW5CaGVXVmxJanA3SW5CaGNuUjVTV1JKYm1adklqcDdJbkJoY25SNVNXUlVlWEJsSWpvaVRWTkpVMFJPSWl3aWNHRnlkSGxKWkdWdWRHbG1hV1Z5SWpvaU1qYzNNVE00TURNNU1USWlMQ0ptYzNCSlpDSTZJbWR5WldWdVltRnVhMlp6Y0NKOWZTd2ljR0Y1WlhJaU9uc2ljR0Z5ZEhsSlpFbHVabThpT25zaWNHRnlkSGxKWkZSNWNHVWlPaUpOVTBsVFJFNGlMQ0p3WVhKMGVVbGtaVzUwYVdacFpYSWlPaUkwTkRFeU16UTFOamM0T1NJc0ltWnpjRWxrSWpvaWNHbHVhMkpoYm10bWMzQWlmU3dpY0dWeWMyOXVZV3hKYm1adklqcDdJbU52YlhCc1pYaE9ZVzFsSWpwN0ltWnBjbk4wVG1GdFpTSTZJa1pwY25OMGJtRnRaUzFVWlhOMElpd2liR0Z6ZEU1aGJXVWlPaUpNWVhOMGJtRnRaUzFVWlhOMEluMHNJbVJoZEdWUFprSnBjblJvSWpvaU1UazROQzB3TVMwd01TSjlmU3dpWVcxdmRXNTBJanA3SW1OMWNuSmxibU41SWpvaVZWTkVJaXdpWVcxdmRXNTBJam9pTVRBd0luMHNJblJ5WVc1ellXTjBhVzl1Vkhsd1pTSTZleUp6WTJWdVlYSnBieUk2SWxSU1FVNVRSa1ZTSWl3aWFXNXBkR2xoZEc5eUlqb2lVRUZaUlZJaUxDSnBibWwwYVdGMGIzSlVlWEJsSWpvaVEwOU9VMVZOUlZJaWZYMAA' +CBH_FSPIOP_QUOTES_CONDITION='5m0gq_5dLQlTSSRKQmLpj0MZ1MtWLWgSu1oLGVTJyYs' +CBH_QUOTE_EXPIRATION_WINDOW=60000 diff --git a/envs/payee-sdk-scheme-adapter-api-svc.env b/envs/payee-sdk-scheme-adapter-api-svc.env new file mode 100644 index 00000000..76432a33 --- /dev/null +++ b/envs/payee-sdk-scheme-adapter-api-svc.env @@ -0,0 +1,37 @@ +# FSPID of this DFSP +DFSP_ID=fspiopsimpayee + +ALLOW_TRANSFER_WITHOUT_QUOTE=true + +PEER_ENDPOINT=payer-sdk-scheme-adapter-api-svc:4000 +ALS_ENDPOINT=payer-sdk-scheme-adapter-api-svc:4000 + +BACKEND_ENDPOINT=sim-fspiop:3001/backend +UV_THREADPOOL_SIZE=24 +LOG_LEVEL=info + +INBOUND_MUTUAL_TLS_ENABLED=true +OUTBOUND_MUTUAL_TLS_ENABLED=true + +VALIDATE_INBOUND_JWS=true +VALIDATE_INBOUND_PUT_PARTIES_JWS=true +JWS_SIGN=true +JWS_SIGN_PUT_PARTIES=true + +# Path to JWS signing key (private key of THIS DFSP) +JWS_SIGNING_KEY_PATH=./secrets/jws/privatekey.pem +JWS_VERIFICATION_KEYS_DIRECTORY=./secrets/jws/verification_keys + +# Location of certs and key required for TLS +IN_CA_CERT_PATH=./secrets/tls/dfsp_client_cacert.pem +IN_SERVER_CERT_PATH=./secrets/tls/dfsp_server_cert.pem +IN_SERVER_KEY_PATH=./secrets/tls/dfsp_server_key.key + +OUT_CA_CERT_PATH=./secrets/tls/payer_server_cacert.pem +OUT_CLIENT_CERT_PATH=./secrets/tls/dfsp_client_cert.pem +OUT_CLIENT_KEY_PATH=./secrets/tls/dfsp_client_key.key + +ENABLE_FSPIOP_EVENT_HANDLER=false +ENABLE_BACKEND_EVENT_HANDLER=false + +CACHE_URL=redis://redis:6379 diff --git a/envs/payer-sdk-scheme-adapter-api-svc.env b/envs/payer-sdk-scheme-adapter-api-svc.env new file mode 100644 index 00000000..dfdef4d1 --- /dev/null +++ b/envs/payer-sdk-scheme-adapter-api-svc.env @@ -0,0 +1,37 @@ +# FSPID of this DFSP +DFSP_ID=fspiopsimpayer + +ALLOW_TRANSFER_WITHOUT_QUOTE=true + +PEER_ENDPOINT=payee-sdk-scheme-adapter-api-svc:4000 +ALS_ENDPOINT=payee-sdk-scheme-adapter-api-svc:4000 + +BACKEND_ENDPOINT=sim-fspiop:3001/backend +UV_THREADPOOL_SIZE=24 +LOG_LEVEL=info + +INBOUND_MUTUAL_TLS_ENABLED=true +OUTBOUND_MUTUAL_TLS_ENABLED=true + +VALIDATE_INBOUND_JWS=true +VALIDATE_INBOUND_PUT_PARTIES_JWS=true +JWS_SIGN=true +JWS_SIGN_PUT_PARTIES=true + +# Path to JWS signing key (private key of THIS DFSP) +JWS_SIGNING_KEY_PATH=./secrets/jws/privatekey.pem +JWS_VERIFICATION_KEYS_DIRECTORY=./secrets/jws/verification_keys + +# Location of certs and key required for TLS +IN_CA_CERT_PATH=./secrets/tls/dfsp_client_cacert.pem +IN_SERVER_CERT_PATH=./secrets/tls/dfsp_server_cert.pem +IN_SERVER_KEY_PATH=./secrets/tls/dfsp_server_key.key + +OUT_CA_CERT_PATH=./secrets/tls/payee_server_cacert.pem +OUT_CLIENT_CERT_PATH=./secrets/tls/dfsp_client_cert.pem +OUT_CLIENT_KEY_PATH=./secrets/tls/dfsp_client_key.key + +ENABLE_FSPIOP_EVENT_HANDLER=false +ENABLE_BACKEND_EVENT_HANDLER=false + +CACHE_URL=redis://redis:6379 diff --git a/packages/callback-handler-svc/handlers/backend.js b/packages/callback-handler-svc/handlers/backend.js new file mode 100644 index 00000000..c7f51b7e --- /dev/null +++ b/packages/callback-handler-svc/handlers/backend.js @@ -0,0 +1,168 @@ +const express = require('express') +const env = require('env-var') +const { TraceUtils } = require('@callback-handler-svc/utils') + +const TRACESTATE_KEY_END2END_START_TS = 'tx_end2end_start_ts' +const TRACESTATE_KEY_CALLBACK_START_TS = 'tx_callback_start_ts' + + +const init = (config, logger, options = undefined) => { + const router = express.Router() + + const handleCallback = (resource, req, res) => { + const histTimerEnd = options.metrics.getHistogram( + 'ing_callbackHandler', + 'Ingress - Operation handler', + ['success', 'operation'] + ).startTimer() + const currentTime = Date.now() + const path = req.path + const httpMethod = req.method.toLowerCase() + const isErrorOperation = path.endsWith('error') + const operation = `fspiop_${httpMethod}_${resource}` + const operationE2e = `${operation}_end2end` + const operationRequest = `${operation}_request` + const operationResponse = `${operation}_response` + const tracestate = TraceUtils.getTraceStateMap(req.headers) + + if (tracestate === undefined || tracestate[TRACESTATE_KEY_END2END_START_TS] === undefined || tracestate[TRACESTATE_KEY_CALLBACK_START_TS] === undefined) { + return res.status(400).send(`${TRACESTATE_KEY_END2END_START_TS} or ${TRACESTATE_KEY_CALLBACK_START_TS} key/values not found in tracestate`) + } + + const e2eDelta = currentTime - tracestate[TRACESTATE_KEY_END2END_START_TS] + const requestDelta = tracestate[TRACESTATE_KEY_CALLBACK_START_TS] - tracestate[TRACESTATE_KEY_END2END_START_TS] + const responseDelta = currentTime - tracestate[TRACESTATE_KEY_CALLBACK_START_TS] + + const performanceHistogram = options.metrics.getHistogram( + 'tx_cb_perf', + 'Metrics for callbacks', + ['success', 'operation'] + ) + + performanceHistogram.observe({ + success: (!isErrorOperation).toString(), + operation: operationE2e + }, e2eDelta / 1000) + performanceHistogram.observe({ + success: (!isErrorOperation).toString(), + operation: operationRequest + }, requestDelta / 1000) + performanceHistogram.observe({ + success: (!isErrorOperation).toString(), + operation: operationResponse + }, responseDelta / 1000) + + logger.isDebugEnabled && logger.debug( + { + traceparent: req.headers.traceparent, + tracestate, + operation, + path, + isErrorOperation, + serverHandlingTime: currentTime, + [operationE2e]: e2eDelta, + [operationRequest]: requestDelta, + [operationResponse]: responseDelta + } + ) + const traceId = TraceUtils.getTraceId(req.headers) + const channel = '/' + traceId + '/' + req.method + req.path + console.log('Handled PUT Callback request', channel) + options.wsServer.notify(channel, isErrorOperation ? 'ERROR_CALLBACK_RECEIVED' : 'SUCCESS_CALLBACK_RECEIVED') + histTimerEnd({ success: true, operation }) + return res.status(202).end() + } + + + // Handle Oracle GET Participants request + router.get('/parties/:type/:id', (req, res) => { + const histTimerEnd = options.metrics.getHistogram( + 'ing_callbackHandler', + 'Ingress - Operation handler', + ['success', 'operation'] + ).startTimer() + const type = req.params.type + const id = req.params.id + + res.status(202).json({ + "idType": type, + "idValue": id, + "fsp": "string" + }) + console.log('Handled GET request') + histTimerEnd({ success: true, operation: 'oracle_get_parties'}) + }) + + // Handle Quote Request + router.post('/quoterequests', (req, res) => { + const histTimerEnd = options.metrics.getHistogram( + 'ing_callbackHandler', + 'Ingress - Operation handler', + ['success', 'operation'] + ).startTimer() + + const quotesRequest = req.body + + const quotesResponse = { + payeeFspCommissionAmount: quotesRequest.feesCurrency, + payeeFspCommissionAmountCurrency: quotesRequest.feesCurrency, + payeeFspFeeAmount: quotesRequest.feesAmount, + payeeFspFeeAmountCurrency: quotesRequest.feesCurrency, + // Fee currency and currency should be the same in order to have the right value + payeeReceiveAmount: (Number(quotesRequest.amount) - Number(quotesRequest.feesAmount)), + payeeReceiveAmountCurrency: quotesRequest.currency, + quoteId: quotesRequest.quoteId, + transactionId: quotesRequest.transactionId, + transferAmount: quotesRequest.amount, + transferAmountCurrency: quotesRequest.currency, + expiration: new Date(new Date().getTime() + 10000) + } + + res.status(202).json(quotesResponse) + + histTimerEnd({ success: true, operation: 'quoting_service_post_quote' }) + }) + + // Handle Transfer Request + router.post('/transfers', (req, res) => { + const histTimerEnd = options.metrics.getHistogram( + 'ing_callbackHandler', + 'Ingress - Operation handler', + ['success', 'operation'] + ).startTimer() + + const quotesResponse = { + completedTimestamp: new Date(new Date().getTime() + 10000), + fulfilment: 'string', + homeTransactionId: req.body.homeR2PTransactionId, + transferState: 'RECEIVED' + } + + res.status(202).json(quotesResponse) + + histTimerEnd({ success: true, operation: 'transfers_post_transfer' }) + }) + + router.put('/parties/:type/:id', (req, res) => { + return handleCallback('parties', req, res) + }) + + router.put('/quotes/:id', (req, res) => { + return handleCallback('quotes', req, res) + }) + + router.put('/transfers/:id', (req, res) => { + return handleCallback('transfers', req, res) + }) + + return { + name: 'backend', + basepath: '/backend', + router + } +} + +// require-glob has no ES support +module.exports = { + init +} diff --git a/packages/callback-handler-svc/handlers/fspiop.js b/packages/callback-handler-svc/handlers/fspiop.js index 713f9fda..0a5db49a 100644 --- a/packages/callback-handler-svc/handlers/fspiop.js +++ b/packages/callback-handler-svc/handlers/fspiop.js @@ -50,37 +50,43 @@ const init = (config, logger, options = undefined) => { 'Egress - Operation handler', ['success', 'operation'] ).startTimer() - await instance.put(`${FSPIOP_ALS_ENDPOINT_URL}/parties/${type}/${id}`, { - "party": { - "partyIdInfo": { - "partyIdType": "MSISDN", - "partyIdentifier": id, - "fspId": FSP_ID, - "partySubIdOrType": "HEALTH_CARD" - }, - "personalInfo": { - "dateOfBirth": "1971-12-25", - "complexName": { - "lastName": "Trudeau", - "middleName": "Pierre", - "firstName": "Justin" - } - }, - "name": "Justin Pierre" - } - }, - { - headers: { - 'Content-Type': 'application/vnd.interoperability.parties+json;version=1.1', - 'Accept': 'application/vnd.interoperability.parties+json;version=1.1', - Date: new Date(), - 'FSPIOP-Source': FSP_ID, - 'FSPIOP-Destination': fspiopSourceHeader, - 'traceparent': traceparentHeader, - 'tracestate': tracestateHeader + `,${TRACESTATE_KEY_CALLBACK_START_TS}=${Date.now()}` + try { + await instance.put(`${FSPIOP_ALS_ENDPOINT_URL}/parties/${type}/${id}`, { + "party": { + "partyIdInfo": { + "type": "CONSUMER", + "partyIdType": "MSISDN", + "partyIdentifier": id, + "fspId": FSP_ID + }, + "personalInfo": { + "dateOfBirth": "1971-12-25", + "complexName": { + "lastName": "Trudeau", + "middleName": "Pierre", + "firstName": "Justin" + } + }, + "name": "Justin Pierre" + } }, - httpAgent, - }) + { + headers: { + 'Content-Type': 'application/vnd.interoperability.parties+json;version=1.1', + 'Accept': 'application/vnd.interoperability.parties+json;version=1.1', + Date: new Date(), + 'FSPIOP-Source': FSP_ID, + 'FSPIOP-Destination': fspiopSourceHeader, + 'traceparent': traceparentHeader, + 'tracestate': tracestateHeader + `,${TRACESTATE_KEY_CALLBACK_START_TS}=${Date.now()}` + }, + httpAgent, + }) + } catch (e) { + console.log('failed here: ', `${FSPIOP_ALS_ENDPOINT_URL}/parties/${type}/${id}`) + logger.error(e) + + } egressHistTimerEnd({ success: true, operation: 'fspiop_put_parties'}) histTimerEnd1({ success: true, operation: 'fspiop_get_parties_with_callback'}) })(); @@ -199,7 +205,7 @@ const init = (config, logger, options = undefined) => { const operationE2e = `${operation}_end2end` const operationRequest = `${operation}_request` const operationResponse = `${operation}_response` - const tracestate = TraceUtils.getTraceStateMap(req.headers) + const tracestate = TraceUtils.getTraceStateMap(req.headers) if (tracestate === undefined || tracestate[TRACESTATE_KEY_END2END_START_TS] === undefined || tracestate[TRACESTATE_KEY_CALLBACK_START_TS] === undefined) { return res.status(400).send(`${TRACESTATE_KEY_END2END_START_TS} or ${TRACESTATE_KEY_CALLBACK_START_TS} key/values not found in tracestate`) diff --git a/packages/k6-tests/config/fspiopE2E.json b/packages/k6-tests/config/fspiopE2E.json new file mode 100644 index 00000000..ebc432be --- /dev/null +++ b/packages/k6-tests/config/fspiopE2E.json @@ -0,0 +1,21 @@ +{ + "scenarios": { + "fspiopE2E": { + "executor": "ramping-vus", + "exec": "fspiopE2EScenarios", + "env": { + "UNIDIRECTIONAL": "false" + }, + "startVUs": 1, + "stages": [ + { "duration": "30s", "target": 30 }, + { "duration": "5m", "target": 30 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } +} diff --git a/packages/k6-tests/config/fspiopQuotesPersonalInfoExtensions.json b/packages/k6-tests/config/fspiopQuotesPersonalInfoExtensions.json new file mode 100644 index 00000000..7516a138 --- /dev/null +++ b/packages/k6-tests/config/fspiopQuotesPersonalInfoExtensions.json @@ -0,0 +1,21 @@ +{ + "scenarios": { + "fspiopQuotes": { + "executor": "ramping-vus", + "exec": "fspiopQuotesScenarios", + "env": { + "UNIDIRECTIONAL": "false" + }, + "startVUs": 1, + "stages": [ + { "duration": "30s", "target": 50 }, + { "duration": "5m", "target": 50 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } +} diff --git a/packages/k6-tests/config/inboundSDKDiscovery.json b/packages/k6-tests/config/inboundSDKDiscovery.json new file mode 100644 index 00000000..d77b5c1c --- /dev/null +++ b/packages/k6-tests/config/inboundSDKDiscovery.json @@ -0,0 +1,21 @@ +{ + "scenarios": { + "inboundSDKDiscovery": { + "executor": "ramping-vus", + "exec": "inboundSDKDiscoveryScenarios", + "env": { + "UNIDIRECTIONAL": "false" + }, + "startVUs": 1, + "stages": [ + { "duration": "30s", "target": 5 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } + } + \ No newline at end of file diff --git a/packages/k6-tests/config/inboundSDKQuotes.json b/packages/k6-tests/config/inboundSDKQuotes.json new file mode 100644 index 00000000..f63e8aa9 --- /dev/null +++ b/packages/k6-tests/config/inboundSDKQuotes.json @@ -0,0 +1,18 @@ +{ + "scenarios": { + "inboundSDKQuotes": { + "executor": "ramping-vus", + "exec": "inboundSDKQuotesScenarios", + "startVUs": 1, + "stages": [ + { "duration": "30s", "target": 15 }, + { "duration": "1m", "target": 15 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } +} diff --git a/packages/k6-tests/config/inboundSDKTransfer.json b/packages/k6-tests/config/inboundSDKTransfer.json new file mode 100644 index 00000000..1a48ec0f --- /dev/null +++ b/packages/k6-tests/config/inboundSDKTransfer.json @@ -0,0 +1,22 @@ +{ + "scenarios": { + "inboundSDKTransfers": { + "executor": "ramping-vus", + "exec": "inboundSDKTransfersScenarios", + "env": { + "UNIDIRECTIONAL": "true" + }, + "startVUs": 1, + "stages": [ + { "duration": "30s", "target": 10 }, + { "duration": "1m", "target": 10 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } + } + \ No newline at end of file diff --git a/packages/k6-tests/config/outboundSDKDiscovery.json b/packages/k6-tests/config/outboundSDKDiscovery.json new file mode 100644 index 00000000..8c706837 --- /dev/null +++ b/packages/k6-tests/config/outboundSDKDiscovery.json @@ -0,0 +1,21 @@ +{ + "scenarios": { + "outboundSDKDiscovery": { + "executor": "ramping-vus", + "exec": "outboundSDKDiscoveryScenarios", + "env": { + "UNIDIRECTIONAL": "true" + }, + "startVUs": 1, + "stages": [ + { "duration": "2m", "target": 5 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } + } + \ No newline at end of file diff --git a/packages/k6-tests/config/outboundSDKQuotes.json b/packages/k6-tests/config/outboundSDKQuotes.json new file mode 100644 index 00000000..ec13d0ed --- /dev/null +++ b/packages/k6-tests/config/outboundSDKQuotes.json @@ -0,0 +1,18 @@ +{ + "scenarios": { + "outboundSDKQuotes": { + "executor": "ramping-vus", + "exec": "outboundSDKQuotesScenarios", + "startVUs": 1, + "stages": [ + { "duration": "30s", "target": 15 }, + { "duration": "1m", "target": 15 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } +} diff --git a/packages/k6-tests/config/outboundSDKTransfer.json b/packages/k6-tests/config/outboundSDKTransfer.json new file mode 100644 index 00000000..e9bc55aa --- /dev/null +++ b/packages/k6-tests/config/outboundSDKTransfer.json @@ -0,0 +1,21 @@ +{ + "scenarios": { + "outboundSDKTransfers": { + "executor": "ramping-vus", + "exec": "outboundSDKTransfersScenarios", + "env": { + "UNIDIRECTIONAL": "true" + }, + "startVUs": 1, + "stages": [ + { "duration": "2m", "target": 5 } + ] + } + }, + "thresholds": { + "iteration_duration": [ "p(95)<1000" ], + "http_req_failed": [ "rate<0.01" ], + "http_req_duration": [ "p(95)<1000" ] + } + } + \ No newline at end of file diff --git a/packages/k6-tests/config/test.json b/packages/k6-tests/config/test.json index 43be4c64..7884a667 100644 --- a/packages/k6-tests/config/test.json +++ b/packages/k6-tests/config/test.json @@ -1,17 +1,13 @@ { "scenarios": { "test": { - "executor": "ramping-vus", - "exec": "testScenarios", - "startVUs": 1, - "stages": [ - { "duration": "10s", "target": 6 } - ] + "executor": "shared-iterations", + "exec": "inboundSDKTransfersScenarios", + "env": { + "UNIDIRECTIONAL": "false" + }, + "vus": 1, + "iterations": 1 + } } - }, - "thresholds": { - "iteration_duration": [ "p(95)<1000" ], - "http_req_failed": [ "rate<0.01" ], - "http_req_duration": [ "p(95)<1000" ] - } } diff --git a/packages/k6-tests/index.js b/packages/k6-tests/index.js index bcec1005..04b7a9b8 100644 --- a/packages/k6-tests/index.js +++ b/packages/k6-tests/index.js @@ -5,6 +5,14 @@ export { fspiopTransfersNoCallbackScenarios } from './scenarios/fspiopTransfersN export { fspiopQuotesScenarios } from './scenarios/fspiopQuotes.js'; export { fspiopQuotesNoCallbackScenarios } from './scenarios/fspiopQuotesNoCallback.js'; export { fspiopParallelScenarios } from './scenarios/fspiopParallel.js'; +export { fspiopQuotesPersonalInfoExtensionsScenarios } from './scenarios/fspiopQuotesPersonalInfoExtensions.js'; +export { fspiopE2EScenarios } from './scenarios/fspiopE2E.js'; +export { inboundSDKDiscoveryScenarios } from './scenarios/inboundSDKDiscovery.js'; +export { inboundSDKQuotesScenarios } from './scenarios/inboundSDKQuotes.js'; +export { inboundSDKTransfersScenarios } from './scenarios/inboundSDKTransfers.js'; +export { outboundSDKDiscoveryScenarios } from './scenarios/outboundSDKDiscovery.js'; +export { outboundSDKQuotesScenarios } from './scenarios/outboundSDKQuotes.js'; +export { outboundSDKTransfersScenarios } from './scenarios/outboundSDKTransfers.js'; const configFile = __ENV.K6_SCRIPT_CONFIG_FILE_NAME ? './config/' + __ENV.K6_SCRIPT_CONFIG_FILE_NAME : './config/test.json'; const testConfig = JSON.parse(open(configFile)); diff --git a/packages/k6-tests/scenarios/fspiopE2E.js b/packages/k6-tests/scenarios/fspiopE2E.js new file mode 100644 index 00000000..a01b3d7c --- /dev/null +++ b/packages/k6-tests/scenarios/fspiopE2E.js @@ -0,0 +1,6 @@ +import { E2E } from "../scripts/E2E.js"; + + +export function fspiopE2EScenarios() { + E2E(); +} diff --git a/packages/k6-tests/scenarios/fspiopQuotesPersonalInfoExtensions.js b/packages/k6-tests/scenarios/fspiopQuotesPersonalInfoExtensions.js new file mode 100644 index 00000000..bb7c74fc --- /dev/null +++ b/packages/k6-tests/scenarios/fspiopQuotesPersonalInfoExtensions.js @@ -0,0 +1,6 @@ +import { postQuotesPersonalInfoExtensions } from "../scripts/postQuotesPersonalInfoExtensions.js"; + + +export function fspiopQuotesPersonalInfoExtensionsScenarios() { + postQuotesPersonalInfoExtensions(); +} diff --git a/packages/k6-tests/scenarios/inboundSDKDiscovery.js b/packages/k6-tests/scenarios/inboundSDKDiscovery.js new file mode 100644 index 00000000..1d8a9c95 --- /dev/null +++ b/packages/k6-tests/scenarios/inboundSDKDiscovery.js @@ -0,0 +1,5 @@ +import { getParties } from "../scripts/inboundSDKGetParties.js"; + +export function inboundSDKDiscoveryScenarios() { + getParties(); +} diff --git a/packages/k6-tests/scenarios/inboundSDKQuotes.js b/packages/k6-tests/scenarios/inboundSDKQuotes.js new file mode 100644 index 00000000..7fe5e66c --- /dev/null +++ b/packages/k6-tests/scenarios/inboundSDKQuotes.js @@ -0,0 +1,6 @@ +import { postQuotes } from "../scripts/inboundSDKQuotes.js"; + + +export function inboundSDKQuotesScenarios() { + postQuotes(); +} diff --git a/packages/k6-tests/scenarios/inboundSDKTransfers.js b/packages/k6-tests/scenarios/inboundSDKTransfers.js new file mode 100644 index 00000000..dea244b2 --- /dev/null +++ b/packages/k6-tests/scenarios/inboundSDKTransfers.js @@ -0,0 +1,6 @@ +import { postTransfers } from "../scripts/inboundSDKTransfers.js"; + + +export function inboundSDKTransfersScenarios() { + postTransfers(); +} diff --git a/packages/k6-tests/scenarios/outboundSDKDiscovery.js b/packages/k6-tests/scenarios/outboundSDKDiscovery.js new file mode 100644 index 00000000..0ce4e482 --- /dev/null +++ b/packages/k6-tests/scenarios/outboundSDKDiscovery.js @@ -0,0 +1,5 @@ +import { getParties } from "../scripts/outboundSDKGetParties.js"; + +export function outboundSDKDiscoveryScenarios() { + getParties(); +} diff --git a/packages/k6-tests/scenarios/outboundSDKQuotes.js b/packages/k6-tests/scenarios/outboundSDKQuotes.js new file mode 100644 index 00000000..76975f63 --- /dev/null +++ b/packages/k6-tests/scenarios/outboundSDKQuotes.js @@ -0,0 +1,6 @@ +import { postQuotes } from "../scripts/outboundSDKQuotes.js"; + + +export function outboundSDKQuotesScenarios() { + postQuotes(); +} diff --git a/packages/k6-tests/scenarios/outboundSDKTransfers.js b/packages/k6-tests/scenarios/outboundSDKTransfers.js new file mode 100644 index 00000000..bca0196b --- /dev/null +++ b/packages/k6-tests/scenarios/outboundSDKTransfers.js @@ -0,0 +1,6 @@ +import { postTransfers } from "../scripts/outboundSDKTransfers.js"; + + +export function outboundSDKTransfersScenarios() { + postTransfers(); +} diff --git a/packages/k6-tests/scripts/E2E.js b/packages/k6-tests/scripts/E2E.js new file mode 100644 index 00000000..e5113901 --- /dev/null +++ b/packages/k6-tests/scripts/E2E.js @@ -0,0 +1,279 @@ +import http from 'k6/http'; +import { check, group } from 'k6'; +import { crypto } from "k6/experimental/webcrypto"; +import { WebSocket } from 'k6/experimental/websockets'; +import { setTimeout, clearTimeout } from 'k6/experimental/timers'; +import { Trace } from "../common/trace.js"; +import { getTwoItemsFromArray } from "../common/utils.js"; +import exec from 'k6/execution'; + +console.log(`Env Vars --> + K6_SCRIPT_WS_TIMEOUT_MS=${__ENV.K6_SCRIPT_WS_TIMEOUT_MS}, + K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL=${__ENV.K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL}, + K6_SCRIPT_ADMIN_ENDPOINT_URL=${__ENV.K6_SCRIPT_ADMIN_ENDPOINT_URL}, + K6_SCRIPT_ORACLE_ENDPOINT_URL=${__ENV.K6_SCRIPT_ORACLE_ENDPOINT_URL}, + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_PAYER_POOL} +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) +const ilpPacket = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_ILPPACKET +const condition = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_CONDITION +const amount = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_AMOUNT.toString() +const currency = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_CURRENCY +const abortOnError = (__ENV.K6_SCRIPT_ABORT_ON_ERROR && __ENV.K6_SCRIPT_ABORT_ON_ERROR.toLowerCase() === 'true') ? true : false + +export function E2E() { + group("E2E", function () { + let payerFsp + let payeeFsp + + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const selectedFsps = getTwoItemsFromArray(fspList) + payerFsp = selectedFsps[0] + payeeFsp = selectedFsps[1] + } + + const startTsParties = Date.now(); + const payeeId = payeeFsp['partyId']; + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + const wsUrl = payerFsp['wsUrl']; + const traceParent = Trace(); + const traceId = traceParent.traceId; + const wsTimeoutMs = Number(__ENV.K6_SCRIPT_WS_TIMEOUT_MS) || 2000; // user session between 5s and 1m + + const wsChannelParties = `${traceParent.traceId}/PUT/parties/MSISDN/${payeeId}`; + const wsURLParties = `${wsUrl}/${wsChannelParties}` + const wsParties = new WebSocket(wsURLParties); + + var wsTimeoutId = null; + + const clearTimersParties = () => { + if (wsTimeoutId) { clearTimeout(wsTimeoutId); wsTimeoutId=null } + } + + wsParties.onclose(() => { + clearTimersParties(); + }); + + wsParties.onerror((err) => { + console.error(traceId, err); + check(err, { 'ALS_E2E_FSPIOP_GET_PARTIES_SUCCESS': (cbMessage) => false }); + clearTimersParties(); + wsParties.close(); + }); + + wsParties.onmessage = (event) => { + console.info(traceId, `WS message received [${wsChannelParties}]: ${event.data}`); + check(event.data, { 'ALS_E2E_FSPIOP_GET_PARTIES_SUCCESS': (cbMessage) => cbMessage == 'SUCCESS_CALLBACK_RECEIVED' }); + clearTimersParties(); + wsParties.close(); + + const startTsQuotes = Date.now(); + const quoteId = crypto.randomUUID(); + const transactionId = crypto.randomUUID(); + const wsChannelQuotes = `${traceParent.traceId}/PUT/quotes/${quoteId}`; + const wsURLQuotes = `${wsUrl}/${wsChannelQuotes}` + const wsQuotes = new WebSocket(wsURLQuotes); + + var wsTimeoutId = null; + + const clearTimersQuotes = () => { + if (wsTimeoutId) { clearTimeout(wsTimeoutId); wsTimeoutId=null } + } + + wsQuotes.onclose(() => { + clearTimersQuotes(); + }); + + wsQuotes.onerror((err) => { + console.error(traceId, err); + check(err, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => false }); + clearTimersQuotes(); + wsQuotes.close(); + }); + + wsQuotes.onmessage = (event) => { + console.info(traceId, `WS message received [${wsChannelQuotes}]: ${event.data}`); + check(event.data, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => cbMessage == 'SUCCESS_CALLBACK_RECEIVED' }); + clearTimersQuotes(); + wsQuotes.close(); + + const startTsTransfers = Date.now(); + const transferId = crypto.randomUUID(); + const wsChannelTransfers = `${traceParent.traceId}/PUT/transfers/${transferId}`; + const wsURLTransfers = `${wsUrl}/${wsChannelTransfers}` + const wsTransfers = new WebSocket(wsURLTransfers); + + var wsTimeoutId = null; + + const clearTimersTransfers = () => { + if (wsTimeoutId) { clearTimeout(wsTimeoutId); wsTimeoutId=null } + } + + wsTransfers.onclose(() => { + clearTimersTransfers(); + }); + + wsTransfers.onerror((err) => { + console.error(traceId, err); + check(err, { 'TRANSFERS_E2E_FSPIOP_POST_TRANSFERS_SUCCESS': (cbMessage) => false }); + clearTimersTransfers(); + wsTransfers.close(); + }); + + wsTransfers.onmessage = (event) => { + console.info(traceId, `WS message received [${wsChannelTransfers}]: ${event.data}`); + check(event.data, { 'TRANSFERS_E2E_FSPIOP_POST_TRANSFERS_SUCCESS': (cbMessage) => cbMessage == 'SUCCESS_CALLBACK_RECEIVED' }); + clearTimersTransfers(); + wsTransfers.close(); + }; + + wsTransfers.onopen = () => { + console.info(traceId, `WS open on URL: ${wsUrl}`); + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'Accept': 'application/vnd.interoperability.transfers+json;version=1.1', + 'Content-Type': 'application/vnd.interoperability.transfers+json;version=1.1', + 'FSPIOP-Source': payerFspId, + 'FSPIOP-Destination': payeeFspId, + 'Date': (new Date()).toUTCString(), + 'traceparent': traceParent.toString(), + 'tracestate': `tx_end2end_start_ts=${startTsTransfers}` + }, + }; + + const body = { + "transferId": transferId, + "payerFsp": payerFspId, + "payeeFsp": payeeFspId, + "amount": { + amount, + currency + }, + "expiration": "2030-01-01T00:00:00.000Z", + ilpPacket, + condition + } + + // Lets send the FSPIOP POST /transfers request + const res = http.post(`${__ENV.K6_SCRIPT_FSPIOP_TRANSFERS_ENDPOINT_URL}/transfers`, JSON.stringify(body), params); + check(res, { 'TRANSFERS_FSPIOP_POST_TRANSFERS_RESPONSE_IS_202' : (r) => r.status == 202 }); + + if (abortOnError && res.status != 202) { + // Abort the entire k6 test execution runner + console.error(traceId, `FSPIOP POST /transfers returned status: ${res.status}`); + wsTransfers.close(); + exec.test.abort() + } + + wsTimeoutId = setTimeout(() => { + const errorMsg = `WS timed-out on URL: ${wsURLTransfers}` + console.error(traceId, errorMsg); + check(res, { 'TRANSFERS_E2E_FSPIOP_POST_TRANSFERS_SUCCESS': (cbMessage) => false }); + wsTransfers.close(); + if (abortOnError) { + // Abort the entire k6 test execution runner + console.error(traceId, 'Aborting k6 test execution!') + exec.test.abort() + } + }, wsTimeoutMs); + }; + }; + + wsQuotes.onopen = () => { + console.info(traceId, `WS open on URL: ${wsURLQuotes}`); + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'accept': 'application/vnd.interoperability.quotes+json;version=1.0', + 'Content-Type': 'application/vnd.interoperability.quotes+json;version=1.0', + 'FSPIOP-Source': payerFspId, + 'FSPIOP-Destination': payeeFspId, + 'Date': (new Date()).toUTCString(), + 'traceparent': traceParent.toString(), + 'tracestate': `tx_end2end_start_ts=${startTsQuotes}` + }, + }; + + const body = { + "quoteId": quoteId, + "transactionId": transactionId, + "payer": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payerFsp['partyId']}`, + "fspId": payerFspId + } + }, + "payee": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payeeFsp['partyId']}`, + "fspId": payeeFspId + } + }, + "amountType": "SEND", + "amount": { + "amount": `${amount}`, + "currency": `${currency}` + }, + "transactionType": { + "scenario": "TRANSFER", + "initiator": "PAYER", + "initiatorType": "CONSUMER" + } + } + + // Lets send the FSPIOP POST /quotes request + const res = http.post(`${__ENV.K6_SCRIPT_FSPIOP_QUOTES_ENDPOINT_URL}/quotes`, JSON.stringify(body), params); + check(res, { 'QUOTES_FSPIOP_POST_QUOTES_RESPONSE_IS_202' : (r) => r.status == 202 }); + + wsTimeoutId = setTimeout(() => { + const errorMsg = `WS timed-out on URL: ${wsURLQuotes}` + console.error(traceId, errorMsg); + check(res, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => false }); + wsQuotes.close(); + }, wsTimeoutMs); + }; + }; + + wsParties.onopen = () => { + console.info(traceId, `WS open on URL: ${wsURLParties}`); + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'Accept': 'application/vnd.interoperability.parties+json;version=1.1', + 'Content-Type': 'application/vnd.interoperability.parties+json;version=1.1', + 'FSPIOP-Source': payerFspId, + 'Date': (new Date()).toUTCString(), + 'traceparent': traceParent.toString(), + 'tracestate': `tx_end2end_start_ts=${startTsParties}` + }, + }; + + const res = http.get(`${__ENV.K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL}/parties/MSISDN/${payeeId}`, params); + check(res, { 'ALS_FSPIOP_GET_PARTIES_RESPONSE_IS_202' : (r) => r.status == 202 }); + + wsTimeoutId = setTimeout(() => { + const errorMsg = `WS timed-out on URL: ${wsURLParties}` + console.error(traceId, errorMsg); + check(res, { 'ALS_E2E_FSPIOP_GET_PARTIES_SUCCESS': (cbMessage) => false }); + wsParties.close(); + }, wsTimeoutMs); + }; + }); +} diff --git a/packages/k6-tests/scripts/inboundSDKGetParties.js b/packages/k6-tests/scripts/inboundSDKGetParties.js new file mode 100644 index 00000000..8599b4af --- /dev/null +++ b/packages/k6-tests/scripts/inboundSDKGetParties.js @@ -0,0 +1,96 @@ +import http from 'k6/http'; +import { check, fail, sleep, group } from 'k6'; +import { WebSocket } from 'k6/experimental/websockets'; +import { setTimeout, clearTimeout } from 'k6/experimental/timers'; +import { randomItem } from "https://jslib.k6.io/k6-utils/1.1.0/index.js"; +import { Trace } from "../common/trace.js"; + + +console.log(`Env Vars --> + K6_SCRIPT_WS_TIMEOUT_MS=${__ENV.K6_SCRIPT_WS_TIMEOUT_MS}, + K6_SCRIPT_SDK_ENDPOINT_URL=${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}, + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL} +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) + +export function getParties() { + group("Get Parties", function () { + let payerFsp + let payeeFsp + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const randomSortedFsp = fspList.concat().sort(() => randomItem([-1,1])).slice(0, 2); + payerFsp = randomSortedFsp[0] + payeeFsp = randomSortedFsp[1] + } + + const startTs = Date.now(); + const payeeId = payeeFsp['partyId']; + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + const wsUrl = payerFsp['wsUrl']; + const traceParent = Trace(); + const traceId = traceParent.traceId; + const wsChannel = `${traceParent.traceId}/PUT/parties/MSISDN/${payeeId}`; + const wsURL = `${wsUrl}/${wsChannel}` + const ws = new WebSocket(wsURL); + + const wsTimeoutMs = Number(__ENV.K6_SCRIPT_WS_TIMEOUT_MS) || 2000; // user session between 5s and 1m + + var wsTimeoutId = null; + + const clearTimers = () => { + if (wsTimeoutId) { clearTimeout(wsTimeoutId); wsTimeoutId=null } + } + + ws.onclose(() => { + clearTimers(); + }); + + ws.onerror((err) => { + console.error(traceId, err); + check(err, { 'SDK_GET_PARTIES_SUCCESS': (cbMessage) => false }); + clearTimers(); + ws.close(); + }); + + ws.onmessage = (event) => { + console.info(traceId, `WS message received [${wsChannel}]: ${event.data}`); + check(event.data, { 'SDK_GET_PARTIES_SUCCESS': (cbMessage) => cbMessage == 'SUCCESS_CALLBACK_RECEIVED' }); + clearTimers(); + ws.close(); + // sleep(1); + }; + + ws.onopen = () => { + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'Accept': 'application/vnd.interoperability.parties+json;version=1.1', + 'Content-Type': 'application/vnd.interoperability.parties+json;version=1.1', + 'FSPIOP-Source': payerFspId, + 'Date': (new Date()).toUTCString(), + 'traceparent': traceParent.toString(), + 'tracestate': `tx_end2end_start_ts=${startTs}` + }, + }; + + // Lets send the GET /parties request to the SDK + const res = http.get(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/parties/MSISDN/${payeeId}`, params); + check(res, { 'SDK_GET_PARTIES_RESPONSE_IS_202' : (r) => r.status == 202 }); + + wsTimeoutId = setTimeout(() => { + const errorMsg = `WS timed-out on URL: ${wsURL}` + console.error(traceId, errorMsg); + check(res, { 'SDK_PARTIES_SUCCESS': (cbMessage) => false }); + ws.close(); + }, wsTimeoutMs); + }; + }); +} diff --git a/packages/k6-tests/scripts/inboundSDKQuotes.js b/packages/k6-tests/scripts/inboundSDKQuotes.js new file mode 100644 index 00000000..4dc4b436 --- /dev/null +++ b/packages/k6-tests/scripts/inboundSDKQuotes.js @@ -0,0 +1,131 @@ +import http from 'k6/http'; +import { crypto } from "k6/experimental/webcrypto"; +import { check, fail, sleep, group } from 'k6'; +import { WebSocket } from 'k6/experimental/websockets'; +import { setTimeout, clearTimeout, setInterval, clearInterval } from 'k6/experimental/timers'; +import { Trace } from "../common/trace.js"; +import { getTwoItemsFromArray } from "../common/utils.js"; + +console.log(`Env Vars --> + K6_SCRIPT_WS_TIMEOUT_MS=${__ENV.K6_SCRIPT_WS_TIMEOUT_MS}, + K6_SCRIPT_SDK_ENDPOINT_URL=${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}, + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL} +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) +const amount = __ENV.K6_SCRIPT_FSPIOP_QUOTES_AMOUNT.toString() +const currency = __ENV.K6_SCRIPT_FSPIOP_QUOTES_CURRENCY + +export function postQuotes() { + group("Post Quotes", function () { + let payerFsp + let payeeFsp + + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const selectedFsps = getTwoItemsFromArray(fspList) + payerFsp = selectedFsps[0] + payeeFsp = selectedFsps[1] + } + + const startTs = Date.now(); + const quoteId = crypto.randomUUID(); + const transactionId = crypto.randomUUID(); + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + const wsUrl = payerFsp['wsUrl']; + const traceParent = Trace(); + const traceId = traceParent.traceId; + const wsChannel = `${traceParent.traceId}/PUT/quotes/${quoteId}`; + const wsURL = `${wsUrl}/${wsChannel}` + console.log('ws open on: ', wsURL) + const ws = new WebSocket(wsURL); + + const wsTimeoutMs = Number(__ENV.K6_SCRIPT_WS_TIMEOUT_MS) || 2000; // user session between 5s and 1m + + var wsTimeoutId = null; + + const clearTimers = () => { + if (wsTimeoutId) { clearTimeout(wsTimeoutId); wsTimeoutId=null } + } + + ws.onclose(() => { + clearTimers(); + }); + + ws.onerror((err) => { + console.error(traceId, err); + check(err, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => false }); + clearTimers(); + ws.close(); + }); + + ws.onmessage = (event) => { + console.info(traceId, `WS message received [${wsChannel}]: ${event.data}`); + check(event.data, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => cbMessage == 'SUCCESS_CALLBACK_RECEIVED' }); + clearTimers(); + ws.close(); + // sleep(1); + }; + + ws.onopen = () => { + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'accept': 'application/vnd.interoperability.quotes+json;version=1.0', + 'Content-Type': 'application/vnd.interoperability.quotes+json;version=1.0', + 'FSPIOP-Source': payerFspId, + 'FSPIOP-Destination': payeeFspId, + 'Date': (new Date()).toUTCString(), + 'traceparent': traceParent.toString(), + 'tracestate': `tx_end2end_start_ts=${startTs}` + }, + }; + + const body = { + "quoteId": quoteId, + "transactionId": transactionId, + "payer": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payerFsp['partyId']}`, + "fspId": payerFspId + } + }, + "payee": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payeeFsp['partyId']}`, + "fspId": payeeFspId + } + }, + "amountType": "SEND", + "amount": { + "amount": `${amount}`, + "currency": `${currency}` + }, + "transactionType": { + "scenario": "TRANSFER", + "initiator": "PAYER", + "initiatorType": "CONSUMER" + } + } + + // Lets send the FSPIOP POST /quotes request + const res = http.post(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/quotes`, JSON.stringify(body), params); + check(res, { 'QUOTES_FSPIOP_POST_QUOTES_RESPONSE_IS_202' : (r) => r.status == 202 }); + + wsTimeoutId = setTimeout(() => { + const errorMsg = `WS timed-out on URL: ${wsURL}` + console.error(traceId, errorMsg); + check(res, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => false }); + ws.close(); + }, wsTimeoutMs); + }; + }); +} diff --git a/packages/k6-tests/scripts/inboundSDKTransfers.js b/packages/k6-tests/scripts/inboundSDKTransfers.js new file mode 100644 index 00000000..b4f551da --- /dev/null +++ b/packages/k6-tests/scripts/inboundSDKTransfers.js @@ -0,0 +1,130 @@ +import http from 'k6/http'; +import { crypto } from "k6/experimental/webcrypto"; +import { check, fail, sleep, group } from 'k6'; +import exec from 'k6/execution'; +import { WebSocket } from 'k6/experimental/websockets'; +import { setTimeout, clearTimeout, setInterval, clearInterval } from 'k6/experimental/timers'; +import { Trace } from "../common/trace.js"; +import { getTwoItemsFromArray } from "../common/utils.js"; + +console.log(`Env Vars --> + K6_SCRIPT_WS_TIMEOUT_MS=${__ENV.K6_SCRIPT_WS_TIMEOUT_MS}, + K6_SCRIPT_SDK_ENDPOINT_URL=${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}, + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL}, + K6_SCRIPT_ABORT_ON_ERROR=${__ENV.K6_SCRIPT_ABORT_ON_ERROR} +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) + +const ilpPacket = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_ILPPACKET +const condition = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_CONDITION +const amount = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_AMOUNT.toString() +const currency = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_CURRENCY +const abortOnError = (__ENV.K6_SCRIPT_ABORT_ON_ERROR && __ENV.K6_SCRIPT_ABORT_ON_ERROR.toLowerCase() === 'true') ? true : false + +export function postTransfers() { + group("Post Transfers", function () { + let payerFsp + let payeeFsp + + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const selectedFsps = getTwoItemsFromArray(fspList) + payerFsp = selectedFsps[0] + payeeFsp = selectedFsps[1] + } + + const startTs = Date.now(); + const transferId = crypto.randomUUID(); + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + const wsUrl = payerFsp['wsUrl']; + const traceParent = Trace(); + const traceId = traceParent.traceId; + const wsChannel = `${traceParent.traceId}/PUT/transfers/${transferId}`; + const wsURL = `${wsUrl}/${wsChannel}` + const ws = new WebSocket(wsURL); + const wsTimeoutMs = Number(__ENV.K6_SCRIPT_WS_TIMEOUT_MS) || 2000; // user session between 5s and 1m + + var wsTimeoutId = null; + + const clearTimers = () => { + if (wsTimeoutId) { clearTimeout(wsTimeoutId); wsTimeoutId=null } + } + + ws.onclose(() => { + clearTimers(); + }); + + ws.onerror((err) => { + console.error(traceId, err); + check(err, { 'TRANSFERS_E2E_FSPIOP_POST_TRANSFERS_SUCCESS': (cbMessage) => false }); + clearTimers(); + ws.close(); + }); + + ws.onmessage = (event) => { + console.info(traceId, `WS message received [${wsChannel}]: ${event.data}`); + check(event.data, { 'TRANSFERS_E2E_FSPIOP_POST_TRANSFERS_SUCCESS': (cbMessage) => cbMessage == 'SUCCESS_CALLBACK_RECEIVED' }); + clearTimers(); + ws.close(); + // sleep(1); + }; + + ws.onopen = () => { + console.info(traceId, `WS open on URL: ${wsURL}`); + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'Accept': 'application/vnd.interoperability.transfers+json;version=1.1', + 'Content-Type': 'application/vnd.interoperability.transfers+json;version=1.1', + 'FSPIOP-Source': payerFspId, + 'FSPIOP-Destination': payeeFspId, + 'Date': (new Date()).toUTCString(), + 'traceparent': traceParent.toString(), + 'tracestate': `tx_end2end_start_ts=${startTs}` + }, + }; + + const body = { + "transferId": transferId, + "payerFsp": payerFspId, + "payeeFsp": payeeFspId, + "amount": { + amount, + currency + }, + "expiration": "2030-01-01T00:00:00.000Z", + ilpPacket, + condition + } + + // Lets send the FSPIOP POST /transfers request + const res = http.post(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/transfers`, JSON.stringify(body), params); + check(res, { 'TRANSFERS_FSPIOP_POST_TRANSFERS_RESPONSE_IS_202' : (r) => r.status == 202 }); + + if (abortOnError && res.status != 202) { + // Abort the entire k6 test exection runner + console.error(traceId, `FSPIOP POST /transfers returned status: ${res.status}`); + ws.close(); + exec.test.abort() + } + + wsTimeoutId = setTimeout(() => { + const errorMsg = `WS timed-out on URL: ${wsURL}` + check(res, { 'TRANSFERS_E2E_FSPIOP_POST_TRANSFERS_SUCCESS': (cbMessage) => false }); + ws.close(); + if (abortOnError) { + // Abort the entire k6 test exection runner + console.error(traceId, 'Aborting k6 test execution!') + exec.test.abort() + } + }, wsTimeoutMs); + }; + }); +} diff --git a/packages/k6-tests/scripts/outboundSDKGetParties.js b/packages/k6-tests/scripts/outboundSDKGetParties.js new file mode 100644 index 00000000..382d18b5 --- /dev/null +++ b/packages/k6-tests/scripts/outboundSDKGetParties.js @@ -0,0 +1,47 @@ +import http from 'k6/http'; +import { check, group } from 'k6'; +import { getTwoItemsFromArray } from "../common/utils.js"; + +console.log(`Env Vars --> + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL}, + K6_SCRIPT_SDK_ENDPOINT_URL=${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}, +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) + +export function getParties() { + group("Get Parties", function () { + let payerFsp + let payeeFsp + + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const selectedFsps = getTwoItemsFromArray(fspList) + payerFsp = selectedFsps[0] + payeeFsp = selectedFsps[1] + } + + const payeeId = payeeFsp['partyId']; + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'Accept': 'application/vnd.interoperability.parties+json;version=1.1', + 'Content-Type': 'application/vnd.interoperability.parties+json;version=1.1', + 'FSPIOP-Source': payerFspId, + 'Date': (new Date()).toUTCString(), + }, + }; + + const res = http.get(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/parties/MSISDN/${payeeId}`, params); + check(res, { 'SDK_GET_PARTIES_RESPONSE_IS_200' : (r) => r.status == 200 }); + + }); +} diff --git a/packages/k6-tests/scripts/outboundSDKQuotes.js b/packages/k6-tests/scripts/outboundSDKQuotes.js new file mode 100644 index 00000000..ca949fa0 --- /dev/null +++ b/packages/k6-tests/scripts/outboundSDKQuotes.js @@ -0,0 +1,84 @@ +import http from 'k6/http'; +import { crypto } from "k6/experimental/webcrypto"; +import { check, group } from 'k6'; +import { getTwoItemsFromArray } from "../common/utils.js"; + +console.log(`Env Vars --> + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL}, + K6_SCRIPT_SDK_ENDPOINT_URL=${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}, +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) +const amount = __ENV.K6_SCRIPT_FSPIOP_QUOTES_AMOUNT.toString() +const currency = __ENV.K6_SCRIPT_FSPIOP_QUOTES_CURRENCY + +export function postQuotes() { + group("Post Quotes", function () { + let payerFsp + let payeeFsp + + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const selectedFsps = getTwoItemsFromArray(fspList) + payerFsp = selectedFsps[0] + payeeFsp = selectedFsps[1] + } + + const quoteId = crypto.randomUUID(); + const transactionId = crypto.randomUUID(); + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + // 'accept': 'application/vnd.interoperability.quotes+json;version=1.0', + 'Content-Type': 'application/json', + 'FSPIOP-Source': payerFspId, + 'FSPIOP-Destination': payeeFspId, + 'Date': (new Date()).toUTCString() + }, + }; + + const body = { + "fspId": payerFspId, + "quotesPostRequest": { + "quoteId": quoteId, + "transactionId": transactionId, + "payee": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payeeFsp['partyId']}`, + "fspId": payeeFspId + } + }, + "payer": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payerFsp['partyId']}`, + "fspId": payerFspId + } + }, + "amountType": "SEND", + "amount": { + "amount": `${amount}`, + "currency": `${currency}` + }, + "transactionType": { + "scenario": "DEPOSIT", + "initiator": "PAYER", + "initiatorType": "AGENT", + } + } + } + + // Lets send the FSPIOP POST /quotes request + const res = http.post(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/quotes`, JSON.stringify(body), params); + check(res, { 'QUOTES_FSPIOP_POST_QUOTES_RESPONSE_IS_200' : (r) => r.status == 200 }); + }); +} diff --git a/packages/k6-tests/scripts/outboundSDKTransfers.js b/packages/k6-tests/scripts/outboundSDKTransfers.js new file mode 100644 index 00000000..c0782e70 --- /dev/null +++ b/packages/k6-tests/scripts/outboundSDKTransfers.js @@ -0,0 +1,91 @@ +import http from 'k6/http'; +import { check, group } from 'k6'; +import exec from 'k6/execution'; +import { getTwoItemsFromArray } from "../common/utils.js"; + +console.log(`Env Vars --> + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL}, + K6_SCRIPT_ABORT_ON_ERROR=${__ENV.K6_SCRIPT_ABORT_ON_ERROR}, + K6_SCRIPT_SDK_ENDPOINT_URL=${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL} +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) + +const abortOnError = (__ENV.K6_SCRIPT_ABORT_ON_ERROR && __ENV.K6_SCRIPT_ABORT_ON_ERROR.toLowerCase() === 'true') ? true : false + +export function postTransfers() { + group("Post Transfers", function () { + let payerFsp + let payeeFsp + + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const selectedFsps = getTwoItemsFromArray(fspList) + payerFsp = selectedFsps[0] + payeeFsp = selectedFsps[1] + } + + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'Date': (new Date()).toUTCString(), + 'Content-Type': 'application/json', + }, + }; + + const body = { + "homeTransactionId": "string", + "from": { + "type": "CONSUMER", + "idType": "MSISDN", + "idValue": "payerFspId", + "displayName": "test payer", + "firstName": "Henrik", + "lastName": "Karlsson", + "fspId": "string" + }, + "to": { + "type": "CONSUMER", + "idType": "MSISDN", + "idValue": "payeeFspId" + }, + "amountType": "SEND", + "currency": "AED", + "amount": "123.45", + "transactionType": "TRANSFER" + } + + // Lets send the FSPIOP POST /transfers request + const postTransferResponse = http.post(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/transfers`, JSON.stringify(body), params); + check(postTransferResponse, { 'TRANSFERS__POST_TRANSFERS_RESPONSE_IS_200' : (r) => r.status == 200 }); + + const transferId = JSON.parse(postTransferResponse.body).transferId + + if (postTransferResponse.status == 200) { + const putTransferacceptPartyResponse = http.put(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/transfers/${transferId}`, JSON.stringify({ + "acceptParty": true + }), params); + check(putTransferacceptPartyResponse, { 'TRANSFERS__PUT_TRANSFERS_ACCEPT_PARTY_RESPONSE_IS_200' : (r) => r.status == 200 }); + + if (putTransferacceptPartyResponse.status == 200) { + const putTransferAcceptQuoteResponse = http.put(`${__ENV.K6_SCRIPT_SDK_ENDPOINT_URL}/transfers/${transferId}`, JSON.stringify({ + "acceptQuote": true + }), params); + check(putTransferAcceptQuoteResponse, { 'TRANSFERS__PUT_TRANSFERS_ACCEPT_QUOTE_RESPONSE_IS_200' : (r) => r.status == 200 }); + } + } + + if (abortOnError && res.status != 200) { + // Abort the entire k6 test exection runner + console.error(traceId, `POST /transfers returned status: ${res.status}`); + exec.test.abort() + } + }); +} diff --git a/packages/k6-tests/scripts/postQuotesPersonalInfoExtensions.js b/packages/k6-tests/scripts/postQuotesPersonalInfoExtensions.js new file mode 100644 index 00000000..4f881b8f --- /dev/null +++ b/packages/k6-tests/scripts/postQuotesPersonalInfoExtensions.js @@ -0,0 +1,182 @@ +import http from 'k6/http'; +import { crypto } from "k6/experimental/webcrypto"; +import { check, fail, sleep, group } from 'k6'; +import { WebSocket } from 'k6/experimental/websockets'; +import { setTimeout, clearTimeout, setInterval, clearInterval } from 'k6/experimental/timers'; +import { Trace } from "../common/trace.js"; +import { getTwoItemsFromArray } from "../common/utils.js"; + +console.log(`Env Vars --> + K6_SCRIPT_WS_TIMEOUT_MS=${__ENV.K6_SCRIPT_WS_TIMEOUT_MS}, + K6_SCRIPT_FSPIOP_QUOTES_ENDPOINT_URL=${__ENV.K6_SCRIPT_FSPIOP_QUOTES_ENDPOINT_URL}, + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL} +`); + +const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) +const amount = __ENV.K6_SCRIPT_FSPIOP_QUOTES_AMOUNT.toString() +const currency = __ENV.K6_SCRIPT_FSPIOP_QUOTES_CURRENCY + +export function postQuotes() { + group("Post Quotes", function () { + let payerFsp + let payeeFsp + + if (__ENV.UNIDIRECTIONAL === "true" || __ENV.UNIDIRECTIONAL === "TRUE") { + payerFsp = fspList[0] + payeeFsp = fspList[1] + } else { + const selectedFsps = getTwoItemsFromArray(fspList) + payerFsp = selectedFsps[0] + payeeFsp = selectedFsps[1] + } + + const startTs = Date.now(); + const quoteId = crypto.randomUUID(); + const transactionId = crypto.randomUUID(); + const payerFspId = payerFsp['fspId']; + const payeeFspId = payeeFsp['fspId']; + const wsUrl = payerFsp['wsUrl']; + const traceParent = Trace(); + const traceId = traceParent.traceId; + const wsChannel = `${traceParent.traceId}/PUT/quotes/${quoteId}`; + const wsURL = `${wsUrl}/${wsChannel}` + const ws = new WebSocket(wsURL); + const wsTimeoutMs = Number(__ENV.K6_SCRIPT_WS_TIMEOUT_MS) || 2000; // user session between 5s and 1m + + var wsTimeoutId = null; + + const clearTimers = () => { + if (wsTimeoutId) { clearTimeout(wsTimeoutId); wsTimeoutId=null } + } + + ws.onclose(() => { + clearTimers(); + }); + + ws.onerror((err) => { + console.error(traceId, err); + check(err, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => false }); + clearTimers(); + ws.close(); + }); + + ws.onmessage = (event) => { + console.info(traceId, `WS message received [${wsChannel}]: ${event.data}`); + check(event.data, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => cbMessage == 'SUCCESS_CALLBACK_RECEIVED' }); + clearTimers(); + ws.close(); + // sleep(1); + }; + + ws.onopen = () => { + console.info(traceId, `WS open on URL: ${wsURL}`); + const params = { + tags: { + payerFspId, + payeeFspId + }, + headers: { + 'accept': 'application/vnd.interoperability.quotes+json;version=1.0', + 'Content-Type': 'application/vnd.interoperability.quotes+json;version=1.0', + 'FSPIOP-Source': payerFspId, + 'FSPIOP-Destination': payeeFspId, + 'Date': (new Date()).toUTCString(), + 'traceparent': traceParent.toString(), + 'tracestate': `tx_end2end_start_ts=${startTs}` + }, + }; + + const body = { + "quoteId": quoteId, + "transactionId": transactionId, + "payer": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payerFsp['partyId']}`, + "fspId": payerFspId, + "extensionList": { + "extension": [ + { + "key": "test1", + "value": "test1" + }, + { + "key": "test2", + "value": "test2" + } + ] + } + }, + "personalInfo": { + "complexName": { + "firstName": "Alice", + "middleName": "A", + "lastName": "Alison" + }, + "dateOfBirth": "1970-01-01" + } + }, + "payee": { + "partyIdInfo": { + "partyIdType": "MSISDN", + "partyIdentifier": `${payeeFsp['partyId']}`, + "fspId": payeeFspId, + "extensionList": { + "extension": [ + { + "key": "test3", + "value": "test3" + }, + { + "key": "test4", + "value": "test4" + } + ] + } + }, + "personalInfo": { + "complexName": { + "firstName": "Bob", + "middleName": "B", + "lastName": "Bloggs" + }, + "dateOfBirth": "1970-01-01" + } + }, + "amountType": "SEND", + "amount": { + "amount": `${amount}`, + "currency": `${currency}` + }, + "transactionType": { + "scenario": "TRANSFER", + "initiator": "PAYER", + "initiatorType": "CONSUMER" + }, + "extensionList": { + "extension": [ + { + "key": "quoteExtension1", + "value": "quoteExtension1" + }, + { + "key": "quoteExtension2", + "value": "quoteExtension2" + } + ] + } + } + + // Lets send the FSPIOP POST /quotes request + const res = http.post(`${__ENV.K6_SCRIPT_FSPIOP_QUOTES_ENDPOINT_URL}/quotes`, JSON.stringify(body), params); + check(res, { 'QUOTES_FSPIOP_POST_QUOTES_RESPONSE_IS_202' : (r) => r.status == 202 }); + + wsTimeoutId = setTimeout(() => { + const errorMsg = `WS timed-out on URL: ${wsURL}` + console.error(traceId, errorMsg); + check(res, { 'QUOTES_E2E_FSPIOP_POST_QUOTES_SUCCESS': (cbMessage) => false }); + ws.close(); + }, wsTimeoutMs); + }; + }); +} diff --git a/packages/k6-tests/scripts/postTransfers.js b/packages/k6-tests/scripts/postTransfers.js index bff46883..aa441919 100644 --- a/packages/k6-tests/scripts/postTransfers.js +++ b/packages/k6-tests/scripts/postTransfers.js @@ -1,6 +1,7 @@ import http from 'k6/http'; import { crypto } from "k6/experimental/webcrypto"; import { check, fail, sleep, group } from 'k6'; +import exec from 'k6/execution'; import { WebSocket } from 'k6/experimental/websockets'; import { setTimeout, clearTimeout, setInterval, clearInterval } from 'k6/timers'; import { Trace } from "../common/trace.js"; @@ -10,7 +11,8 @@ import { uuid } from '../common/uuid.js' console.log(`Env Vars --> K6_SCRIPT_WS_TIMEOUT_MS=${__ENV.K6_SCRIPT_WS_TIMEOUT_MS}, K6_SCRIPT_FSPIOP_TRANSFERS_ENDPOINT_URL=${__ENV.K6_SCRIPT_FSPIOP_TRANSFERS_ENDPOINT_URL}, - K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL} + K6_SCRIPT_FSPIOP_FSP_POOL=${__ENV.K6_SCRIPT_FSPIOP_FSP_POOL}, + K6_SCRIPT_ABORT_ON_ERROR=${__ENV.K6_SCRIPT_ABORT_ON_ERROR} `); const fspList = JSON.parse(__ENV.K6_SCRIPT_FSPIOP_FSP_POOL) @@ -19,6 +21,7 @@ const ilpPacket = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_ILPPACKET const condition = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_CONDITION const amount = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_AMOUNT.toString() const currency = __ENV.K6_SCRIPT_FSPIOP_TRANSFERS_CURRENCY +const abortOnError = (__ENV.K6_SCRIPT_ABORT_ON_ERROR && __ENV.K6_SCRIPT_ABORT_ON_ERROR.toLowerCase() === 'true') ? true : false export function postTransfers() { group("Post Transfers", function () { @@ -107,11 +110,23 @@ export function postTransfers() { const res = http.post(`${__ENV.K6_SCRIPT_FSPIOP_TRANSFERS_ENDPOINT_URL}/transfers`, JSON.stringify(body), params); check(res, { 'TRANSFERS_FSPIOP_POST_TRANSFERS_RESPONSE_IS_202' : (r) => r.status == 202 }); + if (abortOnError && res.status != 202) { + // Abort the entire k6 test exection runner + console.error(traceId, `FSPIOP POST /transfers returned status: ${res.status}`); + ws.close(); + exec.test.abort() + } + wsTimeoutId = setTimeout(() => { const errorMsg = `WS timed-out on URL: ${wsURL}` console.error(traceId, errorMsg); check(res, { 'TRANSFERS_E2E_FSPIOP_POST_TRANSFERS_SUCCESS': (cbMessage) => false }); ws.close(); + if (abortOnError) { + // Abort the entire k6 test exection runner + console.error(traceId, 'Aborting k6 test execution!') + exec.test.abort() + } }, wsTimeoutMs); }; }); diff --git a/packages/kafaka-partitioner-calculator/index.js b/packages/kafaka-partitioner-calculator/index.js index a9d18591..69639487 100644 --- a/packages/kafaka-partitioner-calculator/index.js +++ b/packages/kafaka-partitioner-calculator/index.js @@ -1,8 +1,31 @@ const utf8 = require('utf8'); murmurhash = require('murmurhash'); -const FSP_PREFIX = 'perffsp' -const FSP_NUM = 8 +// Run the following SQL query to get the list of Account ID +// docker exec -it mysql-cl mysql -D central_ledger -e 'select PC.participantCurrencyId from participantCurrency as PC, participant as P, ledgerAccountType as LT where PC.ledgerAccountTypeId=1 AND PC.participantId = P.participantId and LT.ledgerAccountTypeId=PC.ledgerAccountTypeId and P.name LIKE "perffsp%" and PC.currencyId="USD";' + +const FSP_LIST = [ + '7', + '15', + '23', + '31', + '39', + '47', + '55', + '63' +] + +//// Old FSP_LIST +// const FSP_LIST = [ +// 'perffsp1', +// 'perffsp2', +// 'perffsp3', +// 'perffsp4', +// 'perffsp5', +// 'perffsp6', +// 'perffsp7', +// 'perffsp8', +// ] const MAX_INTEGER_SIGNED = 0x7fffffff // ref: https://github.com/apache/pinot/blob/master/pinot-segment-spi/src/main/java/org/apache/pinot/segment/spi/partition/MurmurPartitionFunction.java#L45 const KAFKA_SEED = 0x9747b28c // ref: https://github.com/a0x8o/kafka/blob/master/clients/src/main/java/org/apache/kafka/common/utils/Utils.java#L481 @@ -11,9 +34,11 @@ const ATTEMPTS = parseInt(process.env.ATTEMPTS) || 100 function getPartitionAllocationMap(totalPartitions, breakOnCollision = false) { let partitionFspMap = {} + + const fspNum = FSP_LIST.length - for (let i=1; i<=FSP_NUM; i++) { - const fsp = FSP_PREFIX + i + for (let i=1; i<=fspNum; i++) { + const fsp = FSP_LIST[i-1] const hash = murmurhash.v2(utf8.encode(fsp), KAFKA_SEED) const selectedPartition = (hash & MAX_INTEGER_SIGNED) % totalPartitions; if (partitionFspMap[selectedPartition]) { diff --git a/perf.env b/perf.env index b42f680b..3007114e 100644 --- a/perf.env +++ b/perf.env @@ -11,13 +11,16 @@ K6_OUT=experimental-prometheus-rw # Ref: https://k6.io/docs/results-output/real- # K6_SCRIPT_PAUSE_MIN=5 # K6_SCRIPT_PAUSE_MAX=15 # K6_SCRIPT_WS_TIMEOUT_MS=10000 -K6_SCRIPT_WS_TIMEOUT_MS=100000 +K6_SCRIPT_WS_TIMEOUT_MS=5000 +# K6_SCRIPT_ABORT_ON_ERROR=true #### Use this if we want to hit the ALS in docker-compose # K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL=http://account-lookup-service:4002 #### Use this if we want to bypass ALS -# K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL=http://perffsp2:3001/fspiop +# K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL=http://sim-perffsp2:3001/fspiop #### Use this to hit ALS in a k8s env -K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL=https://intapi.dev1.devbaremetal.moja-onprem.net/parties +K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL=https://intapi.example.com/parties + +REQUEST_PROCESSING_TIMEOUT_SECONDS=5 # [ @@ -33,12 +36,15 @@ K6_SCRIPT_FSPIOP_ALS_ENDPOINT_URL=https://intapi.dev1.devbaremetal.moja-onprem.n ## IMPORTANT: Update pool depending 2dfsp, 4dfsp or 8dfsp docker profile ## NOTE: Unidirectional will take the first two DFSP's in the pool # 8 DFSPs -K6_SCRIPT_FSPIOP_FSP_POOL='[{"partyId":19012345001,"fspId":"perffsp1","wsUrl":"ws://sim-perffsp1:3002"},{"partyId":19012345002,"fspId":"perffsp2","wsUrl":"ws://sim-perffsp2:3002"},{"partyId":19012345003,"fspId":"perffsp3","wsUrl":"ws://sim-perffsp3:3002"},{"partyId":19012345004,"fspId":"perffsp4","wsUrl":"ws://sim-perffsp4:3002"},{"partyId":19012345005,"fspId":"perffsp5","wsUrl":"ws://sim-perffsp5:3002"},{"partyId":19012345006,"fspId":"perffsp6","wsUrl":"ws://sim-perffsp6:3002"},{"partyId":19012345007,"fspId":"perffsp7","wsUrl":"ws://sim-perffsp7:3002"},{"partyId":19012345008,"fspId":"perffsp8","wsUrl":"ws://sim-perffsp8:3002"}]' +# K6_SCRIPT_FSPIOP_FSP_POOL='[{"partyId":19012345001,"fspId":"perffsp1","wsUrl":"ws://sim-perffsp1:3002"},{"partyId":19012345002,"fspId":"perffsp2","wsUrl":"ws://sim-perffsp2:3002"},{"partyId":19012345003,"fspId":"perffsp3","wsUrl":"ws://sim-perffsp3:3002"},{"partyId":19012345004,"fspId":"perffsp4","wsUrl":"ws://sim-perffsp4:3002"},{"partyId":19012345005,"fspId":"perffsp5","wsUrl":"ws://sim-perffsp5:3002"},{"partyId":19012345006,"fspId":"perffsp6","wsUrl":"ws://sim-perffsp6:3002"},{"partyId":19012345007,"fspId":"perffsp7","wsUrl":"ws://sim-perffsp7:3002"},{"partyId":19012345008,"fspId":"perffsp8","wsUrl":"ws://sim-perffsp8:3002"}]' # 2 DFSPs -# K6_SCRIPT_FSPIOP_FSP_POOL='[{"partyId":19012345001,"fspId":"perffsp1","wsUrl":"ws://sim-perffsp1:3002"},{"partyId":19012345002,"fspId":"perffsp2","wsUrl":"ws://sim-perffsp2:3002"}]' +K6_SCRIPT_FSPIOP_FSP_POOL='[{"partyId":19012345001,"fspId":"perffsp1","wsUrl":"ws://sim-perffsp1:3002"},{"partyId":19012345002,"fspId":"perffsp2","wsUrl":"ws://sim-perffsp2:3002"}]' # 4 DFSPs # K6_SCRIPT_FSPIOP_FSP_POOL='[{"partyId":19012345001,"fspId":"perffsp1","wsUrl":"ws://sim-perffsp1:3002"},{"partyId":19012345002,"fspId":"perffsp2","wsUrl":"ws://sim-perffsp2:3002"},{"partyId":19012345003,"fspId":"perffsp3","wsUrl":"ws://sim-perffsp3:3002"},{"partyId":19012345004,"fspId":"perffsp4","wsUrl":"ws://sim-perffsp4:3002"}]' +# SDK DFSPs +# K6_SCRIPT_FSPIOP_FSP_POOL='[{"partyId":19012345001,"fspId":"perffsp1","wsUrl":"ws://sim-fspiop:3002"},{"partyId":19012345002,"fspId":"perffsp2","wsUrl":"ws://sim-fspiop:3002"}]' + K6_SCRIPT_ADMIN_ENDPOINT_URL=http://callback-handler-svc-cl-sim:3001/admin K6_SCRIPT_ORACLE_ENDPOINT_URL=http://callback-handler-svc-oracle-sim:3001/oracle @@ -67,10 +73,10 @@ LOG_LEVEL=info ## Disable Audit & Trace events from being dumped to logfile # EVENT_SDK_LOG_FILTER="" -KAFKA_GENERAL_PARTITIONS_NUM=19 -KAFKA_POSITION_PARTITIONS_NUM=19 -KAFKA_POSITION_BATCH_PARTITIONS_NUM=19 -KAFKA_NOTIFICATION_PARTITIONS_NUM=19 +KAFKA_GENERAL_PARTITIONS_NUM=4 +KAFKA_POSITION_PARTITIONS_NUM=25 +KAFKA_POSITION_BATCH_PARTITIONS_NUM=4 +KAFKA_NOTIFICATION_PARTITIONS_NUM=4 ALS_DATABASE__HOST=mysql-als ALS_DATABASE__USER=account_lookup @@ -96,3 +102,55 @@ CLEDG_DATABASE__SCHEMA=central_ledger ## Batching - Enable following only when position batch handlers are enabled ## To enable position batch handlers, set CENTRAL_LEDGER_POSITION_BATCH_REPLICAS to desired count # CLEDG_KAFKA__EVENT_TYPE_ACTION_TOPIC_MAP__POSITION__PREPARE=topic-transfer-position-batch + +## Configs for default +CONF_ML_API_ADAPTER=ml-api-adapter-disabled-handlers.js +CONF_ML_HANDLER_NOTIFY=ml-handler-notification.js +CONF_CL_SVC=central-ledger-disabled-handlers.js +CONF_CL_HANDLER_PREPARE=central-handlers.js +CONF_CL_HANDLER_POSITION=central-handlers.js +CONF_CL_HANDLER_POSITION_BATCH=central-handlers.js +CONF_CL_HANDLER_FULFIL=central-handlers.js +CONF_CL_HANDLER_ADMIN=central-handlers.js + +## Configs for optimised Kafka configs +# CONF_ML_API_ADAPTER=ml-api-adapter-disabled-handlers-kafka.js +# CONF_ML_HANDLER_NOTIFY=ml-handler-notification-kafka.js +# CONF_CL_HANDLER_PREPARE=central-handlers-kafka.js +# CONF_CL_HANDLER_POSITION=central-handlers-kafka.js +# CONF_CL_HANDLER_POSITION_BATCH=central-handlers-kafka.js +# CONF_CL_HANDLER_FULFIL=central-handlers-kafka.js + +## QS - Quoting Service Config +QS_CACHE__ENUM_DATA_EXPIRES_IN_MS=4170000 +QS_CACHE__PARTICIPANT_DATA_EXPIRES_IN_MS=60000 +QS_SWITCH_ENDPOINT="http://callback-handler-svc-cl-sim:3001/admin" +# Use this for E2E testing +# QS_SWITCH_ENDPOINT="http://central-ledger:3001" +QS_SIMPLE_ROUTING_MODE=false + +# Use this for E2E testing +# ALS_SWITCH_ENDPOINT="http://central-ledger:3001" + +CHECK_ILP=false +JWS_SIGN=false +VALIDATE_JWS_SIGN=false + +# ---- SDK Config ---- +ALLOW_DIFFERENT_TRANSFER_TRANSACTION_ID=true +ALLOW_TRANSFER_WITHOUT_QUOTE=true +JWS_SIGN=false +VALIDATE_JWS_SIGN=false +VALIDATE_INBOUND_JWS=false +DFSP_ID=mojaloop-sdk + +# Inbound SDK config +K6_SCRIPT_SDK_ENDPOINT_URL=http://sdk-scheme-adapter:4000 +PEER_ENDPOINT=sim-fspiop:3001/backend +BACKEND_ENDPOINT=sim-fspiop:3001/backend + +# Outbound SDK config +# K6_SCRIPT_SDK_ENDPOINT_URL=http://sdk-scheme-adapter:4001 +# PEER_ENDPOINT=sim-fspiop:3001/fspiop +# BACKEND_ENDPOINT=sim-fspiop:3001 +