From f7a4215c6877dacf1d514f550ce358e5c7aa3efa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cs=C3=B3ti=20Istv=C3=A1n?= <109945490+csotiistvan@users.noreply.github.com> Date: Thu, 30 May 2024 16:22:03 +0200 Subject: [PATCH] Adding empty gh-pages branch for helm repository --- .editorconfig | 289 -- .github/ISSUE_TEMPLATE/01_bug.md | 43 - .github/ISSUE_TEMPLATE/02_feature_request.md | 31 - .github/ISSUE_TEMPLATE/03_enhancement.md | 30 - .github/ISSUE_TEMPLATE/04_question.md | 20 - .github/workflows/ci-dependency-check.yml | 42 - .github/workflows/ci-main.yml | 63 - .github/workflows/ci-pull-request.yml | 38 - .github/workflows/ci-release-notes.yml | 19 - .github/workflows/ci-release.yml | 65 - .github/workflows/helm-release.yml | 28 - .gitignore | 61 - .grenrc.js | 30 - .ort.yml | 8 - CODEOWNERS | 8 - CODE_OF_CONDUCT.md | 130 - CONTRIBUTING.md | 75 - DB-Changelog-Dockerfile | 3 - Dockerfile | 13 - LICENSE | 201 -- NOTICE | 10 - README.md | 168 - TEST.md | 20 + THIRD-PARTY-NOTICES | 3119 ----------------- ...crets to container with mounted volumes.md | 68 - certs/PlaceYourGatewayAccessKeysHere.md | 59 - codestyle/checkstyle.xml | 319 -- docker-compose.yml | 42 - docs/dgca_overview.png | Bin 50448 -> 0 bytes docs/tng-key-distribution.md | 56 - k8s/helm/tngkds/.helmignore | 23 - k8s/helm/tngkds/Chart.yaml | 32 - k8s/helm/tngkds/README.md | 44 - .../tngkds/charts/tngkds-backend/.helmignore | 23 - .../tngkds/charts/tngkds-backend/Chart.yaml | 24 - .../tngkds/charts/tngkds-backend/README.md | 86 - .../tngkds-backend/templates/_helpers.tpl | 46 - .../tngkds-backend/templates/deployment.yaml | 149 - .../tngkds-backend/templates/service.yaml | 19 - .../charts/tngkds-backend/values-local.yaml | 111 - .../tngkds/charts/tngkds-backend/values.yaml | 176 - .../tngkds/charts/tngkds-postgres/.helmignore | 23 - .../tngkds/charts/tngkds-postgres/Chart.yaml | 24 - .../tngkds/charts/tngkds-postgres/README.md | 45 - .../tngkds-postgres/templates/_helpers.tpl | 46 - .../tngkds-postgres/templates/configmap.yml | 10 - .../tngkds-postgres/templates/deployment.yaml | 52 - .../tngkds-postgres/templates/pv-claim.yaml | 16 - .../tngkds-postgres/templates/secrets.yml | 10 - .../tngkds-postgres/templates/service.yaml | 19 - .../tngkds/charts/tngkds-postgres/values.yaml | 95 - k8s/helm/tngkds/templates/_helpers.tpl | 62 - k8s/helm/tngkds/values.yaml | 43 - owasp/suppressions.xml | 45 - pom.xml | 311 -- settings.xml | 12 - .../KeyDistributionServiceApplication.java | 49 - .../clients/UniversalResolverClient.java | 34 - .../UniversalResolverClientConfig.java | 98 - .../config/KdsConfigProperties.java | 142 - .../config/SchedulerConfig.java | 33 - .../config/ShedLockConfig.java | 50 - .../entity/DecentralizedIdentifierEntity.java | 66 - .../entity/EcPublicKeyJwkEntity.java | 48 - .../entity/PublicKeyJwkEntity.java | 59 - .../entity/RsaPublicKeyJwkEntity.java | 45 - .../entity/ShedlockEntity.java | 52 - .../entity/SignerInformationEntity.java | 94 - .../entity/TrustedIssuerEntity.java | 114 - .../entity/VerificationMethodEntity.java | 74 - .../keydistribution/mapper/DidMapper.java | 87 - .../keydistribution/mapper/IssuerMapper.java | 39 - .../keydistribution/model/DidContext.java | 43 - .../keydistribution/model/DidDocument.java | 48 - .../keydistribution/model/EcPublicKeyJwk.java | 57 - .../model/JwkVerificationMethod.java | 34 - .../keydistribution/model/Proof.java | 44 - .../keydistribution/model/PublicKeyJwk.java | 94 - .../model/RsaPublicKeyJwk.java | 39 - .../keydistribution/model/StringOrObject.java | 37 - .../model/StringOrObjectDeserializer.java | 64 - .../model/VerificationMethod.java | 45 - .../model/VerificationMethodModel.java | 45 - .../model/VerificationMethodReference.java | 36 - .../DecentralizedIdentifierRepository.java | 27 - .../repository/PublicKeyJwkRepository.java | 27 - .../SignerInformationRepository.java | 55 - .../repository/TrustedIssuerRepository.java | 30 - .../VerificationMethodRepository.java | 27 - .../DecentralizedIdentifierService.java | 70 - .../keydistribution/service/KdsCertUtils.java | 34 - .../SignerCertificateDownloadService.java | 60 - .../service/SignerInformationService.java | 217 -- .../service/TrustedIssuerDownloadService.java | 67 - .../service/TrustedIssuerService.java | 100 - .../service/UniversalResolverService.java | 62 - .../service/did/DidTrustListService.java | 439 --- .../service/did/DidUploader.java | 29 - .../service/did/DummyByteSigner.java | 42 - .../service/did/DummyDidUploader.java | 42 - .../service/did/DummyGitUploader.java | 48 - .../service/did/GitProvider.java | 27 - .../service/did/GitUploader.java | 138 - .../KdsDidContextDocumentLoaderConfig.java | 51 - .../service/did/LocalFileDidUploader.java | 92 - .../service/did/LocalKeystoreByteSigner.java | 76 - .../service/did/entity/DidTrustList.java | 41 - .../service/did/entity/DidTrustListEntry.java | 121 - src/main/resources/application-cloud.yml | 13 - src/main/resources/application.yml | 118 - src/main/resources/db/changelog.yaml | 13 - ...create-decentralized-identifier-table.yaml | 30 - .../create-public-key-jwk-table.yaml | 57 - .../db/changelog/create-shedlock-tables.yaml | 38 - .../create-signer-information-table.yaml | 43 - .../create-trusted-issuer-table.yaml | 55 - .../create-verification-method-table.yaml | 58 - src/main/resources/did_contexts/did_v1.json | 58 - .../resources/did_contexts/jws-2020_v1.json | 82 - src/main/resources/logback-spring.xml | 25 - .../DecentralizedIdentifierServiceTest.java | 121 - .../service/DidTrustListServiceTest.java | 481 --- .../SignerCertificateDownloadServiceTest.java | 79 - .../service/SignerInformationServiceTest.java | 51 - .../TrustedIssuerDownloadServiceTest.java | 99 - .../service/UniversalResolverServiceTest.java | 121 - .../testdata/CertificateTestUtils.java | 121 - .../testdata/SignerInformationTestHelper.java | 85 - .../testdata/TrustedIssuerTestHelper.java | 105 - src/test/resources/application.yml | 67 - templates/file-header.txt | 19 - 131 files changed, 20 insertions(+), 12115 deletions(-) delete mode 100644 .editorconfig delete mode 100644 .github/ISSUE_TEMPLATE/01_bug.md delete mode 100644 .github/ISSUE_TEMPLATE/02_feature_request.md delete mode 100644 .github/ISSUE_TEMPLATE/03_enhancement.md delete mode 100644 .github/ISSUE_TEMPLATE/04_question.md delete mode 100644 .github/workflows/ci-dependency-check.yml delete mode 100644 .github/workflows/ci-main.yml delete mode 100644 .github/workflows/ci-pull-request.yml delete mode 100644 .github/workflows/ci-release-notes.yml delete mode 100644 .github/workflows/ci-release.yml delete mode 100644 .github/workflows/helm-release.yml delete mode 100644 .gitignore delete mode 100644 .grenrc.js delete mode 100644 .ort.yml delete mode 100644 CODEOWNERS delete mode 100644 CODE_OF_CONDUCT.md delete mode 100644 CONTRIBUTING.md delete mode 100644 DB-Changelog-Dockerfile delete mode 100644 Dockerfile delete mode 100644 LICENSE delete mode 100644 NOTICE delete mode 100644 README.md create mode 100644 TEST.md delete mode 100644 THIRD-PARTY-NOTICES delete mode 100644 certs/From Files to secrets to container with mounted volumes.md delete mode 100644 certs/PlaceYourGatewayAccessKeysHere.md delete mode 100644 codestyle/checkstyle.xml delete mode 100644 docker-compose.yml delete mode 100644 docs/dgca_overview.png delete mode 100644 docs/tng-key-distribution.md delete mode 100644 k8s/helm/tngkds/.helmignore delete mode 100644 k8s/helm/tngkds/Chart.yaml delete mode 100644 k8s/helm/tngkds/README.md delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/.helmignore delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/README.md delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-backend/values.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/.helmignore delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/README.md delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml delete mode 100644 k8s/helm/tngkds/charts/tngkds-postgres/values.yaml delete mode 100644 k8s/helm/tngkds/templates/_helpers.tpl delete mode 100644 k8s/helm/tngkds/values.yaml delete mode 100644 owasp/suppressions.xml delete mode 100644 pom.xml delete mode 100644 settings.xml delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/config/SchedulerConfig.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/config/ShedLockConfig.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/DecentralizedIdentifierEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/EcPublicKeyJwkEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/PublicKeyJwkEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/RsaPublicKeyJwkEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/ShedlockEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/TrustedIssuerEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/entity/VerificationMethodEntity.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/mapper/DidMapper.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/mapper/IssuerMapper.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/DidContext.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/DidDocument.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/EcPublicKeyJwk.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/JwkVerificationMethod.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/Proof.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/PublicKeyJwk.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/RsaPublicKeyJwk.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/StringOrObject.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/StringOrObjectDeserializer.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethod.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodModel.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodReference.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/repository/DecentralizedIdentifierRepository.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/repository/PublicKeyJwkRepository.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/repository/SignerInformationRepository.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/repository/TrustedIssuerRepository.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/repository/VerificationMethodRepository.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierService.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/KdsCertUtils.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadService.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerService.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/UniversalResolverService.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/DidUploader.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/DummyByteSigner.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/DummyDidUploader.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/DummyGitUploader.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/GitProvider.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/GitUploader.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/KdsDidContextDocumentLoaderConfig.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/LocalFileDidUploader.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustList.java delete mode 100644 src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java delete mode 100644 src/main/resources/application-cloud.yml delete mode 100644 src/main/resources/application.yml delete mode 100644 src/main/resources/db/changelog.yaml delete mode 100644 src/main/resources/db/changelog/create-decentralized-identifier-table.yaml delete mode 100644 src/main/resources/db/changelog/create-public-key-jwk-table.yaml delete mode 100644 src/main/resources/db/changelog/create-shedlock-tables.yaml delete mode 100644 src/main/resources/db/changelog/create-signer-information-table.yaml delete mode 100644 src/main/resources/db/changelog/create-trusted-issuer-table.yaml delete mode 100644 src/main/resources/db/changelog/create-verification-method-table.yaml delete mode 100644 src/main/resources/did_contexts/did_v1.json delete mode 100644 src/main/resources/did_contexts/jws-2020_v1.json delete mode 100644 src/main/resources/logback-spring.xml delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierServiceTest.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadServiceTest.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/service/UniversalResolverServiceTest.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/testdata/CertificateTestUtils.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java delete mode 100644 src/test/java/tng/trustnetwork/keydistribution/testdata/TrustedIssuerTestHelper.java delete mode 100644 src/test/resources/application.yml delete mode 100644 templates/file-header.txt diff --git a/.editorconfig b/.editorconfig deleted file mode 100644 index f0037b3..0000000 --- a/.editorconfig +++ /dev/null @@ -1,289 +0,0 @@ -[*] -charset = utf-8 -end_of_line = crlf -indent_size = 4 -indent_style = space -insert_final_newline = true -max_line_length = 120 -tab_width = 4 -ij_continuation_indent_size = 4 -ij_formatter_off_tag = @formatter:off -ij_formatter_on_tag = @formatter:on -ij_formatter_tags_enabled = true -ij_smart_tabs = false -ij_wrap_on_typing = false - -[*.java] -ij_java_align_multiline_annotation_parameters = false -ij_java_align_multiline_array_initializer_expression = false -ij_java_align_multiline_chained_methods = true -ij_java_align_multiline_method_parentheses = false -ij_java_align_multiline_parameters = true -ij_java_align_multiline_parameters_in_calls = true -ij_java_align_multiline_records = true -ij_java_align_multiline_text_blocks = true -ij_java_align_multiline_throws_list = true -ij_java_align_types_in_multi_catch = true -ij_java_assignment_wrap = normal -ij_java_binary_operation_sign_on_next_line = false -ij_java_binary_operation_wrap = normal -ij_java_blank_lines_after_class_header = 0 -ij_java_blank_lines_after_imports = 1 -ij_java_blank_lines_after_package = 1 -ij_java_blank_lines_around_class = 1 -ij_java_blank_lines_around_field = 0 -ij_java_blank_lines_around_field_in_interface = 0 -ij_java_blank_lines_around_initializer = 1 -ij_java_blank_lines_around_method = 1 -ij_java_blank_lines_around_method_in_interface = 1 -ij_java_blank_lines_before_class_end = 0 -ij_java_blank_lines_before_imports = 1 -ij_java_blank_lines_before_method_body = 1 -ij_java_blank_lines_before_package = 1 -ij_java_block_brace_style = end_of_line -ij_java_block_comment_add_space = false -ij_java_block_comment_at_first_column = true -ij_java_call_parameters_new_line_after_left_paren = false -ij_java_call_parameters_right_paren_on_new_line = false -ij_java_call_parameters_wrap = normal -ij_java_case_statement_on_separate_line = true -ij_java_catch_on_new_line = false -ij_java_class_annotation_wrap = split_into_lines -ij_java_class_brace_style = end_of_line -ij_java_class_count_to_use_import_on_demand = 999 -ij_java_class_names_in_javadoc = 1 -ij_java_deconstruction_list_wrap = normal -ij_java_do_not_indent_top_level_class_members = false -ij_java_do_not_wrap_after_single_annotation = false -ij_java_do_not_wrap_after_single_annotation_in_parameter = false -ij_java_do_while_brace_force = always -ij_java_doc_add_blank_line_after_description = true -ij_java_doc_add_blank_line_after_param_comments = false -ij_java_doc_add_blank_line_after_return = false -ij_java_doc_add_p_tag_on_empty_lines = true -ij_java_doc_align_exception_comments = true -ij_java_doc_align_param_comments = true -ij_java_doc_do_not_wrap_if_one_line = false -ij_java_doc_enable_formatting = true -ij_java_doc_enable_leading_asterisks = true -ij_java_doc_indent_on_continuation = false -ij_java_doc_keep_empty_lines = true -ij_java_doc_keep_empty_parameter_tag = true -ij_java_doc_keep_empty_return_tag = true -ij_java_doc_keep_empty_throws_tag = true -ij_java_doc_keep_invalid_tags = true -ij_java_doc_param_description_on_new_line = false -ij_java_doc_preserve_line_breaks = false -ij_java_doc_use_throws_not_exception_tag = true -ij_java_else_on_new_line = false -ij_java_enum_constants_wrap = normal -ij_java_extends_keyword_wrap = normal -ij_java_extends_list_wrap = normal -ij_java_field_annotation_wrap = split_into_lines -ij_java_finally_on_new_line = false -ij_java_for_brace_force = always -ij_java_for_statement_new_line_after_left_paren = false -ij_java_for_statement_right_paren_on_new_line = false -ij_java_for_statement_wrap = normal -ij_java_generate_final_locals = false -ij_java_generate_final_parameters = false -ij_java_if_brace_force = always -ij_java_imports_layout = $*, |, * -ij_java_indent_case_from_switch = true -ij_java_insert_inner_class_imports = false -ij_java_insert_override_annotation = true -ij_java_keep_blank_lines_before_right_brace = 2 -ij_java_keep_blank_lines_between_package_declaration_and_header = 2 -ij_java_keep_blank_lines_in_code = 2 -ij_java_keep_blank_lines_in_declarations = 2 -ij_java_keep_builder_methods_indents = false -ij_java_keep_control_statement_in_one_line = true -ij_java_keep_first_column_comment = true -ij_java_keep_indents_on_empty_lines = false -ij_java_keep_line_breaks = true -ij_java_keep_multiple_expressions_in_one_line = false -ij_java_keep_simple_blocks_in_one_line = false -ij_java_keep_simple_classes_in_one_line = false -ij_java_keep_simple_lambdas_in_one_line = false -ij_java_keep_simple_methods_in_one_line = false -ij_java_label_indent_absolute = false -ij_java_label_indent_size = 0 -ij_java_lambda_brace_style = end_of_line -ij_java_layout_static_imports_separately = true -ij_java_line_comment_add_space = false -ij_java_line_comment_add_space_on_reformat = false -ij_java_line_comment_at_first_column = true -ij_java_method_annotation_wrap = split_into_lines -ij_java_method_brace_style = end_of_line -ij_java_method_call_chain_wrap = normal -ij_java_method_parameters_new_line_after_left_paren = false -ij_java_method_parameters_right_paren_on_new_line = false -ij_java_method_parameters_wrap = normal -ij_java_modifier_list_wrap = false -ij_java_multi_catch_types_wrap = normal -ij_java_names_count_to_use_import_on_demand = 999 -ij_java_new_line_after_lparen_in_annotation = false -ij_java_new_line_after_lparen_in_deconstruction_pattern = true -ij_java_new_line_after_lparen_in_record_header = false -ij_java_packages_to_use_import_on_demand = -ij_java_parameter_annotation_wrap = normal -ij_java_parameter_name_prefix = -ij_java_parameter_name_suffix = -ij_java_parentheses_expression_new_line_after_left_paren = false -ij_java_parentheses_expression_right_paren_on_new_line = false -ij_java_place_assignment_sign_on_next_line = false -ij_java_prefer_longer_names = true -ij_java_prefer_parameters_wrap = false -ij_java_record_components_wrap = normal -ij_java_repeat_synchronized = true -ij_java_replace_instanceof_and_cast = false -ij_java_replace_null_check = true -ij_java_replace_sum_lambda_with_method_ref = true -ij_java_space_after_colon = true -ij_java_space_after_comma = true -ij_java_space_after_comma_in_type_arguments = true -ij_java_space_after_for_semicolon = true -ij_java_space_after_quest = true -ij_java_space_after_type_cast = true -ij_java_space_before_annotation_array_initializer_left_brace = false -ij_java_space_before_annotation_parameter_list = false -ij_java_space_before_array_initializer_left_brace = true -ij_java_space_before_catch_keyword = true -ij_java_space_before_catch_left_brace = true -ij_java_space_before_catch_parentheses = true -ij_java_space_before_class_left_brace = true -ij_java_space_before_colon = true -ij_java_space_before_colon_in_foreach = true -ij_java_space_before_comma = false -ij_java_space_before_deconstruction_list = false -ij_java_space_before_do_left_brace = true -ij_java_space_before_else_keyword = true -ij_java_space_before_else_left_brace = true -ij_java_space_before_finally_keyword = true -ij_java_space_before_finally_left_brace = true -ij_java_space_before_for_left_brace = true -ij_java_space_before_for_parentheses = true -ij_java_space_before_for_semicolon = false -ij_java_space_before_if_left_brace = true -ij_java_space_before_if_parentheses = true -ij_java_space_before_method_call_parentheses = false -ij_java_space_before_method_left_brace = true -ij_java_space_before_method_parentheses = false -ij_java_space_before_opening_angle_bracket_in_type_parameter = false -ij_java_space_before_quest = true -ij_java_space_before_switch_left_brace = true -ij_java_space_before_switch_parentheses = true -ij_java_space_before_synchronized_left_brace = true -ij_java_space_before_synchronized_parentheses = true -ij_java_space_before_try_left_brace = true -ij_java_space_before_try_parentheses = true -ij_java_space_before_type_parameter_list = false -ij_java_space_before_while_keyword = true -ij_java_space_before_while_left_brace = true -ij_java_space_before_while_parentheses = true -ij_java_space_inside_one_line_enum_braces = false -ij_java_space_within_empty_array_initializer_braces = false -ij_java_space_within_empty_method_call_parentheses = false -ij_java_space_within_empty_method_parentheses = false -ij_java_spaces_around_additive_operators = true -ij_java_spaces_around_annotation_eq = true -ij_java_spaces_around_assignment_operators = true -ij_java_spaces_around_bitwise_operators = true -ij_java_spaces_around_equality_operators = true -ij_java_spaces_around_lambda_arrow = true -ij_java_spaces_around_logical_operators = true -ij_java_spaces_around_method_ref_dbl_colon = false -ij_java_spaces_around_multiplicative_operators = true -ij_java_spaces_around_relational_operators = true -ij_java_spaces_around_shift_operators = true -ij_java_spaces_around_type_bounds_in_type_parameters = true -ij_java_spaces_around_unary_operator = false -ij_java_spaces_within_angle_brackets = false -ij_java_spaces_within_annotation_parentheses = false -ij_java_spaces_within_array_initializer_braces = false -ij_java_spaces_within_braces = false -ij_java_spaces_within_brackets = false -ij_java_spaces_within_cast_parentheses = false -ij_java_spaces_within_catch_parentheses = false -ij_java_spaces_within_deconstruction_list = false -ij_java_spaces_within_for_parentheses = false -ij_java_spaces_within_if_parentheses = false -ij_java_spaces_within_method_call_parentheses = false -ij_java_spaces_within_method_parentheses = false -ij_java_spaces_within_parentheses = false -ij_java_spaces_within_record_header = false -ij_java_spaces_within_switch_parentheses = false -ij_java_spaces_within_synchronized_parentheses = false -ij_java_spaces_within_try_parentheses = false -ij_java_spaces_within_while_parentheses = false -ij_java_special_else_if_treatment = true -ij_java_static_field_name_prefix = -ij_java_static_field_name_suffix = -ij_java_test_name_suffix = Test -ij_java_use_fq_class_names = false -ij_java_use_relative_indents = false -ij_java_use_single_class_imports = true -ij_java_variable_annotation_wrap = normal -ij_java_visibility = public -ij_java_wrap_comments = false -ij_java_wrap_first_method_in_call_chain = false -ij_java_wrap_long_lines = false - -[.editorconfig] -ij_editorconfig_align_group_field_declarations = false -ij_editorconfig_space_after_colon = false -ij_editorconfig_space_after_comma = true -ij_editorconfig_space_before_colon = false -ij_editorconfig_space_before_comma = false -ij_editorconfig_spaces_around_assignment_operators = true - -[{*.ant,*.fxml,*.jhm,*.jnlp,*.jrxml,*.pom,*.rng,*.tld,*.wadl,*.wsdd,*.wsdl,*.xjb,*.xml,*.xsd,*.xsl,*.xslt,*.xul}] -ij_xml_align_attributes = true -ij_xml_align_text = false -ij_xml_attribute_wrap = normal -ij_xml_block_comment_add_space = false -ij_xml_block_comment_at_first_column = true -ij_xml_keep_blank_lines = 2 -ij_xml_keep_indents_on_empty_lines = false -ij_xml_keep_line_breaks = true -ij_xml_keep_line_breaks_in_text = true -ij_xml_keep_whitespaces = false -ij_xml_keep_whitespaces_around_cdata = preserve -ij_xml_keep_whitespaces_inside_cdata = false -ij_xml_line_comment_at_first_column = true -ij_xml_space_after_tag_name = false -ij_xml_space_around_equals_in_attribute = false -ij_xml_space_inside_empty_tag = false -ij_xml_text_wrap = normal - -[{*.http,*.rest}] -indent_size = 0 -ij_http-request_call_parameters_wrap = normal -ij_http-request_method_parameters_wrap = split_into_lines -ij_http-request_space_before_comma = true -ij_http-request_spaces_around_assignment_operators = true - -[{*.markdown,*.md}] -ij_markdown_force_one_space_after_blockquote_symbol = true -ij_markdown_force_one_space_after_header_symbol = true -ij_markdown_force_one_space_after_list_bullet = true -ij_markdown_force_one_space_between_words = true -ij_markdown_format_tables = true -ij_markdown_insert_quote_arrows_on_wrap = true -ij_markdown_keep_indents_on_empty_lines = false -ij_markdown_keep_line_breaks_inside_text_blocks = true -ij_markdown_max_lines_around_block_elements = 1 -ij_markdown_max_lines_around_header = 1 -ij_markdown_max_lines_between_paragraphs = 1 -ij_markdown_min_lines_around_block_elements = 1 -ij_markdown_min_lines_around_header = 1 -ij_markdown_min_lines_between_paragraphs = 1 -ij_markdown_wrap_text_if_long = true -ij_markdown_wrap_text_inside_blockquotes = true - -[{*.yaml,*.yml}] -indent_size = 2 -ij_yaml_keep_line_breaks = true -ij_yaml_space_before_colon = false -ij_yaml_spaces_within_braces = false -ij_yaml_spaces_within_brackets = true diff --git a/.github/ISSUE_TEMPLATE/01_bug.md b/.github/ISSUE_TEMPLATE/01_bug.md deleted file mode 100644 index 0c12e2d..0000000 --- a/.github/ISSUE_TEMPLATE/01_bug.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -name: "\U0001F6A8 Bug" -about: Did you come across a bug or unexpected behaviour differing from the docs? -labels: bug ---- - - - -## Describe the bug - - - -## Expected behaviour - - - -## Steps to reproduce the issue - - - - - -## Technical details - -- Host Machine OS (Windows/Linux/Mac): - -## Possible Fix - - - -## Additional context - - diff --git a/.github/ISSUE_TEMPLATE/02_feature_request.md b/.github/ISSUE_TEMPLATE/02_feature_request.md deleted file mode 100644 index ad11b6b..0000000 --- a/.github/ISSUE_TEMPLATE/02_feature_request.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -name: "\U0001F381 Feature Request" -about: Do you have an idea for a new feature? -labels: feature request ---- - - - -## Feature description - - - -## Problem and motivation - - - -## Is this something you're interested in working on - - diff --git a/.github/ISSUE_TEMPLATE/03_enhancement.md b/.github/ISSUE_TEMPLATE/03_enhancement.md deleted file mode 100644 index bbdc3b7..0000000 --- a/.github/ISSUE_TEMPLATE/03_enhancement.md +++ /dev/null @@ -1,30 +0,0 @@ ---- -name: "\u23F1\uFE0F Enhancement" -about: Do you have an idea for an enhancement? -labels: enhancement ---- - - - -## Current Implementation - - - -## Suggested Enhancement - - - -## Expected Benefits - - diff --git a/.github/ISSUE_TEMPLATE/04_question.md b/.github/ISSUE_TEMPLATE/04_question.md deleted file mode 100644 index 2be9b92..0000000 --- a/.github/ISSUE_TEMPLATE/04_question.md +++ /dev/null @@ -1,20 +0,0 @@ ---- -name: "\U00002753 Question" -about: If you have questions about pieces of the code or documentation for this component, please post them here. -labels: question ---- - - - -## Your Question - - - -* Source File: -* Line(s): -* Question: diff --git a/.github/workflows/ci-dependency-check.yml b/.github/workflows/ci-dependency-check.yml deleted file mode 100644 index c1dbf27..0000000 --- a/.github/workflows/ci-dependency-check.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: ci-dependency-check -on: - schedule: - - cron: "0 1 * * 0" # Each Sunday at 01:00 UTC - pull_request: - types: - - opened - - synchronize - - reopened -jobs: - build: - runs-on: ubuntu-22.04 - steps: - - uses: actions/setup-java@v2 - with: - java-version: 17 - distribution: adopt - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - uses: actions/cache@v2 - with: - path: | - ~/.m2/repository - key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - - name: version - run: |- - APP_SHA=$(git rev-parse --short ${GITHUB_SHA}) - APP_LATEST_REV=$(git rev-list --tags --max-count=1) - APP_LATEST_TAG=$(git describe --tags ${APP_LATEST_REV} 2> /dev/null || echo 0.0.0) - echo "APP_VERSION=${APP_LATEST_TAG}-${APP_SHA}" >> ${GITHUB_ENV} - - name: mvn - run: |- - mvn dependency-check:check \ - --batch-mode \ - --file ./pom.xml \ - --settings ./settings.xml \ - --define app.packages.username="${APP_PACKAGES_USERNAME}" \ - --define app.packages.password="${APP_PACKAGES_PASSWORD}" \ - env: - APP_PACKAGES_USERNAME: ${{ github.actor }} - APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml deleted file mode 100644 index ef4e986..0000000 --- a/.github/workflows/ci-main.yml +++ /dev/null @@ -1,63 +0,0 @@ -name: ci-main -on: - workflow_dispatch: - push: - branches: - - main - -jobs: - build: - runs-on: ubuntu-22.04 - steps: - - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: adopt - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: actions/cache@v3 - with: - path: | - ~/.m2/repository - key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - - name: version - run: |- - APP_SHA=$(git rev-parse --short ${GITHUB_SHA}) - APP_LATEST_REV=$(git rev-list --tags --max-count=1) - APP_LATEST_TAG=$(git describe --tags ${APP_LATEST_REV} 2> /dev/null || echo 0.0.0) - echo "APP_VERSION=${APP_LATEST_TAG}-${APP_SHA}" >> ${GITHUB_ENV} - - name: mvn - run: |- - mvn versions:set \ - --batch-mode \ - --file ./pom.xml \ - --settings ./settings.xml \ - --define newVersion="${APP_VERSION}" - mvn clean verify \ - --batch-mode \ - --file ./pom.xml \ - --settings ./settings.xml \ - --define app.packages.username="${APP_PACKAGES_USERNAME}" \ - --define app.packages.password="${APP_PACKAGES_PASSWORD}" - env: - APP_PACKAGES_USERNAME: ${{ github.actor }} - APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - - name: docker - run: >- - echo "${APP_PACKAGES_PASSWORD}" | - docker login "${APP_PACKAGES_URL}" - --username "${APP_PACKAGES_USERNAME}" - --password-stdin; - docker build . - --file ./Dockerfile - --tag "${APP_PACKAGES_URL}:${APP_VERSION}"; - docker push "${APP_PACKAGES_URL}:${APP_VERSION}"; - docker build . - --file ./DB-Changelog-Dockerfile - --tag "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}"; - docker push "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}"; - env: - APP_PACKAGES_URL: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution - APP_PACKAGES_USERNAME: ${{ github.actor }} - APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml deleted file mode 100644 index 6604214..0000000 --- a/.github/workflows/ci-pull-request.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: ci-pull-request -on: - pull_request: - types: - - opened - - synchronize - - reopened -jobs: - build: - runs-on: ubuntu-22.04 - steps: - - uses: actions/setup-java@v2 - with: - java-version: 17 - distribution: adopt - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - uses: actions/cache@v2 - with: - path: | - ~/.m2/repository - key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - - name: mvn - run: |- - mvn clean package \ - --batch-mode \ - --file ./pom.xml \ - --settings ./settings.xml \ - --define app.packages.username="${APP_PACKAGES_USERNAME}" \ - --define app.packages.password="${APP_PACKAGES_PASSWORD}" - env: - APP_PACKAGES_USERNAME: ${{ github.actor }} - APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - - name: docker - run: |- - docker build . \ - --file ./Dockerfile diff --git a/.github/workflows/ci-release-notes.yml b/.github/workflows/ci-release-notes.yml deleted file mode 100644 index 2b391a7..0000000 --- a/.github/workflows/ci-release-notes.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: ci-release-notes -on: - release: - types: - - created -jobs: - release-notes: - runs-on: ubuntu-22.04 - env: - APP_VERSION: ${{ github.event.release.tag_name }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: release-notes - run: npx github-release-notes release --override --tags ${APP_VERSION} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GREN_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml deleted file mode 100644 index eb49f05..0000000 --- a/.github/workflows/ci-release.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: ci-release -on: - release: - types: - - created -jobs: - build: - runs-on: ubuntu-22.04 - env: - APP_VERSION: ${{ github.event.release.tag_name }} - steps: - - uses: actions/setup-java@v4 - with: - java-version: 17 - distribution: adopt - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: actions/cache@v3 - with: - path: | - ~/.m2/repository - key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }} - - name: mvn - run: |- - mvn versions:set \ - --batch-mode \ - --file ./pom.xml \ - --settings ./settings.xml \ - --define newVersion="${APP_VERSION}" - mvn clean deploy \ - --batch-mode \ - --file ./pom.xml \ - --settings ./settings.xml \ - --define app.packages.username="${APP_PACKAGES_USERNAME}" \ - --define app.packages.password="${APP_PACKAGES_PASSWORD}" - env: - APP_PACKAGES_USERNAME: ${{ github.actor }} - APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - - name: docker - run: |- - echo "${APP_PACKAGES_PASSWORD}" | docker login "${APP_PACKAGES_URL}" \ - --username "${APP_PACKAGES_USERNAME}" \ - --password-stdin - docker build . \ - --file ./Dockerfile \ - --tag "${APP_PACKAGES_URL}:latest" \ - --tag "${APP_PACKAGES_URL}:${APP_VERSION}" - docker push "${APP_PACKAGES_URL}:latest" - docker push "${APP_PACKAGES_URL}:${APP_VERSION}" - docker build . - --file ./DB-Changelog-Dockerfile - --tag "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}"; - docker push "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}"; - env: - APP_PACKAGES_URL: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution - APP_PACKAGES_USERNAME: ${{ github.actor }} - APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }} - - name: assets - run: |- - gh release upload ${APP_VERSION} \ - --clobber \ - ./target/generated-resources/licenses.xml#licenses-${APP_VERSION}.xml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml deleted file mode 100644 index 231fb52..0000000 --- a/.github/workflows/helm-release.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Release Charts - -on: - release: - types: - - created - workflow_dispatch: # This allows the workflow to be triggered manually - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.6.0 - with: - charts_dir: "k8s/charts" # Specify the path to your charts directory - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" \ No newline at end of file diff --git a/.gitignore b/.gitignore deleted file mode 100644 index ae5f491..0000000 --- a/.gitignore +++ /dev/null @@ -1,61 +0,0 @@ -HELP.md -target/ -!.mvn/wrapper/maven-wrapper.jar -!**/src/main/** -!**/src/test/** - -application-local.yml - -### STS ### -.apt_generated -.classpath -.factorypath -.project -.settings -.springBeans -.sts4-cache - -### IntelliJ IDEA ### -.idea -*.iws -*.iml -*.ipr -.jpb - -### NetBeans ### -/nbproject/ -/nbbuild/ -/dist/ -/.nb-gradle/ -build/ - -### VS Code ### -.vscode/ - -### Others ### -~$*.docx -*.b64 -/testdata/ -*.log - -/keystore - -/tools/* -!/tools/*.bat -!/tools/*.sh - -### MAC OS ### -.DS_STORE - -.settings.xml -pom.xml.versionsBackup - -### Helm Charts ### -Chart.lock - -### Certificates -*.pem -*.cer -*.key -*.p12 -*.jks diff --git a/.grenrc.js b/.grenrc.js deleted file mode 100644 index e50821e..0000000 --- a/.grenrc.js +++ /dev/null @@ -1,30 +0,0 @@ -module.exports = { - "dataSource": "prs", - "prefix": "", - "onlyMilestones": false, - "groupBy": { - "Enhancements": [ - "enhancement", - "internal" - ], - "Bug Fixes": [ - "bug" - ], - "Documentation": [ - "documentation" - ], - "Others": [ - "other" - ] - }, - "changelogFilename": "CHANGELOG.md", - "template": { - commit: ({ message, url, author, name }) => `- [${message}](${url}) - ${author ? `@${author}` : name}`, - issue: "- {{name}} [{{text}}]({{url}})", - noLabel: "other", - group: "\n#### {{heading}}\n", - changelogTitle: "# Changelog\n\n", - release: "## {{release}} ({{date}})\n{{body}}", - releaseSeparator: "\n---\n\n" - } -} diff --git a/.ort.yml b/.ort.yml deleted file mode 100644 index b8727c9..0000000 --- a/.ort.yml +++ /dev/null @@ -1,8 +0,0 @@ -excludes: - scopes: - - pattern: "provided" - reason: "PROVIDED_DEPENDENCY_OF" - comment: "Packages provided at runtime by the JDK or container only." - - pattern: "test" - reason: "TEST_DEPENDENCY_OF" - comment: "Packages for testing only." \ No newline at end of file diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index 6fdd46c..0000000 --- a/CODEOWNERS +++ /dev/null @@ -1,8 +0,0 @@ -# This file provides an overview of code owners in this repository. - -# Each line is a file pattern followed by one or more owners. -# The last matching pattern has the most precedence. -# For more details, read the following article on GitHub: https://help.github.com/articles/about-codeowners/. - -# These are the default owners for the whole content of this repository. The default owners are automatically added as reviewers when you open a pull request, unless different owners are specified in the file. -* @eu-digital-green-certificates/dgca-verifier-service-members diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index e1811e0..0000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,130 +0,0 @@ - -# Contributor Covenant Code of Conduct - -## Our Pledge - -We as members, contributors, and leaders pledge to make participation in our -community a harassment-free experience for everyone, regardless of age, body -size, visible or invisible disability, ethnicity, sex characteristics, gender -identity and expression, level of experience, education, socio-economic status, -nationality, personal appearance, race, religion, or sexual identity -and orientation. - -We pledge to act and interact in ways that contribute to an open, welcoming, -diverse, inclusive, and healthy community. - -## Our Standards - -Examples of behavior that contributes to a positive environment for our -community include: - -* Demonstrating empathy and kindness toward other people -* Being respectful of differing opinions, viewpoints, and experiences -* Giving and gracefully accepting constructive feedback -* Accepting responsibility and apologizing to those affected by our mistakes, - and learning from the experience -* Focusing on what is best not just for us as individuals, but for the - overall community - -Examples of unacceptable behavior include: - -* The use of sexualized language or imagery, and sexual attention or - advances of any kind -* Trolling, insulting or derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or email - address, without their explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Enforcement Responsibilities - -Community leaders are responsible for clarifying and enforcing our standards of -acceptable behavior and will take appropriate and fair corrective action in -response to any behavior that they deem inappropriate, threatening, offensive, -or harmful. - -Community leaders have the right and responsibility to remove, edit, or reject -comments, commits, code, wiki edits, issues, and other contributions that are -not aligned to this Code of Conduct, and will communicate reasons for moderation -decisions when appropriate. - -## Scope - -This Code of Conduct applies within all community spaces, and also applies when -an individual is officially representing the community in public spaces. -Examples of representing our community include using an official e-mail address, -posting via an official social media account, or acting as an appointed -representative at an online or offline event. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported to the community leaders responsible for enforcement at -[opensource@telekom.de](mailto:opensource@telekom.de). -All complaints will be reviewed and investigated promptly and fairly. - -All community leaders are obligated to respect the privacy and security of the -reporter of any incident. - -## Enforcement Guidelines - -Community leaders will follow these Community Impact Guidelines in determining -the consequences for any action they deem in violation of this Code of Conduct: - -### 1. Correction - -**Community Impact**: Use of inappropriate language or other behavior deemed -unprofessional or unwelcome in the community. - -**Consequence**: A private, written warning from community leaders, providing -clarity around the nature of the violation and an explanation of why the -behavior was inappropriate. A public apology may be requested. - -### 2. Warning - -**Community Impact**: A violation through a single incident or series -of actions. - -**Consequence**: A warning with consequences for continued behavior. No -interaction with the people involved, including unsolicited interaction with -those enforcing the Code of Conduct, for a specified period of time. This -includes avoiding interactions in community spaces as well as external channels -like social media. Violating these terms may lead to a temporary or -permanent ban. - -### 3. Temporary Ban - -**Community Impact**: A serious violation of community standards, including -sustained inappropriate behavior. - -**Consequence**: A temporary ban from any sort of interaction or public -communication with the community for a specified period of time. No public or -private interaction with the people involved, including unsolicited interaction -with those enforcing the Code of Conduct, is allowed during this period. -Violating these terms may lead to a permanent ban. - -### 4. Permanent Ban - -**Community Impact**: Demonstrating a pattern of violation of community -standards, including sustained inappropriate behavior, harassment of an -individual, or aggression toward or disparagement of classes of individuals. - -**Consequence**: A permanent ban from any sort of public interaction within -the community. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], -version 2.0, available at -https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. - -Community Impact Guidelines were inspired by [Mozilla's code of conduct -enforcement ladder](https://github.com/mozilla/diversity). - -[homepage]: https://www.contributor-covenant.org - -For answers to common questions about this code of conduct, see the FAQ at -https://www.contributor-covenant.org/faq. Translations are available at -https://www.contributor-covenant.org/translations. - diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index d97f377..0000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,75 +0,0 @@ -# Contributing - -## Code of conduct - -All members of the project community must abide by the [Contributor Covenant, version 2.0](CODE_OF_CONDUCT.md). -Only by respecting each other can we develop a productive, collaborative community. -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting [opensource@telekom.de](mailto:opensource@telekom.de) and/or a project maintainer. - -We appreciate your courtesy of avoiding political questions here. Issues which are not related to the project itself will be closed by our community managers. - -## Engaging in our project - -We use GitHub to manage reviews of pull requests. - -* If you are a new contributor, see: [Steps to Contribute](#steps-to-contribute) - -* If you have a trivial fix or improvement, go ahead and create a pull request, addressing (with `@...`) a suitable maintainer of this repository (see [CODEOWNERS](CODEOWNERS) of the repository you want to contribute to) in the description of the pull request. - -* If you plan to do something more involved, please reach out to us and send an [email](mailto:opensource@telekom.de). This will avoid unnecessary work and surely give you and us a good deal of inspiration. - -* Relevant coding style guidelines are available in the respective sub-repositories as they are programming language-dependent. - -## Steps to Contribute - -Should you wish to work on an issue, please claim it first by commenting on the GitHub issue that you want to work on. This is to prevent duplicated efforts from other contributors on the same issue. - -If you have questions about one of the issues, please comment on them, and one of the maintainers will clarify. - -We kindly ask you to follow the [Pull Request Checklist](#Pull-Request-Checklist) to ensure reviews can happen accordingly. - -## Contributing Code - -You are welcome to contribute code in order to fix a bug or to implement a new feature. - -The following rule governs code contributions: - -* Contributions must be licensed under the [Apache 2.0 License](./LICENSE) -* Newly created files must be opened by an instantiated version of the file 'templates/file-header.txt' -* At least if you add a new file to the repository, add your name into the contributor section of the file NOTICE (please respect the preset entry structure) - -## Contributing Documentation - -You are welcome to contribute documentation to the project. - -The following rule governs documentation contributions: - -* Contributions must be licensed under the same license as code, the [Apache 2.0 License](./LICENSE) - -## Pull Request Checklist - -* Branch from the main branch and, if needed, rebase to the current main branch before submitting your pull request. If it doesn't merge cleanly with main you may be asked to rebase your changes. - -* Commits should be as small as possible while ensuring that each commit is correct independently (i.e., each commit should compile and pass tests). - -* Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests. If tested manually, provide information about the test scope in the PR description (e.g. “Test passed: Upgrade version from 0.42 to 0.42.23.”). - -* Create _Work In Progress [WIP]_ pull requests only if you need clarification or an explicit review before you can continue your work item. - -* If your patch is not getting reviewed or you need a specific person to review it, you can @-reply a reviewer asking for a review in the pull request or a comment, or you can ask for a review by contacting us via [email](mailto:opensource@telekom.de). - -* Post review: - * If a review requires you to change your commit(s), please test the changes again. - * Amend the affected commit(s) and force push onto your branch. - * Set respective comments in your GitHub review to resolved. - * Create a general PR comment to notify the reviewers that your amendments are ready for another round of review. - -## Issues and Planning - -* We use GitHub issues to track bugs and enhancement requests. - -* Please provide as much context as possible when you open an issue. The information you provide must be comprehensive enough to reproduce that issue for the assignee. Therefore, contributors may use but aren't restricted to the issue template provided by the project maintainers. - -* When creating an issue, try using one of our issue templates which already contain some guidelines on which content is expected to process the issue most efficiently. If no template applies, you can of course also create an issue from scratch. - -* Please apply one or more applicable [labels](/../../labels) to your issue so that all community members are able to cluster the issues better. diff --git a/DB-Changelog-Dockerfile b/DB-Changelog-Dockerfile deleted file mode 100644 index 5b7b375..0000000 --- a/DB-Changelog-Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM liquibase/liquibase - -COPY /src/main/resources/db /liquibase/db diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 4b57ed3..0000000 --- a/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM eclipse-temurin:17-jre - -WORKDIR / - -COPY [ "./target/*.jar", "/tng-key-distribution.jar" ] - -ENV JAVA_OPTS="$JAVA_OPTS -Xms256M -Xmx1G" - -EXPOSE 8080 - -USER 65534:65534 - -ENTRYPOINT [ "sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/./urandom -jar /tng-key-distribution.jar" ] diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/NOTICE b/NOTICE deleted file mode 100644 index d7bf1bb..0000000 --- a/NOTICE +++ /dev/null @@ -1,10 +0,0 @@ -Copyright (c) 2021 T-Systems International GmbH and all other contributors. - -This project is licensed under Apache License, Version 2.0; -you may not use them except in compliance with the License. - -Contributors: -------------- - -Daniel Eder [daniel-eder], T-Mobile International Austria GmbH -Andreas Scheibal [ascheibal], T-Systems International GmbH \ No newline at end of file diff --git a/README.md b/README.md deleted file mode 100644 index fb5f5a6..0000000 --- a/README.md +++ /dev/null @@ -1,168 +0,0 @@ -

- TNG Key Distribution Service -

- -
- - - -
- -

- About • - Development • - Documentation • - Support • - Contribute • - Contributors • - Licensing -

- -## About - -This repository contains the source code of the TNG Key Distribution Service. - -The TNG Key Distribution Service is part of the national backends of the participants and caches the public keys that are distributed through the Trust Network Gateway [(TNG)](https://github.com/worldhealthorganization/smart-trust-network-gateway). It can be accessed by clients distributed by the particapants to update their local key store periodically e.g. for offline verification scenarios. - -## Development - -**Note:** The Key Distribution Service needs a connection to the gateway in order to run. There is no standalone version available. - -### Prerequisites - -- [Open JDK 17](https://openjdk.java.net) -- [Maven](https://maven.apache.org) -- [Docker](https://www.docker.com) -- An installation of the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway) -- Keys to access the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway) via the - [DDCC Connector](https://github.com/worldhealthorganization/ddcc-gateway-lib) of the [DDCC-Gateway-Lib](https://github.com/worldhealthorganization/ddcc-gateway-lib) -- Authenticate to [Github Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry) - -#### Acessing the Trust Network Gateway (TNG) -

- -For accessing a local development installation of the TNG appropriate private/public key material must be generated. As the gateway checks the right keyusages of the certificates, you can either adapt to the information given at the [WHO Concepts Certificate Governance Site](https://worldhealthorganization.github.io/smart-trust/concepts_certificate_governance.html#certificate-templates) or use the generation script provided on [GitHub 'participants template' repository](https://github.com/WorldHealthOrganization/tng-participant-template) - -For accessing the TNG a participant must be onboarded following the [WHO onboarding procedure](https://worldhealthorganization.github.io/smart-trust/concepts_onboarding.html) which will give access to the TNG API. - - - -For more information on how to generate certificates for TNG and how to run your own local one, please have a look in the documentation of the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway). - -#### Authenticating in to GitHub Packages - -As some of the required libraries (and/or versions are pinned/available only from GitHub Packages) You need to authenticate -to [GitHub Packages](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry) -The following steps need to be followed - -- Create [PAT](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) with scopes: - - `read:packages` for downloading packages - -##### GitHub Maven - -- Copy/Augment `~/.m2/settings.xml` with the contents of `settings.xml` present in this repository - - Replace `${app.packages.username}` with your github username - - Replace `${app.packages.password}` with the generated PAT - -##### GitHub Docker Registry - -- Run `docker login docker.pkg.github.com/worldhealthorganization` before running further docker commands. - - Use your GitHub username as username - - Use the generated PAT as password - - - -For further information about the keys and certificates needed, please refer to the documentation of the -[TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway) and the -[DDCC-Gateway-Lib](https://github.com/worldhealthorganization/ddcc-gateway-lib) - -### Build - -Whether you cloned or downloaded the 'zipped' sources you will either find the sources in the chosen checkout-directory or get a zip file with the source code, which you can expand to a folder of your choice. - -In either case open a terminal pointing to the directory you put the sources in. The local build process is described afterwards depending on the way you choose. - - -#### Build with maven -Building this project is done with maven. - -* Check [settings.xml](settings.xml) in the root folder of this git repository as example. - Copy the servers to your own `~/.m2/settings.xml` in order to connect the GitHub repositories we use in our code. Provide your GitHub username and access token (see [GitHub Help](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token)) under the variables suggested. - -* Run the following command from the project root folder -```shell -mvn clean install -``` -All required dependencies will be downloaded, the project build and the artifact stored in your local repository. -#### Run with docker -* Perform maven build as described above -* Place the keys and certificates named [above](#access-keys) into the ***certs*** folder. -* Adjust the values in the [docker-compose.yml](docker-compose.yml) file to fit the url for the gateway you use and - your keys and certificates you have to access it. - ```yaml - - DGC_GATEWAY_CONNECTOR_ENDPOINT=https://dgc-gateway.example.com - - DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PATH=file:/ec/prod/app/san/dgc/tls_trust_store.p12 - - DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PASSWORD=dgcg-p4ssw0rd - - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_ALIAS=1 - - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PATH=file:/ec/prod/app/san/dgc/tls_key_store.p12 - - DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PASSWORD=dgcg-p4ssw0rd - - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_ALIAS=ta - - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PATH=file:/ec/prod/app/san/dgc/trust_anchor.jks - - DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PASSWORD=dgcg-p4ssw0rd - ``` -***Note:*** Leave the path as is and only change the file names, as the ***certs*** folder will be mapped to this folder inside the docker container. - -* Run the following command from the project root folder - -```shell -docker-compose up --build -``` - -After all containers have started, you will be able to reach the service on your [local machine](http://localhost:8080/api/docs) under port 8080. - -## Cloud deployment - -## Documentation - -[OpenAPI Spec](https://worldhealthorganization.github.io/tng-key-distribution/) - -[Service description](./docs/tng-key-distribution.md) - - -## Support and feedback - -The following channels are available for discussions, feedback, and support requests: - -| Type | Channel | -| ------------------------ | ------------------------------------------------------ | -| **Issues** | | -| **Other requests** | | - -## How to contribute - -Contribution and feedback is encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our [Contribution Guidelines](./CONTRIBUTING.md). By participating in this project, you agree to abide by its [Code of Conduct](./CODE_OF_CONDUCT.md) at all times. - -## Contributors - -Our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community. - -## Licensing - -Copyright (C) 2021 T-Systems International GmbH and all other contributors - -Licensed under the **Apache License, Version 2.0** (the "License"); you may not use this file except in compliance with the License. - -You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0. - -Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the [LICENSE](./LICENSE) for the specific language governing permissions and limitations under the License. diff --git a/TEST.md b/TEST.md new file mode 100644 index 0000000..b6b73b6 --- /dev/null +++ b/TEST.md @@ -0,0 +1,20 @@ +# TNG Key Distribution Service Helm chart repository + +## About + +This repository contains the source code of the TNG Key Distribution Service. + +The TNG Key Distribution Service is part of the national backends of the participants and caches the public keys that are distributed through the Trust Network Gateway [(TNG)](https://github.com/worldhealthorganization/smart-trust-network-gateway). It can be accessed by clients distributed by the particapants to update their local key store periodically e.g. for offline verification scenarios. + +## Usage + +[Helm](https://helm.sh) must be installed to use the charts. +Please refer to Helm's [documentation](https://helm.sh/docs/) to get started. + +Once Helm is set up properly, add the repository as follows: + +```console +helm repo add tng-key-distribution https://worldhealthorganization.github.io/tng-key-distribution +``` + +You can then run `helm search repo tng-key-distribution` to see the charts. \ No newline at end of file diff --git a/THIRD-PARTY-NOTICES b/THIRD-PARTY-NOTICES deleted file mode 100644 index 5565d03..0000000 --- a/THIRD-PARTY-NOTICES +++ /dev/null @@ -1,3119 +0,0 @@ -ThirdPartyNotices ------------------ -This project uses third-party software or other resources that -may be distributed under licenses different from this software. -In the event that we overlooked to list a required notice, please bring this -to our attention by contacting us via this email: -opensource@telekom.de - ----- - -Copyright (C) Adobe -Copyright (C) Adrian Cole -Copyright (C) Alexander Maslov -Copyright (C) Andrey Somov -Copyright (C) Ant Elder -Copyright (C) Apache -Copyright (C) Artem Labazin -Copyright (C) Asankha C. Perera -Copyright (C) Ben Manes -Copyright (C) Benedikt Ritter -Copyright (C) Bogdan Storozhuk -Copyright (C) Brett Wooldridge -Copyright (C) Brian Langel -Copyright (C) Bruce Brouwer -Copyright (C) Carman Consulting, Inc. -Copyright (C) Carter Kozak -Copyright (C) Ceki Gulcu -Copyright (C) Christopher Currie -Copyright (C) CloudBees -Copyright (C) CollabNet -Copyright (C) CollabNet, Inc. -Copyright (C) Dan Maas -Copyright (C) Daniel Dietrich -Copyright (C) Daniel Rall -Copyright (C) Dave Syer -Copyright (C) David Graham -Copyright (C) David Turanski -Copyright (C) Duncan Jones -Copyright (C) Eclipse Foundation -Copyright (C) Erik Abele -Copyright (C) FasterXML -Copyright (C) Filip Hrisafov -Copyright (C) Francois-Xavier Bonnet -Copyright (C) Fredrik Westermarck -Copyright (C) Gary D. Gregory -Copyright (C) Gary Gregory -Copyright (C) Google -Copyright (C) Guillaume Simard -Copyright (C) Gunnar Morling -Copyright (C) Henri Yandell -Copyright (C) Ingyu Hwhang -Copyright (C) JBoss -Copyright (C) JBoss by Red Hat -Copyright (C) JBoss.org -Copyright (C) James Ward -Copyright (C) Jeremias Maerki -Copyright (C) Jochen Wiedmann -Copyright (C) Joe Grandja -Copyright (C) Joerg Schaible -Copyright (C) Jon S. Stevens -Copyright (C) Jonathan Moore -Copyright (C) Jordan Angold -Copyright (C) Juergen Hoeller -Copyright (C) Jukka Zitting -Copyright (C) Julius Davies -Copyright (C) Karl Wright -Copyright (C) Kevin Davis -Copyright (C) Kristian Rosenvold -Copyright (C) Loic Guibert -Copyright (C) Lukas Krecan -Copyright (C) Mahmoud Romeh -Copyright (C) Mark Pollack -Copyright (C) Marko Bekhta -Copyright (C) Martin Cooper -Copyright (C) Marvin Herman Froeder -Copyright (C) Matt Benson -Copyright (C) Matthew Hawthorne -Copyright (C) Mike Samuel -Copyright (C) Multitask Consulting -Copyright (C) Nathan Voxland -Copyright (C) Nextiva -Copyright (C) Niall Pemberton -Copyright (C) Nick Williams -Copyright (C) Nicola Ken Barozzi -Copyright (C) OWASP -Copyright (C) Oleg Kalnichevski -Copyright (C) Oliver Heger -Copyright (C) OpenFeign -Copyright (C) Ortwin Glueck -Copyright (C) Paul Benedict -Copyright (C) Paul Brown -Copyright (C) Paul Fremantle -Copyright (C) Pivotal Software, Inc. -Copyright (C) QOS.ch -Copyright (C) Red Hat, Inc. -Copyright (C) Remko Popma -Copyright (C) Rob Oxspring -Copyright (C) Rob Tompkins -Copyright (C) Rob Winch -Copyright (C) Robert Burrell Donkin -Copyright (C) Robert Winkler -Copyright (C) Rocket Software -Copyright (C) Rodney Waldhoff -Copyright (C) Roland Weber -Copyright (C) Ron Ratovsky -Copyright (C) SAP SE -Copyright (C) SERLI -Copyright (C) SITA ATS Ltd -Copyright (C) Sam Berlin -Copyright (C) Scott Deboy -Copyright (C) Scott Frederick -Copyright (C) Scott Sanders -Copyright (C) Sean C. Sullivan -Copyright (C) Sebastian Bazley -Copyright (C) Shigeru Chiba, www.javassist.org -Copyright (C) Spencer Gibb -Copyright (C) Spotify -Copyright (C) Spring IO -Copyright (C) SpringSource -Copyright (C) Stephen Colebourne -Copyright (C) Steven Caswell -Copyright (C) Tatu Saloranta -Copyright (C) The Apache Software Foundation -Copyright (C) The Javassist Project -Copyright (C) Thomas Neidhart -Copyright (C) Tim OBrien -Copyright (C) Tomasz Juchniewicz -Copyright (C) Tomasz Skowroński -Copyright (C) Tommy Ludwig -Copyright (C) Tony Tam -Copyright (C) William Speirs -Copyright (C) Yahoo! -Copyright (C) Zaxxer.com -Copyright (C) Zenplex -Copyright (C) dIon Gillard -Copyright (C) fasterxml.com -Copyright (C) springdoc - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ----- - -Copyright (C) Brett Okken -Copyright (C) Craig Ringer -Copyright (C) Dave Cramer -Copyright (C) Gil Tene -Copyright (C) Kris Jurka -Copyright (C) Oliver Jowett -Copyright (C) PostgreSQL Global Development Group -Copyright (C) Vladimir Sitnikov - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -Redistributions of source code must retain the above copyright notice, this list -of conditions and the following disclaimer. - -Redistributions in binary form must reproduce the above copyright notice, this -list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - ----- - -Copyright (C) Eclipse Foundation -Copyright (C) Filip Jirsák -Copyright (C) Joe Walnes -Copyright (C) Nat Pryce -Copyright (C) Oracle -Copyright (C) Oracle Corporation -Copyright (C) Oracle, Inc. -Copyright (C) Steve Freeman - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -Redistributions of source code must retain the above copyright notice, this list -of conditions and the following disclaimer. - -Redistributions in binary form must reproduce the above copyright notice, this -list of conditions and the following disclaimer in the documentation and/or -other materials provided with the distribution. - -Neither the name of the ORGANIZATION nor the names of its contributors may be -used to endorse or promote products derived from this software without specific -prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE -GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - ----- - -Copyright (C) Gil Tene -Copyright (C) Peter Occil - -Creative Commons Legal Code - -CC0 1.0 Universal - - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE - LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN - ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS - INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES - REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS - PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM - THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED - HEREUNDER. - -Statement of Purpose - -The laws of most jurisdictions throughout the world automatically confer -exclusive Copyright and Related Rights (defined below) upon the creator -and subsequent owner(s) (each and all, an "owner") of an original work of -authorship and/or a database (each, a "Work"). - -Certain owners wish to permanently relinquish those rights to a Work for -the purpose of contributing to a commons of creative, cultural and -scientific works ("Commons") that the public can reliably and without fear -of later claims of infringement build upon, modify, incorporate in other -works, reuse and redistribute as freely as possible in any form whatsoever -and for any purposes, including without limitation commercial purposes. -These owners may contribute to the Commons to promote the ideal of a free -culture and the further production of creative, cultural and scientific -works, or to gain reputation or greater distribution for their Work in -part through the use and efforts of others. - -For these and/or other purposes and motivations, and without any -expectation of additional consideration or compensation, the person -associating CC0 with a Work (the "Affirmer"), to the extent that he or she -is an owner of Copyright and Related Rights in the Work, voluntarily -elects to apply CC0 to the Work and publicly distribute the Work under its -terms, with knowledge of his or her Copyright and Related Rights in the -Work and the meaning and intended legal effect of CC0 on those rights. - -1. Copyright and Related Rights. A Work made available under CC0 may be -protected by copyright and related or neighboring rights ("Copyright and -Related Rights"). Copyright and Related Rights include, but are not -limited to, the following: - - i. the right to reproduce, adapt, distribute, perform, display, - communicate, and translate a Work; - ii. moral rights retained by the original author(s) and/or performer(s); -iii. publicity and privacy rights pertaining to a person's image or - likeness depicted in a Work; - iv. rights protecting against unfair competition in regards to a Work, - subject to the limitations in paragraph 4(a), below; - v. rights protecting the extraction, dissemination, use and reuse of data - in a Work; - vi. database rights (such as those arising under Directive 96/9/EC of the - European Parliament and of the Council of 11 March 1996 on the legal - protection of databases, and under any national implementation - thereof, including any amended or successor version of such - directive); and -vii. other similar, equivalent or corresponding rights throughout the - world based on applicable law or treaty, and any national - implementations thereof. - -2. Waiver. To the greatest extent permitted by, but not in contravention -of, applicable law, Affirmer hereby overtly, fully, permanently, -irrevocably and unconditionally waives, abandons, and surrenders all of -Affirmer's Copyright and Related Rights and associated claims and causes -of action, whether now known or unknown (including existing as well as -future claims and causes of action), in the Work (i) in all territories -worldwide, (ii) for the maximum duration provided by applicable law or -treaty (including future time extensions), (iii) in any current or future -medium and for any number of copies, and (iv) for any purpose whatsoever, -including without limitation commercial, advertising or promotional -purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each -member of the public at large and to the detriment of Affirmer's heirs and -successors, fully intending that such Waiver shall not be subject to -revocation, rescission, cancellation, termination, or any other legal or -equitable action to disrupt the quiet enjoyment of the Work by the public -as contemplated by Affirmer's express Statement of Purpose. - -3. Public License Fallback. Should any part of the Waiver for any reason -be judged legally invalid or ineffective under applicable law, then the -Waiver shall be preserved to the maximum extent permitted taking into -account Affirmer's express Statement of Purpose. In addition, to the -extent the Waiver is so judged Affirmer hereby grants to each affected -person a royalty-free, non transferable, non sublicensable, non exclusive, -irrevocable and unconditional license to exercise Affirmer's Copyright and -Related Rights in the Work (i) in all territories worldwide, (ii) for the -maximum duration provided by applicable law or treaty (including future -time extensions), (iii) in any current or future medium and for any number -of copies, and (iv) for any purpose whatsoever, including without -limitation commercial, advertising or promotional purposes (the -"License"). The License shall be deemed effective as of the date CC0 was -applied by Affirmer to the Work. Should any part of the License for any -reason be judged legally invalid or ineffective under applicable law, such -partial invalidity or ineffectiveness shall not invalidate the remainder -of the License, and in such case Affirmer hereby affirms that he or she -will not (i) exercise any of his or her remaining Copyright and Related -Rights in the Work or (ii) assert any associated claims and causes of -action with respect to the Work, in either case contrary to Affirmer's -express Statement of Purpose. - -4. Limitations and Disclaimers. - - a. No trademark or patent rights held by Affirmer are waived, abandoned, - surrendered, licensed or otherwise affected by this document. - b. Affirmer offers the Work as-is and makes no representations or - warranties of any kind concerning the Work, express, implied, - statutory or otherwise, including without limitation warranties of - title, merchantability, fitness for a particular purpose, non - infringement, or the absence of latent or other defects, accuracy, or - the present or absence of errors, whether or not discoverable, all to - the greatest extent permissible under applicable law. - c. Affirmer disclaims responsibility for clearing rights of other persons - that may apply to the Work or any use thereof, including without - limitation any person's Copyright and Related Rights in the Work. - Further, Affirmer disclaims responsibility for obtaining any necessary - consents, permissions or other rights required for any use of the - Work. - d. Affirmer understands and acknowledges that Creative Commons is not a - party to this document and has no duty or obligation with respect to - this CC0 or use of the Work. - ----- - -Copyright (C) Oracle - -COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0 - -1. Definitions. - -1.1. Contributor means each individual or entity that creates or contributes to the creation of Modifications. - -1.2. Contributor Version means the combination of the Original Software, prior Modifications used by a Contributor (if any), and the Modifications made by that particular Contributor. - -1.3. Covered Software means (a) the Original Software, or (b) Modifications, or (c) the combination of files containing Original Software with files containing Modifications, in each case including portions thereof. - -1.4. Executable means the Covered Software in any form other than Source Code. - -1.5. Initial Developer means the individual or entity that first makes Original Software available under this License. - -1.6. Larger Work means a work which combines Covered Software or portions thereof with code not governed by the terms of this License. - -1.7. License means this document. - -1.8. Licensable means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. - -1.9. Modifications means the Source Code and Executable form of any of the following: A. Any file that results from an addition to, deletion from or modification of the contents of a file containing Original Software or previous Modifications; B. Any new file that contains any part of the Original Software or previous Modification; or C. Any new file that is contributed or otherwise made available under the terms of this License. - -1.10. Original Software means the Source Code and Executable form of computer software code that is originally released under this License. - -1.11. Patent Claims means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. - -1.12. Source Code means (a) the common form of computer software code in which modifications are made and (b) associated documentation included in or with such code. - -1.13. You (or Your) means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, You includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, control means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. - -2. License Grants. - - 2.1. The Initial Developer Grant. Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, the Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license: - -(a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer, to use, reproduce, modify, display, perform, sublicense and distribute the Original Software (or portions thereof), with or without Modifications, and/or as part of a Larger Work; and - -(b) under Patent Claims infringed by the making, using or selling of Original Software, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Software (or portions thereof); - - (c) The licenses granted in Sections 2.1(a) and (b) are effective on the date Initial Developer first distributes or otherwise makes the Original Software available to a third party under the terms of this License; - - (d) Notwithstanding Section 2.1(b) above, no patent license is granted: (1) for code that You delete from the Original Software, or (2) for infringements caused by: (i) the modification of the Original Software, or (ii) the combination of the Original Software with other software or devices. - -2.2. Contributor Grant. Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: - -(a) under intellectual property rights (other than patent or trademark) Licensable by Contributor to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof), either on an unmodified basis, with other Modifications, as Covered Software and/or as part of a Larger Work; and - -(b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: (1) Modifications made by that Contributor (or portions thereof); and (2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). - -(c) The licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first distributes or otherwise makes the Modifications available to a third party. - -(d) Notwithstanding Section 2.2(b) above, no patent license is granted: (1) for any code that Contributor has deleted from the Contributor Version; (2) for infringements caused by: (i) third party modifications of Contributor Version, or (ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or (3) under Patent Claims infringed by Covered Software in the absence of Modifications made by that Contributor. - -3. Distribution Obligations. - -3.1. Availability of Source Code. Any Covered Software that You distribute or otherwise make available in Executable form must also be made available in Source Code form and that Source Code form must be distributed only under the terms of this License. You must include a copy of this License with every copy of the Source Code form of the Covered Software You distribute or otherwise make available. You must inform recipients of any such Covered Software in Executable form as to how they can obtain such Covered Software in Source Code form in a reasonable manner on or through a medium customarily used for software exchange. - -3.2. Modifications. The Modifications that You create or to which You contribute are governed by the terms of this License. You represent that You believe Your Modifications are Your original creation(s) and/or You have sufficient rights to grant the rights conveyed by this License. - -3.3. Required Notices. You must include a notice in each of Your Modifications that identifies You as the Contributor of the Modification. You may not remove or alter any copyright, patent or trademark notices contained within the Covered Software, or any notices of licensing or any descriptive text giving attribution to any Contributor or the Initial Developer. - -3.4. Application of Additional Terms. You may not offer or impose any terms on any Covered Software in Source Code form that alters or restricts the applicable version of this License or the recipients rights hereunder. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, you may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear that any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. - -3.5. Distribution of Executable Versions. You may distribute the Executable form of the Covered Software under the terms of this License or under the terms of a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable form does not attempt to limit or alter the recipients rights in the Source Code form from the rights set forth in this License. If You distribute the Covered Software in Executable form under a different license, You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. - -3.6. Larger Works. You may create a Larger Work by combining Covered Software with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Software. - -4. Versions of the License. - -4.1. New Versions. Sun Microsystems, Inc. is the initial license steward and may publish revised and/or new versions of this License from time to time. Each version will be given a distinguishing version number. Except as provided in Section 4.3, no one other than the license steward has the right to modify this License. - -4.2. Effect of New Versions. You may always continue to use, distribute or otherwise make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. If the Initial Developer includes a notice in the Original Software prohibiting it from being distributed or otherwise made available under any subsequent version of the License, You must distribute and make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. Otherwise, You may also choose to use, distribute or otherwise make the Covered Software available under the terms of any subsequent version of the License published by the license steward. - -4.3. Modified Versions. When You are an Initial Developer and You want to create a new license for Your Original Software, You may create and use a modified version of this License if You: (a) rename the license and remove any references to the name of the license steward (except to note that the license differs from this License); and (b) otherwise make it clear that the license contains terms which differ from this License. - -5. DISCLAIMER OF WARRANTY. COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN AS IS BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. - -6. TERMINATION. - -6.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. - -6.2. If You assert a patent infringement claim (excluding declaratory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You assert such claim is referred to as Participant) alleging that the Participant Software (meaning the Contributor Version where the Participant is a Contributor or the Original Software where the Participant is the Initial Developer) directly or indirectly infringes any patent, then any and all rights granted directly or indirectly to You by such Participant, the Initial Developer (if the Initial Developer is not the Participant) and all Contributors under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively and automatically at the expiration of such 60 day notice period, unless if within such 60 day period You withdraw Your claim with respect to the Participant Software against such Participant either unilaterally or pursuant to a written agreement with Participant. - -6.3. In the event of termination under Sections 6.1 or 6.2 above, all end user licenses that have been validly granted by You or any distributor hereunder prior to termination (excluding licenses granted to You by any distributor) shall survive termination. - -7. LIMITATION OF LIABILITY. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOST PROFITS, LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTYS NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. - -8. U.S. GOVERNMENT END USERS. The Covered Software is a commercial item, as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of commercial computer software (as that term is defined at 48 C.F.R. 252.227-7014(a)(1)) and commercial computer software documentation as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Software with only those rights set forth herein. This U.S. Government Rights clause is in lieu of, and supersedes, any other FAR, DFAR, or other clause or provision that addresses Government rights in computer software under this License. - -9. MISCELLANEOUS. This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by the law of the jurisdiction specified in a notice contained within the Original Software (except to the extent applicable law, if any, provides otherwise), excluding such jurisdictions conflict-of-law provisions. Any litigation relating to this License shall be subject to the jurisdiction of the courts located in the jurisdiction and venue specified in a notice contained within the Original Software, with the losing party responsible for costs, including, without limitation, court costs and reasonable attorneys fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. You agree that You alone are responsible for compliance with the United States export administration regulations (and the export control laws and regulation of any other countries) when You use, distribute or otherwise make available any Covered Software. - -10. RESPONSIBILITY FOR CLAIMS. As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. - -NOTICE PURSUANT TO SECTION 9 OF THE COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) The code released under the CDDL shall be governed by the laws of the State of California (excluding conflict-of-law provisions). Any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California and the state courts of the State of California, with venue lying in Santa Clara County, California. - ----- - -Copyright (C) Oracle Corporation - -COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL)Version 1.1 - -1. Definitions. - -1.1. "Contributor" means each individual or entity that creates or contributes to the creation of Modifications. -1.2. "Contributor Version" means the combination of the Original Software, prior Modifications used by a Contributor (if any), and the Modifications made by that particular Contributor. -1.3. "Covered Software" means (a) the Original Software, or (b) Modifications, or (c) the combination of files containing Original Software with files containing Modifications, in each case including portions thereof. -1.4. "Executable" means the Covered Software in any form other than Source Code. -1.5. "Initial Developer" means the individual or entity that first makes Original Software available under this License. -1.6. "Larger Work" means a work which combines Covered Software or portions thereof with code not governed by the terms of this License. -1.7. "License" means this document. -1.8. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. -1.9. "Modifications" means the Source Code and Executable form of any of the following: -A. Any file that results from an addition to, deletion from or modification of the contents of a file containing Original Software or previous Modifications; -B. Any new file that contains any part of the Original Software or previous Modification; or -C. Any new file that is contributed or otherwise made available under the terms of this License. -1.10. "Original Software" means the Source Code and Executable form of computer software code that is originally released under this License. -1.11. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. -1.12. "Source Code" means (a) the common form of computer software code in which modifications are made and (b) associated documentation included in or with such code. -1.13. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. -2. License Grants. - -2.1. The Initial Developer Grant. -Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, the Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license: -(a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer, to use, reproduce, modify, display, perform, sublicense and distribute the Original Software (or portions thereof), with or without Modifications, and/or as part of a Larger Work; and -(b) under Patent Claims infringed by the making, using or selling of Original Software, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Software (or portions thereof). -(c) The licenses granted in Sections 2.1(a) and (b) are effective on the date Initial Developer first distributes or otherwise makes the Original Software available to a third party under the terms of this License. -(d) Notwithstanding Section 2.1(b) above, no patent license is granted: (1) for code that You delete from the Original Software, or (2) for infringements caused by: (i) the modification of the Original Software, or (ii) the combination of the Original Software with other software or devices. -2.2. Contributor Grant. -Conditioned upon Your compliance with Section 3.1 below and subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license: -(a) under intellectual property rights (other than patent or trademark) Licensable by Contributor to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof), either on an unmodified basis, with other Modifications, as Covered Software and/or as part of a Larger Work; and -(b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: (1) Modifications made by that Contributor (or portions thereof); and (2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). -(c) The licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first distributes or otherwise makes the Modifications available to a third party. -(d) Notwithstanding Section 2.2(b) above, no patent license is granted: (1) for any code that Contributor has deleted from the Contributor Version; (2) for infringements caused by: (i) third party modifications of Contributor Version, or (ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or (3) under Patent Claims infringed by Covered Software in the absence of Modifications made by that Contributor. -3. Distribution Obligations. - -3.1. Availability of Source Code. -Any Covered Software that You distribute or otherwise make available in Executable form must also be made available in Source Code form and that Source Code form must be distributed only under the terms of this License. You must include a copy of this License with every copy of the Source Code form of the Covered Software You distribute or otherwise make available. You must inform recipients of any such Covered Software in Executable form as to how they can obtain such Covered Software in Source Code form in a reasonable manner on or through a medium customarily used for software exchange. -3.2. Modifications. -The Modifications that You create or to which You contribute are governed by the terms of this License. You represent that You believe Your Modifications are Your original creation(s) and/or You have sufficient rights to grant the rights conveyed by this License. -3.3. Required Notices. -You must include a notice in each of Your Modifications that identifies You as the Contributor of the Modification. You may not remove or alter any copyright, patent or trademark notices contained within the Covered Software, or any notices of licensing or any descriptive text giving attribution to any Contributor or the Initial Developer. -3.4. Application of Additional Terms. -You may not offer or impose any terms on any Covered Software in Source Code form that alters or restricts the applicable version of this License or the recipients' rights hereunder. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Software. However, you may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear that any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. -3.5. Distribution of Executable Versions. -You may distribute the Executable form of the Covered Software under the terms of this License or under the terms of a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable form does not attempt to limit or alter the recipient's rights in the Source Code form from the rights set forth in this License. If You distribute the Covered Software in Executable form under a different license, You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. -3.6. Larger Works. -You may create a Larger Work by combining Covered Software with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Software. -4. Versions of the License. - -4.1. New Versions. -Oracle is the initial license steward and may publish revised and/or new versions of this License from time to time. Each version will be given a distinguishing version number. Except as provided in Section 4.3, no one other than the license steward has the right to modify this License. -4.2. Effect of New Versions. -You may always continue to use, distribute or otherwise make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. If the Initial Developer includes a notice in the Original Software prohibiting it from being distributed or otherwise made available under any subsequent version of the License, You must distribute and make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. Otherwise, You may also choose to use, distribute or otherwise make the Covered Software available under the terms of any subsequent version of the License published by the license steward. -4.3. Modified Versions. -When You are an Initial Developer and You want to create a new license for Your Original Software, You may create and use a modified version of this License if You: (a) rename the license and remove any references to the name of the license steward (except to note that the license differs from this License); and (b) otherwise make it clear that the license contains terms which differ from this License. -5. DISCLAIMER OF WARRANTY. - -COVERED SOFTWARE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED SOFTWARE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED SOFTWARE IS WITH YOU. SHOULD ANY COVERED SOFTWARE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. - -6. TERMINATION. - -6.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. -6.2. If You assert a patent infringement claim (excluding declaratory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You assert such claim is referred to as "Participant") alleging that the Participant Software (meaning the Contributor Version where the Participant is a Contributor or the Original Software where the Participant is the Initial Developer) directly or indirectly infringes any patent, then any and all rights granted directly or indirectly to You by such Participant, the Initial Developer (if the Initial Developer is not the Participant) and all Contributors under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively and automatically at the expiration of such 60 day notice period, unless if within such 60 day period You withdraw Your claim with respect to the Participant Software against such Participant either unilaterally or pursuant to a written agreement with Participant. -6.3. If You assert a patent infringement claim against Participant alleging that the Participant Software directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. -6.4. In the event of termination under Sections 6.1 or 6.2 above, all end user licenses that have been validly granted by You or any distributor hereunder prior to termination (excluding licenses granted to You by any distributor) shall survive termination. -7. LIMITATION OF LIABILITY. - -UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED SOFTWARE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. - -8. U.S. GOVERNMENT END USERS. - -The Covered Software is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" (as that term is defined at 48 C.F.R. § 252.227-7014(a)(1)) and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Software with only those rights set forth herein. This U.S. Government Rights clause is in lieu of, and supersedes, any other FAR, DFAR, or other clause or provision that addresses Government rights in computer software under this License. - -9. MISCELLANEOUS. - -This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by the law of the jurisdiction specified in a notice contained within the Original Software (except to the extent applicable law, if any, provides otherwise), excluding such jurisdiction's conflict-of-law provisions. Any litigation relating to this License shall be subject to the jurisdiction of the courts located in the jurisdiction and venue specified in a notice contained within the Original Software, with the losing party responsible for costs, including, without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. You agree that You alone are responsible for compliance with the United States export administration regulations (and the export control laws and regulation of any other countries) when You use, distribute or otherwise make available any Covered Software. - -10. RESPONSIBILITY FOR CLAIMS. - -As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. - -NOTICE PURSUANT TO SECTION 9 OF THE COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) - -The code released under the CDDL shall be governed by the laws of the State of California (excluding conflict-of-law provisions). Any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California and the state courts of the State of California, with venue lying in Santa Clara County, California. - ----- - -Copyright (C) Andy Clement -Copyright (C) Ceki Gulcu -Copyright (C) David Saff -Copyright (C) JUnit -Copyright (C) Joern Huxhorn -Copyright (C) Kevin Cooney -Copyright (C) Marc Philipp -Copyright (C) QOS.ch -Copyright (C) Stefan Birkner -Copyright (C) Thomas Mueller - -Eclipse Public License - v 1.0 - -THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. - -1. DEFINITIONS - -"Contribution" means: - -a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and -b) in the case of each subsequent Contributor: - -i) changes to the Program, and - -ii) additions to the Program; - -where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program. - -"Contributor" means any person or entity that distributes the Program. - -"Licensed Patents " mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program. - -"Program" means the Contributions distributed in accordance with this Agreement. - -"Recipient" means anyone who receives the Program under this Agreement, including all Contributors. - -2. GRANT OF RIGHTS - -a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form. - -b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder. - -c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program. - -d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement. - -3. REQUIREMENTS - -A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that: - -a) it complies with the terms and conditions of this Agreement; and - -b) its license agreement: - -i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose; - -ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits; - -iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and - -iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange. - -When the Program is made available in source code form: - -a) it must be made available under this Agreement; and - -b) a copy of this Agreement must be included with each copy of the Program. - -Contributors may not remove or alter any copyright notices contained within the Program. - -Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution. - -4. COMMERCIAL DISTRIBUTION - -Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense. - -For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages. - -5. NO WARRANTY - -EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement , including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations. - -6. DISCLAIMER OF LIABILITY - -EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -7. GENERAL - -If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. - -If Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed. - -All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive. - -Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. The Eclipse Foundation is the initial Agreement Steward. The Eclipse Foundation may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved. - -This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation. - ----- - -Copyright (C) Christian Stein -Copyright (C) EE4J Community -Copyright (C) Eclipse Foundation -Copyright (C) Johannes Link -Copyright (C) Juliette de Rancourt -Copyright (C) Marc Philipp -Copyright (C) Matthias Merdes -Copyright (C) Oracle Corp. -Copyright (C) Oracle Corporation -Copyright (C) Oracle, Inc. -Copyright (C) Sam Brannen -Copyright (C) Stefan Bechtold - -Eclipse Public License - v 2.0 - - THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE - PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION - OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. - -1. DEFINITIONS - -"Contribution" means: - - a) in the case of the initial Contributor, the initial content - Distributed under this Agreement, and - - b) in the case of each subsequent Contributor: - i) changes to the Program, and - ii) additions to the Program; - where such changes and/or additions to the Program originate from - and are Distributed by that particular Contributor. A Contribution - "originates" from a Contributor if it was added to the Program by - such Contributor itself or anyone acting on such Contributor's behalf. - Contributions do not include changes or additions to the Program that - are not Modified Works. - -"Contributor" means any person or entity that Distributes the Program. - -"Licensed Patents" mean patent claims licensable by a Contributor which -are necessarily infringed by the use or sale of its Contribution alone -or when combined with the Program. - -"Program" means the Contributions Distributed in accordance with this -Agreement. - -"Recipient" means anyone who receives the Program under this Agreement -or any Secondary License (as applicable), including Contributors. - -"Derivative Works" shall mean any work, whether in Source Code or other -form, that is based on (or derived from) the Program and for which the -editorial revisions, annotations, elaborations, or other modifications -represent, as a whole, an original work of authorship. - -"Modified Works" shall mean any work in Source Code or other form that -results from an addition to, deletion from, or modification of the -contents of the Program, including, for purposes of clarity any new file -in Source Code form that contains any contents of the Program. Modified -Works shall not include works that contain only declarations, -interfaces, types, classes, structures, or files of the Program solely -in each case in order to link to, bind by name, or subclass the Program -or Modified Works thereof. - -"Distribute" means the acts of a) distributing or b) making available -in any manner that enables the transfer of a copy. - -"Source Code" means the form of a Program preferred for making -modifications, including but not limited to software source code, -documentation source, and configuration files. - -"Secondary License" means either the GNU General Public License, -Version 2.0, or any later versions of that license, including any -exceptions or additional permissions as identified by the initial -Contributor. - -2. GRANT OF RIGHTS - - a) Subject to the terms of this Agreement, each Contributor hereby - grants Recipient a non-exclusive, worldwide, royalty-free copyright - license to reproduce, prepare Derivative Works of, publicly display, - publicly perform, Distribute and sublicense the Contribution of such - Contributor, if any, and such Derivative Works. - - b) Subject to the terms of this Agreement, each Contributor hereby - grants Recipient a non-exclusive, worldwide, royalty-free patent - license under Licensed Patents to make, use, sell, offer to sell, - import and otherwise transfer the Contribution of such Contributor, - if any, in Source Code or other form. This patent license shall - apply to the combination of the Contribution and the Program if, at - the time the Contribution is added by the Contributor, such addition - of the Contribution causes such combination to be covered by the - Licensed Patents. The patent license shall not apply to any other - combinations which include the Contribution. No hardware per se is - licensed hereunder. - - c) Recipient understands that although each Contributor grants the - licenses to its Contributions set forth herein, no assurances are - provided by any Contributor that the Program does not infringe the - patent or other intellectual property rights of any other entity. - Each Contributor disclaims any liability to Recipient for claims - brought by any other entity based on infringement of intellectual - property rights or otherwise. As a condition to exercising the - rights and licenses granted hereunder, each Recipient hereby - assumes sole responsibility to secure any other intellectual - property rights needed, if any. For example, if a third party - patent license is required to allow Recipient to Distribute the - Program, it is Recipient's responsibility to acquire that license - before distributing the Program. - - d) Each Contributor represents that to its knowledge it has - sufficient copyright rights in its Contribution, if any, to grant - the copyright license set forth in this Agreement. - - e) Notwithstanding the terms of any Secondary License, no - Contributor makes additional grants to any Recipient (other than - those set forth in this Agreement) as a result of such Recipient's - receipt of the Program under the terms of a Secondary License - (if permitted under the terms of Section 3). - -3. REQUIREMENTS - -3.1 If a Contributor Distributes the Program in any form, then: - - a) the Program must also be made available as Source Code, in - accordance with section 3.2, and the Contributor must accompany - the Program with a statement that the Source Code for the Program - is available under this Agreement, and informs Recipients how to - obtain it in a reasonable manner on or through a medium customarily - used for software exchange; and - - b) the Contributor may Distribute the Program under a license - different than this Agreement, provided that such license: - i) effectively disclaims on behalf of all other Contributors all - warranties and conditions, express and implied, including - warranties or conditions of title and non-infringement, and - implied warranties or conditions of merchantability and fitness - for a particular purpose; - - ii) effectively excludes on behalf of all other Contributors all - liability for damages, including direct, indirect, special, - incidental and consequential damages, such as lost profits; - - iii) does not attempt to limit or alter the recipients' rights - in the Source Code under section 3.2; and - - iv) requires any subsequent distribution of the Program by any - party to be under a license that satisfies the requirements - of this section 3. - -3.2 When the Program is Distributed as Source Code: - - a) it must be made available under this Agreement, or if the - Program (i) is combined with other material in a separate file or - files made available under a Secondary License, and (ii) the initial - Contributor attached to the Source Code the notice described in - Exhibit A of this Agreement, then the Program may be made available - under the terms of such Secondary Licenses, and - - b) a copy of this Agreement must be included with each copy of - the Program. - -3.3 Contributors may not remove or alter any copyright, patent, -trademark, attribution notices, disclaimers of warranty, or limitations -of liability ("notices") contained within the Program from any copy of -the Program which they Distribute, provided that Contributors may add -their own appropriate notices. - -4. COMMERCIAL DISTRIBUTION - -Commercial distributors of software may accept certain responsibilities -with respect to end users, business partners and the like. While this -license is intended to facilitate the commercial use of the Program, -the Contributor who includes the Program in a commercial product -offering should do so in a manner which does not create potential -liability for other Contributors. Therefore, if a Contributor includes -the Program in a commercial product offering, such Contributor -("Commercial Contributor") hereby agrees to defend and indemnify every -other Contributor ("Indemnified Contributor") against any losses, -damages and costs (collectively "Losses") arising from claims, lawsuits -and other legal actions brought by a third party against the Indemnified -Contributor to the extent caused by the acts or omissions of such -Commercial Contributor in connection with its distribution of the Program -in a commercial product offering. The obligations in this section do not -apply to any claims or Losses relating to any actual or alleged -intellectual property infringement. In order to qualify, an Indemnified -Contributor must: a) promptly notify the Commercial Contributor in -writing of such claim, and b) allow the Commercial Contributor to control, -and cooperate with the Commercial Contributor in, the defense and any -related settlement negotiations. The Indemnified Contributor may -participate in any such claim at its own expense. - -For example, a Contributor might include the Program in a commercial -product offering, Product X. That Contributor is then a Commercial -Contributor. If that Commercial Contributor then makes performance -claims, or offers warranties related to Product X, those performance -claims and warranties are such Commercial Contributor's responsibility -alone. Under this section, the Commercial Contributor would have to -defend claims against the other Contributors related to those performance -claims and warranties, and if a court requires any other Contributor to -pay any damages as a result, the Commercial Contributor must pay -those damages. - -5. NO WARRANTY - -EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT -PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" -BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR -IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF -TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR -PURPOSE. Each Recipient is solely responsible for determining the -appropriateness of using and distributing the Program and assumes all -risks associated with its exercise of rights under this Agreement, -including but not limited to the risks and costs of program errors, -compliance with applicable laws, damage to or loss of data, programs -or equipment, and unavailability or interruption of operations. - -6. DISCLAIMER OF LIABILITY - -EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT -PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS -SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST -PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE -EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - -7. GENERAL - -If any provision of this Agreement is invalid or unenforceable under -applicable law, it shall not affect the validity or enforceability of -the remainder of the terms of this Agreement, and without further -action by the parties hereto, such provision shall be reformed to the -minimum extent necessary to make such provision valid and enforceable. - -If Recipient institutes patent litigation against any entity -(including a cross-claim or counterclaim in a lawsuit) alleging that the -Program itself (excluding combinations of the Program with other software -or hardware) infringes such Recipient's patent(s), then such Recipient's -rights granted under Section 2(b) shall terminate as of the date such -litigation is filed. - -All Recipient's rights under this Agreement shall terminate if it -fails to comply with any of the material terms or conditions of this -Agreement and does not cure such failure in a reasonable period of -time after becoming aware of such noncompliance. If all Recipient's -rights under this Agreement terminate, Recipient agrees to cease use -and distribution of the Program as soon as reasonably practicable. -However, Recipient's obligations under this Agreement and any licenses -granted by Recipient relating to the Program shall continue and survive. - -Everyone is permitted to copy and distribute copies of this Agreement, -but in order to avoid inconsistency the Agreement is copyrighted and -may only be modified in the following manner. The Agreement Steward -reserves the right to publish new versions (including revisions) of -this Agreement from time to time. No one other than the Agreement -Steward has the right to modify this Agreement. The Eclipse Foundation -is the initial Agreement Steward. The Eclipse Foundation may assign the -responsibility to serve as the Agreement Steward to a suitable separate -entity. Each new version of the Agreement will be given a distinguishing -version number. The Program (including Contributions) may always be -Distributed subject to the version of the Agreement under which it was -received. In addition, after a new version of the Agreement is published, -Contributor may elect to Distribute the Program (including its -Contributions) under the new version. - -Except as expressly stated in Sections 2(a) and 2(b) above, Recipient -receives no rights or licenses to the intellectual property of any -Contributor under this Agreement, whether expressly, by implication, -estoppel or otherwise. All rights in the Program not expressly granted -under this Agreement are reserved. Nothing in this Agreement is intended -to be enforceable by any entity that is not a Contributor or Recipient. -No third-party beneficiary rights are created under this Agreement. - -Exhibit A - Form of Secondary Licenses Notice - -"This Source Code is also Distributed under one -or more Secondary Licenses, as those terms are defined by -the Eclipse Public License, v. 2.0: {name license(s),version(s), -and exceptions or additional permissions here}." - - Simply including a copy of this Agreement, including this Exhibit A - is not sufficient to license the Source Code under Secondary Licenses. - - If it is not possible or desirable to put the notice in a particular - file, then You may include the notice in a location (such as a LICENSE - file in a relevant directory) where a recipient would be likely to - look for such a notice. - - You may add additional accurate notices of copyright ownership. - ----- - -Copyright (C) EE4J Community -Copyright (C) Eclipse Foundation -Copyright (C) Oracle -Copyright (C) Oracle Corp. -Copyright (C) Oracle Corporation -Copyright (C) Oracle, Inc. - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - -Also add information on how to contact you by electronic and paper mail. - -If the program is interactive, make it output a short notice like this -when it starts in an interactive mode: - - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, the commands you use may -be called something other than `show w' and `show c'; they could even be -mouse-clicks or menu items--whatever suits your program. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the program, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - - , 1 April 1989 - Ty Coon, President of Vice - -This General Public License does not permit incorporating your program into -proprietary programs. If your program is a subroutine library, you may -consider it more useful to permit linking proprietary applications with the -library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. - -Linking this library statically or dynamically with other modules is making a -combined work based on this library. Thus, the terms and conditions of the GNU -General Public License cover the whole combination. - -As a special exception, the copyright holders of this library give you -permission to link this library with independent modules to produce an -executable, regardless of the license terms of these independent modules, and to -copy and distribute the resulting executable under terms of your choice, -provided that you also meet, for each linked independent module, the terms and -conditions of the license of that module. An independent module is a module -which is not derived from or based on this library. If you modify this library, -you may extend this exception to your version of the library, but you are not -obligated to do so. If you do not wish to do so, delete this exception statement -from your version. - ----- - -Copyright (C) Douglas Crockford - -Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software. - -The Software shall be used for Good, not Evil. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - ----- - -Copyright (C) JBoss -Copyright (C) Shigeru Chiba, www.javassist.org -Copyright (C) The Javassist Project - - GNU LESSER GENERAL PUBLIC LICENSE - Version 2.1, February 1999 - - Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - -[This is the first released version of the Lesser GPL. It also counts - as the successor of the GNU Library Public License, version 2, hence - the version number 2.1.] - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -Licenses are intended to guarantee your freedom to share and change -free software--to make sure the software is free for all its users. - - This license, the Lesser General Public License, applies to some -specially designated software packages--typically libraries--of the -Free Software Foundation and other authors who decide to use it. You -can use it too, but we suggest you first think carefully about whether -this license or the ordinary General Public License is the better -strategy to use in any particular case, based on the explanations below. - - When we speak of free software, we are referring to freedom of use, -not price. Our General Public Licenses are designed to make sure that -you have the freedom to distribute copies of free software (and charge -for this service if you wish); that you receive source code or can get -it if you want it; that you can change the software and use pieces of -it in new free programs; and that you are informed that you can do -these things. - - To protect your rights, we need to make restrictions that forbid -distributors to deny you these rights or to ask you to surrender these -rights. These restrictions translate to certain responsibilities for -you if you distribute copies of the library or if you modify it. - - For example, if you distribute copies of the library, whether gratis -or for a fee, you must give the recipients all the rights that we gave -you. You must make sure that they, too, receive or can get the source -code. If you link other code with the library, you must provide -complete object files to the recipients, so that they can relink them -with the library after making changes to the library and recompiling -it. And you must show them these terms so they know their rights. - - We protect your rights with a two-step method: (1) we copyright the -library, and (2) we offer you this license, which gives you legal -permission to copy, distribute and/or modify the library. - - To protect each distributor, we want to make it very clear that -there is no warranty for the free library. Also, if the library is -modified by someone else and passed on, the recipients should know -that what they have is not the original version, so that the original -author's reputation will not be affected by problems that might be -introduced by others. - - - Finally, software patents pose a constant threat to the existence of -any free program. We wish to make sure that a company cannot -effectively restrict the users of a free program by obtaining a -restrictive license from a patent holder. Therefore, we insist that -any patent license obtained for a version of the library must be -consistent with the full freedom of use specified in this license. - - Most GNU software, including some libraries, is covered by the -ordinary GNU General Public License. This license, the GNU Lesser -General Public License, applies to certain designated libraries, and -is quite different from the ordinary General Public License. We use -this license for certain libraries in order to permit linking those -libraries into non-free programs. - - When a program is linked with a library, whether statically or using -a shared library, the combination of the two is legally speaking a -combined work, a derivative of the original library. The ordinary -General Public License therefore permits such linking only if the -entire combination fits its criteria of freedom. The Lesser General -Public License permits more lax criteria for linking other code with -the library. - - We call this license the "Lesser" General Public License because it -does Less to protect the user's freedom than the ordinary General -Public License. It also provides other free software developers Less -of an advantage over competing non-free programs. These disadvantages -are the reason we use the ordinary General Public License for many -libraries. However, the Lesser license provides advantages in certain -special circumstances. - - For example, on rare occasions, there may be a special need to -encourage the widest possible use of a certain library, so that it becomes -a de-facto standard. To achieve this, non-free programs must be -allowed to use the library. A more frequent case is that a free -library does the same job as widely used non-free libraries. In this -case, there is little to gain by limiting the free library to free -software only, so we use the Lesser General Public License. - - In other cases, permission to use a particular library in non-free -programs enables a greater number of people to use a large body of -free software. For example, permission to use the GNU C Library in -non-free programs enables many more people to use the whole GNU -operating system, as well as its variant, the GNU/Linux operating -system. - - Although the Lesser General Public License is Less protective of the -users' freedom, it does ensure that the user of a program that is -linked with the Library has the freedom and the wherewithal to run -that program using a modified version of the Library. - - The precise terms and conditions for copying, distribution and -modification follow. Pay close attention to the difference between a -"work based on the library" and a "work that uses the library". The -former contains code derived from the library, whereas the latter must -be combined with the library in order to run. - - - GNU LESSER GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License Agreement applies to any software library or other -program which contains a notice placed by the copyright holder or -other authorized party saying it may be distributed under the terms of -this Lesser General Public License (also called "this License"). -Each licensee is addressed as "you". - - A "library" means a collection of software functions and/or data -prepared so as to be conveniently linked with application programs -(which use some of those functions and data) to form executables. - - The "Library", below, refers to any such software library or work -which has been distributed under these terms. A "work based on the -Library" means either the Library or any derivative work under -copyright law: that is to say, a work containing the Library or a -portion of it, either verbatim or with modifications and/or translated -straightforwardly into another language. (Hereinafter, translation is -included without limitation in the term "modification".) - - "Source code" for a work means the preferred form of the work for -making modifications to it. For a library, complete source code means -all the source code for all modules it contains, plus any associated -interface definition files, plus the scripts used to control compilation -and installation of the library. - - Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running a program using the Library is not restricted, and output from -such a program is covered only if its contents constitute a work based -on the Library (independent of the use of the Library in a tool for -writing it). Whether that is true depends on what the Library does -and what the program that uses the Library does. - - 1. You may copy and distribute verbatim copies of the Library's -complete source code as you receive it, in any medium, provided that -you conspicuously and appropriately publish on each copy an -appropriate copyright notice and disclaimer of warranty; keep intact -all the notices that refer to this License and to the absence of any -warranty; and distribute a copy of this License along with the -Library. - - You may charge a fee for the physical act of transferring a copy, -and you may at your option offer warranty protection in exchange for a -fee. - - - 2. You may modify your copy or copies of the Library or any portion -of it, thus forming a work based on the Library, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) The modified work must itself be a software library. - - b) You must cause the files modified to carry prominent notices - stating that you changed the files and the date of any change. - - c) You must cause the whole of the work to be licensed at no - charge to all third parties under the terms of this License. - - d) If a facility in the modified Library refers to a function or a - table of data to be supplied by an application program that uses - the facility, other than as an argument passed when the facility - is invoked, then you must make a good faith effort to ensure that, - in the event an application does not supply such function or - table, the facility still operates, and performs whatever part of - its purpose remains meaningful. - - (For example, a function in a library to compute square roots has - a purpose that is entirely well-defined independent of the - application. Therefore, Subsection 2d requires that any - application-supplied function or table used by this function must - be optional: if the application does not supply it, the square - root function must still compute square roots.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Library, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Library, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote -it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Library. - -In addition, mere aggregation of another work not based on the Library -with the Library (or with a work based on the Library) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may opt to apply the terms of the ordinary GNU General Public -License instead of this License to a given copy of the Library. To do -this, you must alter all the notices that refer to this License, so -that they refer to the ordinary GNU General Public License, version 2, -instead of to this License. (If a newer version than version 2 of the -ordinary GNU General Public License has appeared, then you can specify -that version instead if you wish.) Do not make any other change in -these notices. - - - Once this change is made in a given copy, it is irreversible for -that copy, so the ordinary GNU General Public License applies to all -subsequent copies and derivative works made from that copy. - - This option is useful when you wish to copy part of the code of -the Library into a program that is not a library. - - 4. You may copy and distribute the Library (or a portion or -derivative of it, under Section 2) in object code or executable form -under the terms of Sections 1 and 2 above provided that you accompany -it with the complete corresponding machine-readable source code, which -must be distributed under the terms of Sections 1 and 2 above on a -medium customarily used for software interchange. - - If distribution of object code is made by offering access to copy -from a designated place, then offering equivalent access to copy the -source code from the same place satisfies the requirement to -distribute the source code, even though third parties are not -compelled to copy the source along with the object code. - - 5. A program that contains no derivative of any portion of the -Library, but is designed to work with the Library by being compiled or -linked with it, is called a "work that uses the Library". Such a -work, in isolation, is not a derivative work of the Library, and -therefore falls outside the scope of this License. - - However, linking a "work that uses the Library" with the Library -creates an executable that is a derivative of the Library (because it -contains portions of the Library), rather than a "work that uses the -library". The executable is therefore covered by this License. -Section 6 states terms for distribution of such executables. - - When a "work that uses the Library" uses material from a header file -that is part of the Library, the object code for the work may be a -derivative work of the Library even though the source code is not. -Whether this is true is especially significant if the work can be -linked without the Library, or if the work is itself a library. The -threshold for this to be true is not precisely defined by law. - - If such an object file uses only numerical parameters, data -structure layouts and accessors, and small macros and small inline -functions (ten lines or less in length), then the use of the object -file is unrestricted, regardless of whether it is legally a derivative -work. (Executables containing this object code plus portions of the -Library will still fall under Section 6.) - - Otherwise, if the work is a derivative of the Library, you may -distribute the object code for the work under the terms of Section 6. -Any executables containing that work also fall under Section 6, -whether or not they are linked directly with the Library itself. - - - 6. As an exception to the Sections above, you may also combine or -link a "work that uses the Library" with the Library to produce a -work containing portions of the Library, and distribute that work -under terms of your choice, provided that the terms permit -modification of the work for the customer's own use and reverse -engineering for debugging such modifications. - - You must give prominent notice with each copy of the work that the -Library is used in it and that the Library and its use are covered by -this License. You must supply a copy of this License. If the work -during execution displays copyright notices, you must include the -copyright notice for the Library among them, as well as a reference -directing the user to the copy of this License. Also, you must do one -of these things: - - a) Accompany the work with the complete corresponding - machine-readable source code for the Library including whatever - changes were used in the work (which must be distributed under - Sections 1 and 2 above); and, if the work is an executable linked - with the Library, with the complete machine-readable "work that - uses the Library", as object code and/or source code, so that the - user can modify the Library and then relink to produce a modified - executable containing the modified Library. (It is understood - that the user who changes the contents of definitions files in the - Library will not necessarily be able to recompile the application - to use the modified definitions.) - - b) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (1) uses at run time a - copy of the library already present on the user's computer system, - rather than copying library functions into the executable, and (2) - will operate properly with a modified version of the library, if - the user installs one, as long as the modified version is - interface-compatible with the version that the work was made with. - - c) Accompany the work with a written offer, valid for at - least three years, to give the same user the materials - specified in Subsection 6a, above, for a charge no more - than the cost of performing this distribution. - - d) If distribution of the work is made by offering access to copy - from a designated place, offer equivalent access to copy the above - specified materials from the same place. - - e) Verify that the user has already received a copy of these - materials or that you have already sent this user a copy. - - For an executable, the required form of the "work that uses the -Library" must include any data and utility programs needed for -reproducing the executable from it. However, as a special exception, -the materials to be distributed need not include anything that is -normally distributed (in either source or binary form) with the major -components (compiler, kernel, and so on) of the operating system on -which the executable runs, unless that component itself accompanies -the executable. - - It may happen that this requirement contradicts the license -restrictions of other proprietary libraries that do not normally -accompany the operating system. Such a contradiction means you cannot -use both them and the Library together in an executable that you -distribute. - - - 7. You may place library facilities that are a work based on the -Library side-by-side in a single library together with other library -facilities not covered by this License, and distribute such a combined -library, provided that the separate distribution of the work based on -the Library and of the other library facilities is otherwise -permitted, and provided that you do these two things: - - a) Accompany the combined library with a copy of the same work - based on the Library, uncombined with any other library - facilities. This must be distributed under the terms of the - Sections above. - - b) Give prominent notice with the combined library of the fact - that part of it is a work based on the Library, and explaining - where to find the accompanying uncombined form of the same work. - - 8. You may not copy, modify, sublicense, link with, or distribute -the Library except as expressly provided under this License. Any -attempt otherwise to copy, modify, sublicense, link with, or -distribute the Library is void, and will automatically terminate your -rights under this License. However, parties who have received copies, -or rights, from you under this License will not have their licenses -terminated so long as such parties remain in full compliance. - - 9. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Library or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Library (or any work based on the -Library), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Library or works based on it. - - 10. Each time you redistribute the Library (or any work based on the -Library), the recipient automatically receives a license from the -original licensor to copy, distribute, link with or modify the Library -subject to these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties with -this License. - - - 11. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Library at all. For example, if a patent -license would not permit royalty-free redistribution of the Library by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Library. - -If any portion of this section is held invalid or unenforceable under any -particular circumstance, the balance of the section is intended to apply, -and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 12. If the distribution and/or use of the Library is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Library under this License may add -an explicit geographical distribution limitation excluding those countries, -so that distribution is permitted only in or among countries not thus -excluded. In such case, this License incorporates the limitation as if -written in the body of this License. - - 13. The Free Software Foundation may publish revised and/or new -versions of the Lesser General Public License from time to time. -Such new versions will be similar in spirit to the present version, -but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Library -specifies a version number of this License which applies to it and -"any later version", you have the option of following the terms and -conditions either of that version or of any later version published by -the Free Software Foundation. If the Library does not specify a -license version number, you may choose any version ever published by -the Free Software Foundation. - - - 14. If you wish to incorporate parts of the Library into other free -programs whose distribution conditions are incompatible with these, -write to the author to ask for permission. For software which is -copyrighted by the Free Software Foundation, write to the Free -Software Foundation; we sometimes make exceptions for this. Our -decision will be guided by the two goals of preserving the free status -of all derivatives of our free software and of promoting the sharing -and reuse of software generally. - - NO WARRANTY - - 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. -EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR -OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY -KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN -WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY -AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU -FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - - END OF TERMS AND CONDITIONS - - - How to Apply These Terms to Your New Libraries - - If you develop a new library, and you want it to be of the greatest -possible use to the public, we recommend making it free software that -everyone can redistribute and change. You can do so by permitting -redistribution under these terms (or, alternatively, under the terms of the -ordinary General Public License). - - To apply these terms, attach the following notices to the library. It is -safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -Also add information on how to contact you by electronic and paper mail. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the library, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written by James Random Hacker. - - , 1 April 1990 - Ty Coon, President of Vice - -That's all there is to it! - ----- - -Copyright (C) Ceki Gulcu -Copyright (C) Hibernate.org -Copyright (C) Joern Huxhorn -Copyright (C) QOS.ch - -This library is free software; you can redistribute it and/or modify it under -the terms of the GNU Lesser General Public License as published by the Free -Software Foundation; either version 2.1 of the License, or (at your option) any -later version. - -This library is distributed in the hope that it will be useful, but WITHOUT ANY -WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public License along -with this library; if not, write to the Free Software Foundation, Inc., 51 -Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - - - GNU LESSER GENERAL PUBLIC LICENSE - Version 2.1, February 1999 - - Copyright (C) 1991, 1999 Free Software Foundation, Inc. - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - -[This is the first released version of the Lesser GPL. It also counts - as the successor of the GNU Library Public License, version 2, hence - the version number 2.1.] - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -Licenses are intended to guarantee your freedom to share and change -free software--to make sure the software is free for all its users. - - This license, the Lesser General Public License, applies to some -specially designated software packages--typically libraries--of the -Free Software Foundation and other authors who decide to use it. You -can use it too, but we suggest you first think carefully about whether -this license or the ordinary General Public License is the better -strategy to use in any particular case, based on the explanations below. - - When we speak of free software, we are referring to freedom of use, -not price. Our General Public Licenses are designed to make sure that -you have the freedom to distribute copies of free software (and charge -for this service if you wish); that you receive source code or can get -it if you want it; that you can change the software and use pieces of -it in new free programs; and that you are informed that you can do -these things. - - To protect your rights, we need to make restrictions that forbid -distributors to deny you these rights or to ask you to surrender these -rights. These restrictions translate to certain responsibilities for -you if you distribute copies of the library or if you modify it. - - For example, if you distribute copies of the library, whether gratis -or for a fee, you must give the recipients all the rights that we gave -you. You must make sure that they, too, receive or can get the source -code. If you link other code with the library, you must provide -complete object files to the recipients, so that they can relink them -with the library after making changes to the library and recompiling -it. And you must show them these terms so they know their rights. - - We protect your rights with a two-step method: (1) we copyright the -library, and (2) we offer you this license, which gives you legal -permission to copy, distribute and/or modify the library. - - To protect each distributor, we want to make it very clear that -there is no warranty for the free library. Also, if the library is -modified by someone else and passed on, the recipients should know -that what they have is not the original version, so that the original -author's reputation will not be affected by problems that might be -introduced by others. - - - Finally, software patents pose a constant threat to the existence of -any free program. We wish to make sure that a company cannot -effectively restrict the users of a free program by obtaining a -restrictive license from a patent holder. Therefore, we insist that -any patent license obtained for a version of the library must be -consistent with the full freedom of use specified in this license. - - Most GNU software, including some libraries, is covered by the -ordinary GNU General Public License. This license, the GNU Lesser -General Public License, applies to certain designated libraries, and -is quite different from the ordinary General Public License. We use -this license for certain libraries in order to permit linking those -libraries into non-free programs. - - When a program is linked with a library, whether statically or using -a shared library, the combination of the two is legally speaking a -combined work, a derivative of the original library. The ordinary -General Public License therefore permits such linking only if the -entire combination fits its criteria of freedom. The Lesser General -Public License permits more lax criteria for linking other code with -the library. - - We call this license the "Lesser" General Public License because it -does Less to protect the user's freedom than the ordinary General -Public License. It also provides other free software developers Less -of an advantage over competing non-free programs. These disadvantages -are the reason we use the ordinary General Public License for many -libraries. However, the Lesser license provides advantages in certain -special circumstances. - - For example, on rare occasions, there may be a special need to -encourage the widest possible use of a certain library, so that it becomes -a de-facto standard. To achieve this, non-free programs must be -allowed to use the library. A more frequent case is that a free -library does the same job as widely used non-free libraries. In this -case, there is little to gain by limiting the free library to free -software only, so we use the Lesser General Public License. - - In other cases, permission to use a particular library in non-free -programs enables a greater number of people to use a large body of -free software. For example, permission to use the GNU C Library in -non-free programs enables many more people to use the whole GNU -operating system, as well as its variant, the GNU/Linux operating -system. - - Although the Lesser General Public License is Less protective of the -users' freedom, it does ensure that the user of a program that is -linked with the Library has the freedom and the wherewithal to run -that program using a modified version of the Library. - - The precise terms and conditions for copying, distribution and -modification follow. Pay close attention to the difference between a -"work based on the library" and a "work that uses the library". The -former contains code derived from the library, whereas the latter must -be combined with the library in order to run. - - - GNU LESSER GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License Agreement applies to any software library or other -program which contains a notice placed by the copyright holder or -other authorized party saying it may be distributed under the terms of -this Lesser General Public License (also called "this License"). -Each licensee is addressed as "you". - - A "library" means a collection of software functions and/or data -prepared so as to be conveniently linked with application programs -(which use some of those functions and data) to form executables. - - The "Library", below, refers to any such software library or work -which has been distributed under these terms. A "work based on the -Library" means either the Library or any derivative work under -copyright law: that is to say, a work containing the Library or a -portion of it, either verbatim or with modifications and/or translated -straightforwardly into another language. (Hereinafter, translation is -included without limitation in the term "modification".) - - "Source code" for a work means the preferred form of the work for -making modifications to it. For a library, complete source code means -all the source code for all modules it contains, plus any associated -interface definition files, plus the scripts used to control compilation -and installation of the library. - - Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running a program using the Library is not restricted, and output from -such a program is covered only if its contents constitute a work based -on the Library (independent of the use of the Library in a tool for -writing it). Whether that is true depends on what the Library does -and what the program that uses the Library does. - - 1. You may copy and distribute verbatim copies of the Library's -complete source code as you receive it, in any medium, provided that -you conspicuously and appropriately publish on each copy an -appropriate copyright notice and disclaimer of warranty; keep intact -all the notices that refer to this License and to the absence of any -warranty; and distribute a copy of this License along with the -Library. - - You may charge a fee for the physical act of transferring a copy, -and you may at your option offer warranty protection in exchange for a -fee. - - - 2. You may modify your copy or copies of the Library or any portion -of it, thus forming a work based on the Library, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) The modified work must itself be a software library. - - b) You must cause the files modified to carry prominent notices - stating that you changed the files and the date of any change. - - c) You must cause the whole of the work to be licensed at no - charge to all third parties under the terms of this License. - - d) If a facility in the modified Library refers to a function or a - table of data to be supplied by an application program that uses - the facility, other than as an argument passed when the facility - is invoked, then you must make a good faith effort to ensure that, - in the event an application does not supply such function or - table, the facility still operates, and performs whatever part of - its purpose remains meaningful. - - (For example, a function in a library to compute square roots has - a purpose that is entirely well-defined independent of the - application. Therefore, Subsection 2d requires that any - application-supplied function or table used by this function must - be optional: if the application does not supply it, the square - root function must still compute square roots.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Library, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Library, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote -it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Library. - -In addition, mere aggregation of another work not based on the Library -with the Library (or with a work based on the Library) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may opt to apply the terms of the ordinary GNU General Public -License instead of this License to a given copy of the Library. To do -this, you must alter all the notices that refer to this License, so -that they refer to the ordinary GNU General Public License, version 2, -instead of to this License. (If a newer version than version 2 of the -ordinary GNU General Public License has appeared, then you can specify -that version instead if you wish.) Do not make any other change in -these notices. - - - Once this change is made in a given copy, it is irreversible for -that copy, so the ordinary GNU General Public License applies to all -subsequent copies and derivative works made from that copy. - - This option is useful when you wish to copy part of the code of -the Library into a program that is not a library. - - 4. You may copy and distribute the Library (or a portion or -derivative of it, under Section 2) in object code or executable form -under the terms of Sections 1 and 2 above provided that you accompany -it with the complete corresponding machine-readable source code, which -must be distributed under the terms of Sections 1 and 2 above on a -medium customarily used for software interchange. - - If distribution of object code is made by offering access to copy -from a designated place, then offering equivalent access to copy the -source code from the same place satisfies the requirement to -distribute the source code, even though third parties are not -compelled to copy the source along with the object code. - - 5. A program that contains no derivative of any portion of the -Library, but is designed to work with the Library by being compiled or -linked with it, is called a "work that uses the Library". Such a -work, in isolation, is not a derivative work of the Library, and -therefore falls outside the scope of this License. - - However, linking a "work that uses the Library" with the Library -creates an executable that is a derivative of the Library (because it -contains portions of the Library), rather than a "work that uses the -library". The executable is therefore covered by this License. -Section 6 states terms for distribution of such executables. - - When a "work that uses the Library" uses material from a header file -that is part of the Library, the object code for the work may be a -derivative work of the Library even though the source code is not. -Whether this is true is especially significant if the work can be -linked without the Library, or if the work is itself a library. The -threshold for this to be true is not precisely defined by law. - - If such an object file uses only numerical parameters, data -structure layouts and accessors, and small macros and small inline -functions (ten lines or less in length), then the use of the object -file is unrestricted, regardless of whether it is legally a derivative -work. (Executables containing this object code plus portions of the -Library will still fall under Section 6.) - - Otherwise, if the work is a derivative of the Library, you may -distribute the object code for the work under the terms of Section 6. -Any executables containing that work also fall under Section 6, -whether or not they are linked directly with the Library itself. - - - 6. As an exception to the Sections above, you may also combine or -link a "work that uses the Library" with the Library to produce a -work containing portions of the Library, and distribute that work -under terms of your choice, provided that the terms permit -modification of the work for the customer's own use and reverse -engineering for debugging such modifications. - - You must give prominent notice with each copy of the work that the -Library is used in it and that the Library and its use are covered by -this License. You must supply a copy of this License. If the work -during execution displays copyright notices, you must include the -copyright notice for the Library among them, as well as a reference -directing the user to the copy of this License. Also, you must do one -of these things: - - a) Accompany the work with the complete corresponding - machine-readable source code for the Library including whatever - changes were used in the work (which must be distributed under - Sections 1 and 2 above); and, if the work is an executable linked - with the Library, with the complete machine-readable "work that - uses the Library", as object code and/or source code, so that the - user can modify the Library and then relink to produce a modified - executable containing the modified Library. (It is understood - that the user who changes the contents of definitions files in the - Library will not necessarily be able to recompile the application - to use the modified definitions.) - - b) Use a suitable shared library mechanism for linking with the - Library. A suitable mechanism is one that (1) uses at run time a - copy of the library already present on the user's computer system, - rather than copying library functions into the executable, and (2) - will operate properly with a modified version of the library, if - the user installs one, as long as the modified version is - interface-compatible with the version that the work was made with. - - c) Accompany the work with a written offer, valid for at - least three years, to give the same user the materials - specified in Subsection 6a, above, for a charge no more - than the cost of performing this distribution. - - d) If distribution of the work is made by offering access to copy - from a designated place, offer equivalent access to copy the above - specified materials from the same place. - - e) Verify that the user has already received a copy of these - materials or that you have already sent this user a copy. - - For an executable, the required form of the "work that uses the -Library" must include any data and utility programs needed for -reproducing the executable from it. However, as a special exception, -the materials to be distributed need not include anything that is -normally distributed (in either source or binary form) with the major -components (compiler, kernel, and so on) of the operating system on -which the executable runs, unless that component itself accompanies -the executable. - - It may happen that this requirement contradicts the license -restrictions of other proprietary libraries that do not normally -accompany the operating system. Such a contradiction means you cannot -use both them and the Library together in an executable that you -distribute. - - - 7. You may place library facilities that are a work based on the -Library side-by-side in a single library together with other library -facilities not covered by this License, and distribute such a combined -library, provided that the separate distribution of the work based on -the Library and of the other library facilities is otherwise -permitted, and provided that you do these two things: - - a) Accompany the combined library with a copy of the same work - based on the Library, uncombined with any other library - facilities. This must be distributed under the terms of the - Sections above. - - b) Give prominent notice with the combined library of the fact - that part of it is a work based on the Library, and explaining - where to find the accompanying uncombined form of the same work. - - 8. You may not copy, modify, sublicense, link with, or distribute -the Library except as expressly provided under this License. Any -attempt otherwise to copy, modify, sublicense, link with, or -distribute the Library is void, and will automatically terminate your -rights under this License. However, parties who have received copies, -or rights, from you under this License will not have their licenses -terminated so long as such parties remain in full compliance. - - 9. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Library or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Library (or any work based on the -Library), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Library or works based on it. - - 10. Each time you redistribute the Library (or any work based on the -Library), the recipient automatically receives a license from the -original licensor to copy, distribute, link with or modify the Library -subject to these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties with -this License. - - - 11. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Library at all. For example, if a patent -license would not permit royalty-free redistribution of the Library by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Library. - -If any portion of this section is held invalid or unenforceable under any -particular circumstance, the balance of the section is intended to apply, -and the section as a whole is intended to apply in other circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 12. If the distribution and/or use of the Library is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Library under this License may add -an explicit geographical distribution limitation excluding those countries, -so that distribution is permitted only in or among countries not thus -excluded. In such case, this License incorporates the limitation as if -written in the body of this License. - - 13. The Free Software Foundation may publish revised and/or new -versions of the Lesser General Public License from time to time. -Such new versions will be similar in spirit to the present version, -but may differ in detail to address new problems or concerns. - -Each version is given a distinguishing version number. If the Library -specifies a version number of this License which applies to it and -"any later version", you have the option of following the terms and -conditions either of that version or of any later version published by -the Free Software Foundation. If the Library does not specify a -license version number, you may choose any version ever published by -the Free Software Foundation. - - - 14. If you wish to incorporate parts of the Library into other free -programs whose distribution conditions are incompatible with these, -write to the author to ask for permission. For software which is -copyrighted by the Free Software Foundation, write to the Free -Software Foundation; we sometimes make exceptions for this. Our -decision will be guided by the two goals of preserving the free status -of all derivatives of our free software and of promoting the sharing -and reuse of software generally. - - NO WARRANTY - - 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO -WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. -EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR -OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY -KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE -LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME -THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN -WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY -AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU -FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR -CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE -LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING -RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A -FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF -SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH -DAMAGES. - - END OF TERMS AND CONDITIONS - - - How to Apply These Terms to Your New Libraries - - If you develop a new library, and you want it to be of the greatest -possible use to the public, we recommend making it free software that -everyone can redistribute and change. You can do so by permitting -redistribution under these terms (or, alternatively, under the terms of the -ordinary General Public License). - - To apply these terms, attach the following notices to the library. It is -safest to attach them to the start of each source file to most effectively -convey the exclusion of warranty; and each file should have at least the -"copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -Also add information on how to contact you by electronic and paper mail. - -You should also get your employer (if you work as a programmer) or your -school, if any, to sign a "copyright disclaimer" for the library, if -necessary. Here is a sample; alter the names: - - Yoyodyne, Inc., hereby disclaims all copyright interest in the - library `Frob' (a library for tweaking knobs) written by James Random Hacker. - - , 1 April 1990 - Ty Coon, President of Vice - -That's all there is to it! - ----- - -Copyright (C) Auth0 -Copyright (C) Ceki Gulcu -Copyright (C) ClassGraph -Copyright (C) Hernan Zalazar -Copyright (C) James Ward -Copyright (C) Luciano Balmaceda -Copyright (C) QOS.ch -Copyright (C) The Legion of the Bouncy Castle Inc. -Copyright (C) University of Washington -Copyright (C) University of Waterloo - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - ----- - -Copyright (C) JBoss -Copyright (C) Shigeru Chiba, www.javassist.org -Copyright (C) The Javassist Project - -MOZILLA PUBLIC LICENSE -Version 1.1 - -1. Definitions. - - 1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party. - - 1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications. - - 1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the Modifications made by that particular Contributor. - - 1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in each case including portions thereof. - - 1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for the electronic transfer of data. - - 1.5. "Executable" means Covered Code in any form other than Source Code. - - 1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by Exhibit A. - - 1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this License. - - 1.8. "License" means this document. - - 1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or subsequently acquired, any and all of the rights conveyed herein. - - 1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications. - - B. Any new file that contains any part of the Original Code or previous Modifications. - - 1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this License. - - 1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method, process, and apparatus claims, in any patent Licensable by grantor. - - 1.11. "Source Code" means the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or source code differential comparisons against either the Original Code or another well known, available Covered Code of the Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or de-archiving software is widely available for no charge. - - 1.12. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 6.1. For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity. - -2. Source Code License. - - 2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claims: (a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify, display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part of a Larger Work; and - - (b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and offer for sale, and/or otherwise dispose of the Original Code (or portions thereof). - - (c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code under the terms of this License. - - (d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2) separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the combination of the Original Code with other software or devices. - - 2.2. Contributor Grant. Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license - - (a) under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify, display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and - - (b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made, and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of Modifications made by that Contributor with its Contributor Version (or portions of such combination). - - (c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first makes Commercial Use of the Covered Code. - - (d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) for any code that Contributor has deleted from the Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part of the Contributor Version) or other devices; or 4) under Patent Claims infringed by Covered Code in the absence of Modifications made by that Contributor. - -3. Distribution Obligations. - - 3.1. Application of License. The Modifications which You create or to which You contribute are governed by the terms of this License, including without limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering the additional rights described in Section 3.5. - - 3.2. Availability of Source Code. Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party. - - 3.3. Description of Modifications. You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of the Covered Code. - - 3.4. Intellectual Property Matters (a) Third Party Claims. If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution titled "LEGAL" which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that new knowledge has been obtained. - - (b) Contributor APIs. If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file. - - (c) Representations. Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor's Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this License. - - 3.5. Required Notices. You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for, warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty, support, indemnity or liability terms You offer. - - 3.6. Distribution of Executable Versions. You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of any such terms You offer. - - 3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code. - -4. Inability to Comply Due to Statute or Regulation. - - If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible; and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it. - -5. Application of this License. - - This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code. - -6. Versions of the License. - - 6.1. New Versions. Netscape Communications Corporation ("Netscape") may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number. - - 6.2. Effect of New Versions. Once Covered Code has been published under a particular version of the License, You may always continue to use it under the terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under this License. - - 6.3. Derivative Works. If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already Covered Code governed by this License), You must (a) rename Your license so that the phrases "Mozilla", "MOZILLAPL", "MOZPL", "Netscape", "MPL", "NPL" or any confusingly similar phrase do not appear in your license (except to note that your license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.) - -7. DISCLAIMER OF WARRANTY. - - COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. - -8. TERMINATION. - - 8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the termination of this License shall survive. - - 8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant") alleging that: - - (a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice period specified above. - - (b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date You first made, used, sold, distributed, or had made, Modifications made by that Participant. - - 8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be taken into account in determining the amount or value of any payment or license. - - 8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination. - -9. LIMITATION OF LIABILITY. - - UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE), CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU. - -10. U.S. GOVERNMENT END USERS. - - The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995). Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire Covered Code with only those rights set forth herein. - -11. MISCELLANEOUS. - - This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-of-law provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do business in the United States of America, any litigation relating to this License shall be subject to the jurisdiction of the Federal Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation which provides that the language of a contract shall be construed against the drafter shall not apply to this License. - -12. RESPONSIBILITY FOR CLAIMS. - - As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of liability. - -13. MULTIPLE-LICENSED CODE. - - Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial Developer permits you to utilize portions of the Covered Code under Your choice of the NPL or the alternative licenses, if any, specified by the Initial Developer in the file described in Exhibit A. - -EXHIBIT A -Mozilla Public License. - - ``The contents of this file are subject to the Mozilla Public License Version 1.1 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/ - - Software distributed under the License is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for the specific language governing rights and limitations under the License. - - The Original Code is . - - The Initial Developer of the Original Code is . Portions created by are Copyright (C) . All Rights Reserved. - - Contributor(s): . - - Alternatively, the contents of this file may be used under the terms of the license (the "[ ] License"), in which case the provisions of [ ] License are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the [ ] License and not to allow others to use your version of this file under the MPL, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the [ ] License. If you do not delete the provisions above, a recipient may use your version of this file under either the MPL or the [ ] License." - - [NOTE: The text of this Exhibit A may differ slightly from the text of the notices in the Source Code files of the Original Code. You should use the text of this Exhibit A rather than the text found in the Original Code Source Code for Your Modifications.] - ----- - -Copyright (C) Thomas Mueller - -Mozilla Public License Version 2.0 -================================== - -1. Definitions --------------- - -1.1. "Contributor" - means each individual or legal entity that creates, contributes to - the creation of, or owns Covered Software. - -1.2. "Contributor Version" - means the combination of the Contributions of others (if any) used - by a Contributor and that particular Contributor's Contribution. - -1.3. "Contribution" - means Covered Software of a particular Contributor. - -1.4. "Covered Software" - means Source Code Form to which the initial Contributor has attached - the notice in Exhibit A, the Executable Form of such Source Code - Form, and Modifications of such Source Code Form, in each case - including portions thereof. - -1.5. "Incompatible With Secondary Licenses" - means - - (a) that the initial Contributor has attached the notice described - in Exhibit B to the Covered Software; or - - (b) that the Covered Software was made available under the terms of - version 1.1 or earlier of the License, but not also under the - terms of a Secondary License. - -1.6. "Executable Form" - means any form of the work other than Source Code Form. - -1.7. "Larger Work" - means a work that combines Covered Software with other material, in - a separate file or files, that is not Covered Software. - -1.8. "License" - means this document. - -1.9. "Licensable" - means having the right to grant, to the maximum extent possible, - whether at the time of the initial grant or subsequently, any and - all of the rights conveyed by this License. - -1.10. "Modifications" - means any of the following: - - (a) any file in Source Code Form that results from an addition to, - deletion from, or modification of the contents of Covered - Software; or - - (b) any new file in Source Code Form that contains any Covered - Software. - -1.11. "Patent Claims" of a Contributor - means any patent claim(s), including without limitation, method, - process, and apparatus claims, in any patent Licensable by such - Contributor that would be infringed, but for the grant of the - License, by the making, using, selling, offering for sale, having - made, import, or transfer of either its Contributions or its - Contributor Version. - -1.12. "Secondary License" - means either the GNU General Public License, Version 2.0, the GNU - Lesser General Public License, Version 2.1, the GNU Affero General - Public License, Version 3.0, or any later versions of those - licenses. - -1.13. "Source Code Form" - means the form of the work preferred for making modifications. - -1.14. "You" (or "Your") - means an individual or a legal entity exercising rights under this - License. For legal entities, "You" includes any entity that - controls, is controlled by, or is under common control with You. For - purposes of this definition, "control" means (a) the power, direct - or indirect, to cause the direction or management of such entity, - whether by contract or otherwise, or (b) ownership of more than - fifty percent (50%) of the outstanding shares or beneficial - ownership of such entity. - -2. License Grants and Conditions --------------------------------- - -2.1. Grants - -Each Contributor hereby grants You a world-wide, royalty-free, -non-exclusive license: - -(a) under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or - as part of a Larger Work; and - -(b) under Patent Claims of such Contributor to make, use, sell, offer - for sale, have made, import, and otherwise transfer either its - Contributions or its Contributor Version. - -2.2. Effective Date - -The licenses granted in Section 2.1 with respect to any Contribution -become effective for each Contribution on the date the Contributor first -distributes such Contribution. - -2.3. Limitations on Grant Scope - -The licenses granted in this Section 2 are the only rights granted under -this License. No additional rights or licenses will be implied from the -distribution or licensing of Covered Software under this License. -Notwithstanding Section 2.1(b) above, no patent license is granted by a -Contributor: - -(a) for any code that a Contributor has removed from Covered Software; - or - -(b) for infringements caused by: (i) Your and any other third party's - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - -(c) under Patent Claims infringed by Covered Software in the absence of - its Contributions. - -This License does not grant any rights in the trademarks, service marks, -or logos of any Contributor (except as may be necessary to comply with -the notice requirements in Section 3.4). - -2.4. Subsequent Licenses - -No Contributor makes additional grants as a result of Your choice to -distribute the Covered Software under a subsequent version of this -License (see Section 10.2) or under the terms of a Secondary License (if -permitted under the terms of Section 3.3). - -2.5. Representation - -Each Contributor represents that the Contributor believes its -Contributions are its original creation(s) or it has sufficient rights -to grant the rights to its Contributions conveyed by this License. - -2.6. Fair Use - -This License is not intended to limit any rights You have under -applicable copyright doctrines of fair use, fair dealing, or other -equivalents. - -2.7. Conditions - -Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted -in Section 2.1. - -3. Responsibilities -------------------- - -3.1. Distribution of Source Form - -All distribution of Covered Software in Source Code Form, including any -Modifications that You create or to which You contribute, must be under -the terms of this License. You must inform recipients that the Source -Code Form of the Covered Software is governed by the terms of this -License, and how they can obtain a copy of this License. You may not -attempt to alter or restrict the recipients' rights in the Source Code -Form. - -3.2. Distribution of Executable Form - -If You distribute Covered Software in Executable Form then: - -(a) such Covered Software must also be made available in Source Code - Form, as described in Section 3.1, and You must inform recipients of - the Executable Form how they can obtain a copy of such Source Code - Form by reasonable means in a timely manner, at a charge no more - than the cost of distribution to the recipient; and - -(b) You may distribute such Executable Form under the terms of this - License, or sublicense it under different terms, provided that the - license for the Executable Form does not attempt to limit or alter - the recipients' rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - -You may create and distribute a Larger Work under terms of Your choice, -provided that You also comply with the requirements of this License for -the Covered Software. If the Larger Work is a combination of Covered -Software with a work governed by one or more Secondary Licenses, and the -Covered Software is not Incompatible With Secondary Licenses, this -License permits You to additionally distribute such Covered Software -under the terms of such Secondary License(s), so that the recipient of -the Larger Work may, at their option, further distribute the Covered -Software under the terms of either this License or such Secondary -License(s). - -3.4. Notices - -You may not remove or alter the substance of any license notices -(including copyright notices, patent notices, disclaimers of warranty, -or limitations of liability) contained within the Source Code Form of -the Covered Software, except that You may alter any license notices to -the extent required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - -You may choose to offer, and to charge a fee for, warranty, support, -indemnity or liability obligations to one or more recipients of Covered -Software. However, You may do so only on Your own behalf, and not on -behalf of any Contributor. You must make it absolutely clear that any -such warranty, support, indemnity, or liability obligation is offered by -You alone, and You hereby agree to indemnify every Contributor for any -liability incurred by such Contributor as a result of warranty, support, -indemnity or liability terms You offer. You may include additional -disclaimers of warranty and limitations of liability specific to any -jurisdiction. - -4. Inability to Comply Due to Statute or Regulation ---------------------------------------------------- - -If it is impossible for You to comply with any of the terms of this -License with respect to some or all of the Covered Software due to -statute, judicial order, or regulation then You must: (a) comply with -the terms of this License to the maximum extent possible; and (b) -describe the limitations and the code they affect. Such description must -be placed in a text file included with all distributions of the Covered -Software under this License. Except to the extent prohibited by statute -or regulation, such description must be sufficiently detailed for a -recipient of ordinary skill to be able to understand it. - -5. Termination --------------- - -5.1. The rights granted under this License will terminate automatically -if You fail to comply with any of its terms. However, if You become -compliant, then the rights granted under this License from a particular -Contributor are reinstated (a) provisionally, unless and until such -Contributor explicitly and finally terminates Your grants, and (b) on an -ongoing basis, if such Contributor fails to notify You of the -non-compliance by some reasonable means prior to 60 days after You have -come back into compliance. Moreover, Your grants from a particular -Contributor are reinstated on an ongoing basis if such Contributor -notifies You of the non-compliance by some reasonable means, this is the -first time You have received notice of non-compliance with this License -from such Contributor, and You become compliant prior to 30 days after -Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent -infringement claim (excluding declaratory judgment actions, -counter-claims, and cross-claims) alleging that a Contributor Version -directly or indirectly infringes any patent, then the rights granted to -You by any and all Contributors for the Covered Software under Section -2.1 of this License shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all -end user license agreements (excluding distributors and resellers) which -have been validly granted by You or Your distributors under this License -prior to termination shall survive termination. - -************************************************************************ -* * -* 6. Disclaimer of Warranty * -* ------------------------- * -* * -* Covered Software is provided under this License on an "as is" * -* basis, without warranty of any kind, either expressed, implied, or * -* statutory, including, without limitation, warranties that the * -* Covered Software is free of defects, merchantable, fit for a * -* particular purpose or non-infringing. The entire risk as to the * -* quality and performance of the Covered Software is with You. * -* Should any Covered Software prove defective in any respect, You * -* (not any Contributor) assume the cost of any necessary servicing, * -* repair, or correction. This disclaimer of warranty constitutes an * -* essential part of this License. No use of any Covered Software is * -* authorized under this License except under this disclaimer. * -* * -************************************************************************ - -************************************************************************ -* * -* 7. Limitation of Liability * -* -------------------------- * -* * -* Under no circumstances and under no legal theory, whether tort * -* (including negligence), contract, or otherwise, shall any * -* Contributor, or anyone who distributes Covered Software as * -* permitted above, be liable to You for any direct, indirect, * -* special, incidental, or consequential damages of any character * -* including, without limitation, damages for lost profits, loss of * -* goodwill, work stoppage, computer failure or malfunction, or any * -* and all other commercial damages or losses, even if such party * -* shall have been informed of the possibility of such damages. This * -* limitation of liability shall not apply to liability for death or * -* personal injury resulting from such party's negligence to the * -* extent applicable law prohibits such limitation. Some * -* jurisdictions do not allow the exclusion or limitation of * -* incidental or consequential damages, so this exclusion and * -* limitation may not apply to You. * -* * -************************************************************************ - -8. Litigation -------------- - -Any litigation relating to this License may be brought only in the -courts of a jurisdiction where the defendant maintains its principal -place of business and such litigation shall be governed by laws of that -jurisdiction, without reference to its conflict-of-law provisions. -Nothing in this Section shall prevent a party's ability to bring -cross-claims or counter-claims. - -9. Miscellaneous ----------------- - -This License represents the complete agreement concerning the subject -matter hereof. If any provision of this License is held to be -unenforceable, such provision shall be reformed only to the extent -necessary to make it enforceable. Any law or regulation which provides -that the language of a contract shall be construed against the drafter -shall not be used to construe this License against a Contributor. - -10. Versions of the License ---------------------------- - -10.1. New Versions - -Mozilla Foundation is the license steward. Except as provided in Section -10.3, no one other than the license steward has the right to modify or -publish new versions of this License. Each version will be given a -distinguishing version number. - -10.2. Effect of New Versions - -You may distribute the Covered Software under the terms of the version -of the License under which You originally received the Covered Software, -or under the terms of any subsequent version published by the license -steward. - -10.3. Modified Versions - -If you create software not governed by this License, and you want to -create a new license for such software, you may create and use a -modified version of this License if you rename the license and remove -any references to the name of the license steward (except to note that -such modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary -Licenses - -If You choose to distribute Source Code Form that is Incompatible With -Secondary Licenses under the terms of this version of the License, the -notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice -------------------------------------------- - - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. If a copy of the MPL was not distributed with this - file, You can obtain one at http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular -file, then You may include the notice in a location (such as a LICENSE -file in a relevant directory) where a recipient would be likely to look -for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - "Incompatible With Secondary Licenses" Notice ---------------------------------------------------------- - - This Source Code Form is "Incompatible With Secondary Licenses", as - defined by the Mozilla Public License, v. 2.0. - diff --git a/certs/From Files to secrets to container with mounted volumes.md b/certs/From Files to secrets to container with mounted volumes.md deleted file mode 100644 index fd4bad6..0000000 --- a/certs/From Files to secrets to container with mounted volumes.md +++ /dev/null @@ -1,68 +0,0 @@ -### How to populate the keystores and truststores, trustanchor files in k8s cluster - -A general approach how to secrets are mounted volumes can be found in the official [documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume) -1.) generate the keystore, truststore trust_anchor as described in [PlaceYourGatewayAccessKeysHere.md](PlaceYourGatewayAccessKeysHere.md) -2.) combine the resulting files in a single secret with - -```(bash) -kubectl create secret generic mtls-secret --dry-run=client --namespace=kds -o yaml --from-file=tls_key_store.p12 --from-file=tng_tls_server_truststore.p12 --from-file=trustanchor_store.jks > mtls_secret.yaml -kubectl create secret generic --dry-run=client --namespace= -o yaml --from-file= --from-file=.p12 --from-file= > combined_tls_secret.yaml -``` - -this will result in a yaml file containing the base64 encoded file contents of that three files - -```(json) -apiVersion: v1 -data: - tls_key_store.p12: MIIF3wIBAzCCBZUGDQEJFDEkHiIAYwBsAGkAZQBuAHQAYwByAGUAZABlAG4AdABpAGEAbABzMEEwMTANBglghkgBZQMEAgEFAAQgt/aPlSTVrkAIplPg++vrX...../czGzdjH1XPrutiae8EAFoECKv4c1pYD2TDAgIIAA== - trustanchor_store.jks: /u3+7QAAAAIAAAABAAAAAgAadG5nLXRscy1zZXJ2ZXItY2VydGlmaWNhdGUAAAGLVC9h5gAFWC41MDkAAAUaMIIFFjCCAv6gAwIBAgIRAJErCEr - tng_tls_server_truststore.p12: /u3+7QAAAAIAAAABAAAAAgAXoB1.....lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4avAuvDsz -kind: Secret -metadata: - creationTimestamp: null - name: mtls-secret -``` - -This file then can be temporarily included in your helm charts or directly applied to your cluster with - -```(shell) -kubectl apply -f mtls-secret.yaml # will apply the secret to current context -``` - -**Note that your secrets with keystores/truststores contain sensible data. Keep them in save place** - -In the deployment of your helm chart include the secret as volumes in the template spec - -```(helm) -spec: - template: - spec: - volumes: - - name: secrets-jks - secret: - secretName: mtls-secret - items: - - key: tls_key_store.p12 - path: tls_key_store.p12 - - key: trustanchor_store.jks - path: trustanchor_store.jks - - key: tng_tls_server_truststore.p12 - path: tng_tls_server_truststore.p12 -``` - -The items array is optional as long as the keynames reflect the filenames and all keys in the secret -shall be mapped to files - -The according volume mounts are defined in the container section - -```(helm) -spec: - templates: - spec: - containers: - volumeMounts: - - name: secrets-jks - mountPath: /certs - readOnly: true -``` - diff --git a/certs/PlaceYourGatewayAccessKeysHere.md b/certs/PlaceYourGatewayAccessKeysHere.md deleted file mode 100644 index 649a702..0000000 --- a/certs/PlaceYourGatewayAccessKeysHere.md +++ /dev/null @@ -1,59 +0,0 @@ -### Note: - -If you want to run the key distribution service via the given docker-compose file, place your keys to access the -[DGCG](https://github.com/eu-digital-green-certificates/dgc-gateway) in this folder and adjust the file names -in the [docker-compose.yml](../docker-compose.yml) file. - -Further information can be found in the [README](../README.md) - -# How to use participants key material to access TNG - -Copy the TLS.pem, TLS.key and CA.pem from your participant onboarding repository to this /certs folder. - -Create a JKS TrustStore from the CA.pem: - -R3 of the URL cert export (keystore explorer): - -``` -keytool -importcert -alias tng-tls-server-certificate -file R3.cer -keystore tng_tls_server_truststore.p12 -storepass dgcg-p4ssw0rd -storetype jks -``` - -Create a Trustanchor store from TNG TrustAnchor.pem: - -``` -keytool -importcert -alias trustanchor -file TA_CA.pem -keystore trustanchor_store.jks -storepass dgcg-p4ssw0rd -storetype jks -``` - -Create a pkcs12 KeyStore from the TLS.pem and TLS.key: - -``` -openssl pkcs12 -export -out tls_key_store.p12 -inkey TLS.key -in TLS.pem -passout pass:dgcg-p4ssw0rd -name clientcredentials -``` - -# How to setup signing material for DID Signing - -KDS is able to provide a DID-Document holding the downloaded keys. The DID-Document will be signed by a private key provided in a KeyStore. - -Generate Private Key (Choose another Curve depending your needs) - -``` -openssl ecparam -name prime256v1 -genkey -noout -out did-signer.pem -``` - -Convert PEM-File to KeyStore - -``` -openssl pkcs12 -export -out did-signer.p12 -inkey did-signer.pem -nocerts -passout pass:secure-password -name did-signer -``` - -This will result in a KeyStore (P12) containing the previously generated private key stored with alias "did-signer" and secured with password "secure-password" - -```yaml -dgc: - did: - didUploadProvider: local-file - localKeyStore: - alias: did-signer - password: secure-password - path: ./did-signer.p12 -``` diff --git a/codestyle/checkstyle.xml b/codestyle/checkstyle.xml deleted file mode 100644 index 9bca361..0000000 --- a/codestyle/checkstyle.xml +++ /dev/null @@ -1,319 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 025645e..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,42 +0,0 @@ -version: '3' - -services: - postgres: - image: postgres - ports: - - 5432:5432 - environment: - - POSTGRES_PASSWORD=admin # do not use this for production deployments - - PGPASSWORD=admin # do not use this for production deployments - - POSTGRES_USER=postgres - - POSTGRES_DB=postgres - restart: unless-stopped - networks: - persistence: - - tng-kds: - build: . - image: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution:latest - volumes: - - ./certs:/ec/prod/app/san/dgc - - ./logs:/logs - ports: - - 8080:8080 - environment: - - SERVER_PORT=8080 - - SPRING_PROFILES_ACTIVE=cloud - - SPRING_DATASOURCE_URL=jdbc:postgresql://postgres:5432/postgres - - SPRING_DATASOURCE_DRIVERCLASSNAME=org.postgresql.Driver - - SPRING_DATASOURCE_JNDI_NAME=false - - SPRING_JPA_DATABASEPLATFORM=org.hibernate.dialect.PostgreSQLDialect - - SPRING_DATASOURCE_USERNAME=postgres - - SPRING_DATASOURCE_PASSWORD=admin # do not use this for production deployments - depends_on: - - postgres - networks: - backend: - persistence: - -networks: - persistence: - backend: diff --git a/docs/dgca_overview.png b/docs/dgca_overview.png deleted file mode 100644 index d9730c8f2f5a57034dacce704ae2ffca462eb497..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 50448 zcmb5VWmH_vwy2E+NN{&aa1z`df(3ViySuwPK@;3v8+U2k-5O}zHMl$6e)m52yZhX6 ze%!BntTDP|&6=yKX05Jz=KQ57{{sb)5D^Lr3Pnm%Oc@Fa`UY|xeuRhQboG*0K@vYL zMMV{*L`6S4IN6(7+L%H?(f%^c?8Xq5DCBSCyDjo(M2s?~R2g8dvoDFMKBDzQBZZzS_W4C?)#Z*E6P z0wm{?gQTW26ciHHKNmDqdL}+36TwAFP8?wm4h|iLKnS063z9|PBCg>gYHw?6YUcta z>SSu@Vruf)-O|P4^A9OGMfE^bJSeEoP*P&wRXvtZ*4#aa2OhgG&y%hHc4)@$ty8w% zhtTJDCEBs41Fvi8jX!-2zjr)jR zv-kJ!4=e3C2U}7;B`d6aeCOkQ&fbxxnz$k#zl3mCl_`Jt=f?+^FCpk6lEQfZCjph~ zerF_F5MIi5Ae_iZMF}YEQLF+=~|F^{NfPboe{B-zFWB*P>H0>@`(fkcn+gz8aXF;w9-DkW| zH+QsVMFtGC6TuteQ^)zVg)e(CLHU8Um!;Bfjxfdb90jHr=*dSHI^Wf|*gT)=pe+Ei zXSV^CwH<|l@6Qzhs}@AKigPv>b49Pe+>U(OiW8H(tvauX=|2mwL~F|*#lmI2zL+`n zvIF?x1(eApn|i85CpKD1x(rzW_QVG$3I&}rV>yE3LuGVXZ zx^D_Obwc;`Zq4x+D`MJL(tcUJJC9ScYKNauLWOAa{ig_ivgyp`r<(ePKhJo$Y|P4i z4V@cJvY`B7`^%`yqj62Y0LhH#EXWXFp6h9-ZB>lGcHX{vDFn#mY{1whuu4GsSF*$hJp`|UC|w7ZzwDcF6K z@PtKXXs#b~{tV}Wq^z9JU4P3@s)b-kSU-6>HgSNqwRMo(2R)$!8ZJMVK2yKBp zriys+Mtz>+aPxvM5I%GLD zp9|IHgdRtgR+hr4eWCc4w&fcy7424gc8}G1@g`o_zvywC5F^IJ!D+)c=O?DQ6$*u( z7f)F1T+@q$nzTxZFo0m?xl?efA#9YN)ecKKi4Q`N3vH7i^DH8TFXWxUUQ|8^m!MeW zT~VDib~Pf|xW4~LA9V>E|L`1RtQ7DXzG}0i7rn7VLnRP61FI|*>7@K{QI`1}&UE=8 z=a%Tv9TbhtH-IBpQ?^^kt%$RzvlBd+T;-pG&1-PUq45KS zeYc7GFTBjJYuh&1s!u`wczG)Qg%NHSzdbq>5OuE3`Tjd{PL7=b2!E9=FuP3Yj*H+f zA9~`!7n%QCeG9HyN~Nf|Ev z=x-sUZ^LMOw(ZO9l4LdY^GvXd37jPqlIN>J%iaUHbA0sdi*T}-%g9)4=^};YwpYb_ zb2!z|;Y?x(<*3jArVud_OGvr09SQm8lp_>h)gOsMx4ZycH8_OOPOp3TN}TSQq z@Z#Xg{n^qmI(;xr1HBm0k0{m1OxaM5F=e6o&7fm9U5J?Mxrv<&6B*u$)uyc4pO(k?i<^ zXyB{_nFg7Xwwa+ZeVc=%DR;y4i^aX**1yqjsvJ*?+R9@Qf>LuWzWrecKhiN6i4gR& zzpqa!Gx}T*`EmNvhM8Xe9aWx;tJ|tO&U4OU5e)Rb^<&HsOgwbpLt02uURn(??J4|D z=i|5Jz>3uiy;##63Cz}zHtoR6v1F-rr_a%03p*S61BLywo}=IJR%kdc!mVF$*C zDn^#>TlN$f4Yi+UQa)IwTWh)OH56-g89nB2e;xRl{bs~;Coi$_hywr4<*Zr*Tek{PtLTF8lyP8`+RRgP69+Goy*Sk?1|Vva$Ns zr6u%U`OH08cDc9jG@krtT=d{BI3RR`jCkV1_~!8Kq_davd(4g~1!%QGqbd`ZnCkHr zo)*z;MQTjG*k4U8Z^{1Rh6D?LhA%L#YiYvSzLI)1@ABH&iC~5+u=_ssAu};USj(nH z>1Ck4{P1X2Q9IwvDyke}EJ@nVF+JUoa;c!P1K z{rP}RF^luA6?WDAmf4Qa|MMRP%gYc+gnCBO-gBl2DudKK+o2Yhvlb89s$_k&zZn>P zCo43ym377k^nyAi=3dM#?ael1hK&<>VQnd*dkx-rPRF3~8P(9&3HW#S0fV!2mJkc| z3;b>JlU2u_&u{$Bv|*MQ7Mk7|SZ2mzIh0UVM7~*xLU~@h_eAuSS65HLppVXQu~U?_&2L>9vX$V^f;>Uy{_bB1K5g;eTuI~F z@C*M`=AN2J?@g^3mS@A!xagk>XFHBm5^K!Vc4|n_pTr+D2BRG04jo?n5z3y21r~3z z(GLo=M`tpl6q&BHUZS3P+fsnu+kcA|xzZxGYCr1-JK>xSRY{zge*NQ%|V`Tg`2ZNu)nj;3o844Ntp1JdTrK7B*)if zU-9a%Pc-2IPC!t;XvL)lzY|Cdlj3yT&z4HRk|Ez(gj-?54|4`JNsTB9irZ4hzG(r0 z&mGGPzPZ&@p9-~EJ*XA3Z1R6{U#i{LiEcD71HLD(ai#HAU+S;ecTDASfBQvNk!r9{h>>=yov)2 zB@51dtG=r9EzrY931Y41hhvNM22ay-(_Ja{6)?HW=1vnKj5-`uNL=!=2V4nktyVgC zHxyw*z&rJV%xhjv_0B0*^IIyqL2=!Jl!go;5uS6D$kD%_oDcaO=9yRJs6j*bP@A>Q z-~yAb?)scvXotZTy%T^Cf3popty4oc!s%+Py~~3Os;rjL!JR)RnwBp%S?Tia3O+s- zKeCvcJzsmas*zTQy^IS=!MEm z#oz;-FlZ+9Nxf64LyVa=n0EfaV>@@?%`!9B}D;oz6M0N(h?#-Z&zwSf)S3UX#|%oIBu%`!zXsJ5TrJ~pbAIpY0h4IBm8NQy{+-d2MU8il-ljo8cP_Yw*m?dl|8j#mYkY}9v zI}3(NkQy1a^KPPvH5*teq?Y75uA4q}N_Mgpiq^b|lo|rGIgIS}{uTv|KPN!S9%JMl z@P{JE)&6u)WIOBXdNJM!kLCmD#nF5U2A5I{$SfO`vTsLCLo6L>rBP#p2P!f1ANww9 zr><_H<|`W#lgTKL{rPk-jsV1$?QT!d6S4k_av(H(^7{Ek%X;2q&h z4@SXa)LT<}=D5LK{*O#pY(?x)mS6ISjhkHLA}PZ#Z9owUA)wsAOy9hr>q8>6W54)^ z;1^9a21DVBm??0gqUr-3&KXpaolqQU=^jA6$!X|FK-1xVB>E&Hq8J|ZP;5HGF%w&b zP+g^~VyK9Z!5MnU%$E$;oGB2XJxLm1s@Wq0phcEOGGD5?BZxK2nYpV&V8g9tJZtgt zdA3AR2rvZ-?p5Lxy=+~Ro5hY9tXF)BK1&HHFvTdc)ZFb~bX;tlb~Tj5e_&|qhvUNn z4Z8GouzmB;`B}57FeSA+W*WNcI)lEQ-zOPY&z5UV58YST)+6I&gHN!de3*_8-91rl zV+wf|YclTqmG1;Q`|UR^~)v~#{CM0gU&j5uR^h_<;LKamq4{$6F9aX3iN`X zuMaS%2QCNKPAIn1(Ke?sESG6xAp1_*H#f_bpuV&x#nHzNsWI_ov;!lqlX7IgxU=D# z-}wfbxDyN%7IJxg+a2e|z$v4H9rKwIsy&^bYaw9!%?AIjzm-sA_T0m3>L1>H2aa@? zYL3yx4s8~-q775INjU4C3k@|%GQP)cAj7HXs%gje$XQCM(Yhk_RBN8Y3{Meei2!wpZGxf=h7K&;)V(h}UR#KHec6oYZc=v_(d_xEC(+V-0~}C*ejb6U z=0gr=H73g>VjzFPgdH1an@2TLCmqB{nDdjWAxo7*oGRzR-`GF(xMC$sVy9|o8LMf= zEQPFmZB7>+VBuHp6OGft>j{!g4IlWbs-{--@sPK-IBm)dHK2ow&4jGE@ETpD+2QXL z(Db~KBwV75wrmq5qn(U2YP#C9BbX65bp^Z#OZPgLYpe6u9BC2pNy%cM6RrU8vk3(c zr=C6bZWUwIAG+c~pmiUHs9=MKv{hllMl}1BHJx9%du@6?>nZI}lb<+H7b--@m%3#@y`17hah{f&I7?CRuy9&_rpk@liOgsIG9ndIf1NbLjct|j(jT&vnx56) zMv?>t`9IlKBnD?J-I$?q`uxLnET}%LIPWWB7@T`o7i_GCVa3}fj?@0*-Gxk^aQO-vRq`{V&$Us-daI199`^7YFtb)$_WKQh4`esvh=Z$g0%=aOt zkzccEkBf-dn}ve4{CDMZ1$Lq!Y*bawSq3UhwZIv)Dg)tE3G11(?ug_8WjDFKEA{4W zD+>uV)G6ObIY}GM&710*;=dUvZe*pVCjNNlvBM@V&G>}nK_FC8B*Yy4j9vgWsh=|} zA1Wt&aC5Q4YsO06G6_HY-UUmhVBwg5qn2OW)&&=d+0@~b3YiVfhI!rllJnwEouMp+ zs?ERk^}k&HRxBzFE(*~@>E>NFMu}Q8^4^R>!xP7eg(6xs~Ob0#mW`r3&(l(m4=Nf-CF(_q5GTuiGlKlhQwZ> z^Hn!H)cPYmn$1^tUCvDAjL~9&B;>c(l$QzxdZxF_ImN76Yea1~QbhT|}Hb$GY7e(1~0TJ;rYJGx}#eA#2aJNZV#Ll?#<^#}VW`|N9S zYxDzGm2*p#LmylD!*(Y~GS-phy%RLNp&o0QUg$3MnP)*9JZFLH7PY?~cYj$@zG^}h zTL1S=WvQ_wIwXXaRVAOU(vJLoKQ4AbNbGyh-t@yYN8h4~^4Pil)H9fk8-tLn`s;3{ zlIE(98!Faw|Be&Suw*1T1zjW)Je9GvCi3FkW*{b6^*URm12D`|D-YZ6_-5=k>7|Xg z!&j9vJxNbf3f*{e&y%VVY;4uv3sl(+4-S7bU`;k|pjo7!krstUCM)alu6rx!ZbqVa z%Db{B0%6rO!oK?`)2A_fJ9!Ng&jNSP*KJN6Uv7Q7yIQP-{e{xp_~9ja$4Zj`TrR^- zbS{*psZdRBuTIeSRN}N^O2K37!gG1~$D~NY7|M`sBQMVCav}0nHe-<}T&|CZc`3>N zqi$`>A$!g7SJJMY_4v*0){p8AIrAtJiWr+OMBdvqmL4x=v{`yO=Ov{L>Cgf}BqMd{ zW}{!%PFa6!_kW4nmcJp*C}wT(=M{BgU3pDeqd{4P#>^rF3pJ#f!m-KUC&;sy6qZ*HkGCo^1n5=nf_POv_YHwdyF2L!c#3+bgQj5o)h;B_dN#>u z$L(vP_AU#&^J@ApTq8X^U5|;QZDzg1oM9&BzyDyy4B>5pr|2mL%6yM+tL!*StL!Dz zu$`V=zm&_^gu8HQ*jBl&v^hQKul2h4-QJ9D28qDI-yVzPRD6I58&S7L)T}9sR!BY_ zXfPO!ps!Fj(rr71N_xI2yPuCxpRIu3y*$(vh+?q~wCbKbFMgEgiYY z#SETavfWn29hJk!9amCOsW$TyRMt6^l^}Sm}5cFpiOpb zxlonF9mNV6Y&Vn@4sb(Gnqc3zM)Ri+n$PHa5=XAFxV~7sveGSX-l02BARvECQ2RY( zs~{KnZLrw)7~rU@{WMuO-8EybN>YLNfNQCQ$A7p+Bx;PU)ZS`Tu>Ib*EBQ-5{ zHdf))Xr3_CMU8@ji(2B56c4%a@LeP0Gi74j>_7Lxb-;YOhfO54y@lFeg#)b`DjHLd z6w0k8%Zfj3zU|d@(SH$GAGrzaIZu9f-Gbge{R%B-x*XuKP2uvD@P&R=Ph7eoxVFPc z5hoOugY@pFciJo;e6``#E>{tAVNj^ z9@?^2Ucx<&yti!Yj*xy?<%f79LPjwi zV$LK1oC*4M-C!B@G)~$-k|~ovtj9{NHMwRgN@a=AWt0m^Kn>iA$9t9SUuRFg;*bVk zJ7FCXp7%2|aFSV2E*DRK;|L<5im70*${jU#n8~GV>tD3IAspXOlIvJekS)v_@iqG8 zWHrY{RI#f5!!zr?^gep3riRZ&{)kA_D5PVrwhNwbEJH&_Q6cixL07OaKu6=EYG^w-(*n2$j$EC;{kI$+niQ-jOv`g`XQuy?Fyys9WUj@0 z|E6;E2Uj#>ddtmh#TfCE;N2j z$M$qKbJU56iA5XEGvK)(r0zeIFP1AbG;}4F;SJ&}W7Fb>T_kzghyHjJxr7SEm{1KuQzsG)>IkQ}S z-*H-6+N$??2c+O1FiCtI85#Ki(WqvH&+l9Z?8<4gD6FZOhMo8?xHwcdCHRc23%-1Q zC0W0Ier4z4VzXc8r=$HM|G5o25S=D_y~Er2v=MAnzvS`ucp$3ad-MFd>d=Ss0VdEb zYA*zRNJtZ#rvH=OXd)eVmOPY|wY6rGO&WG2I?ZRP|Cdqt2WUpTV?3Gx(1lR01a5M2 z!Ft{(YDt}|3V~I}?T`Bz_+iiimg&euoE0GR_9$a*TU!PN!N)@Ee;_Do2EQjOV~PwS zWDJMT)__YL-p$w{4|k~T*gXo`pV5COp8Q(3R!>xv7~HuGkvQIdK*zzMx-W&?8av4@ zM=h5wrlFCFJ^0Bl>-hMXMK0m(^%;wllrhwa*z=+X;a6m2d=R9g2AUy#qvL(r*grHR zWBAb#`RdVU)$6ztQgToJt-$1lI`nft%V=H2G}GRvf3w^F8`r)e;0Tj4Q}na=`ZrZM z|EaF}bv}Fa^8J6Sq481o7Lx8YL(UwPfe8o0MdvO5yro#4k#EIQ3DkOnS)YO@#Ev;JNa^(Iqxv16<#n}0RUEMylwnWeeECn$)HPSTP%eZyMO6QA zY55S;T*yHFk4X7nQ{cZN<^RT){~Ou2|E zfO0LhfbX`?UdPtOmPVS%*vaTZ~=k-Hd347Q#Zcb+uMg%Kl(B9uV1AR zWf}?|0AvdP+ZRA1t6?)xI3Oqp23!0OCNDI^07*SIp|QokD`DTAZ;-V$jf{*yGU>;* zGo2^%6mkTW4MbidR_(aZ1a8p%y2wE6mtGxt_d1MtP>zm{tDXm0r2tAze?Wdgft0MQ z&3*b@SWWC}DUXfzxgjiRtDma~+aOc2)tx32x&-4NXVMrkRjJoBmS z*+*Q6@V_s9LU?)}hCpzpJWaumxa3}pZTy7PRLL&CS7u~bsA}+7DvPm+l`Ld7eCOfe z$%F4@mouBpq&wpK68k;O&|%FLyyXTI%{o_+=MnGJ`bwD_^;s9(dfK#NVPiwd$QY~F z;U)DXA7Pwms;T3-mjtEbzUJyw9a+$PJ_PFd8reG-L&V2VEdFAR5&{6U=rAfPD=z}w ztJyJy6g4#P1-x#42U+kbE2=G2>u(sMYP=jn=0jw@qPqG}GJ|%Zupd;$gakxc`9=C6 z$6EseaitcIL1bkRPbPqD?r>M(+*wZ09+N_qF1vJcI zn@yyDde@9Qf_7Q7C=81vYYqOC(dmOzp-dMoKWDo!nl@D>^2D>P zQDc6J$9|IOZ{%JW2b7qDm*|eOg!IsmNc9HP1OzLRm|34Rw z|7LIhgF*Z^ACv#V-u`WTjv})~A3KBdbA`tggtgxL*5LhnW&Dhvhk)?g9%ZCMj~%mG zU7yshrg<6{JodQxg)I9hbIF`h&-4@=*IB)gbEHM~q3Fk6s?R|e-b;0xD9o_Pg4eu$ zqg_*FrGx{XGPG-re@Ocjz6ch?sY+wyTk&QHdXvTh16NfThX^pdGvNf1f*-Bv7F$9X zI}kvw7beJEaSZw$ksF|B%MXXM{*(yr)g>DtND&cof{c@6U{!^6u)UFc*dOoFB+R*Y z_4{D#o*7Rf>$1g16hVcZcjl_E+`aiV;o@U(-6Hioj$-|}R4-h#Vd{>L%D$E%Q>teQqq_;9I7N$i9;bL zrXTaU9D7ByS<#3Mo29Ld;4)f`VgkaBW)yx~eRXUcae>uvR+QjL<>B-R`MVLk<`=o# z9hOGVSBrBxKxBStc-(g-Ekd|*(~TYs2U?DW5gv_Xg4Hln!?eNX6mgjg+qJVl2P=2i zl|!MXjZFGuz5LtuvY^kE=aOwVWHF|M8pTUnnQ{D0O?&?BoLAexAN!TJ_ruY5g+Cla)?A**23k&GjO7*>-ZtA{hZGR*k~hSi$I+H z!Q!=j#z`l9Z2m0LWOHteuSqS-_L za+;NUrzGe6RophZ>0Pe>UFmb%kcWKRk$A5$=2G+7w}lQrhJtF}nDLW@((=WjRX+Gx z*V$Xy_Pc6)XdxN>H-Tq7!9b&6zXQSE8fQBggDn-XO4BP!-Qa8TOWb>JM2248{h{S4 zp+e5kM7;m%U|#!u&C73g3tkGwSFD*4-A^7FOSQYUoLzoIkuYoWtqI@Fbrd{wz5>;K zhLhvYsPYb^uzerN1xhxgj|Rb#C(fJ+_FiED8)M0j)ph1GDw&+tq~aN!Lmq9$=)qFYWd+HOdGSw0jw z<$Mlo_c=HF*>$OH)x=n|a@1^~Wg8S_s#N1AXswqPSPkQq^ZZS^*+)V)MMu7KkB42( z92}{z_;5zz@lD2o+Qsx{erl#@gO;#-Oylv1j8^}h6o7RyqnUYiJQWeGV6A@6z}7u< zpCj7ck%L6K_PzVO!08rmD)@5btO+GW?Aj<| zOCR`&oRQqu*h=zGkqH0&EkoeFC+c&z*(%oWZam7QFFfyhrS9J| z*la)KY#|ieVj`jYsxXTXJ+PuNHfc&$b34H&9GGoBZgio^WsDY;i1=Q;PNw|flqjmb z`c2AL9K+cDF!eM$x zT*H|fm`eHMeU^Z2{}P|iAj8vQ&EcKgIkK4JKdg4{{p*x7yIsLt#oIyO+*6ELX@ol; z^j&EYXhxbnNI03%5q|xy7r{my6+<=w|JnbR#$(kr^Zh|^(z_kXTNR#2FrDOt;h0nB zSDz9GkwG5q*R8bRn%4Xo7rt+L&#+04W33lyf^B@-(bv zd?{UeKh9ZBgIfVdHm`rFeB@9vUsL!QAI+(f^XvDn@t9%#?(8+k-(vKg24SsRb_YaT z%J1qg>-`M~p;gynzjZRXsZ*-^E)GAWq5bCAH?xvNklQz##}WbKaE3 zpPdCZYdoI?KeUrFdfh?o*gYnuZj8DbH8azyY&~1|AyEV6~)whIr`_T&Esx$A#&%Rv3*sHtYxepvbaqb+}H+F ze-)Ml-+Ah$o+#L|8L0S8nalNoNZ6sLQ5zEVKb$VF_cAX_5IU&_$VP#!flL2(N$Jo98-}cFxc-(Sdyjboy$#~nbH?-S z@F0SH<>%i{JqQ6B0tb3VvrkTY+IC@(`O4XTZw{k}7MZ^teI5?hRhYEoa+u({y~$z@ z9=`d-KBo%fP-;Pgp{rolKX7mK;f33{%_uGcA=jV}rpfmb`BmYa15Zd@!esEn!sH_f zAV0oqUq-r_al6+%ipTwq5fJ5G=X;r{2>fOe@@B83nsh}X^NAfCzwZ74YE2@0Vqf76 zHK3#x6?C3A)~)hO_9U|SnDU-j-t+A%wpxM9kaYU-=n>bWjm;$UQ*_RE>2oDYle+*E|DTT3EL)x^=6BkrHz`qA)%jJb$U1jd2*&o zH8q<%`Fb%t``Rypi(2b>e&Vf}-E238v{tMOP7dN*os8peWs4m_r44V`wwi&anqri9 zg+5af(E&`Ul@}a;QfH9HSd}=kY@;^BXIyINx0UOsT@WGxwbqYAVw7ggH!ncRQx5FD z^CE|dp`Pw`rntynlEX=h)g*CzKl?-cwm6i+%YJS;Pla?g`7z=qsImC{YHZE-Tya-<|W0PzeEJzvPdo zab7-bR`G=7FAZn;aY1**-9YawCh!C-&-$>-(fB_iXhcffZ7Z3$%fvyun|Jr*5{W z5R|;Uo9{V-q7e4c!ZqvuA+=6UjPa|qEur4;m9Uf(6~_(lL+ zPK0f11H%MeeKiL~-wa59 zy~+=PRl{fF2komW4ZuO>)4D7k)=|TUT*%^}Y1)+))i|>_h%Wg?8`L$jy;#74QbIok z6^90_i|vSL6jwJl1`onDoG4R57c!n0KP;x=+NSunU?AN}ZK@B2u~)(kM&gUPN`J-7I^mTRJ1%Wo4%ns2L`Eto@CAXkghNkh%VGaae<&RZzT zdr~>GJ8tFr5=G6LKO{&SV)aAQ_M*sT3vo zUEbY!v>t1&v;YZTPw4EyWdo9PRw#E@y4dJWDDDDGt)}u#S8&bqv41WP`A2rJ(=R>}PU$jX_V?62gpdRX znm@B9-Ey>)?R@*P>YDVyM~~C*3L9tT02Uo%BXk5T6b-yXhpZGR&hPS%caOQNScvPD zQJOCkc8b9r52gJsK4+Nu@j#ZNzt0!m=`*LX$#8UL84vc2s~&#E>u>v8k;e5{xCz5j zZ0AL-dGOW1>~^?nMU@5udlibRL+rob5D6ULY`J@lXKptAR&G~UZaPm5mBdPJ3Z2d+ zVBXByVpb98CCt5{L%;hTbrjBs<0eywm-j)9x|+tc&;Ss!ZL&M ztx5rr7#CyPEm%c8b$s1*4(dse6OMGdK3!eHHg|H&Stab4{V*%+#7$Rw-9&&@i;+qh z!xC;f`AV1L7sF3S{Y7rZ&%I#D(N`V{#ug+sHI0W=TZTYY)9E8H8LA0`D^IO9YS9XA zz5f_Fd4e~3+V5Yc=^;bK%0Pbs3Oj#{jBki?%>}fGVHlgj>+#8N16_hQ4fF}6yY$Fi z;hk8Fl$9H_>=R-6fDbQ%>3_eX#a(H?3Gx>4so42aHK3@Q5HG1zb+f~;tCAFMDYBGr zyijQG3y61(s6$U1?;e?;@DqrG6xC2b%no4U6Nf3SVyT5`l|}aZ@0`9@^x4apUdTd4 zq6?72rrsSk$fP6Ic_}W%K49n}#ZXZG>2EVB>4Fg5>4D1`jwIKNz^5-5r~2UkM^?Gv z^fd$8E4B+;&b`)r4aRB|ap`go1c@?;j{d^W8B=!}wV2Z!vNk4^-`S3?<@Iuz1{-nC z8C|DaPRlf0;IN~fX!989N+$3tA5iLrkK@hd=y30KmBLRd8=MB;)+g>EOTNYOORS%| z@!cyqzh*a7|MKn>wv=%xcw;35tQ+@@5h-Bcy(OXfd^m4^vvb;e>ytpx5D{t2mUF%N zWB8nUa@|WK&{2%Ck=>4$$NW7zJwEG1T?`f|O4Hk+3r>S4U&=eeP`i5LGOc*ydnuUC&CNd6 zSIA;2ZsLQ;86L$z_MWsH32XE4K&RI+D>V{}WBc=j><@>c>nuV}Fj!aAMN5C1^$EnH zQ1yG=oqIy<(I)+#9YqacB;y@ZCZ{zueb$FHEK_1FkU{lqL++@`wcS-)Ke@xpJ-iV~ zMB?yW3vH48D4p*QpqJmx?~&UZ_s1WOE1f%f&rf6QimF+T>Z@a;Joj~Hr{0GGM}%!A z3i%eVG>f`_QY8Wss(cfxbK3rxPHiA3f4@s}pSHenfsAZfQ|4NfeqQ(1ZUqp0u}5*B ztnc~zVf>AR6%JYfHhBXjdEg=KzW(f0<7elM4E97=vzY*%kW!SXrfka-Q-v>6EYAB2 zRb=r_x%O1_Q1E%t4YA0bC0E^E!Vis`IqJc2pAa~-I4X$67Gva2wIE%vFVyYrge$RU zeTwT8z5haEoDLrbj;ZzoHw&Woeth7095mN>(<1+--$9Z3(_O-0(Eb1h*V0$QNDdg2 z#IzA|CQV*;Ks%`8C={7*Kmh%6HtHteIaU`jb)ul5^L3(eFGPGGoR_^AqZ_P&`y{Thd(nWV%8REX!^6F3Njr>MBE2wi|ySuRHCKs$H zD|y{#!xeBPp~?_KK%(AwgkzywBk-AI@DcFlm3gmC$#gcuNc;W$v8h?uvjt@AC{Fcz z!5;?hn?5}06BFdO+mHCZ~N?y>l9~n7C4Z@9w2xq?y(k=;srpDFQR669F!O zXc!K>JXhbW30i5K4L}Ds>C8J9o|?FC#e^`EH3mQEJMc>0@0@W3JyD80uWONoXx^`U zjX+))84F0^-=cAt);~r{Xq~Z3=wCg%k+56}l$ch?Yn=#x7XJSIJ8%e%6bqr8HdC;M z#@%P;LSHTq&{nzTUXP;&*?PdNQ;*)+iYuwLp=1W+ThV)5NsPMD8!YGG8ahif6z-qq z@!F@E9cpl_;igZq!T7PSEu6hJ3203$#OL2V^AaZniR4af*EOvOTnVUwLQUjQ;lj^bhovlJ<9q6iu(f^{a8!w$_8m-GInB98ob*8( z!9No>*$9`{6|(02#g$m1g@MuW`G9aXTim?yL;$>cTSoDW9ix_7V>0-~R{5sqi4^e8 zFtn6jW|b9UuWLcbTg`dD?4Gpo$5wUaP9|`grGcTI;=F9Z*%p}9H{|rNYMDmPQ@5(U z5~*l*;Z6MBWenNZwOn_ZEmUZx(g>S>;pI*5?-wJ;^EbCT9v+=@%303b!mfPJT!!Ua zyg19Lg;H~$HC|2PCN~nzd2VXB`jd3C5*#zXC2&oP^J0;-!48wRgTTu!|D)62BV&UJ zoz!+C*%JMb()P{v`K5{V=;S=EX`_Ind%OR__CA(^KCCiF;Mdl@A$)soX(=ZH0S}gF zPhVYyypX--K8EYiL-TQ$X*#|cjq4J-NLq2zE$~#-K6cft(zokn?G2jQ=~r z^S^N1|I82nPweM^^0NQJ11=7$uiR04aBFAX$QDkw{c$p%-jX?rvBgX70Zbm%3^0e;aAcVm0=M8F_&A?*9$ug!owD^3`{IPAeLvN{JbR|>Zq54uQ-XWq!5 zN^>T?cX2YhXtH55G>Xmp5Wgwi7w;2{Ba_>cxO`fgGhcJptCgI8ake1itNwBTK>iTv zs!Lf@bL8pvnCJBd#3E-&>!(<)0sa?CyPy5{Hdw}cl!k?U+DL6cxfC;k%7>swNWYdw3C$d9q zH8r(b!#;RILc*4VZ12KrhS+t(KjaUVPfy3yWu>LLg@s}gN+QGs5RgW-y}eypR+iV$ zpo%C4K{Me;ZId)PJ|e!p0&P{-hXrxc!Vre)aGZQCe*GbO!2mRvlO9 zv?}jIo+#`L1dD)rv1Fdp=q}zjL%kEA;=x|JTyG~8r=1E`@RG`f2bIJe&4Bfo)oAT zh1aC~029Itx0D+ItAycTUH)^~O6j;lt5NOSLiI`xY^BCrP!VcPY}@zm1f#zNdZi^r zBt=99vsPQdJO}qb;#b6ADCrX}JOxP`sNK(=1$TH4d?Da&(zP&&QH*Hw)(fH`ugS6R z)P1Z z<kFNo6uWLvPew^yNA4=)FD;3m#=UC=yiiyhj5 z{C7@k7m3hko_0T9pLjgTi30$9o==;5^cs7D5wLJ@LM_uz);luB$7PocL||T3jnk>u zfbJzfAinf~(ZBQMnzcr7sNunjiyDkwFHR7!S!_u<=Y=Pd$q$*ZBMCIHt|=owtM%m6 z)NqO|ohEr8FeMp&PS-p|#sne`d)@&?QLS<0S2x5PB~Z8?yby}sC0oixoDt(a=AxUj zqe`5tBl-_vr~G%scHqCmv;Q3u{_jxke}`)SS9tipiTS_ke)^9}A~64s^!``f5C2i= z%YO>|&q~~R^mU*5M<5;<%yL*zT^nRC9rIQwZ_QQ5_+gGZoeE0W^tedHmY5$u$Pe>c zriTIERGIAB^-#tjR6VL|!>Bg**b5T2R{FCFV3F=NeEM{4%8Ok-Px!L3(0Omc;iK>w zo!cUd0T(GUpZF$wM@fQE@L8;SW8{hSOJOLZyj3b132&k$sMvAC_a07R9b!KBUGG`{ zWX!9n*II+CcJ8u@iXbruX#SgN=Gm5<__5*DU2o~uRjpzF)EdB1C&pf7Oo?h<_d<%= z8+J991Euo0Gukx+)y8V<)_AKrpRDYFr%eXJT9rQ;fhVktt-F{uoZ3-e;o=1D@PC#= zCfq;X8Lh8(E0-SpG!?R`#UsXX0{_5o5jC~>@6`hDfO4J1|LqI#axI&|Svk@r!_<+; zVZA^MdQ(+PN@Fu;b=>aX`RU288tMeGF4;6zxSS~(8fZwz^TxKca6<_AJt86kOK+b; zj)I?G2i4C}SuzF4U54EEnU3xkn&3k~nM#SWnp!9TfY6u-nZY$h082tcL&MbKUqd@R z$G6)qybuouNNV0{z^++ESC`}j1!8}4S|*K+jSoJ8*y5H>LG!Lz>FMd48xVgb=>J9A zTSj%cb?u`lD4=vIDbkG!qNH?4h;)~NbazWhD~KQ+(hbtx0@B?r-Q8#MJm){gd&YUc zoDb*29%Jtf+`o0NHP@Wiyyi9MZ|>l1*O8}@W!KNs6h&Qn(D7_J%IXyf&&6g56)kOv z&5BHd;{qz*`6{J({gwUx!GTwmxk*%)@8DX?&WXIbI`QT8moF&5UlkXJ*SehO6{%!q zXE*5;>6EHv<>#C4Uxiek#BSU>yFBQ9{QQG>Ndc$UXxj!XtowLtvPdmYK}iV*2S+eN zCZ0|D#i<**$7mswOa^Yw@Wj#y_~r^(CW5zx&y%wmz@0Rjjh>cL!XJUkingM6Bu~8^ zJd6r>geXn>$LU53)|H>T(&!#wV`De=zC@!`VZjqY-Jbnd7Nq+~SWFBNsq3-lw0Zly zrA~~2rDkeMN@i{@nz=*9V1Q8!UEt@gXcIjsJZY51VY`DU|iL3G>Vq!WW>QycT zGO85n+~IXOrsC%29%IfjA}Xlaf6(=VnUbGBaZrXkBqzTr@R@$w?y$1r(LP%2bfo8S+a=#e4h@v778Ro5>78Mo2F8M*g-P`YCz16YpH)HaDjfw)F%KL~- z2Z3|i7B_-MT5qnw3$9$IT&l|NPuMQUo4VJRXQmUs13;Vvev~A?@?Q*1WMmsWwiP;P zwQ8atvQ#8>n1DBimE2x&u#S$-&Zm@=-qqVxLEPIFl#gr?@1yCg^u+VrTplPWD(;on zUxn=MS`sj+G(e;sE7U~{2ndL?pD?=B;(&5z#{I(V2aBd;ZvyYFr+@bB862F=PVLD+ zrH$ba7~!!|P%mR{&H{h+>(?(fw{zPn`>lzT8UMDM*(A{WzzbmVUpB|*+iMyIybQDDUX}0&8fC&-|d#!{&x$GDsXk`sR ztOq9MPwsx|_2-YcAKK$4@|#n!rsig+#Sl)Fa&uBj(O{jPxYvj4!$I&1*T?1c*hEB< z?(TfD{8#MYUox|A-vCn`6?efgJe)=*J0^w*9wTUF^^BUD`f|4!6OELM-7#-OujtlZ ziazx}C39NB2KkFD9LnuE!!3q~fNKFokSi=rDw@r!vr`h>*V`zTk4-+Po72_h9i_AI zD%Y1Q{09)T^@~(aFJ^B-^EX@%x;b4z*f-@c>t;Gu=vC)-u@7iyVb2kI*}i_oBEdkm zsK0vI%X1(Vu`ySbZv);Nfz9ThR1fzK&vw-Y3kakz{1HK_=#9xI{_!I)Xy~m3`J_JaRt5WnCj#W=j?{?d1X#C(1z7ERr$Kx|9vFW#=DdlTO z2naM%AO~u~%e1t#usLjNNJ>h6W)>2W8>_IQTw7b?IUdu$UF`Socq93mZ{_5$ZB}~H zz^zP7sDZEWpWVSc#zMFS2fhypt&k&uH^(TO)q*gMOxzz>uC%Z) z5}=KC@N9B&jlP6he>i7dn{9e|ksAW>84K0&YK|vN@CXR3!65gqFLrQIkjCoVTr4kC z^OQg&_VbzkeQ#t;12`RUwKHxfny}H}Ar_BDwGH7CxE}V4sW1^hAcxHrkyEL6=LG>+ z^RjgjTpswpB?jGh=fE76Yfok<+1V8^oGF-X`=4=WjE=B}EO$jA_NBcg6ciNPJ#z&x zG?4aILQ--euYBeK2F_baNj-222#&QgIuDtdnM2@wf4E4hlU0_Y18S#SZ7JO_VY9Bz(Bs9V(H*Uv)I0N8GHgPM;o0i582X13eA1fosO?Cg{c zF1|$8G2V@Xv&{T_8Z4ATrvroS$`vwO&Gt3hV#hr_XIS=TrcqQ^>*3m<(?S5PN{!<) zr5uj2do!tGn9pClkW-9YN%TknLx%%4FXwioPtl!xna>8-0~`S~t{D%}fk1U_IEN5~ zbEf0PzVNFE**Q6nxuGCcp9tDC-57&HV%Pnp4%oIRZTF6w>yvr|)*=!a1qFrO5+W9% z%hSa$G;+Q;R9u=QBO;fR?d1;IMBzbp@O5Ni{@}8)NJ&XGb^ux%$AG^iIfoYt$ML0ByWdBP znk|qWc28Q=cbk<@w^djzo*oX$s@Lq~DlxLwo$6U4#C9z&fU`1e{CqF?(X-DG0mBRv z-F`siw4C=P+}~>_M~;H`qv_hTd=)co4}#8`gC6cF>n`TTEi!WQUU+1T!WmP zW!&tJnBuTb8brHFKNhM!k@jEN46s*?eVapB@|IXiA|m(Fjl#cuYYZjjUY)9Z0pYW; zkaq%m6wVkuLBU~r>ai)a!`4J3gh!BUior=04x1FIjMaPG2+R*fgIF1^JRHvTepG#5 zt&2lvXD1yqvxwrbH^beS^u2k1a_hN1<90n6qL2M(@%fcW;v4;wAh zPsixkvrMI8uZ_48Uf3J|iHO|kW=StxWYftqbnvrfW|L||k}uJ`A@Qk$4W9Gl8f5PP zUkbJcfljDSd63=O+WPixfRdUS!gWeglIN{rTJfTHaS!Rl4bTL9?jUXeK}^SZn=OmLzBzx!s|ECdX55kSFGtVNyf z&GnVAu<)EMmv_19O9eEdw!Ej7s&n|5fAqot z&B(~e^?2OS$ImZ3BBB|LuMIrBn5bwQ1tSp{OLX*~NM)@K@HsQT9GVSE_QE_ay&>xH zUG56KmzVdZtc;hT4NTdcy}6EpE68#7cW6if9Q_N!o)7CoS+@=d6vU(sQ&wZB@&Md# zwcg#aoCmFh+PeVE?umUa_W>m@I9xQpEP$hWMV4!6QTN3nSN{FmU&}}gkB<*YH)`xc zQ`T~#h7gU`%X>oNeIH#9Vl9(K1zUv&F@qSe6J!t`mmw(Yz;y;4eK6QX2w0Eg+qXaY zJ@_D3c+%{L&b?W@UezN)sM!MWv+MHg02LE+1^OJK5VhmjC*a60Ep3qXL_}IqV}pe* zt?@*30V(Bb)p9wqZi6ORW)+DTo%tXxjs)cCkN8|)WoN%vQ|s(Y76O3!5TFb|wsUYC z8X6?z*S>z#sWF0@jeVw|@z5bqh%ycXi+h=;`SxfE9w>fUNEoWWS6J3BaXY zu&<`4qeJm?0-%lnI8h}}>2~`d`}v%@Rqe1N6UCzW=kMQNxw*k`Tj!Rz(W7u-T`1`2 zY0$)otm)j*+Y9;2*SI(-cmjL~v@X1W_}3Oj9+qwd0rWOjy@TWmpzY`Kq!2P*qS)>> zNGQ6%|IxwA0(iV!X7y-ELTtODTud|ApXId0-psb1aN3z9^NHqrT?N; ze}9tOEgt;yjS|xdRXom_1fyNRn+3n*XSVwjtS7XzVs~r3?VWBQ_}1)qGQJ|g09|;+ z&Gm(B=g@cbQBvZnP<#R`If)h>gTJ0 zGTteNa@$IeI*%}ge2gPEe@0sVS(%WVI>kI@=|zZj?aS7>F*G1#C(O#qvc|zh5Ed1^ z@6zzAOEbLOQ+ zmol(r*Aq#6+cjo8>B1)ve~J>F0G))XzQuGZ#Oaa(|HwUdRc@lMD4PFEjVtPL*;LL*=bbzeY(vfhCClhuZpI zR`S2nV2Kk<1VK_1^upY!Mlq&HR;M=Ark~4pAga?oeY#NL`Xhx7kB|_TfPjWr>32-; z%A)qoxpKt#{Z>?Cvn&RdC`QLAcW}U9yNSh%Adbn~rHk}0T)=oR!T%AA?$(2w0 zKv6L*l0{8=)b6%rLY_-ShNgO&>~aS@8{BZ&akFm_)*)0-_fhvva%K!ZHpM=>x?Z$? zKVnBZ$S%8v>+^|ML=FWNwb7si8y|mo6Y*)w-sH%~j~^QY%UktcFFT7u7s-mWc#?w@ zkPAGgbKdRLL&@7#!H{(p>x$$kDl5NmIX11dwYh5))7HgWA3VCj`?0(cA{IpEAAzYz z&g~_xXVx@Q(NBm4FBhZ+shF6g?p`5PZ{%0YtR39|mZ@9}B4x9fHhX3!=_xUej_&=G#|9L+DHIe`Om;QS`R#Gu;6EQ|Hw>&JDnP&V>3Pe}DfMkk($h*PBxP=SN!t#>NbAVWdSXG0FKzf<*lIZo5_9Sa3qt0w6yJ|(dNK?K<|?s@@Z;sZQI3MTg8So4@rqqwIVd33)rG7kEL zFgt=BnTIq)3UoyUN;>vZ5Dcyil+=z${d56+LIt9kjSX#aZpX9=fq870zq_Pwii`b( zG=-TYMY3c$Be~{E;a_N7&Cm4lUmB}b?(ZHyBfb_(ZmsMq+zc^X+C*8-(=6-L$EmhH zZ*}POn(@LnRl`Ul_8<^mu%xYH(X0ZB(z|}LNFSN_rD+mGTtF+3HEtM^E5ye2DU{9| zzQeVecf5#PPV-n(-iiLPo6G#riW_zfs5L8=}MygzWWd50ZFsILB)ZFr5A6E_(X$ z-s>ys?@`J+kG#(Jm6Y3vnkw`Ea|pE`1N=YWtYlhq;wak_zh z{iZ9|rN5=658bx8fgNVAHn2%4+#|uDjpuHU`15a~LL{NJ-tk_6{-Re;kfmHRGut&%G~j!lBig%hSK z?D*X&dL)Sf8W3@hX0)9wlY!43*ABF9LB^Igit^*$A2V+Pt?9o>udJN3Pq4%3Ym9xjM35BGs*J-JOpKeU(0L5m$=Z(LcP zt|S5P@d_(M-je4|7Zw&aZP70ZKXtcvg>X*)$yGLp-(7Z@Z~b|>_aipOEw59tyQ!dV zA^a^14YdB{8)^Q0u`+wOFQPK!+6h6g#2E6 z8uYKmk6-w(P8xaN*Eg|syIC2iPPbl(FF*KO(hJd+$uI0tV_OLH>*!Z&@LQxx4StxZ zaXReT4CqqqhMRI~zK7EmM(Xj04LO>9EhVDZ6;YPh@z3bfrsj&%g)E?}e}?g2e;un( z2@DDZg3YbE)}6(RMHso*dRY<*4H7aE^OF{Y2c3VFLr=+aT039J@;5V=U+wuYk2(=b zEp&6#i~hZoin#Aomczad%UzVezQFVR>mbBWzb1n&g?U8J%9<$yMSu4=dN)!F`NJD~vpU;3S8KvdWdc58T$M9aM}b9bZKQ z2{2sxoE;qz<>AA~_=)rr)oHVUz-%(>@Spbm*?IK_WVpD}s!qQDHD)6<%cdV~42+CF zZTmlDo|B1~xs-d+tG((P-MU&!uo-Mg$p)Um3+F58q!PVddGhcy`AknWk>_q9N+%=c zZ3K6B@{{8}`si`BFTeiBG6X>svCvde69CMOrdcQwCY3<`3_{Pmy4Ch|-{-yt8&EwCij_@|Vo z)>>ggE;u}))$)meQM+b0)?fsA!Ug?3{7ER@Dk%-q`qSF&WY!e)^1)}Aaz~OKB%cjR zOKbZ|CicGn<5c%G-3i0^IyvIA`i^4knOeDI;WF*kVVTz2`@f-b|F{I5BHj?D=*Jt# zp_Me}25AUeY+U$b90>E2Ab#guvnEVw=IEbvLWv>GXgv%n<0KBrc%_>>iES_2%oV*= zUn7z9uwQOpV+}!}tn9@jh~7!_{{A`*k%a$t z$G*Se4957jVzBFxW;YYVR*;+fp*@szwQ9yRNaH`{X<#&==tv%=RE5F zCPO1BC%Y{HeKvXHPSxRKKZByg@7{S;xnIL;wm^M{lQ>h}tl@B8>DenZf6SpmnoMPY z_LX3C1qRgHn9Scj_ z#!<2HFau<=Kw|T!9{`RbO|i=-`A3U-xY)pkrf}2}JSxu~vT31}kzVs|at1u$LM|q-vH&f5))W-t9m+ zC^Z>fI5-1d^jBIMHaYq1CUY?KhTpOu;N78~3uVO*4W4(}u~tbx5R)B}!fJvJGQOOX+;R!ZNC4EL=kdYQn5%GT9Oxo~R?Hz^wXj9=k7O9YJqTY!t{<^( z&Y2_EWN}#z55HTll^q>VCfVxHlb7<-Y> z<{w~OdXF4ufWVM$!!k0W{Av(*4<1s<2+V9o;|JA@1NT*?uF3 zCpDPls*SNTH6C;`h0|Sw#Fj|?f3yH=6beyWc@J+q6Im0h{hT=ccN6*B_OB5s*$%zc zX9BZ}9S$67_85tC{_zK7t7b8Eer&wbk9M#@v6xK|=$RmGv(}@m zqH>DtIq{feL|s!GLc7C5W)X_yH4W7cn7_{7JcB&SuG(>Do9}P+YoD`|!**qL#K6xv zxnEDVA2$U$kgd#mpv-r731;RooMqknMQ5sdiLrBS^aL_-y1>rto4N*dPM<=P<(odH zmx1=VOWip_W3}rqE@#vTE}gIr%rWL``H$M<<&R3(2#i zjuwF1FfL^LG;`yhq5bbUC$5rhrqqF~j)d|p7B;rkP@>h`n`vB&g~dhHQe%A3e5Aoy z-xA3xOnK@b96r(q8BPPFnqSB`4lg->XpDjPeikXID%X?a;3iDw=P28GjM&&|tI1eX zM4_+nop%*x)H$>90wXOK;+;g@f#qaN8-xY=`^^u}u4`#C?G)Me3e+?0NOg`b+s7}D z>eoEB?W8f8a22{GKXtxiI)3L`8tHnqU}xLIKpk{?tVe2o!6W$1esaa2mrx$GG&8VHRHz;Pv@DXlWidO z*nx?6+aL9x*<_jSqx-;|!c|iurG?DRc5T4-^3v7X#^#nDDYF*4m{knSD!Yh$we6Kp z_kd9;_X#iWRYmDBdb1AHjBXkD`DTCbk^Rok)y3vX;x|Ft?f+2HdR6P6IxJrdRqI?|rUy$GQ$n0{=!w>e!!VyN)+aWiWZ8IeHPi~Og_7YI^=OTimt zB8nVSifIaX%g~y&z3+ygfVYJzb8O+@_wr}kTM&!g<-oJJz)&9N8}QTkV-#U7S~`)% zG8r^qfL=FZw<>}bh9q*GMRH(AmV#goi7F(Cj;IGv*yN8S!D=g$NA=cwBhJAqXGh}?2TEaoKlJT=hC=AtxXSEYu-TpiQKK|cWYwW zhFz~b#@2TqqY>W5j>nPWc{wC_nR#@L>~_%jI3%tADJ4^F_o^;N@*TSrq>^@3iSFjR zrM2oxyNhD1DLM-UdBP>Wo+(g9Q763d-@gn&pgJOz6%@UhyAVuSSmQrqHPt+oRr>3e zw2koa^s)PqcZ&mmhg)dZ(@^`a!Uq zfSeO9*`DLX$Q}J#g;3blkZz2E;;?2qNT8V4S7ot9q7mK;#H{!$X=;WT#en{U z{D|Z_I~xbIRj{2}1?5LxTKq?hlE^!U<4QDvE*#~>nyrx0|nAcsli$(C+EU0`7ER!TB)f+(|Y4kg+k zif2j^9m9nU=R8Un1v^*5QDR*%Gu7uonrUH`4B`i=TL$KPZT&_ z?-_*D2G$u~#Z2?FGzsfoAl&J}6#N(8mxIX5sVA$XW z!36up{jxiL+XXk`-h~wkXw&U|jMtKSy@PTb=pw@?(3*KnxO))#EU3G&A?pOL8w|~P zh)TPWyFoW~h`zz+{uqS(-}&_aTpyDj=W6>H*y-5#U|~o3ZJ)5MF1Uyjvk@rfU64)h zq^76*%74C+Cm_cGa7kX?E9;`rU$iV6Cl0DAh?qQm234g{n+7GqEeS7n^%!!Dni?J` zbQazw{Gw2UhKed=?dTbUPH2rYg%*=%Z=R>g-4kI~$3XO|@`FkzPkL|h`1<|Xk)a_h z0s?#6j|H_mw7$3l@+0$iHAjz9jgvR3WZ){@)-It?^w7Pne@M7lALotS*luI0E$OQt z-4AD*hD9pUnz7{1{fJ1+D|rBtG^x&(iZ+} zUa=yy(7nvFVM9k8>_ZKa`K5F4JlL}!KQc^k#r%qh)RRGkTj`z$%hWmVTfo(TktT|KE&*)yUH^t4>2h1r#5jMoWXXX)7_iS z%$tyXKU;zl6539L<6BULmh}&+!oS+s}mc4!@0^fm?pV+SxDrZA8Kc5Ae40BT6ZqcV8GZFhqLKyal-W`sl1~u zJU5r=wxn$drBd<(W|Poenc%wZ8w78s!IZ2#7Ua|)F`v_-{RD(pZ0~E>B42RU^{7YL z(Xcbz8P;pp!)!$YDBtmwk<4KFlGthI2Ni=uZP%X-?I#S$#6R^5(oHwinJPH&Ar2_u zOP0AhS&oLh9}Um%(F~ZCm$n{35uIg={cK0hwsX>7bLIc)d2fAeBjL2v`yK4yD&3b( zCItWaiHkgsD&bUf(!-3@i`v7)SES9_%?m3%|AI0KsLp<8RlMc=Y=ndJxIJ@&EY)%F z?o2IxLZqy${w4V=71h)GgX~sO=B?TrT$fG?iUBgj;?nbmwxre+&JD8A&m39JM^QJ4 zkb8`^NdX_a4Q^|XdS^PkVL*)a9Pa~X5?D{ucum52E^^AStej;co z)tL2%UAnlW1i08=$^}}DvmBRiWo0u!Q(!t>b(G17Zddz~=Jx^1Nmal{G}NPJxJZp{ zy+xUMdFVY)M$ZYd2Po3tqO;UKWj@4x%ENP+slJ39FOKg0r2;Sg+RaEaXR7ZpyAjue z2hI)tz4Ah?wiFcD@s^PU;U(+xxjnn*o`d3lR(m5^e<1I0T2!o5ZzS2Q@wI5y z=W=+G2;?sWKQI|454FyB!+r$aSzLQtY+*Td9IqN3XlA3w-^9k4T6%R{+ zWCj{gNlB@MR%Vc0LPo{_3cjGh!6GDd7}E44)o;SA^mDK1Om3b>XxOqRA6z+gwOc6$ zN$jF!me@o&P?!>y;g1k%B}gM=$$2BbR(J`gA5zcdHOiNUwUBueb;s$vbn{@#w7V6(;}O%$Rfu zC}#pZgSu4tHB!!yzYceA(_9)#rH{KfI;JW;Gcz?HEIL}hEMi;ZB9+gYI~jVRjFRnH zuM+k#4U5L&gX^yl1MTxO%&R24uW|EJaus^ITu0F8ZoeZPU6Ra8{8B<~bLmx3bo^XL1k$Sui9zxQh)@mwmc22}Fny8z+K zv#acTz27dbc$|aJ(5b6OvA*?r&nr*8{V2gV`}dOfj_f@*)`|$NRMzIcD<-D{i|<<+ zp~)AIoTf``dtPm=?l-b;r2D-4pfi=+T)4gcWqlnq4aQ@jf&`%w2&TzxH7k;NmjC?& zQNttG+F!qXpz{T4X|~@-!^85Lr`e^;+^)DJ+}dzvIX0pmzwAGijC>j(gt`!v4KXpIC#xM;L39H<1*(Fzp{zkUjnUltz?ncB==sXM_&}g|Ve{Cg znGtX66nj`t4CdginCb4Evp%*xqs)x)o#y{bTlH33BhBS(VbA8()_z8zzrEgB?!zzA zY0VY_9`7Ke;X1`dJI!uN$bX;Zer$I|eUiYCtHuLuiY2?oe+NDGDu*vUIsXf$~>X-Emt z=H1Yx;8c;@2X5l3^L~R?p6|(Y51{Mj1L)M2mY3%bhNsa1MFxa~P%|v6?<>3F~YX__wVFyMa*jC zCD+MT>1cKq-wqFLL9TIYwSb+#e!Z_n2id`N#X;f(L>0^{1RWFN&~(_geKn|>jQ3s) zNK1wOd-f*HNqy{c*+e+wI3uMmsJdobS2aEPV3yyWc58EzzIQe-=M#64=Eb1dpGw#B z!-69JR&1h(&hRkvg-w2D_|~zyL>od)KP}(tny=HdS3y}X2*~7N2JcD;o;UK zA=F(Qd0@ETT`vUtYEmf3yBfR^dJTH(7vNMItw@13*>fEGZG;O)XxfM*hVIR#PPU$H zkgPLUuCgT~dUIZYR8#7Dw17^R-PyClPm_M*8(gu@$Mh08k@twPp+#BUdsee?F6c(s zb@ci$(ULjFK%`V9`nf)8wX$1ijw9hn;j5|0G@n+g`-o~5jUSXc7QCP?HI6}=;nI5c|M(I{VyWu-A6Cdx=LXQ*zqq#G1DToG>eb{X`xeauus_9J^j zZ^C{jG0g1kO;`SK;(R{ceYAzDqtq%(`f4Q)nd^Vcmn&iM^b@6C*|q9ldgIDUYA&c> zt>fT_OBDad36n|xV&QeJlf`{iTrwKIJWlC~_S-pYH` zn%MQL*Paq8rZ~gY+*wRB(jsyg!xskvaxj%a{S$3x&~cJ60YUA)m{N~N%s@>ZRh<2c zt2XTb%3s?`vePTe`%!Nz*AvsE&Mp|3UbfSh_NH}detGHmbh|$l8PFLhzOiv}2b+|f z-A)V{T`PGG4t?jfmzLqQ_^7}NQpO#=SGnDZSKF&( zBq>7$^=MZ7P9M$sk_2wM^$JEOmrjO>Bh?b8jCP&-u9%G~sYvo2%;`}?1 zxL8$;IGd=Iq0^QxT3v(~t)kWKVm4k|46?_@58n9Xmb3TDGH8yjf#cp7Eok33g6{z( z2wFyoatSrJ=Scl&s6%x~B-m@S^Km?fa4(OzX`rpoZS`LCk%x=rxQQCstDizq%rFS%A_d+-nYAC@v+>F~*YM&=4zOZMI!0{`@EhFhIJ)Kft*1Hu;2 z{PPPsak(!`D>BE~Ux&cz(sj~g$PR}(&FEs^e8Ct_FG$>4Z$Z***je6CJ(*+ZrnG3r z`O)LHROnHlnwxvEv`jPDT$W#->;$zv@UOtNevBd)^V99iQD(i5_UH{vF9nXH{dc0; z)s^#;SDyR7{GE_9i6tLG6={eM`Q2a2@@PCopw|vP$wlPkexK9kKE9uA0B}Q8EGOij zKIb7qG|k7!`UaFKPv9$_dQ8jad5b2St=<8iTI9tI*5%(3+tJZ(M?qcJU}Tk(5yGd`Sf)wx`m z0}qRkh1j+?>(Bb3;g@>A&daaVB|B~GXr>gpalBV)LNlW|s%EY?5L+0>1U}i`O?AJ* z`gm`0!!W?xmvy#n)r71~&!Nm9&pn$dlL6X~=5HHL0L{H}%gQdhK{o!qGKakEb1yj= z`SiTwTb#?y1Hq?ys;8R@rr)N&Y`pxE!aQsF?@(3v^?TVjkt(;wDnmqlT- zIh;vg64aX`>Gnc%6ur!1wg-BPRq7xEzP|9Yt6NKt-MyF`O%2UcGGSDQkt(Byw&zD% z4u6P#rDShv98pW~-p87t4+wOt9!sqEPH3h{F(%?xa`#I4)IybkJ6_4iu`IGVS^4cx zg)qZ0VfaugKc&Sro|q%rY~GfUKb1Hl+BK`|5dd-eRwhkZpUfvEZsi^>&m8u|-Wv;^iJ8{8`aUodsIX*Xt^&;)a;PM%QF%Bguced zPgDIRW|wN9l;QKAzLxLKIiuk@Gr9IR(S9k!QteOrc4aXq@2SlaRh{b|CQMUekBun3 zxAFL(n(!S*NC?cw;b0=j;r(u&5whsd*`u>5eL&Z#71D~`SeMsj<>#Q+)#PE_wxca5 zr!yW`pE52e$Ickb@Al&%`RUi<8fH`NeG3w~0AZS6tmG-9dn98s2h*dRmSwo-%Vd^I)C_4#lB$itv%CbgpCmk2G5$nffvK8lO`CCT(o z8YJaowfngCd5(!Pw^5FT&&l@b8l^|~>e^26aq|j>hsMZv+*o&_pN3k#*+#%czNm2* zBuO(rQ>wXOcM3|Rn*01P;XFZxzBY7B&w7mX5?amDe*gXsE!i(jMwmd+04*aRH}B@0 zm2z}+tfm`;K2Os1M|RcIn`1?bUpd5q10c6Tos9b1tSKiv6LT-P)`=yu)n&H|18Z>0 zR!~2@&&}L=#9gTEs||`H<74OH=3j@T-UVeu?*Np)cI)hRy)1w6`08RbK&Dd%b}%LL zK_s=)=`_CWHpc_?Pk7t}7LT2vfd5j#q+(%Rm zt)S;eav}b%)Szj}bQUCzpuhS(cZYzMwa>=dM%_*?a3iK;#JA+lNx$2w@cxL0kkicl z=c1SQl#T8Las(d^_O>f3J#ytcO9rf*`f1WyL0Z2ng|kEbnyUWXA5%;PDIpujnBnbX zn{MrQ1ul;eG*8Hn?aQlrJgchv5xo!~ON5EwuY*Zmho8)PB*H-dMd)^tlzjU9d9mjA zmC%=*S6+z7W1xOc?(#Jnpr#&U65d^R^15O{oD12Ob(H2E*7kqF*~A+u z*{(-TJ7e`{{GWOpS(^VQ=30h52$5ZRP#m)crdwAGuxSa)XNBhdww(k4xrA0W+w;)s zyUl&i4iN_V>{F31ZPy24XY>o6&H*dVcKy#IDG7-d>6tVxATyI0TW?e^&w{l@)v(_T z{-~nRS_4ve5Vz7qo!u+B{NnvmN}SkogFcl=d?5{RWdRPGph6xTQB4x z(@5f(_K6PZH=n=c57KMrJPXLc z)bFiyT~^^DD5y{W_<*I=meVKcA(HuGH21^KDM!VZ`pE1O3<|NebG`Q>@JP#Q7^n08 z?Vp!E@Om|?Jyqlv{(PF^uD~eSJEIuM?thx7CO@px^pZmJxiTkp$=>W}NdvY?pl?Pq=8e>G_p*_LK#v|K!>TZy@eqN+Hz>A@%G zyh4gJcfrMfjCA*;|De8#GTHmH$H2^#{*>H0_GcEX3fZU+hlS4c^%&2{=t=+i<)=oS zfB9;|**M_wR``$R6H6HO(K%4OfI|Gw|5>WK-OT^d0;JXRJkz|`;E1nR!qZfBrs>#^ ztj(j28nq}0!cU`-EUR6PS`s0g{P9455Cy4qveB66j5us2A5D@fp6^dlUe`BinofU? zCpFTnED2M+S=04cDn&$5J@E~L?TI5{G7Y+2ADb`b*tefY>rX1_?H#AKdiUb@R+(su zJENApVwY~${4x4=AjHg6Asm~+!K*>D;=P}Iy>zdV&DhvcE0U`>igd_~cs_P|d{l^607py7Bt)@rip^TC5e4}k($&1a4m$UW zS>vhC4&9q}uK72AUVJ)PB4HRY@{39&cd7ds$U%9pWR&^GM?1f5UvDk0wr}NLdc}oT z2g>4nwKttgbp~oDZXpewrQ?;3XauwSuX0tz1AnS9JHIRW$Z79(jYA{LPcnk`p@a~> zS$*)*>sz_Q%lB*KVh?UtNNFKaKfowaZuK?pkV>h>9@BrsL$q57Gijn&gNL5#HGd&1 z<7$iza|LotGX~cmny$#JA&Yj0>i0A973*mqu$+k7`xLT8j*=$FSW$LfVM!?c>FOwd z&B5w@KR$6GnVuildDJa#yo6xb{GKLd$|5cg`!b<%sr%QK)Ov!h%J0W(h!m@Lz0{rF zo|`!lg;Uv_O<9qYNfAwrVycEGHROMa;SFnvaOsecrP$IyyAyd(F3)k{XR~lZ-ftJO z7+c>|t)W!z-P#`W#tO-k5s_Q_8klSY#s*_915O8 z99~bRxq+GWcrJ$z$WE_Srw;yVOdPv(FGtf91cLGVv^EEQe}Vi?>VZMQrJ1elb=}>d za@MHc#I^Gip2(W4BCJZcKJK$e zm^h5}fzHO&D)TR8|HPkG7;D~lix0{-5oJD^tf!ezj!QtnO8qkSW&en{7pxy`aV`qZPm^zB*l;ax=WMC-^^UN`=5rfILY^wY;Q z@Ryd1R8$g-TcLjQm8g<+wbK%Etj-tmS*NWeC(+Z`s@r$Hh@IY^VdQNR+*740Uo)82 z7?`FGOo?)L!Tpbu?KPHq@xvKYlQjX&xRL+KXLI?Ug2PdF{M#SOuQ;oJT#$@&VF_Q5 zymTA5sSpbxzZZ!tHy>y@;0T$FZ>V+&@$P_M*#b)VK=9lGeL+f#?9X}?JgeWyn! z%3NewzDvakS~GCbQ<6jRzI>8ymxIi4b;bG?=Fi{IFR!rPZrb<08O2;dR?-xfi8o*q zPp~xP|GvG6nR{-NGu5_a`)&DlnZX51eA78p8ubGlrzu0d`xQc{>i@akXOi#hFeKA1 z7&LqYpZM&O7jim`p^3wD=FG{Q>BE%Xwv7opuBJ)i9KAQSsPM1-&tkGIn6H)@HSg1Y z4!5u{w~77lR=oG8T3apF$mXVXccVRxY-W)=OA6Y6yvlxKi{~EP5Es( zoH3Ml+f3_^zI7%BJ4qA5+r#E$%C|i$O9fF;uGg=%w6v&?f0LdFKkh9!_`PLMj4}Nm z6EuWL7|reE9>G)+L%FKBo^x|LxBZCC^GVPOKIL{YeREz+=)upAV@oRXOxI>CWYo>o z)p6;Yn51H?I+KBdq6opyZE9s6DVo1DFc|?xj(?iaKAwdR?Dr15FRRf-2riNV=!ArY zVG^=v+^U=koQx%&^76(5?;gWxq4jj6(An8}VQWi7+>(vaeM-T2@?z@jKp~GPu)I8j ztuCC2tXRs@k}Z4v$e{f`e+65F9GI(cj>%>=`F{dak$asl5HtJB?QT(+xo1o$;m-;$D^Ko{yZYed6nc`XZl}IRQjRrv*lKQ(MAWj~n#(s^bs+?GNddd&o=1gU1z$ z$(*DILF%fK=kz!FbGFC|0=e^eY_CEHp zfBW;tI;`q_pXa%s`@V+rI*{*DB?#hHd`0aCvV8pf)V`{w!NQ7< zYCY`QdqV?7`q~;>xaaIWj~@?TywWME6Kg`zJE z#A;_6JRR?TB*>}MuihiOC;fz+KUS29gX4hiMQdMf_gyBj5pI4dcdnb}ay0RPc27+Lmb4-XYl zS`p)!@b+9ajR*=m~(pigMicw6bLyOwg#%J>pOHgFmRLxqy@^6 zRgvW7KnE~H6THCmpwjeM$j@ravpRx$R4oK}4r^C5?fu!?I1`c9mH+FQbl~mo+R(r> zwg^hK`I{n{{BC;@n)_Cmw=}zQf9oB7OGDwaPLkmaic9ym(=7hDFV?pGLB_)g#nRM= zc6L7RD^iD?yIkZ8cB}ThX>>~hKQuzHny0$Jwj=n()qOarEy%r(>FDS@sbaxeIZhd} zKxXC|@JUE7TsSn^5+aq=n{RXMKl(B=OoCXHg{7s{i`N(_t`6+lt)^9fI*)j-8W;^e zmB|p5LTMR@Z5D8^7*w>3U!Ldqozb~c+Opg^cOjs$xw(2s=ZVh4)$vLf1jNOsZx`Gg zY(XFBL7ay6_V#5i&Rf~G3yX_vg`4Ix_wPG+=(>@^(GER5eYfrYW^uvhlJ;Xct(5wo zMm_zrVPBoQUN;whoSbazyD$KinCm^g>nLK$uiPMQr*dT}l1m_@ZhvRC@e{**0o2tV zL5iT}1I-G$2BGC)V%H)kEBoVla22!63-K7O6b)t%W5`zQzm^+r#F&<~DKe+>gp_w%x`IlrisI2bGqMQ5uo_#C1bmYsg< zaqr&7<=7INn%!a*KN}Q;c54@RT-Dupg~qYNzEJmRlkr$&h~C?tdr z^z+Pj4cNIc(zaXBv<^%p?{%x{%uA+ZKbqBky++XCISeyA{o_ZyW08ey?99)fg5u(g zzP`T92R9Fy`3*7vYqQSp?$SEAgG4_uJty?vSur?+#vo!`dM~GPDHvLCL?#D)Y!{(` z^hEE;@w?r#`NQQ!HJ2RwL>rL3MFArV0S@WAu3@W zpWhxYtG$Qd{J`NziP&b4_T1g2A-BT&wWnwdssINy>P1Z}n;^2__2tkDiC^hms4g9;3{ryml3`{Db`4rb}VspI84PJ4*#3z z#<$YVR&?q+gy=xwg(jtf>j*7gnFU&1An(A)!4aC6X!>wh7Mw#zu9>>9LDp*sI~2Q5 zY&mqBLxTEDI6rj46d;uXeZcD4+H25mgRJGjM;f=zp$R1BbJUF_QyXgA{O+KeH;16i zLY;)uAR5z*mBr~{+Onkvf+^=ZQt1UEDDHMULlI~Yq?bry!E?>b&YDBk5DFa+pg0;2 z1;*`HA;r~^q_*aCq1{1Zr#KUH&ML!7*eKQ?Q!?RF^Oq(IMvnwlCuS&OX_%4aFFRn`FzX@ZU zKM%=@ChWxSBBueF#y~}Nbtp_ikf@{B#RC2F`=D5Ja7|?H?UCuBS`H=8&~1B8L#3t| zt(s3y7m_CqNb>#JcL6s?v@gz{-9c2)@W)N@N>OxMg>${X+kNiL3Bw`s{j(@Y1&--% zri9XDAr3|NAhD|DaI%Y_t0K}E5cmh3{7D(YAT3DSy$yoq4BVThaf)Jf{1paNIlOB> zMaN$|WOHAG5)M73;-RU`Gex3M#pHwri?Eb~NchKWM@B;dsCyjZzH$#V%mE$4W0Y_h zTYg#DNO11mhH7Y@WhGNTvuWi*@U{=p3k3ot*g>!qdFFL=%gf8Gl9sgWa*q5^+?X3{ zB`;Xz&w>SnOPh-Zd>U~Upw(rLxH{`h5d(M?c+MgoVH|o_q@)dL zo1r1IFVUZj1iws7Pz(&V^%OY?!d@i$EK#yJw-wXQUtP7v(aWyhkgrBT=&c8*ukQ-` z^BzdW^uwe{7Gh*XeCFXJM=YQz=yma8pL>^1rw5U1f_5Od?#U8IXpibX>$Znt-My)* zl?1Ri#Bsk5q-|>;B-2XNPhcIfGw86thas9bh(@^-l=utKT?0kdjw)Z@%H`Q3K1&mV z372OncsLC_Oke3&=y|O`unq!_b@Z1E@@+ z8`Ryf!Rx2R0%ta_g_P=ZDo*k>MrCFAxzs~)I+BxHdyBXkv>q`m>Xw4zkk|@-50+eu@6*RU7fXl36cM1s1LMxQzNU<{ZFa+0N`~^dG&(0UYv6m02nR$6F40zAC46j|cZurwD zeSsc*+NG^XY~(L5I6vE&PYFL@Z;uDkm;P22Dy0T^!t65uef>pw(K{DsX%T4CBeYYGBv$<%@FAFtmXW6 zi?}S*uK00FjBIQ-)6#67(a)nqs>{5Vf#Z~QkDiwO*6EL^%LRXro|&2H`uams>9oi$ zc<)FUM8vs)$wHRa)*r{l4nf=zO4&PNe4nNpJH(e`ki8!h_y9>f<^#MYdwv9e+Q%Kt9B;@o6^cb2>2%irb80 zk%tq-%-#|=(#{2~zp_sjkODaINP`};QYp}UZnWRS$TLo(_$-7)tUprM7}VTIA;}Y~ zk?#@lSEz8qT~G;`Rw|R$PFR}Z;o8yW*e3>0x5FiTg!l^Nu*0D(cLy|d9E4~@ln^DN z61i9xGBxly*qUynrj9u)(0fOqa>$|I-Nou{NA&fPdz{F6rN?{&XZbFK^p3MWe!)7j z`0JMx#@J$Gz5G}gvIrrpbmOug^q(Z4y#fbIM3~4BUqm#oEG6$x*dE1=3puu`dGYRC zckI|P1}^2pcyp^lOWRultJDJ-ENyI^ZZ7SB;v-(Rbrqpwl z%Qw|>Oa;=Pvu*m#@&5NQvty^ODHKGVaW4=&mhjl_T}GX!79||wM5+hO;|9fMBw`k@ zGcS%m3_SNfiw!*yq+dcSK{*D_1>nQiygC;(o(u9E2sv+D=)V}amVP^HN)U7x9nWPO z)0W2aQMUN``PF$hUA;=x?ss4Op>WqO=5jeA845%GX}tXr5go;K&GNg?^*rB`czJd` zSfvp2ELtv|Kget)_Q<;S$MuKH5GO*nHIL!vB&%0t+Gp@iH(cA?t7~a!4T-R(MAbw% zwHUC;bf2DV z@#RfvhYxzRrQ)J7!ulETw?_7_HZm}5+d8ayCpt>ZGy%fKtFK~FPD*TA|Tvb;Lx+}DolO8$E1OtehT!e zNst1Kt6UI98Msxn4j-n4j)OIh1W|?~e+g;5>uA+a=Qr_CY!reOf?3;eu?PiVE z-`m~Bm5a`aQNl?$r2VeB^6n)xim$tSg4g-kO@v`=DS5TEwL}^f=PDIGO4`2b4$vEd z&~)3^TjztVY-7K%0Q2FA!NF1bv!y`N6xEt^i3+`Im-IdKoOo1#ArH0K9VG-VM|d+iPfS z>||<>9_^C89^50*<&KVyKC^Tg+CK=qAA5iQoGj7DxJQu7?dht+m0QJ6Ug7A@;Yn>1 z6xYAPxaSwuAlEf{N;s5+jh|VTB_aez*cd{8n)(LK;mC>iPkS6rhHO~B-VAbT5N893 z+o@}Tkk&BYnjQ(eoc#{O-N;=@$cRhrv@0}(~`oyky}Ka^H~o~zKbj_vl0RbyPmh#me>%z!Z#jY)zsDzHG#;xt2-uJK$Y`h@7HZmgO zMAi}0IJqjL64#ZWby*q0L|z-&B_womeSUl6iZ79kt!H3Jg>ffLdE_R?OI)oi4Ywtf zymagXh1ChVtlliSmFgs0%y0}RKEKY>f-kb| z&f6KLJWJc(-~X|jvA4kI%ZI`c#Epcx4l_M7KmQVmR^e$xn~*n9^!#!da-8ew=!Emz z6O;3Lr-A~%Im?I2_|;X2<|5@@(UjSt-Em-SB!Fl{W2}4|D~E9Kek7YjLwZBSPvW8h zDL}pw#}GgQgl@Qm3hur{I74)-frSH!z6M1zrY*-yJJT~WG?6KKVSocGI?B)*4!$rL z%fK1PK8H5|oP4#;Tq1$ZZ_pZ1g7o?Kp|BkmAmIa9f)W5^W3jUi!KBgB(!S{EV4{S- z)N6_V0TntkJbqp2_mA(!-otz=RlaYVxHb0a)7^xG+kaykh%nov=_B4;=cjh-CcklG7kBO^IzV!fkr=#Z3smpG9XfSORChTxU| zZ~@S(K$LxrDlf;t6M$EVMl9lENpcLG#>-c(fZ}EbwSP?1`0Uj9B+_zI#g3L+;&CgA zb!R#~hE4sFt2l*@cDHM9z+7U`=8~x zW1e5S)O2(haTsd{2CABJ?uzWWxBKL6a9@`9QO$ISBF)9+b zLp9Vss3ZavpE%@I_p@&gHS{hZhq-IjoszvD5Cln-nX7jrY}|b^TbkN9(h5E{6!8Yu z3sGdy`2D0iWSE4@=eN6%3nR|+yvzG-zAeNYn|)znK?k}$?#5yrzwKj8o`b84gf711cbv7MuEPShFg>~rmZ!9Mua)BweDKQ;Cm#jn^=i}d8$^7xyTi!dzTU9AAt1P z9n}jaX-7Gu&S^n28ls};W!Y|)gAZ&qtbsI813Yx@TV*DMNSD9AI|=^IUgg=>eB?lV z+S@|!h(u>{HVw;1O+!<%F;YVb9a5onGZ-`&wVJ^g$-u; z*JH}TA0@!I0UPl;2w=+qe3S&9X!ka~8bM4*pQBj5tidRCUr7P5Hmi+nlGkyh??y+D z=dmn(4a(-HysWQ>p+OQ3Svhpi0x)rppf8lfj%@R3rxqa~i}q zFh^oT(pyj7JdsBk!uWqHh+eyYetVN_e>i6xZaRlu_Oh`gYcwkV3J??Vg^{8q(nicC zxG$`q41cSIj0`szOM+Na-``u&h&01-?^&fBx@ z5F0&ygHT}Ksh|)8ulvPQY328nFENLWjUh1AE0JR_uKD{DJ!&Y-|E)!jLk8yv_BJAW zl7_&Yu$hES>uCxI9*ui3Fu?tKV6B{rO8=*yrP=wm9Rm1!tDsXLY9e*ldT7!8)f2+m zN3!lrVITlR{DDHfAX^@Hizf$ziJLuO8;CW*$Nd5+DszpHWIKpFfaajwYzNr?z6Aexz!q4%UFVeh5TL>X-h zq(MY07^wIIK=iI3U#_n;&=O#Zm344^ri~>Bj7UD{RJkYs$k`fUY@X1G3_$;Wte8ly`=oB6z;GmkXz&XLu<0}pMt19-B6Trc`f^5B*P zuy=8E?JuYCQ-FsMjc_~`LHV$~w;sE)o)|ZDp-Ca1rXnB@wsf?(+5U&`w$dm?yyChP zila`%`-X;xEy^q5nn{WQZGFS!m&#~%B12&S5gA=5%7lW`{v7>mqZpXG(t_G|t(Zzu zF)H!<_isd|Hoe6zxTRUVd@|o5cs0*A0dWB)6avj44Gx?lU&n`{1{1A-7zA<{2P3V> ztphZuhWj8H7+`O+@wSIe343FS50Z@~@Ck^-<)brLyNhs$B@p8Dg1B<_uirK5Vmr-! zpg|1ysUCrZv9ceN;8AG7nIp^zZ7{&Am%u=b6dVyag9fXk(^ES7TTytx(5M!qMaRB= zD9kCj+-fiDHa)0D95XuK9u_wF`?jb6iC1v>NDZ9`GT8uH1VGP_9#WC*9%bTv6Gk%^ zGYX)qqHtwN8Yq(uuo;cOEt@y10cRnT7?5y|V55*=faGovQ;Z6l)MvgC8oH6d69gE5 z^zI+olaJHWYY|_>h?}h@uN53$B%md2E@(zx@f82^>C-`kJIF^zVV;02obj4;oVULM zIWS_=O<}Ezqb-4>nlt14`FbXF-GidhW=#f8b2~C0%khMB#E`;uE%)3P3tIB z^gP+lc|h_6^4!ncc1(hqD{?9qQ8p_-1$E19gvbj!5oKf5o_r7>>1|AnK*@&!X4Xr#G&QC}W1Tw<*(P2(`{b8yzBm+|0 zz%DjC9T2^>Y;pgirq+U5q#>NyU2{Zj=-@rj=>f3bCa9!?OhDO(jQfdEi6jf8GR>ZG zs`@CyjSZ(nnef8S0{J?QsB^OA)$ZULY>|2l+o&sT^o{;U*MFSd+X*5703jE9e$sO( zM`KGz6`u!3!UldvZs+Jxj8=N6_B11-lk;kC@SaPTF3kZ6%yk~x|L9{}()`6yQqzFR zD$=78k&$^9EzsQ5^s=X?XSx8>3--Yg7|GWAFWcskAx3bux(H)h6844wV0Wtc9(iP7 zH)RVk^yt%YnV9RNDPoxiK4;|icr;770BFYks)54uEI=^t+_@9`;k_8JJYbdV6jr&< zF52;m_n~P@tH#nBv#!t59AjpRjDi&qJ;Dsvs_5$@MkvowHb^F%HG^NaZpV zFv&y>R0xGUMMYAc|A6Bin9m#VPu{SozzWwWU9Mvo*E;H_zufRJFM!Wq>KiFKznPi&C4AYFlQ{|P&r%;hX5OBanwADg((1ahlT7{q zNbLn8`1fGY(bV_TEtn1oQ^+EFWb!< z4;W~TrKM%>Y}`ZC&|ZacU+Avd!NXHsr~Y$#dJucM{t`b$nE7+L;mi4m>G|Kw%gDE& zjSr+M9q|3#PuDO*LH}@@o15D$yD%%72yu45K{3cs%fr{+E!l*}J=L&w@r@GX(~)tp z-c-7ixXK3rG0v>m^f*~3hSAEz6yo`0Y92F0DG^Enj(cns`51e`9| zUS|>-S-@z!=Zaj0RGjexg=Bm|x_;)iJQ25vzjgvCH7~zFd~#pueVDqx$}Tt!e}|2g z0FJM5n}Y&)JG9dRBQZdfk5={dd2*g5u+~h362X5H6`V5n=LqDH{Z%h0C@J-Pn#09W zpsRSz2<(BB$x&3LUBk>OFV`Y0FGNpIzf)1Mv`v#fzZ>rB5@}dQR%?ax2oG{^mxS1y zKP<-d_wQ(A564YlqLp9vB!b_LY-6R`bn0&eCq`+RM8W(11n>cZrJn6Hr~;9{9P`s| zDBeM2=lQLdg2H$=$TKJoxXy6Ju}7fGzvRm`lhfywqMNNT%>b$8eiQ{GB8;=^EG5}I zisSuF8BzE|RPuSt8=)@UvP;#Qs-Lc3dgpJHZKPl?+anWYVr^+T4Rs@(C&yDHyDvo9 zstus2mrN*tk0iDjXg=yLNJ5hlwOd+QNx&uQmNeWlEOp;?Z14AbJmV)fEyVRmnDqIf zq;(aEF8rZ70w3VV;f*E}`Wbo;aYCD7<-+h)_m*1V`!W0?wBhE-sB1DYTKGyfUf9+|4qaO>#s5O-fK4Q`*~USdx{(kWDpTtH|@yDfLNLHks)JPNMNi0 zxFnG_?C;qhS?|~Solb-je!baRD)OSh&YgY7?~D7rxcSCXSaL)(a*JtN^8qHEk@AG` z(B7zTePt2%@83ukA~OqM&DsH)u>V;`HR>RoOEkt^Va7&L&lBB8Ye|xYtWk8zp}$-K zYJX&eQW`#z@?6T*(R^6so9^2wDM?9k?mIdnV2yQ|HFUmkEj8Om?xgP1Mic(l3#ZSX zeRe8TyiBCAUa#>MimVv;u>ncC2=;G4^c6_EL!kA|;Z%`vt8!GMh@=^gTIA=fGd60Q zV0}?%swe){v$3hk5;GyNM^V|Kvntupz|is}y65YKit=)!)LM6Ax#y}CeHLYtvK5Yd z#*t&;c-;$rEUVoSEE2t=IKS6EHW3vUtaHb6hci+1mw?O>NIj?G$LWWyKoR}mUnOCi zEEsjRD|k)sAk{O+qPZ@MFyvpau}XlRQCsc|+J^}j7L~?2Kk(qYWd$?RJ;v)i>@RHW zD=SQzEd7>enJyidGnh!ikj|~YPQp zI0CzNO_-J(Mcv2W-`{b!?j9+r4l61}B(HXz+1jY1+Wz(UW@G)H;N;%-7j^~n8blTQ zMVWlKZTz{XukWWi%ROU9OV#=Cm+`%uD$;lEE2?={mZ9et}IrsD`i7$V`m5^()&KeT*ALTC`{(r!+{8>L^4Y%$xcH4QPRUmiO6A|b z!S4S1mH+jc|G&@u=ZpW_z5Y+v`_Je8_YM6I&-j1c(7*SYbnomI?Hvn(pn@z^Wl#G4 z@^t>>#o<=E%vzl(Z`<+BS563WQc&JH@uFJQ{!9jh3` zx9yk}1nv&TG?4M8*vP=&z~FglFUxXd>>_Lz0bqa?jdwlc%gER^DRa@wD;HTRk^~?b zph6Lz@i`VO}HfsO)p#dU~ypejld7u1bNj1Prwkwy{2 zJZhjdpjft7Re0hzQeDJGq+o)D>YoKZB)H1+ZR+wIx0TG93=IuQ=QnC-pe=rNy^UKY zx%%roqr*+emX9E8`4%(?FBOSqTx?I{tXGv_yC97b#OMY{8npA!eq-ew5iK6Z><<8o zU5NZpkGRHj3MvQ4P_BW2m*+H4$-XU*ooEmM-ExJaJ@0*~h-g{$$YSE<2lLeTwnQ`h05B%pnFZVpaRoUmm^|^Nuk5E&Seos2 zl!1nUdIp@!$T*#a4lzIpND2lKKHq3*w-tj@i6x+P``+Ta1Z6||I=nsPOcN6m6B|-s z#9wueVpst<2f{9HXQKth+j$doB9RDv>5@QV2`-0B`CR7SV+VCZTlyv{b_M%`R>DG8 zyxhV@FJw6)5V3hyWZ_rUFR;II7E3Tha1~6OiPsPf>OZeQxgm@qVi*YyjGPgrIFZI^ zEdemmTzdWQZZPgdUt*12p}AxXfVY5X;b8NikhzLZUOBlaLT<}3t>Ud)_&oKz=PN$? z&Tgla6w^Un{8M045|*zSFxp++sDlcwbP)~5xN0tlVAV_Bnye0E(pS=k@Wp@86$AWHYXe! z0D>5j5o%K5{mh|9cGxRVBmz@Bh*Bc_wAa_dPK@%Ap*{;bQ2kGm*dyt}Od`B6=+E5( z@PMHr^&@X0jH#PbU%Kw1T_32bCNfz_S3g2}KzKHcQOP>`_W_Bx;H*Y3FXKUk{^thwgBn6Z=U^W0p z3guQ!02Kw~Dk=~(ckaA_^rb5EmHx>haQz-kdT&<>61hj z=)xT4Rs$Kr8;N(xx;Qs_H!{+?%K;%S^xFCGCP^rShb!6ml86Wp5)%lY0E5f;ba{!b zA2j6ylM^Lim-%sBDzGQCF_FxO+6ze~iJ!sTb{=ozIhv@_jNs{3Mh3y6E4)1b)*%gh zgiv=GM;1C;Zuq$H$?PUj-ZswMw<48vNmPso=0a#ABN4~&5|Bpa?tv5h-FgfR;CPzy9)w2ikHcCgu$g12#bH2=@z$)nR^S~P(Iui@7@V8Imqa?cCah~Dj{RQ#o5fRq#Y8bZ1G*5S%=h*kUp^O zbsp}gK}iFTTA31<$h@$w>1OyZnYU!F5yb5mQ8kp`JM?}wthp(mD`o>O=GP@%c zyuO|(_w-Z3qs2#YZI$7<((DcxE6i60p97oC-B=KmL5z|owv|jCvawdLUJa|xk4qyGVf~RZsR+Yb>sSQd9co6q z-NAM-`ZA5L3E-@M^{Q;6251;TwL?2ZM4BMbX+4bP0ks%*5|uyDr?sy4(X7y#GZ;^Y z4S|0FZ%hcmi%SbIb$g+cJ2QxGD>C=tuNrK^&y0s#Ydd(L$4M;E#Fc^?! zdOuA}QwHA!T|mbH)8XJ}vsa3FaUmq~LPHV!p;~yIIgg;=E34cS&VS02_Ekc#O&BhFcxuY2>j6FhFNGYwX5^MT#Km)8 zLjWi<+$sh{UrBJv2{;RO4d8_o^SWTs^?D~mz9QH{v^Ip%?t}skXfFzw0`tXw*a@u8 zEKFltmZ6lTp+=+?2g56w9&q?puUP}URfN!#@6)t?^0IWO#*6SRV3II2^9B|X98@5BZ?lbK5g-uE0o*z8IK_dk zZ-WzFjp9u#-t%xdNYZ!}RBtm+hJhPNriK4a>HSA(?Ci*D9I|aCvS2G9AR$n2_O3zP zo9j#@j38FA_SLIE1bkBH1;Cy=2v>eYG=0QGKfBu1|T zha2zA;fAfS1|yu*u;lu^)_|9hY70^*`w2|!bVcDFK@ogysx~{^54IWmIlxAUvo~Yg ziTwDev0ClnsuYt0BCpXiv@~xkk-^N&zAdEgRL_?tJx_U#`tqXu6Q17hTc$m#zqg(A zZLyc-L#LC%SgU7Q->KbS;yOIC1;xhAj3+O}@o|Hfa`CiY+N{Rf))7nS%An&EFgw6Z2sm}&ba Ts|FP+{7?=aJ&?WstpEQ4tc25& diff --git a/docs/tng-key-distribution.md b/docs/tng-key-distribution.md deleted file mode 100644 index dec574a..0000000 --- a/docs/tng-key-distribution.md +++ /dev/null @@ -1,56 +0,0 @@ -# World Health Organization Applications -## Key Distribution Service - -### Intention -The Key Distribution Service provides a template implementation for a member state backend service for a verifier application. - -### General Overview -A general overview of how the different member state backends work together, can be seen in the following picture. - -![DGCA overview](dgca_overview.png "DGCA Overview") - -As you can see in the picture, each member state backend provides the services for it's own applications (e.g. verifier, issuer and wallet). -The member state synchronises the validation certificates over the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway). - -### Purpose and functionality of the DGCA-Verifier-Service -The verifier service basically caches the public keys that are distributed through the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway) to the member states backends. -The service provides the Trust List of certificates for the verifier apps. The apps can get the list to update their key store via an api. -To have an actual trust list the verifier service periodically polls the [TNG](https://github.com/worldhealthorganization/smart-trust-network-gateway) -for the actual trust list. - -In the git repository you will find two implementations of that download functionality: - -- The first one ([SignerCertificateDownloadServiceImpl](../src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceImpl.java)) implements the common access two the Digital Green Certificate Gateway via the [DDCC-gateway-lib](https://github.com/worldhealthorganization/ddcc-gateway-lib). - The DGC-lib provides a download connector, which handles the download and check of the certificates from the Digital Green Certificate Gateway. - - -- The second one ([SignerCertificateDownloadBtpServiceImpl](../src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadBtpServiceImpl.java)) is a demo implementation to connect to the Digital Green Certificate Gateway on SAP's Business Technology Plattform. - This implementation serves as a reference where you already have an endpoint to the gateway provided by your runtime environment and using the connector from the dgc-lib on top would be superfluous. In this case the endpoint is fully configured via the destination API - available on BTP and the checks of the downloaded certificates must be done by the service. - - -In both cases the downloaded keys were stored in a postgres db and revoked keys were removed from it. The keys can than be requested by the verifier apps using the api described in the next section. - - - -### API documentation - -The api is described with [OpenApi v3](https://swagger.io). You can access the API documentation in your web browser, when you run the service : - - /swagger - -Which results in the following URL on your local machine: -http://localhost:8080/swagger - -From the latest release you can see the OpenApi doc online here: [OpenAPI Spec](https://worldhealthorganization/tng-key-distribution/) - -It is also possible to download the OpenApi file in json format from the latest release: -* [openapi.json](https://github.com/worldhealthorganization/tng-key-distribution/releases/latest/download/openapi.json) - -You can than put the file in the openapi viewer of your choice. ([editor.swagger.io](https://editor.swagger.io) for example) - - -### Further Information -Further information can be found at [ec.europa.eu/health](https://ec.europa.eu/health/ehealth/covid-19_en) -Especially at [Volume 4: Digital Green Certificate Applications](https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v4_en.pdf) -And the github repository of the [DGCG](https://github.com/eu-digital-green-certificates/dgc-gateway) diff --git a/k8s/helm/tngkds/.helmignore b/k8s/helm/tngkds/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/k8s/helm/tngkds/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/k8s/helm/tngkds/Chart.yaml b/k8s/helm/tngkds/Chart.yaml deleted file mode 100644 index 93b8365..0000000 --- a/k8s/helm/tngkds/Chart.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: v2 -name: tngkds -description: A Helm chart for Kubernetes - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" - -dependencies: - - name: tngkds-postgres - condition: global.tngkds_postgres.enabled - version: 0.1.0 - - name: tngkds-backend - condition: global.tngkds_backend.enabled - version: 0.1.0 diff --git a/k8s/helm/tngkds/README.md b/k8s/helm/tngkds/README.md deleted file mode 100644 index b814bca..0000000 --- a/k8s/helm/tngkds/README.md +++ /dev/null @@ -1,44 +0,0 @@ -# tngkds - -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) - -A Helm chart for Kubernetes - -## Requirements -The versions from umbrella chart are currently not used, please refer to to corresponding image tags in value files - -| Repository | Name | Version | -|------------|------|---------| -| | tngkds-backend | 0.1.0 | -| | tngkds-postgres | 0.1.0 | - -## Values - -| Key | Type | Default | Description | -|-----------------------------------------------------------|--------|-------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| tngkds-backend.gateway.connector.enabled | bool | `true` | flag whether the kds is connected to the TNG | -| tngkds-backend.gateway.connector.endpoint | string | `""` | The url where the TNG can be reached | -| tngkds-backend.gateway.connector.max-cache-age | int | `300` | | -| tngkds-backend.gateway.connector.proxy.enabled | bool | `false` | used for development, when KDS is run behind a proxy. If set to true, _tngkds-backend.gateway.connector.proxy.port_ and _tngkds-backend.gateway.connector.proxy.host_ also need to be applied | -| tngkds-backend.gateway.connector.tls_key_store.alias | string | `"clientcredentials"` | | -| tngkds-backend.gateway.connector.tls_key_store.password | string | `""` | | -| tngkds-backend.gateway.connector.tls_key_store.path | string | `"/certs/tls_key_store.p12"` | | -| tngkds-backend.gateway.connector.tls_trust_store.alias | string | `"tng-tls-server-certificate"` | | -| tngkds-backend.gateway.connector.tls_trust_store.password | string | `""` | | -| tngkds-backend.gateway.connector.tls_trust_store.path | string | `"/certs/tng_tls_server_truststore.p12"` | | -| tngkds-backend.gateway.connector.trust_anchor.alias | string | `"trustanchor"` | | -| tngkds-backend.gateway.connector.trust_anchor.password | string | `""` | | -| tngkds-backend.gateway.connector.trust_anchor.path | string | `"/certs/trustanchor_store.jks"` | | -| tngkds-backend.image.tag | string | `""` | | -| tngkds-backend.liquibaseImage.tag | string | `""` | | -| tngkds-backend.path | string | `"/()(*)"` | | -| tngkds-backend.port | int | `8080` | | -| tngkds-backend.db.driverclass | String | `org.h2.Driver` | The JDBC driver class | -| tngkds-backend.db.plattform | String | `org.hibernate.dialect.H2Dialect` | The Hibernate dialect | -| tngkds-backend.db.url | String | `jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;` | The JDBC URL for the database connection | -| tngkds-backend.db.username | String | `sa` | The username for the database connection | -| tngkds-backend.db.password | String | `''` | The password for the database connection | -| tngkds-postgres.asPod.enabled | bool | `false` | | -| tngkds-postgres.path | string | `"/()(*)"` | | -| tngkds-postgres.port | int | `5432` | | - diff --git a/k8s/helm/tngkds/charts/tngkds-backend/.helmignore b/k8s/helm/tngkds/charts/tngkds-backend/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml b/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml deleted file mode 100644 index ef2337c..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: tngkds-backend -description: A Helm chart for TNG Key Distribution Service - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/k8s/helm/tngkds/charts/tngkds-backend/README.md b/k8s/helm/tngkds/charts/tngkds-backend/README.md deleted file mode 100644 index 42a95f8..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/README.md +++ /dev/null @@ -1,86 +0,0 @@ - -# tngkds-backend - -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) - -A Helm chart for TNG Key Distribution Service - -## Values - -| Key | Type | Default | Description | -|--------------------------------------------|--------|---------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| did.cron | string | `"*/10 * * * * *"` | spring cronjob configuration, how often shall the did file be generated | -| did.didUploadProvider | string | `"local-file"` | Upload provider for Did document, currently local-file | -| did.localFile.directory | string | `"trustlist"` | If upload provider is local-file: directory of the generated file | -| did.localFile.file-name | string | `"did.json"` | If upload provider is local-file: file-name of the generated file | -| did.did_controller | string | `"did:web:def"` | The controller that is generating the did.json / controlling its contents | -| did.did_id | string | `"did:web:abc"` | The ID of the did entry | -| did.enableDidGeneration | bool | `true` | Shall the did documents be generated | -| did.ld_proof_nonce | string | `"n0nc3"` | Nonce of the Did Document | -| did.ld_proof_verification_method | string | `"did:web:dummy.net"` | Verification Method of the DID Signer. Usually a did-link to a did.json containing the public key material that was used to sign this DID | -| did.trust_list_controller_prefix | string | `"did:web:abc"` | | -| did.trust_list_id_prefix | string | `"did:web:abc"` | | -| did.workdir | string | `"/tmp/kdsgituploader"` | local folder used for checkout and update git repository | -| did.prefix | string | `"v2.0.0"` | prefix used as root folder name for generated files | -| did.url | string | `"https://github.com/WorldHealthOrganization/tng-cdn-dev"` | the git repository to work in | -| did.pat | string | `"git did pat by secret tng-bot-dev"` | the personal access token of the technical user that has permission to write to the repository | -| did.didSigningProvider | string | `"dummy"`, `"local-keystore"` for configured private key | signing provider to be used to sign the did documents (proof section). dummy can be used for dev. "local-keystore"` should be used with configured private key in keystore. (see: How to setup signing material for DID Signing in [certs documentation](../../../../../certs/PlaceYourGatewayAccessKeysHere.md) | -| did.trust-list-path | string | `"trustlist"` | path that contains DID documents of trustlist | -| did.trust-list-ref-path | string | `"trustlist-ref"` | path that contains DID documents with references only | -| fullnameOverride | string | `""` | | -| gateway.connector.enabled | bool | `true` | | -| gateway.connector.endpoint | string | `""` | | -| gateway.connector.max-cache-age | int | `300` | | -| gateway.connector.proxy.enabled | bool | `false` | used for development, when your machine needs a proxy to access _tng.who.int_ | -| gateway.connector.tls_key_store.alias | string | `""` | KDS application accesses the cert via its alias | -| gateway.connector.tls_key_store.password | string | `""` | | -| gateway.connector.tls_key_store.path | string | `""` | | -| gateway.connector.tls_trust_store.alias | string | `""` | KDS application accesses the cert via its alias | -| gateway.connector.tls_trust_store.password | string | `""` | | -| gateway.connector.tls_trust_store.path | string | `""` | | -| gateway.connector.trust_anchor.alias | string | `""` | tng application access the cert via its alias | -| gateway.connector.trust_anchor.password | string | `""` | | -| gateway.connector.trust_anchor.path | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution"` | | -| image.tag | string | `"0.0.1-d890889"` | version of the container image to be used for deployment | -| imagePullSecrets | string | `"tng-distribution-pull-secret"` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| liquibaseImage.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution-initcontainer"` | | -| liquibaseImage.tag | string | `""` | version of the initcontainer image to be used, the tag is the same as for _image.tag_ | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{}` | | -| db.driverclass | String | `org.h2.Driver` | The JDBC driver class | -| db.plattform | String | `org.hibernate.dialect.H2Dialect` | The Hibernate dialect | -| db.url | String | `jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;` | The JDBC URL for the database connection | -| db.username | String | `sa` | The username for the database connection | -| db.password | String | `''` | The password for the database connection | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| server.port | int | `8080` | port of the kds applications api server | -| service.ports[0].name | string | `"http"` | | -| service.ports[0].nodePort | int | `30166` | | -| service.ports[0].port | int | `8080` | | -| service.ports[0].protocol | string | `"TCP"` | | -| service.ports[0].targetPort | int | `8080` | | -| service.type | string | `"NodePort"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| spring.profile | string | `"cloud"` | {_0..n_} Spring profiles to be activated, usually used for feature toggle, currently not in use (existing values will be ignored) | -| tolerations | list | `[]` | | - diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl b/k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl deleted file mode 100644 index b30552c..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/templates/_helpers.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Template labels -*/}} -{{- define "tngkds-backend.templateLabels" -}} - app: {{ template "tngkds-backend.fullname" . }} -{{- end -}} - -{{- define "tngkds-backend.selectorLabels" -}} - app: {{ template "tngkds-backend.fullname" . }} -{{- end -}} - -{{- define "tngkds-backend.labels" -}} - app: {{ template "tngkds-backend.fullname" . }} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tngkds-backend.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Expand the name of the chart. -*/}} -{{- define "tngkds-backend.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tngkds-backend.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml b/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml deleted file mode 100644 index 828c5e6..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml +++ /dev/null @@ -1,149 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "tngkds-backend.fullname" . }} - labels: - {{- include "tngkds-backend.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - {{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "tngkds-backend.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "tngkds-backend.labels" . | nindent 8 }} - spec: - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - {{ range .Values.service.ports }} - - name: {{ .name }} - containerPort: {{ .port }} - protocol: {{ .protocol }} - {{ end }} - env: - - name: SERVER_PORT - value: "{{ .Values.server.port }}" - - name: SPRING_PROFILES_ACTIVE - value: {{ .Values.spring.profile }} - - name: SPRING_DATASOURCE_URL - value: {{ .Values.db.url | quote }} - - name: SPRING_DATASOURCE_DRIVERCLASSNAME - value: {{ .Values.db.driverclass | quote }} - - name: SPRING_DATASOURCE_JNDI_NAME - value: "false" - - name: SPRING_JPA_DATABASEPLATFORM - value: {{ .Values.db.plattform | quote }} - - name: SPRING_DATASOURCE_USERNAME - value: {{ .Values.db.username | quote }} - - name: SPRING_DATASOURCE_PASSWORD - value: {{ .Values.db.password | quote }} - - name: DGC_GATEWAY_CONNECTOR_TLS_TRUST_STORE_PATH - value: {{ .Values.gateway.connector.tls_trust_store.path }} - - name: DGC_GATEWAY_CONNECTOR_TLS_TRUST_STORE_PASSWORD - value: {{ .Values.gateway.connector.tls_trust_store.password | quote }} - - name: DGC_GATEWAY_CONNECTOR_TLS_TRUST_STORE_ALIAS - value: {{ .Values.gateway.connector.tls_trust_store.alias }} - - name: DGC_GATEWAY_CONNECTOR_TLS_KEY_STORE_PATH - value: {{ .Values.gateway.connector.tls_key_store.path }} - - name: DGC_GATEWAY_CONNECTOR_TLS_KEY_STORE_PASSWORD - value: {{ .Values.gateway.connector.tls_key_store.password | quote }} - - name: DGC_GATEWAY_CONNECTOR_TLS_KEY_STORE_ALIAS - value: {{.Values.gateway.connector.tls_key_store.alias }} - - name: DGC_GATEWAY_CONNECTOR_TRUST_ANCHOR_PATH - value: {{ .Values.gateway.connector.trust_anchor.path }} - - name: DGC_GATEWAY_CONNECTOR_TRUST_ANCHOR_PASSWORD - value: {{ .Values.gateway.connector.trust_anchor.password | quote }} - - name: DGC_GATEWAY_CONNECTOR_TRUST_ANCHOR_ALIAS - value: {{ .Values.gateway.connector.trust_anchor.alias }} - - name: DGC_GATEWAY_CONNECTOR_ENABLED - value: {{ .Values.gateway.connector.enabled | quote }} - - name: DGC_GATEWAY_CONNECTOR_ENDPOINT - value: {{ .Values.gateway.connector.endpoint }} - {{- if .Values.did.enableDidGeneration }} - - name: DGC_DID_CRON - value: "{{ .Values.did.cron }}" - - name: DGC_DID_DIDUPLOADPROVIDER - value: "{{ .Values.did.didUploadProvider }}" - - name: DGC_DID_LOCALFILE_DIRECTORY - value: "{{ .Values.did.localFile.directory }}" - - name: DGC_DID_LOCALFILE_FILENAME - value: "{{ .Values.did.localFile.filename }}" - - name: DGC_DID_GIT_WORKDIR - value: "{{ .Values.did.git.workdir }}" - - name: DGC_DID_GIT_PREFIX - value: "{{ .Values.did.git.prefix }}" - - name: DGC_DID_GIT_URL - value: "{{ .Values.did.git.url }}" - - name: DGC_DID_GIT_PAT - value: "{{ .Values.did.git.pat }}" - - name: DGC_DID_DIDSIGNINGPROVIDER - value: "{{ .Values.did.didSigningProvider }}" - - name: DGC_DID_LDPROOFVERIFICATIONMETHOD - value: "{{ index .Values.did "ld-proof-verification-method" }}" - - name: DGC_DID_DIDID - value: "{{ index .Values.did "did-id" }}" - - name: DGC_DID_TRUSTLISTPATH - value: "{{ index .Values.did "trust-list-path" }}" - - name: DGC_DID_TRUSTLISTREFPATH - value: "{{ index .Values.did "trust-list-ref-path" }}" - - name: DGC_DID_DIDCONTROLLER - value: "{{ index .Values.did "did-controller" }}" - - name: DGC_DID_TRUSTLISTIDPREFIX - value: "{{ index .Values.did "trust-list-id-prefix" }}" - - name: DGC_DID_TRUSTLISTCONTROLLEPREFIX - value: "{{ index .Values.did "trust-list-controller-prefix" }}" - {{- range $key, $value := .Values.did.virtualCountries }} - - name: DGC_DID_VIRTUALCOUNTRIES_{{ $key | toString | upper }} - value: "{{ $value }}" - {{- end }} - - name: DGC_DID_GROUPDENYLIST - value: "{{ join "," (index .Values.did "group-deny-list") }}" - {{- range $key, $value := index .Values.did "group-name-mapping" }} - - name: DGC_DID_GROUPNAMEMAPPING_{{ $key | toString | upper }} - value: "{{ $value }}" - {{- end }} - {{- end }} - volumeMounts: - - name: secrets-jks - mountPath: /certs - readOnly: true - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - volumes: - - name: secrets-jks - secret: - secretName: mtls-secret - items: - - key: tls_key_store.p12 - path: tls_key_store.p12 - - key: trustanchor_store.jks - path: trustanchor_store.jks - - key: tng_tls_server_truststore.p12 - path: tng_tls_server_truststore.p12 diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml b/k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml deleted file mode 100644 index b41452a..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "tngkds-backend.fullname" . }}-service - labels: - {{- include "tngkds-backend.labels" . | nindent 4 }} - namespace: {{ .Release.Namespace }} -spec: - type: {{ .Values.service.type }} - ports: - {{ range .Values.service.ports }} - - port: {{ .port }} - targetPort: {{ .targetPort | int}} - nodePort: {{ .nodePort }} - protocol: {{ .protocol }} - name: {{ .name }} - {{ end }} - selector: - {{- include "tngkds-backend.selectorLabels" . | nindent 4 }} diff --git a/k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml b/k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml deleted file mode 100644 index a2d6ed5..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml +++ /dev/null @@ -1,111 +0,0 @@ -# Default values for tngkds-backend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - # Create this image before your local installing with: "docker build -t kds:0.0.1" and load - # this image into your local minikube cluster with: "minikube image load kds:0.0.1" - repository: kds:0.0.1 - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: NodePort - ports: - - name: http - port: 8080 - targetPort: 8080 - nodePort: 30166 - protocol: TCP - -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# H2 -db: - driverclass: org.h2.Driver - plattform: org.hibernate.dialect.H2Dialect - url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1; - username: sa - password: '' - -# ConfigMap -configMap: - data: - host: localhost - dbName: postgres - -# Spring -spring: - profile: cloud - -# Server port -server: - port: 8080 diff --git a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml deleted file mode 100644 index c26858c..0000000 --- a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml +++ /dev/null @@ -1,176 +0,0 @@ -# Default values for tngkds-backend. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - # Create this image before your local installing with: "docker build -t kds:0.0.1" and load - # this image into your local minikube cluster with: "minikube image load kds:0.0.1" - repository: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "0.0.1-d890889" #"0.0.1-2840d04" - -#kubectl -n create secret docker-registry --docker-server=ghcr.io --docker-username= --docker-password= --docker-email= -o yaml -#kubectl -n kds create secret docker-registry tng-distribution-pull-secret --docker-server=ghcr.io --docker-username=anonymous --docker-password= --docker-email=anonymous@example.com -o yaml -imagePullSecrets: tng-distribution-pull-secret -nameOverride: "" -fullnameOverride: "" - -# Liquibase -liquibaseImage: - repository: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution-initcontainer - tag: - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: - {} - # fsGroup: 2000 - -securityContext: - {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: NodePort - ports: - - name: http - port: 8080 - targetPort: 8080 - nodePort: 30166 - protocol: TCP - -ingress: - enabled: false - className: "" - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# H2 -db: - driverclass: org.h2.Driver - plattform: org.hibernate.dialect.H2Dialect - url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1; - username: sa - password: '' - -# ConfigMap -# configMap: -# data: -# host: localhost -# dbName: postgres - -# Spring -spring: - profile: cloud - -# Server port -server: - port: 8080 - -# Smart TN Gateway -gateway: - connector: - enabled: true - endpoint: - proxy: - enabled: false - max-cache-age: 300 - tls_trust_store: #CA of TNG Gateway of TLS certificate - alias: - password: - path: - tls_key_store: # client cert key pair of participant - alias: - password: - path: - trust_anchor: # TA pem file of TNG that was used for signing - alias: - password: - path: -did: - cron: "*/10 * * * * *" - enableDidGeneration: true - didUploadProvider: local-file - localFile: - directory: /tmp/kdsgitworkdir/tng-cdn-dev/v2.0.0 - file-name: did.json - git: - workdir: /tmp/kdsgituploader # oon clonind will checkout e.g. tng-cdn-dev - prefix: v2.0.0 #for copy action into git workdir from local file exporter path - url: https://github.com/WorldHealthOrganization/tng-cdn-dev - pat: #TODO: set by secret - didSigningProvider: dummy - ld-proof-verification-method: did:web:dummy.net - did-id: did:web:worldhealthorganization.github.io:tng-cdn-dev:v2.0.0 - trust-list-path: trustlist - trust-list-ref-path: trustlist-ref - did-controller: did:web:def - trust-list-id-prefix: did:web:abc - trust-list-controller-prefix: did:web:abc - contextMapping: - "[https://www.w3.org/ns/did/v1]": did_v1.json - "[https://w3id.org/security/suites/jws-2020/v1]": jws-2020_v1.json - virtualCountries: - XA: XXA - XB: XXB - XO: XXO - XL: XCL - EU: XEU - group-deny-list: - - UPLOAD - group-name-mapping: - CSCA: SCA diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/.helmignore b/k8s/helm/tngkds/charts/tngkds-postgres/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml deleted file mode 100644 index f138934..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: tngkds-postgres -description: A Helm chart for PostgreSQL database for TNG Key Distribution Service - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.16.0" diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/README.md b/k8s/helm/tngkds/charts/tngkds-postgres/README.md deleted file mode 100644 index 13a1375..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/README.md +++ /dev/null @@ -1,45 +0,0 @@ -# tngkds-postgres - -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.16.0](https://img.shields.io/badge/AppVersion-1.16.0-informational?style=flat-square) - -A Helm chart for PostgreSQL database for TNG Key Distribution Service - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| affinity | object | `{}` | | -| autoscaling.enabled | bool | `false` | Pod autoscaling | -| autoscaling.maxReplicas | int | `100` | | -| autoscaling.minReplicas | int | `1` | | -| autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| configMap.data.dbName | string | `"postgres"` | used as service name when db is deployed as pod | -| configMap.data.host | string | `"localhost"` | used as host name when db is deployed as pod | -| dbpassword | string | `""` | password of the dbuser | -| dbuser | string | `""` | username of the dbuser | -| fullnameOverride | string | `""` | | -| image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"nginx"` | | -| image.tag | string | `""` | | -| imagePullSecrets | list | `[]` | | -| ingress.annotations | object | `{}` | | -| ingress.className | string | `""` | | -| ingress.enabled | bool | `false` | | -| ingress.hosts[0].host | string | `"chart-example.local"` | | -| ingress.hosts[0].paths[0].path | string | `"/"` | | -| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | -| ingress.tls | list | `[]` | | -| nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | -| podAnnotations | object | `{}` | | -| podSecurityContext | object | `{}` | | -| replicaCount | int | `1` | | -| resources | object | `{}` | | -| securityContext | object | `{}` | | -| service.ports[0].port | int | `5432` | db service port | -| service.type | string | `"NodePort"` | | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.name | string | `""` | | -| tolerations | list | `[]` | | - diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl b/k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl deleted file mode 100644 index c7471d9..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/_helpers.tpl +++ /dev/null @@ -1,46 +0,0 @@ -{{/* -Template labels -*/}} -{{- define "tngkds-postgres.templateLabels" -}} - app: {{ template "tngkds-postgres.fullname" . }} -{{- end -}} - -{{- define "tngkds-postgres.selectorLabels" -}} - app: {{ template "tngkds-postgres.fullname" . }} -{{- end -}} - -{{- define "tngkds-postgres.labels" -}} - app: {{ template "tngkds-postgres.fullname" . }} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tngkds-postgres.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Expand the name of the chart. -*/}} -{{- define "tngkds-postgres.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tngkds-postgres.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml deleted file mode 100644 index bf656fc..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.asPod.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "tngkds-postgres.fullname" . }}-cfg - namespace: {{ .Release.Namespace }} -data: - host: "{{ .Values.configMap.data.host }}" - dbname: "{{ .Values.configMap.data.dbName }}" -{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml deleted file mode 100644 index e13ecd8..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.asPod.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "tngkds-postgres.fullname" . }} - labels: - {{- include "tngkds-postgres.labels" . | nindent 4 }} - tier: database - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - {{- include "tngkds-postgres.selectorLabels" . | nindent 6 }} - strategy: - type: Recreate - template: - metadata: - labels: - {{- include "tngkds-postgres.labels" . | nindent 8 }} - tier: database - spec: - containers: - - name: postgres - image: postgres - imagePullPolicy: "IfNotPresent" - env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ include "tngkds-postgres.fullname" . }}-secret - key: pgUser - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "tngkds-postgres.fullname" . }}-secret - key: pgPassword - - name: POSTGRES_DB - valueFrom: - configMapKeyRef: - name: {{ include "tngkds-postgres.fullname" . }}-cfg - key: dbname - ports: - - containerPort: 5432 - name: postgres - volumeMounts: - - mountPath: /var/lib/postgresql/kds/data - name: postgres-persistance-storage - volumes: - - name: postgres-persistance-storage - persistentVolumeClaim: - claimName: {{ include "tngkds-postgres.fullname" . }}-pv-claim -{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml deleted file mode 100644 index c3c4d34..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.asPod.enabled }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ include "tngkds-postgres.fullname" . }}-pv-claim - labels: - {{- include "tngkds-postgres.labels" . | nindent 4 }} - tier: database - namespace: {{ .Release.Namespace }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi -{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml deleted file mode 100644 index 32bfca0..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml +++ /dev/null @@ -1,10 +0,0 @@ -{{- if .Values.asPod.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "tngkds-postgres.fullname" . }}-secret - namespace: {{ .Release.Namespace }} -stringData: - pgUser: {{ .Values.dbuser | quote }} - pgPassword: {{ .Values.dbpassword | quote }} -{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml deleted file mode 100644 index 5f28c27..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.asPod.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: postgres - labels: - {{- include "tngkds-postgres.labels" . | nindent 4 }} - tier: database - namespace: {{ .Release.Namespace }} -spec: - type: NodePort - ports: - {{ range .Values.service.ports }} - - port: {{ .port }} - {{ end }} - selector: - {{- include "tngkds-postgres.selectorLabels" . | nindent 4 }} - tier: database -{{- end }} diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml deleted file mode 100644 index 4561a40..0000000 --- a/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml +++ /dev/null @@ -1,95 +0,0 @@ -# Default values for tngkds-postgres. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -podAnnotations: {} - -podSecurityContext: - {} - # fsGroup: 2000 - -securityContext: - {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: NodePort - ports: - - port: 5432 - -ingress: - enabled: false - className: "" - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: chart-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -# ConfigMap -configMap: - data: - host: localhost - dbName: postgres -dbuser: -dbpassword: diff --git a/k8s/helm/tngkds/templates/_helpers.tpl b/k8s/helm/tngkds/templates/_helpers.tpl deleted file mode 100644 index c0b246e..0000000 --- a/k8s/helm/tngkds/templates/_helpers.tpl +++ /dev/null @@ -1,62 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "tngkds.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "tngkds.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "tngkds.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Common labels -*/}} -{{- define "tngkds.labels" -}} -helm.sh/chart: {{ include "tngkds.chart" . }} -{{ include "tngkds.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "tngkds.selectorLabels" -}} -app.kubernetes.io/name: {{ include "tngkds.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "tngkds.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "tngkds.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/k8s/helm/tngkds/values.yaml b/k8s/helm/tngkds/values.yaml deleted file mode 100644 index 0d6c767..0000000 --- a/k8s/helm/tngkds/values.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Default values for tngkds. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -tngkds-postgres: - path: /()(*) - port: 5432 - - asPod: - enabled: false # run db as Service or Pod,set in conjunction with tngkds-backend - -tngkds-backend: - image: - tag: - liquibaseImage: - tag: - path: /()(*) - port: 8080 - db: - driverclass: org.h2.Driver - plattform: org.hibernate.dialect.H2Dialect - url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1; - username: sa - password: '' - gateway: - connector: - enabled: true - endpoint: - proxy: - enabled: false - max-cache-age: 300 - tls_trust_store: #CA of TNG Gateway of TLS certificate - alias: tng-tls-server-certificate - password: - path: /certs/tng_tls_server_truststore.p12 - tls_key_store: # client cert key pair of participant - alias: clientcredentials - password: - path: /certs/tls_key_store.p12 - trust_anchor: # TA pem file of TNG that was used for signing - alias: trustanchor - password: - path: /certs/trustanchor_store.jks diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml deleted file mode 100644 index cff20e3..0000000 --- a/owasp/suppressions.xml +++ /dev/null @@ -1,45 +0,0 @@ - - - - see https://github.com/jeremylong/DependencyCheck/issues/1827> - CVE-2018-1258 - - - see https://github.com/jeremylong/DependencyCheck/issues/2952 - CVE-2011-2732 - CVE-2011-2731 - CVE-2012-5055 - - - see https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities vulnerability is fixed in tomcat 9.0.38 - CVE-2020-13943 - - - - - da214a6f44ee5811c97f3b53a6dda31edf25ac9e - CVE-2016-9878 - CVE-2018-1270 - CVE-2018-1271 - CVE-2018-1272 - CVE-2020-5421 - - - - CVE-2021-22118 - - - H2 is only used for Unit Testing. Version 2.x includes major breaking changes. - CVE-2021-23463 - CVE-2018-14335 - CVE-2022-45868 - - - No fix available, still analyzed - CVE-2023-35116 - - - False positive, Dependency Updated but still matches for fixed version - CVE-2022-45688 - - diff --git a/pom.xml b/pom.xml deleted file mode 100644 index 44644fd..0000000 --- a/pom.xml +++ /dev/null @@ -1,311 +0,0 @@ - - - - 4.0.0 - - - org.springframework.cloud - spring-cloud-starter-parent - 2023.0.1 - - - tng.trustnetwork.keydistribution - tng-key-distribution - latest - jar - - tng-key-distribution - GDHCN Key Distribution Service project. - - T-Systems International GmbH - - - - - 17 - 17 - 17 - - UTF-8 - UTF-8 - - 8.3.1 - 1.5.5.Final - 5.12.0 - 1.78.1 - - 3.3.0 - 0.8.10 - 2.4.0 - - Key Distribution Service / tng-key-distribution - 2021 - apache_v2 - - WorldHealthOrganization - tng-key-distribution - - WorldHealthOrganization - ${sonar.organization}_${project.artifactId} - https://sonarcloud.io - - **/KeyDistributionServiceApplication.java, - **/model/*, - **/mapper/*, - **/entity/*, - **/DgcKeyStore.java, - **/ErrorHandler.java - - - - https://github.com/WorldHealthOrganization/tng-key-distribution - - https://github.com/WorldHealthOrganization/tng-key-distribution/actions - - - https://github.com/WorldHealthOrganization/tng-key-distribution/issues - - - https://github.com/WorldHealthOrganization/tng-key-distribution - - - - - who-github - https://maven.pkg.github.com/${github.organization}/* - - - danubetech-maven-public - https://repo.danubetech.com/repository/maven-public/ - - - - - - who-github - https://maven.pkg.github.com/${github.organization}/${github.project} - - - - - - eu.europa.ec.dgc - ddcc-gateway-lib - 2.0.1 - - - - - org.springframework.boot - spring-boot-starter-data-jpa - - - org.springframework.boot - spring-boot-starter-actuator - - - org.springframework.boot - spring-boot-starter-test - test - - - org.springframework.boot - spring-boot-starter-web - - - org.springframework.cloud - spring-cloud-starter-openfeign - - - org.springframework - spring-web - - - - - org.springframework - spring-web - 6.1.6 - - - - - org.liquibase - liquibase-core - - - com.h2database - h2 - runtime - - - org.postgresql - postgresql - runtime - 42.7.3 - - - - - org.projectlombok - lombok - - - org.mapstruct - mapstruct - ${mapstruct.version} - - - net.javacrumbs.shedlock - shedlock-provider-jdbc-template - ${shedlock.version} - - - net.javacrumbs.shedlock - shedlock-spring - ${shedlock.version} - - - org.bouncycastle - bcpkix-jdk18on - ${bcpkix.version} - - - info.weboftrust - ld-signatures-java - 1.1.0 - - - org.bitcoinj - bitcoinj-core - - - - - com.github.ben-manes.caffeine - caffeine - 3.1.8 - - - org.eclipse.jgit - org.eclipse.jgit - 6.9.0.202403050737-r - - - - - - - org.owasp - dependency-check-maven - ${owasp.version} - - ./owasp/suppressions.xml - 8 - false - - - - org.apache.maven.plugins - maven-surefire-plugin - - - org.springframework.boot - spring-boot-maven-plugin - - - org.apache.maven.plugins - maven-checkstyle-plugin - ${plugin.checkstyle.version} - - ./codestyle/checkstyle.xml - ./target/**/* - true - true - warning - true - false - - - - check - validate - - check - - - - - - com.puppycrawl.tools - checkstyle - 8.41.1 - - - - - org.jacoco - jacoco-maven-plugin - ${plugin.jacoco.version} - - - - prepare-agent - - - - report - - report - - - - - - org.apache.maven.plugins - maven-compiler-plugin - - - - org.projectlombok - lombok - ${lombok.version} - - - org.mapstruct - mapstruct-processor - ${mapstruct.version} - - - - - - org.codehaus.mojo - license-maven-plugin - ${plugin.license.version} - - **/*.java - ${project.organization.name} and all other contributors - ---license-start - ---license-end - --- - false - true - true - - - - download-licenses - validate - - download-licenses - - - - - - - - diff --git a/settings.xml b/settings.xml deleted file mode 100644 index 02f5137..0000000 --- a/settings.xml +++ /dev/null @@ -1,12 +0,0 @@ - - - false - - - who-github - ${app.packages.username} - ${app.packages.password} - - - diff --git a/src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java b/src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java deleted file mode 100644 index ec29444..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java +++ /dev/null @@ -1,49 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution; - -import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.context.properties.EnableConfigurationProperties; -import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; -import org.springframework.cloud.openfeign.EnableFeignClients; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -/** - * The Application class. - */ -@SpringBootApplication -@EnableConfigurationProperties(KdsConfigProperties.class) -@EnableFeignClients -public class KeyDistributionServiceApplication { - - /** - * The main Method. - * - * @param args the args for the main method - */ - public static void main(String[] args) { - - SpringApplication.run(KeyDistributionServiceApplication.class, args); - - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java b/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java deleted file mode 100644 index c32a99b..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java +++ /dev/null @@ -1,34 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.clients; - -import org.springframework.cloud.openfeign.FeignClient; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PathVariable; - -@FeignClient(value = "universalresolver", url = "${universal.resolver}", - configuration = UniversalResolverClientConfig.class) -public interface UniversalResolverClient { - - @GetMapping(value = "/{didKey}", produces = "application/json") - String getDidDocument(@PathVariable("didKey") String didKey); - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java b/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java deleted file mode 100644 index cb034e0..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java +++ /dev/null @@ -1,98 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.clients; - -import feign.Client; -import feign.httpclient.ApacheHttpClient; -import java.security.KeyManagementException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; -import lombok.RequiredArgsConstructor; -import org.apache.http.HttpHost; -import org.apache.http.conn.ssl.DefaultHostnameVerifier; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.message.BasicHeader; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -@Configuration -@RequiredArgsConstructor -public class UniversalResolverClientConfig { - - private final KdsConfigProperties properties; - - // Create a custom TrustManager that trusts all certificates - TrustManager[] trustAllCerts = new TrustManager[] { - new X509TrustManager() { - public X509Certificate[] getAcceptedIssuers() { - - return null; - } - - public void checkClientTrusted(X509Certificate[] certs, String authType) { - - } - - public void checkServerTrusted(X509Certificate[] certs, String authType) { - - } - } - }; - - /** - * Feign Client for connection to universal resolver. - * - * @return Instance of HttpClient - */ - @Bean("feignClientUniversalResolver") - public Client client() throws NoSuchAlgorithmException, - KeyManagementException { - - //TODO for universal resolver https requests we skip TLS verification and trust all certs - // this is temporary config used until self hosted resolver will be used - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); - - return new ApacheHttpClient(HttpClientBuilder.create() - .setSSLContext(sslContext) - .setDefaultHeaders(Arrays.asList( - new BasicHeader("Accept-Encoding", "gzip, deflate, br"), - new BasicHeader("Connection", "keep-alive") - )) - .setSSLHostnameVerifier(new DefaultHostnameVerifier()) - .setProxy(getProxy()) - .build()); - } - - private HttpHost getProxy() { - - if (properties.getProxy().isEnabled()) { - return new HttpHost(properties.getProxy().getHost(), properties.getProxy().getPort()); - } else { - return null; - } - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java b/src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java deleted file mode 100644 index f4c3e11..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/config/KdsConfigProperties.java +++ /dev/null @@ -1,142 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.config; - -import eu.europa.ec.dgc.gateway.connector.config.DgcGatewayConnectorConfigProperties; -import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.Setter; -import org.springframework.boot.context.properties.ConfigurationProperties; - -@Getter -@Setter -@ConfigurationProperties("dgc") //TODO separate kds and dgc-lib properties -public class KdsConfigProperties { - - - private final CertificatesDownloader certificatesDownloader = new CertificatesDownloader(); - - private final TrustedIssuerDownloader trustedIssuerDownloader = new TrustedIssuerDownloader(); - - private final DidConfig did = new DidConfig(); - - /** - * Http-Proxy Configuration. - */ - private KdsConfigProperties.Proxy - proxy = new KdsConfigProperties.Proxy(false, null, -1); - - @Getter - @Setter - public static class CertificatesDownloader { - private Integer timeInterval; - private Integer lockLimit; - } - - @Getter - @Setter - public static class TrustedIssuerDownloader { - private boolean enabled; - private Integer timeInterval; - private Integer lockLimit; - private List staticTrustedIssuer = new ArrayList<>(); - private boolean enableTrustedIssuerResolving = false; - } - - @Getter - @Setter - @AllArgsConstructor - public static class Proxy { - - /** - * Enable HTTP Proxy. - */ - private boolean enabled; - - /** - * Host Address of Proxy server (without protocol). - * (e.g. proxy.example-corp.com) - */ - private String host; - - /** - * Port of Proxy Server. - * (e.g. 8080) - */ - private int port; - } - - @Getter - @Setter - public static class DidConfig { - - private Boolean enableDidGeneration; - - private String didId; - private String didController; - - private String trustListPath; - private String trustListRefPath; - - private String trustListIdPrefix; - private String trustListControllerPrefix; - - private String ldProofVerificationMethod; - private String ldProofDomain; - - private String didSigningProvider; - private String didUploadProvider; - - private Map contextMapping = new HashMap<>(); - private Map virtualCountries = new HashMap<>(); - - private LocalFileConfig localFile = new LocalFileConfig(); - private GitConfig git = new GitConfig(); - - private DgcGatewayConnectorConfigProperties.KeyStoreWithAlias localKeyStore = - new DgcGatewayConnectorConfigProperties.KeyStoreWithAlias(); - - private List groupDenyList = new ArrayList<>(); - private Map groupNameMapping = new HashMap<>(); - - @Getter - @Setter - public static class LocalFileConfig { - private String fileName; - private String directory; - } - - @Getter - @Setter - public static class GitConfig { - private String prefix; - private String workdir; - private String pat; - private String url; - } - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/config/SchedulerConfig.java b/src/main/java/tng/trustnetwork/keydistribution/config/SchedulerConfig.java deleted file mode 100644 index c98d2fd..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/config/SchedulerConfig.java +++ /dev/null @@ -1,33 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.config; - -import net.javacrumbs.shedlock.spring.annotation.EnableSchedulerLock; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; -import org.springframework.scheduling.annotation.EnableScheduling; - -@Configuration -@Profile("!test") -@EnableScheduling -@EnableSchedulerLock(defaultLockAtMostFor = "PT30S") -public class SchedulerConfig { -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/config/ShedLockConfig.java b/src/main/java/tng/trustnetwork/keydistribution/config/ShedLockConfig.java deleted file mode 100644 index 8f172fc..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/config/ShedLockConfig.java +++ /dev/null @@ -1,50 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.config; - -import static net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider.Configuration.builder; - -import javax.sql.DataSource; -import net.javacrumbs.shedlock.core.LockProvider; -import net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.jdbc.core.JdbcTemplate; - -@Configuration -public class ShedLockConfig { - - /** - * Creates a LockProvider for ShedLock. - * - * @param dataSource JPA datasource - * @return LockProvider - */ - @Bean - public LockProvider lockProvider(DataSource dataSource) { - return new JdbcTemplateLockProvider(builder() - .withTableName("shedlock") - .withJdbcTemplate(new JdbcTemplate(dataSource)) - .usingDbTime() - .build() - ); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/DecentralizedIdentifierEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/DecentralizedIdentifierEntity.java deleted file mode 100644 index 445af22..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/DecentralizedIdentifierEntity.java +++ /dev/null @@ -1,66 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - -import jakarta.persistence.Column; -import jakarta.persistence.Entity; -import jakarta.persistence.FetchType; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.GenerationType; -import jakarta.persistence.Id; -import jakarta.persistence.OneToMany; -import jakarta.persistence.Table; -import java.time.ZonedDateTime; -import java.util.List; -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - - -@Data -@Getter -@Setter -@Entity -@Table(name = "decentralized_identifier") -@AllArgsConstructor -@NoArgsConstructor -public class DecentralizedIdentifierEntity { - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id", columnDefinition = "BIGINT") - private Long id; - - @Column(name = "created_at", nullable = false) - private ZonedDateTime createdAt = ZonedDateTime.now(); - - @Column(name = "did_id", length = 100) - private String didId; - - @OneToMany(mappedBy = "parentDocument", fetch = FetchType.EAGER) - private List verificationMethods; - - @Column(name = "raw", length = 10_000_000) - private String raw; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/EcPublicKeyJwkEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/EcPublicKeyJwkEntity.java deleted file mode 100644 index 80d731a..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/EcPublicKeyJwkEntity.java +++ /dev/null @@ -1,48 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - -import jakarta.persistence.Column; -import jakarta.persistence.DiscriminatorValue; -import jakarta.persistence.Entity; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -@Getter -@Setter -@AllArgsConstructor -@NoArgsConstructor -@Entity -@DiscriminatorValue("EC") -public class EcPublicKeyJwkEntity extends PublicKeyJwkEntity { - - @Column(name = "crv", length = 100) - private String crv; - - @Column(name = "x", length = 100) - private String xvalue; - - @Column(name = "y", length = 100) - private String yvalue; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/PublicKeyJwkEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/PublicKeyJwkEntity.java deleted file mode 100644 index e1ea9f7..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/PublicKeyJwkEntity.java +++ /dev/null @@ -1,59 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - -import jakarta.persistence.Column; -import jakarta.persistence.DiscriminatorColumn; -import jakarta.persistence.Entity; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.GenerationType; -import jakarta.persistence.Id; -import jakarta.persistence.Inheritance; -import jakarta.persistence.InheritanceType; -import jakarta.persistence.Table; -import java.time.ZonedDateTime; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -@Getter -@Setter -@AllArgsConstructor -@NoArgsConstructor -@Entity -@Table(name = "public_key_jwk") -@Inheritance(strategy = InheritanceType.SINGLE_TABLE) -@DiscriminatorColumn(name = "kty", columnDefinition = "varchar(10)") -public abstract class PublicKeyJwkEntity { - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private Long id; - - @Column(name = "created_at", nullable = false) - private ZonedDateTime createdAt = ZonedDateTime.now(); - - @Column(name = "x5c", length = 7000) - private String x5c; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/RsaPublicKeyJwkEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/RsaPublicKeyJwkEntity.java deleted file mode 100644 index d463a9b..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/RsaPublicKeyJwkEntity.java +++ /dev/null @@ -1,45 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - -import jakarta.persistence.Column; -import jakarta.persistence.DiscriminatorValue; -import jakarta.persistence.Entity; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -@Getter -@Setter -@AllArgsConstructor -@NoArgsConstructor -@Entity -@DiscriminatorValue("RSA") -public class RsaPublicKeyJwkEntity extends PublicKeyJwkEntity { - - @Column(name = "n", length = 1000) - private String nvalue; - - @Column(name = "e", length = 1000) - private String evalue; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/ShedlockEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/ShedlockEntity.java deleted file mode 100644 index 2e0b209..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/ShedlockEntity.java +++ /dev/null @@ -1,52 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - -import jakarta.persistence.Column; -import jakarta.persistence.Entity; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.GenerationType; -import jakarta.persistence.Id; -import jakarta.persistence.Table; -import java.util.Date; - -@Entity -@Table(name = "shedlock") -public class ShedlockEntity { - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private Long id; - - @Column(name = "name", length = 64, nullable = false, unique = true) - private String name; - - @Column(name = "lock_until", nullable = false) - private Date lockUntil; - - @Column(name = "locked_at", nullable = false) - private Date lockedAt; - - @Column(name = "locked_by", nullable = false) - private String lockedBy; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java deleted file mode 100644 index 05bcfc2..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/SignerInformationEntity.java +++ /dev/null @@ -1,94 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - - - -import jakarta.persistence.Column; -import jakarta.persistence.Entity; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.GenerationType; -import jakarta.persistence.Id; -import jakarta.persistence.Table; -import java.time.ZonedDateTime; -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -@Data -@Getter -@Setter -@Entity -@Table(name = "signer_information") -@AllArgsConstructor -@NoArgsConstructor -public class SignerInformationEntity { - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private Long id; - - /** - * Unique Identifier of the cert. - */ - @Column(name = "kid", length = 50, nullable = false) - private String kid; - - /** - * Timestamp of the Record creation. - */ - @Column(name = "created_at", nullable = false) - private ZonedDateTime createdAt = ZonedDateTime.now(); - - /** - * Base64 encoded certificate raw data. - */ - @Column(name = "raw_data", nullable = false, length = 4096) - private String rawData; - - /** - * The country code of the cert. - */ - @Column(name = "country") - private String country; - - /** - * The domain of the cert. - */ - @Column(name = "domain") - private String domain; - - /** - * The group of the cert. - */ - @Column(name = "groupx") - private String group; - - /** - * SHA-256 Hash-Value of Certificate Subject (hex). - */ - @Column(name = "subject_hash") - private String subjectHash; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/TrustedIssuerEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/TrustedIssuerEntity.java deleted file mode 100644 index 57a37d0..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/TrustedIssuerEntity.java +++ /dev/null @@ -1,114 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - -import jakarta.persistence.Column; -import jakarta.persistence.Entity; -import jakarta.persistence.EnumType; -import jakarta.persistence.Enumerated; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.GenerationType; -import jakarta.persistence.Id; -import jakarta.persistence.Table; -import java.time.ZonedDateTime; -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -@Data -@Getter -@Setter -@Entity -@Table(name = "trusted_issuer") -@AllArgsConstructor -@NoArgsConstructor -public class TrustedIssuerEntity { - - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id") - private Long id; - - /** - * Timestamp of the Record. - */ - @Column(name = "created_at", nullable = false) - private ZonedDateTime createdAt = ZonedDateTime.now(); - - /** - * ISO 3166 Alpha-2 Country Code - * (plus code "EU" for administrative European Union entries). - */ - @Column(name = "country", nullable = false, length = 2) - private String country; - - /** - * URL of the service, can be HTTP(s) or DID URL. - */ - @Column(name = "url", nullable = false, length = 1024) - private String url; - - /** - * Name of the service. - */ - @Column(name = "name", nullable = false, length = 512) - private String name; - - /** - * Type of the URL (HTTP, DID). - */ - @Column(name = "url_type", nullable = false, length = 25) - @Enumerated(EnumType.STRING) - private UrlType urlType; - - /** - * SHA-256 Thumbprint of the certificate (hex encoded). - */ - @Column(name = "thumbprint", length = 64) - private String thumbprint; - - /** - * SSL Certificate of the endpoint (if applicable). - */ - @Column(name = "ssl_public_key", length = 2048) - private String sslPublicKey; - - /** - * Type of Key Storage. E.g JWKS, DIDDocument etc. (If applicable) - */ - @Column(name = "key_storage_type", length = 128) - private String keyStorageType; - - /** - * Signature of the TrustAnchor. - */ - @Column(name = "signature", nullable = false, length = 6000) - String signature; - - public enum UrlType { - HTTP, - DID - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/entity/VerificationMethodEntity.java b/src/main/java/tng/trustnetwork/keydistribution/entity/VerificationMethodEntity.java deleted file mode 100644 index 25b9fa0..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/entity/VerificationMethodEntity.java +++ /dev/null @@ -1,74 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.entity; - -import jakarta.persistence.CascadeType; -import jakarta.persistence.Column; -import jakarta.persistence.Entity; -import jakarta.persistence.GeneratedValue; -import jakarta.persistence.GenerationType; -import jakarta.persistence.Id; -import jakarta.persistence.JoinColumn; -import jakarta.persistence.ManyToOne; -import jakarta.persistence.OneToOne; -import jakarta.persistence.Table; -import java.time.ZonedDateTime; -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -@Data -@Getter -@Setter -@Entity -@Table(name = "verification_method") -@AllArgsConstructor -@NoArgsConstructor -public class VerificationMethodEntity { - - @Id - @GeneratedValue(strategy = GenerationType.IDENTITY) - @Column(name = "id", columnDefinition = "BIGINT") - private Long id; - - @Column(name = "vm_id", length = 100) - private String vmId; - - @Column(name = "type", length = 100) - private String type; - - @Column(name = "controller", length = 100) - private String controller; - - @OneToOne(cascade = CascadeType.ALL) - @JoinColumn(name = "public_key_jwk_id") - private PublicKeyJwkEntity publicKeyJwk; - - @ManyToOne - @JoinColumn(name = "parent_document_id") - private DecentralizedIdentifierEntity parentDocument; - - @Column(name = "created_at", nullable = false) - private ZonedDateTime createdAt = ZonedDateTime.now(); - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/mapper/DidMapper.java b/src/main/java/tng/trustnetwork/keydistribution/mapper/DidMapper.java deleted file mode 100644 index 081bcbb..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/mapper/DidMapper.java +++ /dev/null @@ -1,87 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.mapper; - -import java.util.List; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import org.mapstruct.SubclassExhaustiveStrategy; -import org.mapstruct.SubclassMapping; -import tng.trustnetwork.keydistribution.entity.DecentralizedIdentifierEntity; -import tng.trustnetwork.keydistribution.entity.EcPublicKeyJwkEntity; -import tng.trustnetwork.keydistribution.entity.PublicKeyJwkEntity; -import tng.trustnetwork.keydistribution.entity.RsaPublicKeyJwkEntity; -import tng.trustnetwork.keydistribution.entity.VerificationMethodEntity; -import tng.trustnetwork.keydistribution.model.DidDocument; -import tng.trustnetwork.keydistribution.model.EcPublicKeyJwk; -import tng.trustnetwork.keydistribution.model.JwkVerificationMethod; -import tng.trustnetwork.keydistribution.model.PublicKeyJwk; -import tng.trustnetwork.keydistribution.model.RsaPublicKeyJwk; -import tng.trustnetwork.keydistribution.model.StringOrObject; -import tng.trustnetwork.keydistribution.model.VerificationMethod; - -@Mapper(componentModel = "spring", subclassExhaustiveStrategy = SubclassExhaustiveStrategy.RUNTIME_EXCEPTION) -public interface DidMapper { - - @Mapping(target = "didId", source = "didDocument.id") - @Mapping(target = "verificationMethods", source = "didDocument.verificationMethod") - @Mapping(target = "id", ignore = true) - @Mapping(target = "createdAt", ignore = true) - DecentralizedIdentifierEntity toEntity(DidDocument didDocument, String raw); - - @SubclassMapping(target = RsaPublicKeyJwkEntity.class, source = RsaPublicKeyJwk.class) - @SubclassMapping(target = EcPublicKeyJwkEntity.class, source = EcPublicKeyJwk.class) - @Mapping(target = "id", ignore = true) - @Mapping(target = "createdAt", ignore = true) - PublicKeyJwkEntity toEntity(PublicKeyJwk publicKeyJwk); - - @Mapping(target = "id", ignore = true) - @Mapping(target = "createdAt", ignore = true) - EcPublicKeyJwkEntity toEntity(EcPublicKeyJwk model); - - @Mapping(target = "id", ignore = true) - @Mapping(target = "createdAt", ignore = true) - RsaPublicKeyJwkEntity toEntity(RsaPublicKeyJwk model); - - @SubclassMapping(target = VerificationMethodEntity.class, source = JwkVerificationMethod.class) - @Mapping(target = "vmId", source = "verificationMethod.id") - @Mapping(target = "id", ignore = true) - @Mapping(target = "createdAt", ignore = true) - @Mapping(target = "parentDocument", ignore = true) - @Mapping(target = "publicKeyJwk", ignore = true) - VerificationMethodEntity toEntity(VerificationMethod verificationMethod); - - @Mapping(target = "type", constant = "JsonWebKey2020") - @Mapping(target = "vmId", source = "verificationMethod.id") - @Mapping(target = "id", ignore = true) - @Mapping(target = "parentDocument", ignore = true) - @Mapping(target = "createdAt", ignore = true) - VerificationMethodEntity toEntity(JwkVerificationMethod verificationMethod); - - default T unwrap(StringOrObject wrapped) { - return wrapped.getObjectValue(); - } - - default String toSingleString(List list) { - - return list == null ? null : String.join(",", list); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/mapper/IssuerMapper.java b/src/main/java/tng/trustnetwork/keydistribution/mapper/IssuerMapper.java deleted file mode 100644 index b0a6ae2..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/mapper/IssuerMapper.java +++ /dev/null @@ -1,39 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.mapper; - -import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer; -import java.util.List; -import org.mapstruct.Mapper; -import org.mapstruct.Mapping; -import tng.trustnetwork.keydistribution.entity.TrustedIssuerEntity; - -@Mapper(componentModel = "spring") -public interface IssuerMapper { - - @Mapping(source = "type", target = "urlType") - @Mapping(target = "id", ignore = true) - @Mapping(target = "createdAt", ignore = true) - TrustedIssuerEntity trustedIssuerToTrustedIssuerEntity(TrustedIssuer trustedIssuer); - - List trustedIssuerToTrustedIssuerEntity(List trustedIssuer); - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/DidContext.java b/src/main/java/tng/trustnetwork/keydistribution/model/DidContext.java deleted file mode 100644 index 8e8d2d9..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/DidContext.java +++ /dev/null @@ -1,43 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; - -@Getter -@Setter -@NoArgsConstructor -@AllArgsConstructor -@JsonInclude(JsonInclude.Include.NON_NULL) -public class DidContext { - - private String base; - - private String rating; - - private String publicAccess; - - private String additionalType; -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/DidDocument.java b/src/main/java/tng/trustnetwork/keydistribution/model/DidDocument.java deleted file mode 100644 index b8bc421..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/DidDocument.java +++ /dev/null @@ -1,48 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.annotation.JsonProperty; -import java.util.List; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@JsonIgnoreProperties(ignoreUnknown = true) -@JsonInclude(JsonInclude.Include.NON_NULL) -public class DidDocument { - - @JsonProperty("@context") - private List> context; - - private String id; - - private String controller; - - - private List> verificationMethod; - - private Proof proof; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/EcPublicKeyJwk.java b/src/main/java/tng/trustnetwork/keydistribution/model/EcPublicKeyJwk.java deleted file mode 100644 index 83f5870..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/EcPublicKeyJwk.java +++ /dev/null @@ -1,57 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonEnumDefaultValue; -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.annotation.JsonProperty; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@JsonInclude(JsonInclude.Include.NON_NULL) -public class EcPublicKeyJwk extends PublicKeyJwk { - - private Curve crv; - - @JsonProperty("x") - private String xvalue; - - @JsonProperty("y") - private String yvalue; - - public enum Curve { - @JsonEnumDefaultValue - UNKNOWN, - - @JsonProperty("P-256") - P256, - - @JsonProperty("P-384") - P384, - - @JsonProperty("P-521") - P521 - - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/JwkVerificationMethod.java b/src/main/java/tng/trustnetwork/keydistribution/model/JwkVerificationMethod.java deleted file mode 100644 index 630850f..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/JwkVerificationMethod.java +++ /dev/null @@ -1,34 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@JsonInclude(JsonInclude.Include.NON_NULL) -public class JwkVerificationMethod extends VerificationMethod { - - private PublicKeyJwk publicKeyJwk; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/Proof.java b/src/main/java/tng/trustnetwork/keydistribution/model/Proof.java deleted file mode 100644 index 0626a0e..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/Proof.java +++ /dev/null @@ -1,44 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@JsonInclude(JsonInclude.Include.NON_NULL) -public class Proof { - - private String type; - - private String created; - - private String nonce; - - private String proofPurpose; - - private String verificationMethod; - - private String jws; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/PublicKeyJwk.java b/src/main/java/tng/trustnetwork/keydistribution/model/PublicKeyJwk.java deleted file mode 100644 index 96569a0..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/PublicKeyJwk.java +++ /dev/null @@ -1,94 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonSubTypes; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import java.util.List; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@JsonTypeInfo(property = "kty", use = JsonTypeInfo.Id.NAME) -@JsonSubTypes({ - @JsonSubTypes.Type(name = "EC", value = EcPublicKeyJwk.class), - @JsonSubTypes.Type(name = "RSA", value = RsaPublicKeyJwk.class), -}) -@JsonInclude(JsonInclude.Include.NON_NULL) -public abstract class PublicKeyJwk { - - private String kty; - - private String kid; - - private String x5u; - - private List x5c; - - private String x5t; - - @JsonProperty("x5t#S256") - private String x5tS256; - - private Use use; - - @JsonProperty("key_ops") - private List keyOps; - - public enum KeyOps { - @JsonProperty("sign") - SIGN, - - @JsonProperty("verify") - VERIFY, - - @JsonProperty("encrypt") - ENCRYPT, - - @JsonProperty("decrypt") - DECRYPT, - - @JsonProperty("wrapKey") - WRAP_KEY, - - @JsonProperty("unwrapKey") - UNWRAP_KEY, - - @JsonProperty("deriveKey") - DERIVE_KEY, - - @JsonProperty("deriveBits") - DERIVE_BITS - - } - - public enum Use { - @JsonProperty("sig") - SIGNATURE, - - @JsonProperty("enc") - ENCRYPTION - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/RsaPublicKeyJwk.java b/src/main/java/tng/trustnetwork/keydistribution/model/RsaPublicKeyJwk.java deleted file mode 100644 index 4006ef8..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/RsaPublicKeyJwk.java +++ /dev/null @@ -1,39 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.annotation.JsonProperty; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@JsonInclude(JsonInclude.Include.NON_NULL) -public class RsaPublicKeyJwk extends PublicKeyJwk { - - @JsonProperty("n") - private String nvalue; - - @JsonProperty("e") - private String evalue; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/StringOrObject.java b/src/main/java/tng/trustnetwork/keydistribution/model/StringOrObject.java deleted file mode 100644 index ae961b9..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/StringOrObject.java +++ /dev/null @@ -1,37 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@AllArgsConstructor -@JsonDeserialize(using = StringOrObjectDeserializer.class) -public class StringOrObject { - - private T objectValue; - - private String stringValue; -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/StringOrObjectDeserializer.java b/src/main/java/tng/trustnetwork/keydistribution/model/StringOrObjectDeserializer.java deleted file mode 100644 index 8cea6c7..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/StringOrObjectDeserializer.java +++ /dev/null @@ -1,64 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.core.JsonParser; -import com.fasterxml.jackson.databind.BeanProperty; -import com.fasterxml.jackson.databind.DeserializationContext; -import com.fasterxml.jackson.databind.JavaType; -import com.fasterxml.jackson.databind.JsonDeserializer; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.deser.ContextualDeserializer; -import com.fasterxml.jackson.databind.node.ObjectNode; -import com.fasterxml.jackson.databind.node.TextNode; -import java.io.IOException; - -//@RequiredArgsConstructor -public class StringOrObjectDeserializer extends JsonDeserializer> implements ContextualDeserializer { - - private JavaType type; - - //private final ObjectMapper objectMapper; - - @Override - public JsonDeserializer createContextual(DeserializationContext context, BeanProperty property) { - - this.type = property.getType().containedType(0).containedType(0); - return this; - } - - @Override - public StringOrObject deserialize(JsonParser jsonParser, DeserializationContext deserializationContext) - throws IOException { - - JsonNode jsonNode = jsonParser.getCodec().readTree(jsonParser); - - if (jsonNode instanceof TextNode textNode) { - - return new StringOrObject<>(null, textNode.textValue()); - } else if (jsonNode instanceof ObjectNode objectNode) { - - return new StringOrObject<>(deserializationContext.readTreeAsValue(objectNode, type), null); - } else { - return null; - } - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethod.java b/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethod.java deleted file mode 100644 index a30596b..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethod.java +++ /dev/null @@ -1,45 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.annotation.JsonSubTypes; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import lombok.Getter; -import lombok.Setter; - - -@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type") -@JsonSubTypes({ - @JsonSubTypes.Type(value = JwkVerificationMethod.class, name = "JsonWebKey2020") -}) -@Getter -@Setter -@JsonInclude(JsonInclude.Include.NON_NULL) -public abstract class VerificationMethod { - - private String id; - - private String controller; - - private String type; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodModel.java b/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodModel.java deleted file mode 100644 index dbbc4a7..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodModel.java +++ /dev/null @@ -1,45 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.annotation.JsonSubTypes; -import com.fasterxml.jackson.annotation.JsonTypeInfo; -import lombok.Getter; -import lombok.Setter; - - -@JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type") -@JsonSubTypes({ - @JsonSubTypes.Type(value = JwkVerificationMethod.class, name = "JsonWebKey2020") -}) -@Getter -@Setter -@JsonInclude(JsonInclude.Include.NON_NULL) -public abstract class VerificationMethodModel { - - private String id; - - private String controller; - - private String type; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodReference.java b/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodReference.java deleted file mode 100644 index 11bdabe..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/model/VerificationMethodReference.java +++ /dev/null @@ -1,36 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.model; - -import com.fasterxml.jackson.annotation.JsonInclude; -import lombok.AllArgsConstructor; -import lombok.Getter; -import lombok.Setter; - -@Getter -@Setter -@AllArgsConstructor -@JsonInclude(JsonInclude.Include.NON_NULL) -public class VerificationMethodReference extends DidContext { - - private String reference; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/repository/DecentralizedIdentifierRepository.java b/src/main/java/tng/trustnetwork/keydistribution/repository/DecentralizedIdentifierRepository.java deleted file mode 100644 index 14b4369..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/repository/DecentralizedIdentifierRepository.java +++ /dev/null @@ -1,27 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.repository; - -import org.springframework.data.jpa.repository.JpaRepository; -import tng.trustnetwork.keydistribution.entity.DecentralizedIdentifierEntity; - -public interface DecentralizedIdentifierRepository extends JpaRepository { -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/repository/PublicKeyJwkRepository.java b/src/main/java/tng/trustnetwork/keydistribution/repository/PublicKeyJwkRepository.java deleted file mode 100644 index 0f057c5..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/repository/PublicKeyJwkRepository.java +++ /dev/null @@ -1,27 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.repository; - -import org.springframework.data.jpa.repository.JpaRepository; -import tng.trustnetwork.keydistribution.entity.PublicKeyJwkEntity; - -public interface PublicKeyJwkRepository extends JpaRepository { -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/repository/SignerInformationRepository.java b/src/main/java/tng/trustnetwork/keydistribution/repository/SignerInformationRepository.java deleted file mode 100644 index 627ad7e..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/repository/SignerInformationRepository.java +++ /dev/null @@ -1,55 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.repository; - -import java.util.List; -import org.springframework.data.jpa.repository.JpaRepository; -import org.springframework.data.jpa.repository.Query; -import tng.trustnetwork.keydistribution.entity.SignerInformationEntity; - -public interface SignerInformationRepository extends JpaRepository { - - List getByCountryIs(String country); - - List getByDomainIs(String domain); - - List getByDomainIsAndCountryIs(String domain, String country); - - List getByCountryIsAndGroupIs(String country, String group); - - List getByDomainIsAndGroupIs(String domain, String group); - - List getByGroupIs(String group); - - List getByDomainIsAndCountryIsAndGroupIs(String domain, String country, String group); - - List getBySubjectHashIsAndCountryIsAndDomainIs( - String subjectHash, String country, String domain); - - @Query("SELECT DISTINCT s.country FROM SignerInformationEntity s") - List getCountryList(); - - @Query("SELECT DISTINCT s.domain FROM SignerInformationEntity s") - List getDomainsList(); - - @Query("SELECT DISTINCT s.group FROM SignerInformationEntity s") - List getGroupList(); -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/repository/TrustedIssuerRepository.java b/src/main/java/tng/trustnetwork/keydistribution/repository/TrustedIssuerRepository.java deleted file mode 100644 index f78e6b5..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/repository/TrustedIssuerRepository.java +++ /dev/null @@ -1,30 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.repository; - -import java.util.List; -import org.springframework.data.jpa.repository.JpaRepository; -import tng.trustnetwork.keydistribution.entity.TrustedIssuerEntity; - -public interface TrustedIssuerRepository extends JpaRepository { - - List findAllByUrlTypeIs(TrustedIssuerEntity.UrlType urlType); -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/repository/VerificationMethodRepository.java b/src/main/java/tng/trustnetwork/keydistribution/repository/VerificationMethodRepository.java deleted file mode 100644 index 0fc619f..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/repository/VerificationMethodRepository.java +++ /dev/null @@ -1,27 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.repository; - -import org.springframework.data.jpa.repository.JpaRepository; -import tng.trustnetwork.keydistribution.entity.VerificationMethodEntity; - -public interface VerificationMethodRepository extends JpaRepository { -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierService.java b/src/main/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierService.java deleted file mode 100644 index 37763d6..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierService.java +++ /dev/null @@ -1,70 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import java.util.Objects; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Service; -import org.springframework.transaction.annotation.Transactional; -import tng.trustnetwork.keydistribution.entity.DecentralizedIdentifierEntity; -import tng.trustnetwork.keydistribution.mapper.DidMapper; -import tng.trustnetwork.keydistribution.model.DidDocument; -import tng.trustnetwork.keydistribution.repository.DecentralizedIdentifierRepository; -import tng.trustnetwork.keydistribution.repository.PublicKeyJwkRepository; -import tng.trustnetwork.keydistribution.repository.VerificationMethodRepository; - -@Slf4j -@Service -@RequiredArgsConstructor -public class DecentralizedIdentifierService { - - private final DecentralizedIdentifierRepository decentralizedIdentifierRepository; - - private final VerificationMethodRepository verificationMethodRepository; - - private final PublicKeyJwkRepository publicKeyJwkRepository; - - private final DidMapper didMapper; - - /** - * Update the list of Decentralized Identifier Documents. - * - * @param didDocument parsed DID Document - * @param raw RAW JSON Representation (This is required to be able to verify integrity of DID afterwords) - */ - @Transactional - public void updateDecentralizedIdentifierList(DidDocument didDocument, String raw) { - - DecentralizedIdentifierEntity didEntity = didMapper.toEntity(didDocument, raw); - decentralizedIdentifierRepository.save(didEntity); - - didEntity.getVerificationMethods() - .stream() - .filter(Objects::nonNull) - .forEach(verificationMethod -> { - - verificationMethod.setParentDocument(didEntity); - publicKeyJwkRepository.save(verificationMethod.getPublicKeyJwk()); - verificationMethodRepository.save(verificationMethod); - }); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/KdsCertUtils.java b/src/main/java/tng/trustnetwork/keydistribution/service/KdsCertUtils.java deleted file mode 100644 index f1fb954..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/KdsCertUtils.java +++ /dev/null @@ -1,34 +0,0 @@ -package tng.trustnetwork.keydistribution.service; - -import eu.europa.ec.dgc.utils.CertificateUtils; -import java.io.IOException; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Base64; -import lombok.RequiredArgsConstructor; -import org.bouncycastle.cert.X509CertificateHolder; -import org.springframework.stereotype.Service; - -@Service -@RequiredArgsConstructor -public class KdsCertUtils { - - private final CertificateUtils certificateUtils; - - /** - * Parse Base64 Encoded Certificate. - * - * @param raw Base64 encoded certificate in DER format - * @return parsed Certificate instance - */ - public X509Certificate parseCertificate(String raw) { - - try { - byte[] rawDataBytes = Base64.getDecoder().decode(raw); - X509CertificateHolder certificateHolder = new X509CertificateHolder(rawDataBytes); - return certificateUtils.convertCertificate(certificateHolder); - } catch (CertificateException | IOException e) { - return null; - } - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java b/src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java deleted file mode 100644 index 11e9229..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadService.java +++ /dev/null @@ -1,60 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector; -import eu.europa.ec.dgc.gateway.connector.model.TrustListItem; -import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem; -import java.util.List; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import net.javacrumbs.shedlock.spring.annotation.SchedulerLock; -import org.springframework.scheduling.annotation.Scheduled; -import org.springframework.stereotype.Component; - -/** - * A service to download the signer certificates from the digital green certificate gateway. - */ -@Slf4j -@RequiredArgsConstructor -@Component -public class SignerCertificateDownloadService { - - private final DgcGatewayDownloadConnector dgcGatewayConnector; - - private final SignerInformationService signerInformationService; - - /** - * Download TrustedCertificates from Gateway. - */ - @Scheduled(fixedDelayString = "${dgc.certificatesDownloader.timeInterval}") - @SchedulerLock(name = "SignerCertificateDownloadService_downloadCertificates", lockAtLeastFor = "PT0S", - lockAtMostFor = "${dgc.certificatesDownloader.lockLimit}") - public void downloadCertificates() { - - log.info("Certificates download started"); - - List trustedCerts = dgcGatewayConnector.getDdccTrustedCertificates(); - signerInformationService.updateTrustedCertsList(trustedCerts); - - log.info("Certificates download finished"); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java b/src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java deleted file mode 100644 index 26ffe98..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java +++ /dev/null @@ -1,217 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem; -import eu.europa.ec.dgc.utils.CertificateUtils; -import java.security.NoSuchAlgorithmException; -import java.security.cert.X509Certificate; -import java.time.ZonedDateTime; -import java.util.List; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Transactional; -import tng.trustnetwork.keydistribution.entity.SignerInformationEntity; -import tng.trustnetwork.keydistribution.repository.SignerInformationRepository; - -@Slf4j -@Component -@RequiredArgsConstructor -public class SignerInformationService { - - private final SignerInformationRepository signerInformationRepository; - private final CertificateUtils certificateUtils; - private final KdsCertUtils kdsCertUtils; - - /** - * Update stored certificates with given list of new certificates. - * - * @param trustedCerts defines the list of trusted certificates. - */ - @Transactional - public void updateTrustedCertsList(List trustedCerts) { - - signerInformationRepository.deleteAll(); - - trustedCerts.stream() - .map(this::getSignerInformationEntity) - .forEach(signerInformationRepository::save); - } - - private SignerInformationEntity getSignerInformationEntity(TrustedCertificateTrustListItem cert) { - - SignerInformationEntity signerEntity = new SignerInformationEntity(); - signerEntity.setKid(cert.getKid()); - signerEntity.setCreatedAt(ZonedDateTime.now()); - signerEntity.setCountry(cert.getCountry()); - signerEntity.setRawData(cert.getCertificate()); - signerEntity.setDomain(cert.getDomain()); - signerEntity.setGroup(cert.getGroup()); - - try { - X509Certificate parsedCertificate = kdsCertUtils.parseCertificate(cert.getCertificate()); - byte[] subjectBytes = parsedCertificate.getSubjectX500Principal().getEncoded(); - signerEntity.setSubjectHash(certificateUtils.calculateHash(subjectBytes)); - } catch (NoSuchAlgorithmException e) { - log.error("Failed to calculate Hash for certificate {}", cert.getKid()); - } - - return signerEntity; - } - - /** - * Returns a list of 2-Digit Country-Codes which have at least one signing certificates present in DB. - * - * @return Distinct list of Country-Codes - */ - public List getCountryList() { - - return signerInformationRepository.getCountryList(); - } - - /** - * Returns a list of groups for which certificates are imported. - * - * @return list of groups - */ - public List getGroupList() { - - return signerInformationRepository.getGroupList(); - } - - /** - * Returns a list of domains for which certificates are imported. - * - * @return list of domains - */ - public List getDomainsList() { - - return signerInformationRepository.getDomainsList(); - } - - /** - * Returns a list of all certificates. - * - * @return List of SignerInformationEntity - */ - public List getAllCertificates() { - - return signerInformationRepository.findAll(); - } - - /** - * Returns signer information that are active filtered by domain, participant and group. - * - * @param domain a domain name used as filter - * @param participant a participant aka country code, used as filter - * @param group group name, used as filter - * @return matching SignerInformationEntities - */ - public List getCertificatesByDomainParticipantGroup( - String domain, String participant, String group) { - - return signerInformationRepository.getByDomainIsAndCountryIsAndGroupIs(domain, participant, group); - } - - /** - * Returns signer information that are filtered by participant. - * - * @param country a participant aka country code, used as filter - * @return matching SignerInformationEntities - */ - public List getCertificatesByCountry(String country) { - - return signerInformationRepository.getByCountryIs(country); - } - - /** - * Returns signer information that are filtered by domain and participant. - * - * @param domain a domain name used as filter - * @param country a participant aka country code, used as filter - * @return matching SignerInformationEntities - */ - public List getCertificatesByCountryDomain(String country, String domain) { - - return signerInformationRepository.getByDomainIsAndCountryIs(domain, country); - } - - /** - * Returns signer information that are filtered by domain. - * - * @param domain a domain name used as filter - * @return matching SignerInformationEntities - */ - public List getCertificatesByDomain(String domain) { - - return signerInformationRepository.getByDomainIs(domain); - } - - /** - * Returns signer information that are filtered by participant and group. - * - * @param group group name, used as filter - * @param country a participant aka country code, used as filter - * @return matching SignerInformationEntities - */ - public List getCertificatesByGroupCountry(String group, String country) { - - return signerInformationRepository.getByCountryIsAndGroupIs(country, group); - } - - /** - * Returns signer information that are filtered by domain and group. - * - * @param domain a domain name used as filter - * @param group group name, used as filter - * @return matching SignerInformationEntities - */ - public List getCertificatesByDomainGroup(String domain, String group) { - - return signerInformationRepository.getByDomainIsAndGroupIs(domain, group); - } - - /** - * Returns signer information that are filtered by group. - * - * @param group group name, used as filter - * @return matching SignerInformationEntities - */ - public List getCertificatesByGroup(String group) { - - return signerInformationRepository.getByGroupIs(group); - } - - /** - * Returns signer information that are filtered by subjectHash, country, and domain. - * - * @param subjectHash SHA256 hash of certificate subject to filter - * @param country CountryCode/Participant code to filter - * @param domain Domain value to filter for - * @return matching SignerInformationEntities - */ - public List getCertificatesBySubjectHashCountryDomain(String subjectHash, String country, - String domain) { - - return signerInformationRepository.getBySubjectHashIsAndCountryIsAndDomainIs(subjectHash, country, domain); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadService.java b/src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadService.java deleted file mode 100644 index 27fca30..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadService.java +++ /dev/null @@ -1,67 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import eu.europa.ec.dgc.gateway.connector.DgcGatewayTrustedIssuerDownloadConnector; -import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer; -import java.util.ArrayList; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import net.javacrumbs.shedlock.spring.annotation.SchedulerLock; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.scheduling.annotation.Scheduled; -import org.springframework.stereotype.Component; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -/** - * A service to download the signer certificates from the digital green certificate gateway. - */ -@Slf4j -@RequiredArgsConstructor -@Component -@ConditionalOnProperty("dgc.trustedIssuerDownloader.enabled") -public class TrustedIssuerDownloadService { - - private final DgcGatewayTrustedIssuerDownloadConnector downloadConnector; - - private final TrustedIssuerService trustedIssuerService; - - private final KdsConfigProperties configProperties; - - /** - * Download TrustedIssuers and Resolve DID Documents. - */ - @Scheduled(fixedDelayString = "${dgc.trustedIssuerDownloader.timeInterval}") - @SchedulerLock(name = "TrustedIssuerDownloadService_downloadTrustedIssuers", lockAtLeastFor = "PT0S", - lockAtMostFor = "${dgc.trustedIssuerDownloader.lockLimit}") - public void downloadTrustedIssuers() { - - log.info("Trusted issuers download started"); - - ArrayList trustedIssuers = new ArrayList<>(); - trustedIssuers.addAll(configProperties.getTrustedIssuerDownloader().getStaticTrustedIssuer()); - trustedIssuers.addAll(downloadConnector.getTrustedIssuers()); - - trustedIssuerService.updateTrustedIssuersList(trustedIssuers); - - log.info("Trusted issuers download finished. {} issuers downloaded.", trustedIssuers.size()); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerService.java b/src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerService.java deleted file mode 100644 index 1a786c4..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerService.java +++ /dev/null @@ -1,100 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import com.fasterxml.jackson.core.JsonProcessingException; -import eu.europa.ec.dgc.gateway.connector.mapper.TrustedIssuerMapper; -import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer; -import java.util.ArrayList; -import java.util.List; -import java.util.UUID; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Transactional; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; -import tng.trustnetwork.keydistribution.entity.TrustedIssuerEntity; -import tng.trustnetwork.keydistribution.mapper.IssuerMapper; -import tng.trustnetwork.keydistribution.repository.TrustedIssuerRepository; - -@Slf4j -@Component -@RequiredArgsConstructor -public class TrustedIssuerService { - - private final IssuerMapper issuerMapper; - - private final TrustedIssuerRepository trustedIssuerRepository; - - private final UniversalResolverService urService; - - private final DecentralizedIdentifierService decentralizedIdentifierService; - - private final KdsConfigProperties configProperties; - - /** - * Method to query the db for DID documents. - * - * @return List holding the found trusted issuers. - */ - public List getAllDid() { - - return trustedIssuerRepository.findAllByUrlTypeIs(TrustedIssuerEntity.UrlType.DID); - } - - /** - * Method to synchronise the issuers in the db with the given List of trusted issuers. - * - * @param trustedIssuers defines the list of trusted issuers. - */ - @Transactional - public void updateTrustedIssuersList(List trustedIssuers) { - - trustedIssuerRepository.deleteAll(); - - - for (TrustedIssuer trustedIssuer : trustedIssuers) { - - trustedIssuerRepository.save(issuerMapper.trustedIssuerToTrustedIssuerEntity(trustedIssuer)); - - if (trustedIssuer.getType() == TrustedIssuer.UrlType.DID) { - resolveDid(trustedIssuer); - } - } - } - - private void resolveDid(TrustedIssuer trustedIssuer) { - - if (!configProperties.getTrustedIssuerDownloader().isEnableTrustedIssuerResolving()) { - return; - } - - try { - UniversalResolverService.DidDocumentWithRawResponse didDocument = - urService.universalResolverApiCall(trustedIssuer.getUrl()); - - decentralizedIdentifierService.updateDecentralizedIdentifierList(didDocument.didDocument(), - didDocument.raw()); - } catch (JsonProcessingException e) { - log.error("Failed to download/parse DID {}", trustedIssuer.getUrl()); - } - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/UniversalResolverService.java b/src/main/java/tng/trustnetwork/keydistribution/service/UniversalResolverService.java deleted file mode 100644 index 5093b37..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/UniversalResolverService.java +++ /dev/null @@ -1,62 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Service; -import tng.trustnetwork.keydistribution.clients.UniversalResolverClient; -import tng.trustnetwork.keydistribution.model.DidDocument; - - -@Slf4j -@Service -@RequiredArgsConstructor -public class UniversalResolverService { - - private final UniversalResolverClient universalResolverClient; - - private final ObjectMapper objectMapper; - - /** - * Try to resolve DID Document by ID at UniversalResolverService. - * - * @param didId Identifier of document to resolve - * @return Parsed and RAW DID Document - * @throws JsonProcessingException when parsing of downloaded document failed. - */ - public DidDocumentWithRawResponse universalResolverApiCall(String didId) throws JsonProcessingException { - - String rawResponse = universalResolverClient.getDidDocument(didId); - DidDocument didDocument = objectMapper.readValue(rawResponse, DidDocument.class); - - return new DidDocumentWithRawResponse(didDocument, rawResponse); - } - - public record DidDocumentWithRawResponse( - DidDocument didDocument, - - String raw) { - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java deleted file mode 100644 index d9187a0..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidTrustListService.java +++ /dev/null @@ -1,439 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -import static tng.trustnetwork.keydistribution.service.did.KdsDidContextDocumentLoaderConfig.DID_CONTEXTS; - -import com.apicatalog.jsonld.loader.DocumentLoader; -import com.danubetech.keyformats.crypto.ByteSigner; -import com.fasterxml.jackson.databind.ObjectMapper; -import eu.europa.ec.dgc.utils.CertificateUtils; -import foundation.identity.jsonld.JsonLDException; -import foundation.identity.jsonld.JsonLDObject; -import info.weboftrust.ldsignatures.jsonld.LDSecurityKeywords; -import info.weboftrust.ldsignatures.signer.JsonWebSignature2020LdSigner; -import java.io.IOException; -import java.net.URI; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; -import java.security.GeneralSecurityException; -import java.security.NoSuchAlgorithmException; -import java.security.PublicKey; -import java.security.cert.X509Certificate; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.ArrayList; -import java.util.Collections; -import java.util.Date; -import java.util.HashMap; -import java.util.List; -import java.util.Locale; -import java.util.Map; -import java.util.MissingResourceException; -import java.util.function.Supplier; -import lombok.AccessLevel; -import lombok.Getter; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import net.javacrumbs.shedlock.spring.annotation.SchedulerLock; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.scheduling.annotation.Scheduled; -import org.springframework.stereotype.Service; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; -import tng.trustnetwork.keydistribution.entity.SignerInformationEntity; -import tng.trustnetwork.keydistribution.entity.TrustedIssuerEntity; -import tng.trustnetwork.keydistribution.service.KdsCertUtils; -import tng.trustnetwork.keydistribution.service.SignerInformationService; -import tng.trustnetwork.keydistribution.service.TrustedIssuerService; -import tng.trustnetwork.keydistribution.service.did.entity.DidTrustList; -import tng.trustnetwork.keydistribution.service.did.entity.DidTrustListEntry; - -@Slf4j -@Service -@RequiredArgsConstructor -@ConditionalOnProperty("dgc.did.enableDidGeneration") -public class DidTrustListService { - - private static final String WILDCARD_CHAR = "-"; - - private static final String SEPARATOR_DID_PATH = ":"; - - private static final String SEPARATOR_DID_ID = "#"; - - private final SignerInformationService signerInformationService; - - private final KdsConfigProperties configProperties; - - private final ByteSigner byteSigner; - - private final DidUploader didUploader; - - private final ObjectMapper objectMapper; - - private final CertificateUtils certificateUtils; - - private final TrustedIssuerService trustedIssuerService; - - private final GitProvider gitProvider; - - private final DocumentLoader documentLoader; - - private final KdsConfigProperties kdsConfigProperties; - - private final KdsCertUtils kdsCertUtils; - - @RequiredArgsConstructor - @Getter - private class DidSpecification { - - @Getter(AccessLevel.PRIVATE) - private final List path; - - private final Supplier> certSupplier; - - private final Supplier> issuerSupplier; - - public List getPath(boolean ref) { - ArrayList path = new ArrayList<>(this.path); - path.add(0, getListPathElement(ref)); - return path; - } - - public String getDocumentId(boolean ref) { - //Example: did:web:tng-cdn-dev.who.int:trustlist:v.2.0.0:DDCC:XXA:DSC - return configProperties.getDid().getDidId() - + SEPARATOR_DID_PATH + getListPathElement(ref) - + (path.isEmpty() ? "" : SEPARATOR_DID_PATH - + String.join(SEPARATOR_DID_PATH, path)); - } - - public String getEntryId(String kid) { - //Example: did:web:tng-cdn-dev.who.int:trustlist:v.2.0.0:DDCC:XXA:DSC#kidkidkid - return getDocumentId(false) + SEPARATOR_DID_ID + kid; - } - - private String getListPathElement(boolean ref) { - if (ref && configProperties.getDid().getTrustListRefPath() != null - && !configProperties.getDid().getTrustListRefPath().isEmpty()) { - return configProperties.getDid().getTrustListRefPath(); - - } else if (!ref && configProperties.getDid().getTrustListPath() != null - && !configProperties.getDid().getTrustListPath().isEmpty()) { - return configProperties.getDid().getTrustListPath(); - } else { - return ""; - } - } - } - - /** - * Create and upload DID Document holding Uploaded DSC and Trusted Issuer. - */ - @Scheduled(cron = "${dgc.did.cron}") - @SchedulerLock(name = "didTrustListGenerator") - public void job() { - - List didSpecifications = new ArrayList<>(); - List domains = signerInformationService.getDomainsList(); - List countries = signerInformationService.getCountryList(); - - //CHECKSTYLE:OFF - List groups = signerInformationService.getGroupList(); - //CHECKSTYLE:ON - - // Add overall DID - didSpecifications.add(new DidSpecification( - Collections.emptyList(), - signerInformationService::getAllCertificates, - trustedIssuerService::getAllDid)); - - // Add all Domain DID - domains.forEach( - domain -> didSpecifications.add(new DidSpecification( - List.of(domain), - () -> signerInformationService.getCertificatesByDomain(domain), - trustedIssuerService::getAllDid))); - - // Add all Country and Domain specific DID - domains.forEach( - domain -> countries.forEach( - country -> didSpecifications.add(new DidSpecification( - List.of(domain, getParticipantCode(country)), - () -> signerInformationService.getCertificatesByCountryDomain(country, domain), - trustedIssuerService::getAllDid) - ))); - - // Add all Domain independent and country specific DID - countries.forEach( - country -> didSpecifications.add(new DidSpecification( - List.of(WILDCARD_CHAR, getParticipantCode(country)), - () -> signerInformationService.getCertificatesByCountry(country), - trustedIssuerService::getAllDid))); - - // Add all domain, country and group specific did - domains.forEach( - domain -> countries.forEach( - country -> groups.forEach( - group -> didSpecifications.add(new DidSpecification( - List.of(domain, getParticipantCode(country), getMappedGroupName(group)), - () -> signerInformationService.getCertificatesByDomainParticipantGroup(domain, country, group), - trustedIssuerService::getAllDid))))); - - // Add all country and group specific did - countries.forEach( - country -> groups.forEach( - group -> didSpecifications.add(new DidSpecification( - List.of(WILDCARD_CHAR, getParticipantCode(country), getMappedGroupName(group)), - () -> signerInformationService.getCertificatesByGroupCountry(group, country), - trustedIssuerService::getAllDid)))); - - // Add all domain and group specific did - domains.forEach( - domain -> groups.forEach( - group -> didSpecifications.add(new DidSpecification( - List.of(domain, WILDCARD_CHAR, getMappedGroupName(group)), - () -> signerInformationService.getCertificatesByDomainGroup(domain, group), - trustedIssuerService::getAllDid)))); - - // Add all group specific did - groups.forEach( - group -> didSpecifications.add(new DidSpecification( - List.of(WILDCARD_CHAR, WILDCARD_CHAR, getMappedGroupName(group)), - () -> signerInformationService.getCertificatesByGroup(group), - trustedIssuerService::getAllDid))); - - Map didDocuments = new HashMap<>(); - didSpecifications.forEach(specification -> didDocuments - .put(specification, this.generateTrustList(specification, false))); - - Map didRefDocuments = new HashMap<>(); - didSpecifications.forEach(specification -> didRefDocuments - .put(specification, this.generateTrustList(specification, true))); - - didDocuments.forEach((specification, document) -> - saveDid(String.join("/", specification.getPath(false)), document)); - - didRefDocuments.forEach((specification, document) -> - saveDid(String.join("/", specification.getPath(true)), document)); - - log.info("Finished DID Export Process: {} documents", didDocuments.size()); - - gitProvider.upload(configProperties.getDid().getLocalFile().getDirectory()); - - } - - private void saveDid(String containerPath, String didDocument) { - - try { - didUploader.uploadDid(containerPath, - didDocument == null ? null : didDocument.getBytes(StandardCharsets.UTF_8)); - } catch (Exception e) { - log.error("Failed to Upload DID-TrustList: {}", e.getMessage()); - } - } - - private String generateTrustList(DidSpecification specification, boolean onlyReferences) { - - List signerInformationEntities = filterEntities(specification.getCertSupplier().get()); - List trustedIssuerEntities = specification.getIssuerSupplier().get(); - - if (signerInformationEntities.isEmpty() || trustedIssuerEntities.isEmpty()) { - log.info("Empty DID for path {}", specification.getPath()); - return null; - } - - DidTrustList trustList = new DidTrustList(); - trustList.setContext(DID_CONTEXTS); - trustList.setId(specification.getDocumentId(onlyReferences)); - trustList.setController(specification.getDocumentId(onlyReferences)); - trustList.setVerificationMethod(new ArrayList<>()); - - // Add Certificates - - for (SignerInformationEntity signerInformationEntity : signerInformationEntities) { - - if (onlyReferences) { - trustList.getVerificationMethod().add(specification.getEntryId( - URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8))); - - } else { - X509Certificate parsedCertificate = kdsCertUtils.parseCertificate(signerInformationEntity.getRawData()); - if (parsedCertificate == null) { - log.error("Could not parse cert {} of country {}", - signerInformationEntity.getKid(), - signerInformationEntity.getCountry()); - return null; - } - - PublicKey publicKey = parsedCertificate.getPublicKey(); - DidTrustListEntry.PublicKeyJwk publicKeyJwk = null; - if (publicKey instanceof RSAPublicKey rsaPublicKey) { - publicKeyJwk = new DidTrustListEntry.RsaPublicKeyJwk( - rsaPublicKey, List.of(signerInformationEntity.getRawData())); - - } else if (publicKey instanceof ECPublicKey ecPublicKey) { - publicKeyJwk = new DidTrustListEntry.EcPublicKeyJwk( - ecPublicKey, List.of(signerInformationEntity.getRawData())); - - } else { - log.error("Public Key is not RSA or EC Public Key for cert {} of country {}", - signerInformationEntity.getKid(), - signerInformationEntity.getCountry()); - } - - addTrustListEntry(trustList, specification, signerInformationEntity, publicKeyJwk); - } - } - - // Add Trusted Issuer (DID References) - // TODO: Add filtering for TrustedIssuers - trustedIssuerEntities.forEach(did -> trustList.getVerificationMethod().add(did.getUrl())); - - // Sign Document - JsonWebSignature2020LdSigner signer = new JsonWebSignature2020LdSigner(byteSigner); - signer.setCreated(new Date()); - signer.setProofPurpose(LDSecurityKeywords.JSONLD_TERM_ASSERTIONMETHOD); - signer.setVerificationMethod(URI.create(configProperties.getDid().getLdProofVerificationMethod())); - signer.setDomain(configProperties.getDid().getLdProofDomain()); - signer.setNonce(generateNonce()); - - - try { - JsonLDObject jsonLdObject = JsonLDObject.fromJson(objectMapper.writeValueAsString(trustList)); - jsonLdObject.setDocumentLoader(documentLoader); - signer.sign(jsonLdObject); - return jsonLdObject.toJson(); - } catch (IOException | GeneralSecurityException | JsonLDException e) { - log.error("Failed to sign DID-TrustList: {}", e.getMessage()); - return null; - } - } - - private String getParticipantCode(String country) { - - if (country == null || country.length() != 2 && country.length() != 3) { - return null; - } else if (country.length() == 3) { - return country.toUpperCase(); - } - - return configProperties.getDid().getVirtualCountries().computeIfAbsent(country, (c) -> { - try { - return new Locale("en", c).getISO3Country().toUpperCase(); - } catch (MissingResourceException e) { - log.error("Country Code to alpha 3 conversion issue for country {} : {}", - c, e.getMessage()); - return c.toUpperCase(); - } - }); - } - - private void addTrustListEntry(DidTrustList trustList, - DidSpecification specification, - SignerInformationEntity signerInformationEntity, - DidTrustListEntry.PublicKeyJwk publicKeyJwk) { - - List issuers = new ArrayList<>(); - searchIssuer(issuers, signerInformationEntity); - - issuers.forEach(issuer -> publicKeyJwk.getEncodedX509Certificates().add(issuer.getRawData())); - - DidTrustListEntry trustListEntry = new DidTrustListEntry(); - trustListEntry.setType("JsonWebKey2020"); - trustListEntry.setId(specification.getEntryId( - URLEncoder.encode(signerInformationEntity.getKid(), StandardCharsets.UTF_8))); - trustListEntry.setController(specification.getDocumentId(false)); - trustListEntry.setPublicKeyJwk(publicKeyJwk); - - trustList.getVerificationMethod().add(trustListEntry); - } - - - private List filterEntities(List entities) { - - return entities.stream() - .filter(entity -> kdsConfigProperties.getDid().getGroupDenyList().stream() - .noneMatch(e -> entity.getGroup().equalsIgnoreCase(e))) - .toList(); - } - - private String getMappedGroupName(String groupName) { - - return kdsConfigProperties.getDid().getGroupNameMapping() - .computeIfAbsent(groupName, g -> g); - } - - /** - * Recursively resolve certificate chains based on current database. - * Resolving is done country-code and domain aware. - * - * @param issuers List of SignerInformationEntity will be filled with found certs. - * Provide an empty List for initial call. - * @param cert SignerInformationEntity to search issuers for. - */ - private void searchIssuer(List issuers, SignerInformationEntity cert) { - - try { - X509Certificate parsedCertificate = kdsCertUtils.parseCertificate(cert.getRawData()); - String issuerSubjectHash = certificateUtils.calculateHash(parsedCertificate.getIssuerX500Principal() - .getEncoded()); - - List possibleIssuers = signerInformationService - .getCertificatesBySubjectHashCountryDomain(issuerSubjectHash, cert.getCountry(), cert.getDomain()); - - possibleIssuers.forEach(possibleIssuer -> { - X509Certificate parsedPossibleIssuer = kdsCertUtils.parseCertificate(possibleIssuer.getRawData()); - - if (parsedPossibleIssuer.equals(parsedCertificate)) { - // Self-signed Certificate detected --> Stopping Cert Chain resolving - return; - } - - try { - parsedCertificate.verify(parsedPossibleIssuer.getPublicKey()); - // Signature check passed --> Adding issuer to chain - issuers.add(possibleIssuer); - // Also try to resolve issuer cert - searchIssuer(issuers, possibleIssuer); - - } catch (Exception ignored) { - // Signature Check failed -> Do not add this issuer to chain - } - }); - } catch (NoSuchAlgorithmException ignored) { - log.error("Failed to calculate Hash for Certificate Subject"); - } - } - - private String generateNonce() { - - final String chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890"; - final int nonceLength = 32; - StringBuilder nonce = new StringBuilder(); - - while (nonce.length() < nonceLength) { - nonce.append(chars.charAt((int) (Math.random() * chars.length()))); - } - - return nonce.toString(); - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidUploader.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DidUploader.java deleted file mode 100644 index af7b243..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DidUploader.java +++ /dev/null @@ -1,29 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -public interface DidUploader { - - void uploadDid(byte[] content); - - void uploadDid(String subContainer, byte[] content); - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyByteSigner.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyByteSigner.java deleted file mode 100644 index 4948215..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyByteSigner.java +++ /dev/null @@ -1,42 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -import com.danubetech.keyformats.crypto.ByteSigner; -import java.security.GeneralSecurityException; -import java.security.MessageDigest; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.stereotype.Service; - -@Service -@ConditionalOnProperty(name = "dgc.did.didSigningProvider", havingValue = "dummy") -public class DummyByteSigner extends ByteSigner { - - public DummyByteSigner() { - super("EC"); - } - - @Override - protected byte[] sign(byte[] content) throws GeneralSecurityException { - MessageDigest digest = MessageDigest.getInstance("SHA-256"); - return digest.digest(content); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyDidUploader.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyDidUploader.java deleted file mode 100644 index 3ab9337..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyDidUploader.java +++ /dev/null @@ -1,42 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -import lombok.extern.slf4j.Slf4j; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.stereotype.Service; - -@ConditionalOnProperty(name = "dgc.did.didUploadProvider", havingValue = "dummy") -@Service -@Slf4j -public class DummyDidUploader implements DidUploader { - - @Override - public void uploadDid(byte[] content) { - log.info("Uploaded {} bytes", content.length); - } - - @Override - public void uploadDid(String subContainer, byte[] content) { - log.info("Uploaded {} bytes to subContainer {}", content.length, subContainer); - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyGitUploader.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyGitUploader.java deleted file mode 100644 index bb53be3..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/DummyGitUploader.java +++ /dev/null @@ -1,48 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.stereotype.Service; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -@ConditionalOnProperty(name = "dgc.did.didUploadProvider", havingValue = "dummy") -@Service -@Slf4j -@RequiredArgsConstructor -public class DummyGitUploader implements GitProvider { - - private final KdsConfigProperties configProperties; - - /** - * upload dummy method used for unit tests. - * @param sourcePath will only be used for log output - */ - - public void upload(String sourcePath) { - - log.info("Uploaded from {} to {}", sourcePath, configProperties.getDid().getGit().getWorkdir()); - - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/GitProvider.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/GitProvider.java deleted file mode 100644 index a91fd91..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/GitProvider.java +++ /dev/null @@ -1,27 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -public interface GitProvider { - - void upload(String sourcePath); - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/GitUploader.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/GitUploader.java deleted file mode 100644 index a9080f8..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/GitUploader.java +++ /dev/null @@ -1,138 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -import java.io.File; -import java.io.IOException; -import java.nio.file.DirectoryStream; -import java.nio.file.FileVisitResult; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.nio.file.SimpleFileVisitor; -import java.nio.file.StandardCopyOption; -import java.nio.file.attribute.BasicFileAttributes; -import java.time.Instant; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.eclipse.jgit.api.Git; -import org.eclipse.jgit.api.errors.GitAPIException; -import org.eclipse.jgit.transport.UsernamePasswordCredentialsProvider; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.stereotype.Service; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -@ConditionalOnProperty(name = "dgc.did.didUploadProvider", havingValue = "local-file") -@Service -@Slf4j -@RequiredArgsConstructor -public class GitUploader implements GitProvider { - - private final KdsConfigProperties configProperties; - - /** - * upload method clones a git repositor, copies the contents of sourcePath to the cloned git repository - * and commits and pushes the contents, replacing the previous contents of the repository. - * @param sourcePath sourcePath from where the files are copied for upload - */ - - public void upload(String sourcePath) { - - Path sourceDirectory = Paths.get(sourcePath); - Path targetDirectory = Paths.get(configProperties.getDid().getGit().getWorkdir() - + File.separator - + configProperties.getDid().getGit().getPrefix()); - - deleteDirectoryAndContents(configProperties.getDid().getGit().getWorkdir()); - - try { - Git.cloneRepository() - .setURI(configProperties.getDid().getGit().getUrl()) - .setDirectory(new File(configProperties.getDid().getGit().getWorkdir())) - .setCredentialsProvider( - new UsernamePasswordCredentialsProvider( - "anonymous", configProperties.getDid().getGit().getPat())) - .call(); - } catch (Exception e) { - log.error("Failed to clone repository {}: {}", - configProperties.getDid().getGit().getUrl(), e.getMessage()); - } - - try { - Files.walkFileTree(sourceDirectory, new SimpleFileVisitor() { - @Override - public FileVisitResult visitFile(Path file, BasicFileAttributes attrs) throws IOException { - Path targetFile = targetDirectory.resolve(sourceDirectory.relativize(file)); - Files.createDirectories(targetFile.getParent()); - Files.copy(file, targetFile, StandardCopyOption.REPLACE_EXISTING); - return FileVisitResult.CONTINUE; - } - - @Override - public FileVisitResult preVisitDirectory(Path dir, BasicFileAttributes attrs) throws IOException { - Path targetDir = targetDirectory.resolve(sourceDirectory.relativize(dir)); - Files.createDirectories(targetDir); - return FileVisitResult.CONTINUE; - } - }); - } catch (IOException e) { - log.error("Failed to copy files from {} to {}: {}", sourcePath, targetDirectory, e.getMessage()); - } - - try { - Git git = Git.open(new File(configProperties.getDid().getGit().getWorkdir())); - git.add().addFilepattern(".").call(); - git.commit().setMessage("Added DID files on " + Instant.now()).call(); - git.push().setCredentialsProvider(new UsernamePasswordCredentialsProvider( - "anonymous", configProperties.getDid().getGit().getPat())).call(); - git.close(); - log.info("Successfully uploaded DID files to Git repository {}", - configProperties.getDid().getGit().getUrl()); - } catch (GitAPIException | IOException e) { - log.error("Error during Git commit & push: {}",e.getMessage()); - } - } - - private void deleteDirectoryAndContents(String directoryPath) { - Path dir = Paths.get(directoryPath); - if (dir.toFile().exists()) { - - try (DirectoryStream stream = Files.newDirectoryStream(dir)) { - for (Path path : stream) { - if (Files.isDirectory(path)) { - deleteDirectoryAndContents(path.toString()); - } else { - Files.delete(path); - } - } - } catch (IOException e) { - log.error("Error deleting file {}",e.getMessage()); - } - try { - Files.delete(dir); - } catch (IOException e) { - log.error("Error deleting root directory {}",e.getMessage()); - } - } else { - log.info("Directory {} does not exist, skippig deletion", dir); - } - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/KdsDidContextDocumentLoaderConfig.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/KdsDidContextDocumentLoaderConfig.java deleted file mode 100644 index 58e2e37..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/KdsDidContextDocumentLoaderConfig.java +++ /dev/null @@ -1,51 +0,0 @@ -package tng.trustnetwork.keydistribution.service.did; - - -import com.apicatalog.jsonld.document.JsonDocument; -import com.apicatalog.jsonld.loader.DocumentLoader; -import foundation.identity.jsonld.ConfigurableDocumentLoader; -import java.io.InputStream; -import java.net.URI; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.factory.BeanInitializationException; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -@Slf4j -@Configuration -public class KdsDidContextDocumentLoaderConfig { - - public static final List DID_CONTEXTS = List.of( - "https://www.w3.org/ns/did/v1", - "https://w3id.org/security/suites/jws-2020/v1"); - - private static final String DID_CONTEXT_PATH = "did_contexts/"; - - @Bean - DocumentLoader kdsContextLoader(KdsConfigProperties configProperties) { - - Map contextMap = new HashMap<>(); - for (String didContext : DID_CONTEXTS) { - String didContextFile = configProperties.getDid().getContextMapping().get(didContext); - - if (didContextFile == null) { - throw new BeanInitializationException("Failed to load DID-Context Document for " + didContext - + " : No Mapping to local JSON-File."); - } - - try (InputStream inputStream = getClass().getClassLoader().getResourceAsStream( - DID_CONTEXT_PATH + didContextFile)) { - if (inputStream != null) { - contextMap.put(URI.create(didContext), JsonDocument.of(inputStream)); - } - } catch (Exception e) { - throw new BeanInitializationException("Failed to load DID-Context Document", e); - } - } - return new ConfigurableDocumentLoader(contextMap); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalFileDidUploader.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalFileDidUploader.java deleted file mode 100644 index b1c6d97..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalFileDidUploader.java +++ /dev/null @@ -1,92 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; -import java.nio.file.Paths; -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.stereotype.Service; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -@ConditionalOnProperty(name = "dgc.did.didUploadProvider", havingValue = "local-file") -@Service -@Slf4j -@RequiredArgsConstructor -public class LocalFileDidUploader implements DidUploader { - - private final KdsConfigProperties configProperties; - - @Override - public void uploadDid(byte[] content) { - - uploadDid(null, content); - } - - @Override - public void uploadDid(String subContainer, byte[] content) { - - File targetFile; - - if (subContainer == null) { - targetFile = Paths.get( - configProperties.getDid().getLocalFile().getDirectory(), - configProperties.getDid().getLocalFile().getFileName() - ).toFile(); - } else { - targetFile = Paths.get( - configProperties.getDid().getLocalFile().getDirectory(), - subContainer, - configProperties.getDid().getLocalFile().getFileName() - ).toFile(); - } - - if (targetFile.exists() && !targetFile.delete()) { - log.error("Failed to delete existing file."); - return; - } - - if (content == null) { - log.info("Requested to store file with null content - only deleting existing file"); - return; - } - - log.info("Storing {} bytes to {}", content.length, targetFile.getAbsolutePath()); - - if (targetFile.getParentFile().mkdirs()) { - log.info("Created required directory {}", targetFile.getParentFile().getAbsolutePath()); - } - - try (FileOutputStream fileOutputStream = new FileOutputStream(targetFile)) { - fileOutputStream.write(content); - } catch (IOException e) { - log.error("Failed to write DID Content to file: {}", e.getMessage()); - return; - } - - log.info("Successfully saved file locally."); - - } - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java deleted file mode 100644 index bd5b2e3..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/LocalKeystoreByteSigner.java +++ /dev/null @@ -1,76 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did; - -import com.danubetech.keyformats.crypto.ByteSigner; -import java.io.FileInputStream; -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.Signature; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.stereotype.Service; -import org.springframework.util.ResourceUtils; -import tng.trustnetwork.keydistribution.config.KdsConfigProperties; - -@Service -@ConditionalOnProperty(name = "dgc.did.didSigningProvider", havingValue = "local-keystore") -public class LocalKeystoreByteSigner extends ByteSigner { - - private final PrivateKey signingKey; - - /** - * Initialize LocalKeyStoreByteSigner. Configured Key will be loaded. - */ - public LocalKeystoreByteSigner(KdsConfigProperties kdsConfigProperties) - throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, - UnrecoverableKeyException { - - super("EC"); - - KeyStore keyStore = KeyStore.getInstance("JKS"); - - try (FileInputStream fileInputStream = new FileInputStream( - ResourceUtils.getFile(kdsConfigProperties.getDid().getLocalKeyStore().getPath())); - ) { - keyStore.load(fileInputStream, kdsConfigProperties.getDid().getLocalKeyStore().getPassword()); - } - - signingKey = (PrivateKey) keyStore.getKey( - kdsConfigProperties.getDid().getLocalKeyStore().getAlias(), - kdsConfigProperties.getDid().getLocalKeyStore().getPassword()); - - } - - @Override - protected byte[] sign(byte[] content) throws GeneralSecurityException { - - Signature signature = Signature.getInstance("SHA256withECDSA"); - signature.initSign(signingKey); - signature.update(content); - return signature.sign(); - } -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustList.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustList.java deleted file mode 100644 index 34485ff..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustList.java +++ /dev/null @@ -1,41 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did.entity; - -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.annotation.JsonPropertyOrder; -import java.util.List; -import lombok.Data; - -@Data -@JsonPropertyOrder({"@context", "id", "controller", "verificationMethod"}) -public class DidTrustList { - - @JsonProperty("@context") - private List context; - - private String id; - - private String controller; - - private List verificationMethod; - -} diff --git a/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java b/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java deleted file mode 100644 index 8faa054..0000000 --- a/src/main/java/tng/trustnetwork/keydistribution/service/did/entity/DidTrustListEntry.java +++ /dev/null @@ -1,121 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service.did.entity; - -import com.fasterxml.jackson.annotation.JsonProperty; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.ArrayList; -import java.util.Base64; -import java.util.List; -import lombok.Data; -import lombok.Getter; -import lombok.NoArgsConstructor; -import lombok.Setter; -import org.bouncycastle.jce.spec.ECNamedCurveSpec; - -@Data -public class DidTrustListEntry { - - private String id; - - private String type; - - private String controller; - - private PublicKeyJwk publicKeyJwk; - - @NoArgsConstructor - @Setter - @Getter - public abstract static class PublicKeyJwk { - @JsonProperty("kty") - private String keyType; - - @JsonProperty("x5c") - private List encodedX509Certificates; - - private PublicKeyJwk(String keyType, List encodedX509Certificates) { - this.keyType = keyType; - this.encodedX509Certificates = new ArrayList<>(encodedX509Certificates); - } - } - - @Getter - @Setter - public static class EcPublicKeyJwk extends PublicKeyJwk { - - @JsonProperty("crv") - private String curve; - - @JsonProperty("x") - private String valueX; - - @JsonProperty("y") - private String valueY; - - /** - * Instantiate EC PublicKey JWK Class. - * - * @param ecPublicKey EC Public Key that should be wrapped. - * @param base64EncodedCertificates List of Base64 encoded Certificates assigned to provided Public Key. - * They will be added within x5c property of JWK. - */ - public EcPublicKeyJwk(ECPublicKey ecPublicKey, List base64EncodedCertificates) { - super("EC", base64EncodedCertificates); - valueX = Base64.getEncoder().encodeToString(ecPublicKey.getW().getAffineX().toByteArray()); - valueY = Base64.getEncoder().encodeToString(ecPublicKey.getW().getAffineY().toByteArray()); - - ECNamedCurveSpec curveSpec = (ECNamedCurveSpec) ecPublicKey.getParams(); - switch (curveSpec.getName()) { - case "prime256v1" -> curve = "P-256"; - case "prime384v1" -> curve = "P-384"; - case "prime521v1" -> curve = "P-521"; - default -> curve = "UNKNOWN CURVE"; - } - } - } - - @Getter - @Setter - public static class RsaPublicKeyJwk extends PublicKeyJwk { - - @JsonProperty("e") - private String valueE; - - @JsonProperty("n") - private String valueN; - - /** - * Instantiate RSA PublicKey JWK Class. - * - * @param rsaPublicKey RSA Public Key that should be wrapped. - * @param base64EncodedCertificates List of Base64 encoded Certificates assigned to provided Public Key. - * They will be added within x5c property of JWK. - */ - public RsaPublicKeyJwk(RSAPublicKey rsaPublicKey, List base64EncodedCertificates) { - super("RSA", base64EncodedCertificates); - valueN = Base64.getEncoder().encodeToString(rsaPublicKey.getModulus().toByteArray()); - valueE = Base64.getEncoder().encodeToString(rsaPublicKey.getPublicExponent().toByteArray()); - } - } - -} diff --git a/src/main/resources/application-cloud.yml b/src/main/resources/application-cloud.yml deleted file mode 100644 index 96e1a79..0000000 --- a/src/main/resources/application-cloud.yml +++ /dev/null @@ -1,13 +0,0 @@ -spring: - h2: - console: - enabled: false - datasource: - driver-class-name: org.postgresql.Driver - url: jdbc:postgresql://localhost:5432/postgres - username: postgres - password: postgres - jpa: - database-platform: org.hibernate.dialect.PostgreSQLDialect - liquibase: - enabled: false diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml deleted file mode 100644 index 1691039..0000000 --- a/src/main/resources/application.yml +++ /dev/null @@ -1,118 +0,0 @@ -server: - port: 8080 -spring: - application: - name: tng-key-distribution - datasource: - driver-class-name: org.h2.Driver - url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1; - username: sa - password: '' - jackson: - deserialization: - read-unknown-enum-values-using-default-value: true - - jpa: - database-platform: org.hibernate.dialect.H2Dialect - hibernate: - ddl-auto: validate - liquibase: - enabled: true - change-log: classpath:db/changelog.yaml - h2: - console: - enabled: true - path: /h2-console - task: - scheduling: - pool: - size: 5 -management: - endpoint: - info: - enabled: true - health: - enabled: true - endpoints: - enabled-by-default: false - web: - base-path: /management - exposure: - include: info,health -info: - name: ${spring.application.name} - profiles: ${spring.profiles.active} -universal: - resolver: "https://dev.uniresolver.io/1.0/identifiers" -dgc: - clients: - proxy: - enabled: false - host: - port: -1 - certificatesDownloader: - timeInterval: 1800000 - lockLimit: 3600000 - trustedIssuerDownloader: - enabled: true - timeInterval: 1800000 - lockLimit: 3600000 - static-trusted-issuer: - - name: WHO Trustlist (DEV) - country: WH - type: did - url: did:web:tng-cdn-dev.who.int:trustlist - signature: No-Signature # required because of DB restrictions - enable-trusted-issuer-resolving: false - gateway: - connector: - enabled: true - endpoint: ${DGC_GATEWAY_CONNECTOR_ENDPOINT} - proxy: - enabled: false - max-cache-age: 300 - tls-trust-store: - password: ${DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PASSWORD} - path: ${DGC_GATEWAY_CONNECTOR_TLSTRUSTSTORE_PATH} - tls-key-store: - alias: ${DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_ALIAS} - password: ${DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PASSWORD} - path: ${DGC_GATEWAY_CONNECTOR_TLSKEYSTORE_PATH} - trust-anchor: - alias: ${DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_ALIAS} - password: ${DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PASSWORD} - path: ${DGC_GATEWAY_CONNECTOR_TRUSTANCHOR_PATH} - enable-ddcc-support: true - did: - cron: "0 0 2 * * *" - enableDidGeneration: true - didUploadProvider: local-file - localFile: - directory: - file-name: did.json - git: - workdir: - prefix: - url: - pat: - didSigningProvider: dummy - ld-proof-verification-method: did:web:dummy.net - did-id: did:web:abc - trust-list-path: trustlist - trust-list-ref-path: trustlist-ref - did-controller: did:web:def - trust-list-id-prefix: did:web:abc - trust-list-controller-prefix: did:web:abc - contextMapping: - "[https://www.w3.org/ns/did/v1]": did_v1.json - "[https://w3id.org/security/suites/jws-2020/v1]": jws-2020_v1.json - virtualCountries: - XA: XXA - XB: XXB - XO: XXO - XL: XCL - group-deny-list: - - AUTHENTICATION - - UPLOAD - group-name-mapping: - CSCA: SCA diff --git a/src/main/resources/db/changelog.yaml b/src/main/resources/db/changelog.yaml deleted file mode 100644 index a359c29..0000000 --- a/src/main/resources/db/changelog.yaml +++ /dev/null @@ -1,13 +0,0 @@ -databaseChangeLog: - - include: - file: db/changelog/create-shedlock-tables.yaml - - include: - file: db/changelog/create-signer-information-table.yaml - - include: - file: db/changelog/create-trusted-issuer-table.yaml - - include: - file: db/changelog/create-decentralized-identifier-table.yaml - - include: - file: db/changelog/create-public-key-jwk-table.yaml - - include: - file: db/changelog/create-verification-method-table.yaml diff --git a/src/main/resources/db/changelog/create-decentralized-identifier-table.yaml b/src/main/resources/db/changelog/create-decentralized-identifier-table.yaml deleted file mode 100644 index 987c95a..0000000 --- a/src/main/resources/db/changelog/create-decentralized-identifier-table.yaml +++ /dev/null @@ -1,30 +0,0 @@ -databaseChangeLog: - - changeSet: - id: create-decentralized-identifier-table - author: f11h - changes: - - createTable: - tableName: decentralized_identifier - columns: - - column: - autoIncrement: true - name: id - type: bigint - constraints: - primaryKey: true - primaryKeyName: decentralized_identifier_id - nullable: false - - column: - name: created_at - type: datetime - constraints: - nullable: false - - column: - name: did_id - type: varchar(255) - constraints: - nullable: true - - column: - name: raw - type: clob - diff --git a/src/main/resources/db/changelog/create-public-key-jwk-table.yaml b/src/main/resources/db/changelog/create-public-key-jwk-table.yaml deleted file mode 100644 index 8be08ad..0000000 --- a/src/main/resources/db/changelog/create-public-key-jwk-table.yaml +++ /dev/null @@ -1,57 +0,0 @@ -databaseChangeLog: - - changeSet: - id: create-public-key-jwk-table - author: f11h - changes: - - createTable: - tableName: public_key_jwk - columns: - - column: - autoIncrement: true - name: id - type: bigint - constraints: - primaryKey: true - primaryKeyName: public_key_jwk_id - nullable: true - - column: - name: created_at - type: datetime - constraints: - nullable: false - - column: - name: kty - type: varchar(50) - constraints: - nullable: false - - column: - name: crv - type: varchar(50) - constraints: - nullable: true - - column: - name: x - type: varchar(100) - constraints: - nullable: true - - column: - name: y - type: varchar(100) - constraints: - nullable: true - - column: - name: e - type: varchar(5000) - constraints: - nullable: true - - column: - name: n - type: varchar(5000) - constraints: - nullable: true - - column: - name: x5c - type: varchar(10000) - constraints: - nullable: true - diff --git a/src/main/resources/db/changelog/create-shedlock-tables.yaml b/src/main/resources/db/changelog/create-shedlock-tables.yaml deleted file mode 100644 index 207bf92..0000000 --- a/src/main/resources/db/changelog/create-shedlock-tables.yaml +++ /dev/null @@ -1,38 +0,0 @@ -databaseChangeLog: - - objectQuotingStrategy: QUOTE_ONLY_RESERVED_WORDS - - changeSet: - id: shedlock-create - author: admin - changes: - - createTable: - tableName: shedlock - columns: - - column: - name: id - type: bigint - autoIncrement: true - constraints: - primaryKey: true - primaryKeyName: pk_shedlock - nullable: false - - column: - name: name - type: varchar(64) - constraints: - nullable: false - unique: true - - column: - name: lock_until - type: datetime - constraints: - nullable: false - - column: - name: locked_at - type: datetime - constraints: - nullable: false - - column: - name: locked_by - type: varchar(255) - constraints: - nullable: false diff --git a/src/main/resources/db/changelog/create-signer-information-table.yaml b/src/main/resources/db/changelog/create-signer-information-table.yaml deleted file mode 100644 index be4acfb..0000000 --- a/src/main/resources/db/changelog/create-signer-information-table.yaml +++ /dev/null @@ -1,43 +0,0 @@ -databaseChangeLog: - - changeSet: - id: signer-information-create - author: admin - changes: - - createTable: - tableName: signer_information - columns: - - column: - name: id - type: bigint - autoIncrement: true - constraints: - primaryKey: true - primaryKeyName: pk_signer_information - nullable: false - - column: - name: kid - type: varchar(50) - constraints: - nullable: false - - column: - name: created_at - type: datetime - constraints: - nullable: false - - column: - name: raw_data - type: varchar(4096) - constraints: - nullable: false - - column: - name: country - type: varchar(2) - - column: - name: domain - type: varchar(50) - - column: - name: groupx - type: varchar(50) - - column: - name: subject_hash - type: varchar(64) diff --git a/src/main/resources/db/changelog/create-trusted-issuer-table.yaml b/src/main/resources/db/changelog/create-trusted-issuer-table.yaml deleted file mode 100644 index 76bedec..0000000 --- a/src/main/resources/db/changelog/create-trusted-issuer-table.yaml +++ /dev/null @@ -1,55 +0,0 @@ -databaseChangeLog: - - changeSet: - id: create-trusted-issuer-table - author: admin - changes: - - createTable: - tableName: trusted_issuer - columns: - - column: - autoIncrement: true - name: id - type: bigint - constraints: - primaryKey: true - primaryKeyName: pk_trusted_issuer - nullable: false - - column: - name: created_at - type: timestamp with time zone - constraints: - nullable: false - - column: - name: country - type: varchar(2) - constraints: - nullable: false - - column: - name: url - type: varchar(1024) - constraints: - nullable: false - - column: - name: name - type: varchar(512) - constraints: - nullable: false - - column: - name: url_type - type: varchar(25) - constraints: - nullable: false - - column: - name: thumbprint - type: varchar(64) - - column: - name: ssl_public_key - type: varchar(2048) - - column: - name: key_storage_type - type: varchar(128) - - column: - name: signature - type: varchar(6000) - constraints: - nullable: false diff --git a/src/main/resources/db/changelog/create-verification-method-table.yaml b/src/main/resources/db/changelog/create-verification-method-table.yaml deleted file mode 100644 index db0d66a..0000000 --- a/src/main/resources/db/changelog/create-verification-method-table.yaml +++ /dev/null @@ -1,58 +0,0 @@ -databaseChangeLog: - - changeSet: - id: create-verification-method-table - author: f11h - changes: - - createTable: - tableName: verification_method - columns: - - column: - autoIncrement: true - name: id - type: bigint - constraints: - primaryKey: true - primaryKeyName: verification_method_id - nullable: false - - column: - name: created_at - type: datetime - constraints: - nullable: false - - column: - name: vm_id - type: varchar(255) - constraints: - nullable: true - - column: - name: type - type: varchar(100) - constraints: - nullable: true - - column: - name: controller - type: varchar(255) - constraints: - nullable: true - - column: - name: parent_document_id - type: bigint - constraints: - nullable: false - - column: - name: public_key_jwk_id - type: bigint - constraints: - nullable: false - - addForeignKeyConstraint: - constraintName: fk_did_vm - referencedTableName: decentralized_identifier - referencedColumnNames: id - baseTableName: verification_method - baseColumnNames: parent_document_id - - addForeignKeyConstraint: - constraintName: fk_pk_vm - referencedTableName: public_key_jwk - referencedColumnNames: id - baseTableName: verification_method - baseColumnNames: public_key_jwk_id diff --git a/src/main/resources/did_contexts/did_v1.json b/src/main/resources/did_contexts/did_v1.json deleted file mode 100644 index b447d01..0000000 --- a/src/main/resources/did_contexts/did_v1.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "@context": { - "@protected": true, - "id": "@id", - "type": "@type", - - "alsoKnownAs": { - "@id": "https://www.w3.org/ns/activitystreams#alsoKnownAs", - "@type": "@id" - }, - "assertionMethod": { - "@id": "https://w3id.org/security#assertionMethod", - "@type": "@id", - "@container": "@set" - }, - "authentication": { - "@id": "https://w3id.org/security#authenticationMethod", - "@type": "@id", - "@container": "@set" - }, - "capabilityDelegation": { - "@id": "https://w3id.org/security#capabilityDelegationMethod", - "@type": "@id", - "@container": "@set" - }, - "capabilityInvocation": { - "@id": "https://w3id.org/security#capabilityInvocationMethod", - "@type": "@id", - "@container": "@set" - }, - "controller": { - "@id": "https://w3id.org/security#controller", - "@type": "@id" - }, - "keyAgreement": { - "@id": "https://w3id.org/security#keyAgreementMethod", - "@type": "@id", - "@container": "@set" - }, - "service": { - "@id": "https://www.w3.org/ns/did#service", - "@type": "@id", - "@context": { - "@protected": true, - "id": "@id", - "type": "@type", - "serviceEndpoint": { - "@id": "https://www.w3.org/ns/did#serviceEndpoint", - "@type": "@id" - } - } - }, - "verificationMethod": { - "@id": "https://w3id.org/security#verificationMethod", - "@type": "@id" - } - } -} diff --git a/src/main/resources/did_contexts/jws-2020_v1.json b/src/main/resources/did_contexts/jws-2020_v1.json deleted file mode 100644 index 17186cd..0000000 --- a/src/main/resources/did_contexts/jws-2020_v1.json +++ /dev/null @@ -1,82 +0,0 @@ -{ - "@context": { - "privateKeyJwk": { - "@id": "https://w3id.org/security#privateKeyJwk", - "@type": "@json" - }, - "JsonWebKey2020": { - "@id": "https://w3id.org/security#JsonWebKey2020", - "@context": { - "@protected": true, - "id": "@id", - "type": "@type", - "publicKeyJwk": { - "@id": "https://w3id.org/security#publicKeyJwk", - "@type": "@json" - } - } - }, - "JsonWebSignature2020": { - "@id": "https://w3id.org/security#JsonWebSignature2020", - "@context": { - "@protected": true, - - "id": "@id", - "type": "@type", - - "challenge": "https://w3id.org/security#challenge", - "created": { - "@id": "http://purl.org/dc/terms/created", - "@type": "http://www.w3.org/2001/XMLSchema#dateTime" - }, - "domain": "https://w3id.org/security#domain", - "expires": { - "@id": "https://w3id.org/security#expiration", - "@type": "http://www.w3.org/2001/XMLSchema#dateTime" - }, - "jws": "https://w3id.org/security#jws", - "nonce": "https://w3id.org/security#nonce", - "proofPurpose": { - "@id": "https://w3id.org/security#proofPurpose", - "@type": "@vocab", - "@context": { - "@protected": true, - - "id": "@id", - "type": "@type", - - "assertionMethod": { - "@id": "https://w3id.org/security#assertionMethod", - "@type": "@id", - "@container": "@set" - }, - "authentication": { - "@id": "https://w3id.org/security#authenticationMethod", - "@type": "@id", - "@container": "@set" - }, - "capabilityInvocation": { - "@id": "https://w3id.org/security#capabilityInvocationMethod", - "@type": "@id", - "@container": "@set" - }, - "capabilityDelegation": { - "@id": "https://w3id.org/security#capabilityDelegationMethod", - "@type": "@id", - "@container": "@set" - }, - "keyAgreement": { - "@id": "https://w3id.org/security#keyAgreementMethod", - "@type": "@id", - "@container": "@set" - } - } - }, - "verificationMethod": { - "@id": "https://w3id.org/security#verificationMethod", - "@type": "@id" - } - } - } - } -} diff --git a/src/main/resources/logback-spring.xml b/src/main/resources/logback-spring.xml deleted file mode 100644 index 6ba2563..0000000 --- a/src/main/resources/logback-spring.xml +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierServiceTest.java deleted file mode 100644 index 007711e..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/service/DecentralizedIdentifierServiceTest.java +++ /dev/null @@ -1,121 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector; -import java.util.List; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.mock.mockito.MockBean; -import tng.trustnetwork.keydistribution.entity.DecentralizedIdentifierEntity; -import tng.trustnetwork.keydistribution.entity.EcPublicKeyJwkEntity; -import tng.trustnetwork.keydistribution.model.DidDocument; -import tng.trustnetwork.keydistribution.repository.DecentralizedIdentifierRepository; - -@SpringBootTest -public class DecentralizedIdentifierServiceTest { - - @MockBean - DgcGatewayDownloadConnector dgcGatewayDownloadConnector; - - @Autowired - DecentralizedIdentifierRepository decentralizedIdentifierRepository; - - @Autowired - DecentralizedIdentifierService decentralizedIdentifierService; - - @Autowired - ObjectMapper objectMapper; - - private static final String testDidId = "did:web:did.actor:mike"; - - private static final String testDid = """ - { - "@context": [ - "https://www.w3.org/ns/did/v1", - { - "@base": "did:web:did.actor:mike", - "rating": "https://schema.org/Rating", - "publicAccess": "https://schema.org/publicAccess", - "additionalType": "https://schema.org/additionalType" - } - ], - "id": "did:web:did.actor:mike", - "rating": 4.5, - "publicAccess": true, - "additionalType": null, - "verificationMethod": [ - { - "id": "#g1", - "controller": "did:web:did.actor:mike", - "type": "JsonWebKey2020", - "publicKeyJwk": { - "kty": "EC", - "crv": "P-256", - "x": "xValue" - } - } - ], - "authentication": [ - "did:web:did.actor:mike#g1" - ], - "assertionMethod": [ - "did:web:did.actor:mike#g1" - ] - } - """; - - @Test - void itShouldPersistDIDsInDb() throws JsonProcessingException { - - DidDocument didDocument = objectMapper.readValue(testDid, DidDocument.class); - - decentralizedIdentifierService.updateDecentralizedIdentifierList(didDocument, testDid); - - List allDids = decentralizedIdentifierRepository.findAll(); - - Assertions.assertEquals(1, allDids.size()); - - DecentralizedIdentifierEntity storedDid = allDids.get(0); - - Assertions.assertEquals(testDidId, storedDid.getDidId()); - Assertions.assertEquals(testDid, storedDid.getRaw()); - Assertions.assertNotNull(storedDid.getCreatedAt()); - Assertions.assertEquals(1, storedDid.getVerificationMethods().size()); - Assertions.assertEquals("#g1", storedDid.getVerificationMethods().get(0).getVmId()); - Assertions.assertEquals("JsonWebKey2020", storedDid.getVerificationMethods().get(0).getType()); - Assertions.assertEquals(testDidId, storedDid.getVerificationMethods().get(0).getController()); - - Assertions.assertInstanceOf(EcPublicKeyJwkEntity.class, storedDid.getVerificationMethods().get(0).getPublicKeyJwk()); - EcPublicKeyJwkEntity ecPublicKeyJwk = - (EcPublicKeyJwkEntity) storedDid.getVerificationMethods().get(0).getPublicKeyJwk(); - Assertions.assertEquals("P256", ecPublicKeyJwk.getCrv()); - Assertions.assertEquals("xValue", ecPublicKeyJwk.getXvalue()); - - Assertions.assertEquals(storedDid, storedDid.getVerificationMethods().get(0).getParentDocument()); - - } - -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java deleted file mode 100644 index 6aa61c6..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/service/DidTrustListServiceTest.java +++ /dev/null @@ -1,481 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import static org.mockito.ArgumentMatchers.anyString; -import static org.mockito.Mockito.doNothing; - -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector; -import eu.europa.ec.dgc.utils.CertificateUtils; -import foundation.identity.jsonld.JsonLDObject; -import java.math.BigInteger; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.time.Instant; -import java.time.ZonedDateTime; -import java.util.ArrayList; -import java.util.Base64; -import java.util.LinkedHashMap; -import java.util.List; -import lombok.Data; -import lombok.Getter; -import lombok.Setter; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.ValueSource; -import org.mockito.ArgumentCaptor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.mock.mockito.MockBean; -import tng.trustnetwork.keydistribution.entity.SignerInformationEntity; -import tng.trustnetwork.keydistribution.repository.SignerInformationRepository; -import tng.trustnetwork.keydistribution.repository.TrustedIssuerRepository; -import tng.trustnetwork.keydistribution.service.did.DidTrustListService; -import tng.trustnetwork.keydistribution.service.did.DidUploader; -import tng.trustnetwork.keydistribution.service.did.entity.DidTrustList; -import tng.trustnetwork.keydistribution.testdata.CertificateTestUtils; -import tng.trustnetwork.keydistribution.testdata.TrustedIssuerTestHelper; - -@SpringBootTest -public class DidTrustListServiceTest { - - @Autowired - ObjectMapper objectMapper; - - @Autowired - DidTrustListService didTrustListService; - - @Autowired - SignerInformationRepository signerInformationRepository; - - @Autowired - CertificateUtils certificateUtils; - - @Autowired - TrustedIssuerRepository trustedIssuerRepository; - - @Autowired - TrustedIssuerTestHelper trustedIssuerTestHelper; - - @MockBean - DidUploader didUploaderMock; - - @MockBean - DgcGatewayDownloadConnector dgcGatewayDownloadConnector; - - X509Certificate certCscaDe, certCscaEu, certDscDe, certDscEu, certUploadDe; - - String certDscDeKid, certDscEuKid, certCscaDeKid, certCscaEuKid, certUploadDeKid; - - - @AfterEach - public void cleanUp() { - - signerInformationRepository.deleteAll(); - trustedIssuerRepository.deleteAll(); - } - - void testData(CertificateTestUtils.SignerType signerType) throws Exception { - - cleanUp(); - - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(signerType.getSigningAlgorithm()); - keyPairGenerator.initialize(signerType.getSigningAlgorithmSpec()); - - KeyPair cscaDeKeyPair = keyPairGenerator.generateKeyPair(); - certCscaDe = CertificateTestUtils.generateCertificate(cscaDeKeyPair, "DE", "Test", signerType); - certCscaDeKid = certificateUtils.getCertKid(certCscaDe); - - KeyPair cscaEuKeyPair = keyPairGenerator.generateKeyPair(); - certCscaEu = CertificateTestUtils.generateCertificate(cscaEuKeyPair, "EU", "Test", signerType); - certCscaEuKid = certificateUtils.getCertKid(certCscaEu); - - certDscDe = CertificateTestUtils.generateCertificate(keyPairGenerator.generateKeyPair(), "DE", - "Test", certCscaDe, cscaDeKeyPair.getPrivate(), - signerType); - certDscDeKid = certificateUtils.getCertKid(certDscDe); - - certDscEu = CertificateTestUtils.generateCertificate(keyPairGenerator.generateKeyPair(), "EU", - "Test", certCscaEu, cscaEuKeyPair.getPrivate(), - signerType); - certDscEuKid = certificateUtils.getCertKid(certDscEu); - - certUploadDe = CertificateTestUtils.generateCertificate(keyPairGenerator.generateKeyPair(), "DE", - "Upload Test", certCscaDe, cscaDeKeyPair.getPrivate(), - signerType); - certUploadDeKid = certificateUtils.getCertKid(certUploadDe); - - signerInformationRepository.save(new SignerInformationEntity( - null, - certCscaDeKid, - ZonedDateTime.now(), - Base64.getEncoder().encodeToString(certCscaDe.getEncoded()), - "DE", - "DCC", - "CSCA", - certificateUtils.calculateHash(certCscaDe.getSubjectX500Principal().getEncoded()) - )); - - signerInformationRepository.save(new SignerInformationEntity( - null, - certCscaEuKid, - ZonedDateTime.now(), - Base64.getEncoder().encodeToString(certCscaEu.getEncoded()), - "EU", - "DCC", - "CSCA", - certificateUtils.calculateHash(certCscaEu.getSubjectX500Principal().getEncoded()) - )); - - signerInformationRepository.save(new SignerInformationEntity( - null, - certDscDeKid, - ZonedDateTime.now(), - Base64.getEncoder().encodeToString(certDscDe.getEncoded()), - "DE", - "DCC", - "DSC", - certificateUtils.calculateHash(certDscDe.getSubjectX500Principal().getEncoded()) - )); - - signerInformationRepository.save(new SignerInformationEntity( - null, - certDscEuKid, - ZonedDateTime.now(), - Base64.getEncoder().encodeToString(certDscEu.getEncoded()), - "EU", - "DCC", - "DSC", - certificateUtils.calculateHash(certDscEu.getSubjectX500Principal().getEncoded()) - )); - - // Add Upload cert which should not be added to did - signerInformationRepository.save(new SignerInformationEntity( - null, - certUploadDeKid, - ZonedDateTime.now(), - Base64.getEncoder().encodeToString(certUploadDe.getEncoded()), - "DE", - "DCC", - "UPLOAD", - certificateUtils.calculateHash(certUploadDe.getSubjectX500Principal().getEncoded()) - )); - - trustedIssuerRepository.save(trustedIssuerTestHelper.createTrustedIssuer("DE")); - trustedIssuerRepository.save(trustedIssuerTestHelper.createTrustedIssuer("EU")); - trustedIssuerRepository.save(trustedIssuerTestHelper.createTrustedIssuer("XY")); - } - - @ParameterizedTest - @ValueSource(booleans = {true, false}) - void testTrustList(boolean isEcAlgorithm) throws Exception { - - if (isEcAlgorithm) { - testData(CertificateTestUtils.SignerType.EC); - } else { - testData(CertificateTestUtils.SignerType.RSA); - } - ArgumentCaptor uploadArgumentCaptor = ArgumentCaptor.forClass(byte[].class); - doNothing().when(didUploaderMock).uploadDid(anyString(), uploadArgumentCaptor.capture()); - - didTrustListService.job(); - - Assertions.assertEquals(48, uploadArgumentCaptor.getAllValues().size()); - - int expectedNullDid = 12; - - for (byte[] uploadedDid : uploadArgumentCaptor.getAllValues()) { - - if (uploadedDid == null) { - expectedNullDid--; - - Assertions.assertTrue(expectedNullDid >= 0, "DID Collection contains more empty documents than expected. (" + expectedNullDid * -1 + " too much)"); - continue; - } - - SignedDidTrustList parsed = objectMapper.readValue(uploadedDid, SignedDidTrustList.class); - - checkJsonDocument(parsed); - - switch (parsed.getId()) { - case "did:web:abc:trustlist": - Assertions.assertEquals("did:web:abc:trustlist", parsed.getController()); - Assertions.assertEquals(7, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist#" + URLEncoder.encode(certCscaDeKid, StandardCharsets.UTF_8)), - certCscaDeKid, certCscaDe, null, "did:web:abc:trustlist"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist#" + URLEncoder.encode(certCscaEuKid, StandardCharsets.UTF_8)), - certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist"); - break; - case "did:web:abc:trustlist:DCC:XEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU:DSC", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:XEU:DSC#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist:DCC:XEU:DSC"); - break; - case "did:web:abc:trustlist:DCC": - Assertions.assertEquals("did:web:abc:trustlist:DCC", parsed.getController()); - Assertions.assertEquals(7, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist:DCC"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist:DCC"); - break; - case "did:web:abc:trustlist:-:XEU": - Assertions.assertEquals("did:web:abc:trustlist:-:XEU", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:XEU#" + URLEncoder.encode(certCscaEuKid, StandardCharsets.UTF_8)), - certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist:-:XEU"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:XEU#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist:-:XEU"); - break; - case "did:web:abc:trustlist:-:DEU": - Assertions.assertEquals("did:web:abc:trustlist:-:DEU", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:DEU#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist:-:DEU"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:DEU#" + URLEncoder.encode(certCscaDeKid, StandardCharsets.UTF_8)), - certCscaDeKid, certCscaDe, null, "did:web:abc:trustlist:-:DEU"); - break; - case "did:web:abc:trustlist:DCC:XEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU:CSA", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:XEU:CSA#" + URLEncoder.encode(certCscaEuKid, StandardCharsets.UTF_8)), - certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist:DCC:XEU:CSA"); - break; - case "did:web:abc:trustlist:DCC:DEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU:DSC", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:DEU:DSC#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist:DCC:DEU:DSC"); - break; - case "did:web:abc:trustlist:DCC:DEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU:CSA", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:DEU:CSA#" + URLEncoder.encode(certCscaDeKid, StandardCharsets.UTF_8)), - certCscaDeKid, certCscaDe, null, "did:web:abc:trustlist:DCC:DEU:CSA"); - break; - case "did:web:abc:trustlist:DCC:DEU": - Assertions.assertEquals("did:web:abc:trustlist:DCC:DEU", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:DEU#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist:DCC:DEU"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:DEU#" + URLEncoder.encode(certCscaDeKid, StandardCharsets.UTF_8)), - certCscaDeKid, certCscaDe, null, "did:web:abc:trustlist:DCC:DEU"); - break; - case "did:web:abc:trustlist:DCC:XEU": - Assertions.assertEquals("did:web:abc:trustlist:DCC:XEU", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:XEU#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist:DCC:XEU"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:XEU#" + URLEncoder.encode(certCscaEuKid, StandardCharsets.UTF_8)), - certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist:DCC:XEU"); - break; - case "did:web:abc:trustlist:-:XEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:-:XEU:DSC", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:XEU:DSC#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist:-:XEU:DSC"); - break; - case "did:web:abc:trustlist:-:DEU:DSC": - Assertions.assertEquals("did:web:abc:trustlist:-:DEU:DSC", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:DEU:DSC#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist:-:DEU:DSC"); - break; - case "did:web:abc:trustlist:-:DEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:-:DEU:CSA", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:DEU:CSA#" + URLEncoder.encode(certCscaDeKid, StandardCharsets.UTF_8)), - certCscaDeKid, certCscaDe, null, "did:web:abc:trustlist:-:DEU:CSA"); - break; - case "did:web:abc:trustlist:-:-:CSA": - Assertions.assertEquals("did:web:abc:trustlist:-:-:CSA", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:-:CSA#" + URLEncoder.encode(certCscaEuKid, StandardCharsets.UTF_8)), - certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist:-:-:CSA"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:-:CSA#" + URLEncoder.encode(certCscaDeKid, StandardCharsets.UTF_8)), - certCscaDeKid, certCscaDe, null, "did:web:abc:trustlist:-:-:CSA"); - break; - case "did:web:abc:trustlist:-:-:DSC": - Assertions.assertEquals("did:web:abc:trustlist:-:-:DSC", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:-:DSC#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist:-:-:DSC"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:-:DSC#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist:-:-:DSC"); - break; - case "did:web:abc:trustlist:-:XEU:CSA": - Assertions.assertEquals("did:web:abc:trustlist:-:XEU:CSA", parsed.getController()); - Assertions.assertEquals(4, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:-:XEU:CSA#" + URLEncoder.encode(certCscaEuKid, StandardCharsets.UTF_8)), - certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist:-:XEU:CSA"); - break; - case "did:web:abc:trustlist:DCC:-:DSC": - Assertions.assertEquals("did:web:abc:trustlist:DCC:-:DSC", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:-:DSC#" + URLEncoder.encode(certDscDeKid, StandardCharsets.UTF_8)), - certDscDeKid, certDscDe, certCscaDe, "did:web:abc:trustlist:DCC:-:DSC"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:-:DSC#" + URLEncoder.encode(certDscEuKid, StandardCharsets.UTF_8)), - certDscEuKid, certDscEu, certCscaEu, "did:web:abc:trustlist:DCC:-:DSC"); - break; - case "did:web:abc:trustlist:DCC:-:CSA": - Assertions.assertEquals("did:web:abc:trustlist:DCC:-:CSA", parsed.getController()); - Assertions.assertEquals(5, parsed.getVerificationMethod().size()); - - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:-:CSA#" + URLEncoder.encode(certCscaDeKid, StandardCharsets.UTF_8)), - certCscaDeKid, certCscaDe, null, "did:web:abc:trustlist:DCC:-:CSA"); - assertVerificationMethod(getVerificationMethodByKid(parsed.getVerificationMethod(),"did:web:abc:trustlist:DCC:-:CSA#" + URLEncoder.encode(certCscaEuKid, StandardCharsets.UTF_8)), - certCscaEuKid, certCscaEu, null, "did:web:abc:trustlist:DCC:-:CSA"); - break; - default: - if (!parsed.getId().contains("trustlist-ref")) { - Assertions.fail("Unexpected Document in DID Collection! (" + parsed.getId() + ")"); - } - } - } - } - - private void checkJsonDocument(SignedDidTrustList parsed) throws JsonProcessingException { - - Assertions.assertTrue(parsed.getVerificationMethod().contains("did:trusted:DE:issuer")); - Assertions.assertTrue(parsed.getVerificationMethod().contains("did:trusted:EU:issuer")); - Assertions.assertTrue(parsed.getVerificationMethod().contains("did:trusted:XY:issuer")); - - Assertions.assertEquals(2, parsed.getContext().size()); - Assertions.assertEquals("JsonWebSignature2020", parsed.getProof().getType()); - Assertions.assertTrue( - Instant.now().toEpochMilli() - parsed.getProof().getCreated().toInstant().toEpochMilli() < 10000); - Assertions.assertEquals("d0m4in", parsed.getProof().getDomain()); - Assertions.assertEquals(32, parsed.getProof().getNonce().length()); - Assertions.assertEquals("assertionMethod", parsed.getProof().getProofPurpose()); - Assertions.assertEquals("did:web:dummy.net", parsed.getProof().getVerificationMethod()); - Assertions.assertNotNull(parsed.getProof().getJws()); - Assertions.assertNotEquals("", parsed.getProof().getJws()); - - //JSON should start with "@context" due to https://www.w3.org/TR/json-ld11-streaming/#key-ordering-required - String json = JsonLDObject.fromJson(objectMapper.writeValueAsString(parsed)).toJson(); - String first10Characters = json.substring(0, Math.min(10, json.length())); - Assertions.assertTrue(first10Characters.contains("@context")); - } - - - private Object getVerificationMethodByKid(List verificationMethods, String kid) { - - return verificationMethods.stream() - .filter(entry -> entry instanceof LinkedHashMap) - .map(entry -> (LinkedHashMap) entry) - .filter(entry -> entry.get("id").equals(kid)) - .findFirst() - .orElseGet( - () -> Assertions.fail("Could not find VerificationMethod with KID " + kid)); - } - - private void assertVerificationMethod(Object in, String kid, X509Certificate dsc, X509Certificate csca, - String parentDidId) - throws CertificateEncodingException { - - LinkedHashMap jsonNode = (LinkedHashMap) in; - Assertions.assertEquals("JsonWebKey2020", jsonNode.get("type")); - Assertions.assertEquals(parentDidId, jsonNode.get("controller")); - Assertions.assertEquals(parentDidId + "#" + URLEncoder.encode(kid, StandardCharsets.UTF_8), - jsonNode.get("id")); - - LinkedHashMap publicKeyJwk = (LinkedHashMap) jsonNode.get("publicKeyJwk"); - - if (dsc.getPublicKey().getAlgorithm().equals(CertificateTestUtils.SignerType.EC.getSigningAlgorithm())) { - Assertions.assertEquals(((ECPublicKey) dsc.getPublicKey()).getW().getAffineX(), - new BigInteger(Base64.getDecoder().decode(publicKeyJwk.get("x").toString()))); - Assertions.assertEquals(((ECPublicKey) dsc.getPublicKey()).getW().getAffineY(), - new BigInteger(Base64.getDecoder().decode(publicKeyJwk.get("y").toString()))); - Assertions.assertEquals(CertificateTestUtils.SignerType.EC.getSigningAlgorithm(), - publicKeyJwk.get("kty").toString()); - Assertions.assertEquals("P-256", publicKeyJwk.get("crv").toString()); - } else { - Assertions.assertEquals(((RSAPublicKey) dsc.getPublicKey()).getPublicExponent(), - new BigInteger(Base64.getDecoder().decode(publicKeyJwk.get("e").toString()))); - Assertions.assertEquals(((RSAPublicKey) dsc.getPublicKey()).getModulus(), - new BigInteger(Base64.getDecoder().decode(publicKeyJwk.get("n").toString()))); - Assertions.assertEquals(CertificateTestUtils.SignerType.RSA.getSigningAlgorithm(), - publicKeyJwk.get("kty").toString()); - } - ArrayList x5c = ((ArrayList) publicKeyJwk.get("x5c")); - Assertions.assertEquals(Base64.getEncoder().encodeToString(dsc.getEncoded()), x5c.get(0)); - if (csca != null) { - Assertions.assertEquals(Base64.getEncoder().encodeToString(csca.getEncoded()), x5c.get(1)); - } - } - - @Getter - @Setter - public static class SignedDidTrustList extends DidTrustList { - - private LDProof proof; - - @Data - private static class LDProof { - - private String type; - - private ZonedDateTime created; - - private String verificationMethod; - - private String proofPurpose; - - private String jws; - - private String domain; - - private String nonce; - - } - } -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java deleted file mode 100644 index 0828d20..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceTest.java +++ /dev/null @@ -1,79 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector; -import eu.europa.ec.dgc.gateway.connector.model.TrustListItem; -import java.util.ArrayList; -import java.util.List; -import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.mockito.Mockito; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.mock.mockito.MockBean; -import tng.trustnetwork.keydistribution.entity.SignerInformationEntity; -import tng.trustnetwork.keydistribution.repository.SignerInformationRepository; -import tng.trustnetwork.keydistribution.testdata.SignerInformationTestHelper; - -@SpringBootTest -class SignerCertificateDownloadServiceTest { - - @MockBean - DgcGatewayDownloadConnector dgcGatewayDownloadConnector; - - @Autowired - SignerCertificateDownloadService signerCertificateDownloadService; - - @Autowired - SignerInformationRepository signerInformationRepository; - - @Autowired - SignerInformationTestHelper signerInformationTestHelper; - - @Test - void downloadEmptyCertificatesList() { - ArrayList trustList = new ArrayList<>(); - Mockito.when(dgcGatewayDownloadConnector.getDdccTrustedCertificates()).thenReturn(trustList); - - signerCertificateDownloadService.downloadCertificates(); - - List repositoryItems = signerInformationRepository.findAll(); - Assertions.assertTrue(repositoryItems.isEmpty()); - } - - @Test - void downloadCertificates() { - ArrayList trustList = new ArrayList<>(); - trustList.add(signerInformationTestHelper.createTrustedCertificateTrustListItem(SignerInformationTestHelper.TEST_CERT_1_STR)); - Mockito.when(dgcGatewayDownloadConnector.getDdccTrustedCertificates()).thenReturn(trustList); - - signerCertificateDownloadService.downloadCertificates(); - - List repositoryItems = signerInformationRepository.findAll(); - Assertions.assertEquals(1, repositoryItems.size()); - - SignerInformationEntity repositoryItem = repositoryItems.get(0); - Assertions.assertEquals(SignerInformationTestHelper.TEST_CERT_1_KID, repositoryItem.getKid()); - Assertions.assertEquals(SignerInformationTestHelper.TEST_CERT_1_STR, repositoryItem.getRawData()); - } -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java deleted file mode 100644 index d02052f..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/service/SignerInformationServiceTest.java +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector; -import org.junit.jupiter.api.BeforeEach; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.mock.mockito.MockBean; -import tng.trustnetwork.keydistribution.repository.SignerInformationRepository; -import tng.trustnetwork.keydistribution.testdata.SignerInformationTestHelper; - -@SpringBootTest -class SignerInformationServiceTest { - - @MockBean - DgcGatewayDownloadConnector dgcGatewayDownloadConnector; - - @Autowired - SignerInformationRepository signerInformationRepository; - - @Autowired - SignerInformationService signerInformationService; - - @Autowired - SignerInformationTestHelper signerInformationTestHelper; - - @BeforeEach - void clearRepositoryData() { - signerInformationRepository.deleteAll(); - } - -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadServiceTest.java deleted file mode 100644 index ca412b7..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadServiceTest.java +++ /dev/null @@ -1,99 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector; -import eu.europa.ec.dgc.gateway.connector.DgcGatewayTrustedIssuerDownloadConnector; -import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer; -import java.util.ArrayList; -import java.util.List; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.mockito.Mockito; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.mock.mockito.MockBean; -import org.springframework.test.context.TestPropertySource; -import tng.trustnetwork.keydistribution.entity.TrustedIssuerEntity; -import tng.trustnetwork.keydistribution.repository.TrustedIssuerRepository; -import tng.trustnetwork.keydistribution.testdata.TrustedIssuerTestHelper; - -@SpringBootTest -@TestPropertySource(properties = {"dgc.trustedIssuerDownloader.enabled=true"}) -class TrustedIssuerDownloadServiceTest { - - @MockBean - DgcGatewayDownloadConnector dgcGatewayDownloadConnectorMock; - - @MockBean - DgcGatewayTrustedIssuerDownloadConnector dgcGatewayDownloadConnector; - - @Autowired - TrustedIssuerDownloadService trustedIssuerDownloadService; - - @Autowired - TrustedIssuerRepository trustedIssuerRepository; - - @Autowired - TrustedIssuerTestHelper trustedIssuerTestHelper; - - @BeforeEach - void cleanup() { - trustedIssuerRepository.deleteAll(); - } - - @Test - void downloadEmptyIssuerList() { - ArrayList trustList = new ArrayList<>(); - Mockito.when(dgcGatewayDownloadConnector.getTrustedIssuers()).thenReturn(trustList); - - trustedIssuerDownloadService.downloadTrustedIssuers(); - - List repositoryItems = trustedIssuerRepository.findAll(); - Assertions.assertEquals(0, repositoryItems.size()); - } - - @Test - void downloadIssuers() { - List trustedIssuers = trustedIssuerTestHelper.getTrustedIssuerList(); - - Mockito.when(dgcGatewayDownloadConnector.getTrustedIssuers()).thenReturn(trustedIssuers); - - trustedIssuerDownloadService.downloadTrustedIssuers(); - - List repositoryItems = trustedIssuerRepository.findAll(); - Assertions.assertEquals(1, repositoryItems.size()); - - TrustedIssuer trustedIssuer = trustedIssuers.get(0); - - TrustedIssuerEntity repositoryItem = repositoryItems.get(0); - Assertions.assertEquals(trustedIssuer.getCountry(), repositoryItem.getCountry()); - Assertions.assertEquals(trustedIssuer.getKeyStorageType(), repositoryItem.getKeyStorageType()); - Assertions.assertEquals(trustedIssuer.getName(), repositoryItem.getName()); - Assertions.assertEquals(trustedIssuer.getSignature(), repositoryItem.getSignature()); - Assertions.assertEquals(trustedIssuer.getThumbprint(), repositoryItem.getThumbprint()); - Assertions.assertEquals(trustedIssuer.getSslPublicKey(), repositoryItem.getSslPublicKey()); - Assertions.assertEquals(trustedIssuer.getUrl(), repositoryItem.getUrl()); - Assertions.assertEquals(trustedIssuer.getType().toString(), repositoryItem.getUrlType().toString()); - } - -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/service/UniversalResolverServiceTest.java b/src/test/java/tng/trustnetwork/keydistribution/service/UniversalResolverServiceTest.java deleted file mode 100644 index f177628..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/service/UniversalResolverServiceTest.java +++ /dev/null @@ -1,121 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.service; - -import static org.mockito.Mockito.when; - -import com.fasterxml.jackson.core.JsonProcessingException; -import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector; -import org.junit.jupiter.api.Assertions; -import org.junit.jupiter.api.Test; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.mock.mockito.MockBean; -import tng.trustnetwork.keydistribution.clients.UniversalResolverClient; -import tng.trustnetwork.keydistribution.model.EcPublicKeyJwk; -import tng.trustnetwork.keydistribution.model.JwkVerificationMethod; - -@SpringBootTest -class UniversalResolverServiceTest { - - @MockBean - DgcGatewayDownloadConnector dgcGatewayDownloadConnector; - - @MockBean - UniversalResolverClient universalResolverClientMock; - - @Autowired - UniversalResolverService universalResolverService; - - private static final String testDidId = "did:web:did.actor:mike"; - - private static final String testDid = """ - { - "@context": [ - "https://www.w3.org/ns/did/v1", - { - "@base": "did:web:did.actor:mike", - "rating": "https://schema.org/Rating", - "publicAccess": "https://schema.org/publicAccess", - "additionalType": "https://schema.org/additionalType" - } - ], - "id": "did:web:did.actor:mike", - "rating": 4.5, - "publicAccess": true, - "additionalType": null, - "verificationMethod": [ - { - "id": "#g1", - "controller": "did:web:did.actor:mike", - "type": "JsonWebKey2020", - "publicKeyJwk": { - "kty": "EC", - "crv": "P-256", - "x": "xValue" - } - } - ], - "authentication": [ - "did:web:did.actor:mike#g1" - ], - "assertionMethod": [ - "did:web:did.actor:mike#g1" - ] - } - """; - - @Test - void itShouldReturnParsedDidDocument() throws JsonProcessingException { - - when(universalResolverClientMock.getDidDocument(testDidId)) - .thenReturn(testDid); - - UniversalResolverService.DidDocumentWithRawResponse response = - universalResolverService.universalResolverApiCall(testDidId); - - Assertions.assertEquals(testDid, response.raw()); - Assertions.assertEquals(testDidId, response.didDocument().getId()); - Assertions.assertEquals(1, response.didDocument().getVerificationMethod().size()); - Assertions.assertEquals(testDidId, response.didDocument().getVerificationMethod().get(0).getObjectValue().getController()); - Assertions.assertEquals("#g1", response.didDocument().getVerificationMethod().get(0).getObjectValue().getId()); - - Assertions.assertInstanceOf(JwkVerificationMethod.class, response.didDocument().getVerificationMethod().get(0).getObjectValue()); - JwkVerificationMethod jwkVerificationMethod = - (JwkVerificationMethod) response.didDocument().getVerificationMethod().get(0).getObjectValue(); - - Assertions.assertInstanceOf(EcPublicKeyJwk.class, jwkVerificationMethod.getPublicKeyJwk()); - EcPublicKeyJwk ecPublicKeyJwk = (EcPublicKeyJwk) jwkVerificationMethod.getPublicKeyJwk(); - - Assertions.assertEquals(EcPublicKeyJwk.Curve.P256 , ecPublicKeyJwk.getCrv()); - Assertions.assertEquals("xValue", ecPublicKeyJwk.getXvalue()); - } - - @Test - void itShouldThrowAnExceptionIfJsonIsInvalid() { - - when(universalResolverClientMock.getDidDocument(testDidId)) - .thenReturn("noValidJson"); - - Assertions.assertThrows(JsonProcessingException.class, () -> - universalResolverService.universalResolverApiCall(testDidId)); - } -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/testdata/CertificateTestUtils.java b/src/test/java/tng/trustnetwork/keydistribution/testdata/CertificateTestUtils.java deleted file mode 100644 index c33cf75..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/testdata/CertificateTestUtils.java +++ /dev/null @@ -1,121 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.testdata; - -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.PrivateKey; -import java.security.cert.X509Certificate; -import java.security.spec.AlgorithmParameterSpec; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.RSAKeyGenParameterSpec; -import java.time.Instant; -import java.time.temporal.ChronoUnit; -import java.util.Date; -import lombok.AccessLevel; -import lombok.Getter; -import lombok.RequiredArgsConstructor; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x500.X500NameBuilder; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.asn1.x509.X509ObjectIdentifiers; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; - -public class CertificateTestUtils { - - public static X509Certificate generateCertificate(KeyPair keyPair, String country, String commonName, - SignerType signerType) throws Exception { - Date validFrom = Date.from(Instant.now().minus(1, ChronoUnit.DAYS)); - Date validTo = Date.from(Instant.now().plus(365, ChronoUnit.DAYS)); - - return generateCertificate(keyPair, country, commonName, validFrom, validTo, signerType); - } - - public static X509Certificate generateCertificate(KeyPair keyPair, String country, String commonName, - X509Certificate ca, PrivateKey caKey, - SignerType signerType) throws Exception { - Date validFrom = Date.from(Instant.now().minus(1, ChronoUnit.DAYS)); - Date validTo = Date.from(Instant.now().plus(365, ChronoUnit.DAYS)); - - return generateCertificate(keyPair, country, commonName, validFrom, validTo, ca, caKey, signerType); - } - - public static X509Certificate generateCertificate(KeyPair keyPair, String country, String commonName, - Date validFrom, Date validTo, - SignerType signerType) throws Exception { - X500Name subject = new X500NameBuilder() - .addRDN(X509ObjectIdentifiers.countryName, country) - .addRDN(X509ObjectIdentifiers.commonName, commonName) - .build(); - - BigInteger certSerial = new BigInteger(Long.toString(System.currentTimeMillis())); - - ContentSigner contentSigner = new JcaContentSignerBuilder(signerType.signingMethod).build(keyPair.getPrivate()); - - JcaX509v3CertificateBuilder certBuilder = - new JcaX509v3CertificateBuilder(subject, certSerial, validFrom, validTo, subject, keyPair.getPublic()); - - BasicConstraints basicConstraints = new BasicConstraints(false); - certBuilder.addExtension(Extension.basicConstraints, true, basicConstraints); - - return new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner)); - } - - public static X509Certificate generateCertificate(KeyPair keyPair, String country, String commonName, - Date validFrom, Date validTo, X509Certificate ca, - PrivateKey caKey, SignerType signerType) throws Exception { - X500Name subject = new X500NameBuilder() - .addRDN(X509ObjectIdentifiers.countryName, country) - .addRDN(X509ObjectIdentifiers.commonName, commonName) - .build(); - - X500Name issuer = new X509CertificateHolder(ca.getEncoded()).getSubject(); - - BigInteger certSerial = new BigInteger(Long.toString(System.currentTimeMillis())); - - ContentSigner contentSigner = new JcaContentSignerBuilder(signerType.signingMethod).build(caKey); - - JcaX509v3CertificateBuilder certBuilder = - new JcaX509v3CertificateBuilder(issuer, certSerial, validFrom, validTo, subject, keyPair.getPublic()); - - BasicConstraints basicConstraints = new BasicConstraints(false); - certBuilder.addExtension(Extension.basicConstraints, true, basicConstraints); - - return new JcaX509CertificateConverter().getCertificate(certBuilder.build(contentSigner)); - } - - @RequiredArgsConstructor(access = AccessLevel.PRIVATE) - @Getter - public static class SignerType { - - private final String signingMethod; - private final String signingAlgorithm; - private final AlgorithmParameterSpec signingAlgorithmSpec; - - public static SignerType RSA = new SignerType("SHA256withRSA", "RSA", new RSAKeyGenParameterSpec(2048, BigInteger.valueOf(65537L))); - public static SignerType EC = new SignerType("SHA256withECDSA", "EC", new ECGenParameterSpec("secp256r1")); - } -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java b/src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java deleted file mode 100644 index c85cb81..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/testdata/SignerInformationTestHelper.java +++ /dev/null @@ -1,85 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.testdata; - -import eu.europa.ec.dgc.gateway.connector.model.TrustListItem; -import eu.europa.ec.dgc.gateway.connector.model.TrustedCertificateTrustListItem; -import eu.europa.ec.dgc.utils.CertificateUtils; -import java.io.ByteArrayInputStream; -import java.io.InputStream; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.time.ZonedDateTime; -import java.util.Base64; -import lombok.RequiredArgsConstructor; -import org.springframework.stereotype.Service; -import tng.trustnetwork.keydistribution.entity.SignerInformationEntity; -import tng.trustnetwork.keydistribution.repository.SignerInformationRepository; - -@Service -@RequiredArgsConstructor -public class SignerInformationTestHelper { - - public static final String TEST_CERT_1_STR = - "MIICrDCCAZSgAwIBAgIEYH+7ujANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1l" - + "ZGdjX2Rldl90ZXN0MB4XDTIxMDQyMTA1NDQyNloXDTIyMDQyMTA1NDQyNlowGDEW" - + "MBQGA1UEAwwNZWRnY19kZXZfdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC" - + "AQoCggEBAOAlpphOE0TH2m+jU6prmP1W6N0ajaExs5X+sxxG58hIGnZchxFkLkeY" - + "SZqyC2bPQtPiYIDgVFcPJPgfRO4r5ex3W7OxQCFS0TJmYhRkLiVQHQDNHeXFmOpu" - + "834x2ErPJ8AK2D9KhVyFKl5OX1euU25IXzXs67vQf30eStArvWFlZGX4E+JUy8yI" - + "wrR6WLRe+kgtBdFmJZJywbnnffg/5WT+TEcky8ugBlsEcyTxI5rt6iW5ptNUphui" - + "8ZGaE2KtjcnZVaPCvn1IjEv6sdWS/DNDlFySuJ6LQD1OnKsjCXrNVZFVZS5ae9sn" - + "Pu4Y/gapzdgeSDioRk6BWwZ02E9BE+8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA" - + "pE8H9uGtB6DuDL3LEqGslyJKyc6EBqJ+4hDlFtPe+13xEDomJsNwq1Uk3p9F1aHg" - + "qqXc1MjJfDWn0l7ZDGh02tfi+EgHyV2vrfqZwXm6vuK/P7fzdb5blLJpKt0NoMCz" - + "Y+lHhkCxcRGX1R8QOGuuGtnepDrtyeTuoQqsh0mdcMuFgKuTr3c3kKpoQwBWquG/" - + "eZ0PhKSkqXy5aEaFAzdXBLq/dh4zn8FVx+STSpKK1WNmoqjtL7EEFcNgxLTjWJFj" - + "usTEZL0Yxa4Ot4Gb6+VK7P34olH7pFcBFYfh6DyOESV9uglrE4kdOQ7+x+yS5zR/" - + "UTeEfM4mW4I2QIEreUN8Jg=="; - - public static final String TEST_CERT_1_KID = "8xYtW2837ac="; - - private final CertificateUtils certificateUtils; - - private X509Certificate convertStringToX509Cert(String certificate) throws CertificateException { - InputStream targetStream = new ByteArrayInputStream(Base64.getDecoder().decode(certificate)); - return (X509Certificate) CertificateFactory - .getInstance("X509") - .generateCertificate(targetStream); - } - - public TrustedCertificateTrustListItem createTrustedCertificateTrustListItem(String certStr) { - String kid; - try { - kid = certificateUtils.getCertKid(convertStringToX509Cert(certStr)); - }catch (CertificateException e) { - kid = "kid_"+ ZonedDateTime.now(); - } - - //TrustListItem item = new TrustListItem(); - TrustedCertificateTrustListItem item = new TrustedCertificateTrustListItem(); - item.setKid(kid); - item.setCertificate(certStr); - - return item; - } -} diff --git a/src/test/java/tng/trustnetwork/keydistribution/testdata/TrustedIssuerTestHelper.java b/src/test/java/tng/trustnetwork/keydistribution/testdata/TrustedIssuerTestHelper.java deleted file mode 100644 index b880bd2..0000000 --- a/src/test/java/tng/trustnetwork/keydistribution/testdata/TrustedIssuerTestHelper.java +++ /dev/null @@ -1,105 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */ - -package tng.trustnetwork.keydistribution.testdata; - -import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer; -import lombok.RequiredArgsConstructor; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; -import tng.trustnetwork.keydistribution.entity.TrustedIssuerEntity; -import tng.trustnetwork.keydistribution.repository.TrustedIssuerRepository; -import java.time.ZonedDateTime; -import java.util.ArrayList; -import java.util.List; - -@Service -@RequiredArgsConstructor -public class TrustedIssuerTestHelper { - - @Autowired - TrustedIssuerRepository trustedIssuerRepository; - - public TrustedIssuerEntity createTrustedIssuer(final String country) { - TrustedIssuerEntity trustedIssuer = new TrustedIssuerEntity(); - trustedIssuer.setUrl("did:trusted:" + country + ":issuer"); - trustedIssuer.setName("tiName"); - trustedIssuer.setCountry(country); - trustedIssuer.setUrlType(TrustedIssuerEntity.UrlType.DID); - trustedIssuer.setSslPublicKey("pubKey"); - trustedIssuer.setThumbprint("thumbprint"); - trustedIssuer.setKeyStorageType("JWKS"); - trustedIssuer.setSignature("sig"); - - return trustedIssuer; - } - - public List getTrustedIssuerList() { - List list = new ArrayList<>(); - - TrustedIssuer issuer = new TrustedIssuer(); - issuer.setCountry("DE"); - issuer.setUrl("https://ministry-of-health.country-de.de/.well-known/jwks.json"); - issuer.setType(TrustedIssuer.UrlType.HTTP); - issuer.setThumbprint("8e5b84a5c807f8661e470453119830f2ec27971fce4a3420bb744bad66e5bf4c"); - issuer.setSslPublicKey("MHcCAQEEICdvyZFxcPenETpnkmMf8m7te73UE6olhUB72OpIuGRpoAoGCCqGSM49AwEHoUQDQgAE7ni62sNPT7" - + "02PoVkwd8+oCJMkDjht8gcFVGSgYNmjUFDXjKuLK/IVl87xQ5G8zNTbIMllwD1JJZB9LElhFb3JA=="); - issuer.setKeyStorageType("JWKS"); - issuer.setSignature(""" - MIAGCSqGSIb3DQEHAqCAMIACAQExDTALBglghkgBZQMEAgEwgAYJKoZIhvcNAQcBAACggDCCBX0wggNloAMCAQICF\ - CfArZMSPZ2iPmF85n5LHsj4D5XgMA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAkVVMRcwFQYDVQQIDA5FdXJvcGVhbiBVbmlvbjEU\ - MBIGA1UECgwLVHJ1c3RBbmNob3IxEDAOBgNVBAsMB1RTVCBFTlYwHhcNMjEwNDIyMDgxNTIyWhcNMzEwNDIwMDgxNTIyWjBOMQswCQY\ - DVQQGEwJFVTEXMBUGA1UECAwORXVyb3BlYW4gVW5pb24xFDASBgNVBAoMC1RydXN0QW5jaG9yMRAwDgYDVQQLDAdUU1QgRU5WMIICIj\ - ANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA13sh56S2sRAwnS4TCKci0UHGFC1/GxptcaAow2jznzRaJyz7k6oghedDzibFZREen\ - g3cO+pw4XpNO8SiWK8w8fipE9TOkbWBNP8cij/yWj+jfyZvVCPY8eXyS5okzS2PNN2lPswdiB5m5BkuXcm8I8d0fgi4bTzT3lwtxlRo\ - JZo6LVMFjI/sB3LTYsMiL/OnYozpQWf7Cd6wLJI3c9IiQWFH40dGFFwtdQifDWPjOj9iwMASeCarqtOpNhpkn1ZxCDmqPj1mPqreLdq\ - 2RCbzrdvuFRs8KsIrjzJFCcBACPzQeP0jFijPhMa9p8BLSwCrlZOz7OEASPqWDstOqBazTUYBvcwGnP2ZcBuXKUS+lN9V+r37J4ANb/\ - OpM+iZuPUURxf7OxPa+0INauy6OD8018OleL4svS+8tQadT4G9Nbr/2JqFfqat0FVhaZxQHEyLgQdt70wX1BOctgbCKlGQKBuLMyvyT\ - wUJ6Qd0IKxmzFbOVfe+AWHb+V+x8oBpAo+vhS6OCaFuB8dIma1pgf6JP6kfmBERvm8n7158q92ZfGebzhSDhbsuB6Gaj0Ew5qJ/kdzQ\ - rZP5QywHZQ8mEum7JR8rygPEEXDRhdtn3CHIDWEt0we+hGU2GchHOrZwMenQKMdxWnNr5/4M6WobefnOk+t2t4aF1ceWd8nXvK2j1l8\ - CAwEAAaNTMFEwHQYDVR0OBBYEFK9nb1NMVv4ZzXG7A2alSueXrLBQMB8GA1UdIwQYMBaAFK9nb1NMVv4ZzXG7A2alSueXrLBQMA8GA1\ - UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAEujCHeHgcqBFeKvt9bAsEDB1QH19+kcd2TdW87GWlA+sYPM3ARwSy5E7JbYj\ - yk0pZ/XbDi6qC+CE8OgOyWQaj9CELEZCktXZsdGvOs9dKJd5yf97CLDT9EMp2284Ek67VWp5wqqa1+B6xGTg5r8a0OCNrCR04siQNoQ\ - 3pq669hQfhmg5iR0sz4JZrgUL6LIukrd5b/kDvaP37xh8gUrYLX5ApdQFuX41FiP/zcwC4/LG4llsAfYw2lh9ZhXqj3VW8SCayYeJ/O\ - ExQLM8sHCxJ5NMHoXEvlOjoz+X3/Jib7GHIb0z70EaA8BN6KQ8YPcm+U6sgrjsj501WNAz2GA7ji5Iv/Pet5HGZsYNsDYZSWspe5hbc\ - Buc271sVbofLkIXxS8l1mVyhJYj4G+X2DWU3RDoQE+XN8wUdYXcrnKlpp8BKQTOxjofp5xnymCq5GXO50+K1C/tqHjCP1aiir2V1Sb1\ - SumgFoJ10bJXCaqCtUX1/7U7f9lGLirAhgN26s4T13hp+8X1D2hMxfo0w/w90fvtcxfSxutoMwwyU917JtPO/8TA+rE07MbnS0SVsYI\ - Pg+CVPBHV2jSa1ZVSSsVhJSteG6Hs971ci3kgo4rN/ukosBycylzjBLXBnWfWYAoMb3YoNs1jQJnSyll+N2WxX7vHkKwPrh7OpI9yh+\ - IEOnYAAAxggMoMIIDJAIBATBmME4xCzAJBgNVBAYTAkVVMRcwFQYDVQQIDA5FdXJvcGVhbiBVbmlvbjEUMBIGA1UECgwLVHJ1c3RBbm\ - Nob3IxEDAOBgNVBAsMB1RTVCBFTlYCFCfArZMSPZ2iPmF85n5LHsj4D5XgMAsGCWCGSAFlAwQCAaCBljAYBgkqhkiG9w0BCQMxCwYJK\ - oZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMjAzMjUxMTE3MzRaMCsGCSqGSIb3DQEJNDEeMBwwCwYJYIZIAWUDBAIBoQ0GCSqGSIb3\ - DQEBCwUAMC8GCSqGSIb3DQEJBDEiBCDRX6mP3IuhUUd3UlbOhbuPYgXXjxeGv+F6IlfEC1aeRTANBgkqhkiG9w0BAQsFAASCAgC23Mz\ - bNZgXilk+NjuGPfbqQM2veffsKdA0Ln89ODg7Bjtjc0UKTpIQj/o8K9xR/xLkANxM+jLr1v4ya7CUwG9fCde0lqxozSl/j4+P+9Ir82\ - yTDO7AgT0tNpYI+Pa1NzIlRNgqiTVfEg+AmaKLHkg/SJaDa3KxMslkaeQrUwGqaWBLbaMjQFzk/S92s+uRl00At04peXClb87ml6qlO\ - BEipjzpcmz/pJPXctBJ38rLSaWyId+Gi+2z5xyClP3N5xUBumVNJZQvkE21cxggUw9CF7m7TPl6O3+6pbkW5ZLrDPOYvGMVH2XYkIJN\ - AsxEnJSOIEhCAF2PWaKQ5A2ioHOpEvO7Ao2XHxHYZviH66dibxz1tZKe+lxdn65wChfHimvgmu3qyEVjAW3DcHBK8Vs4vB5xdBcx9Q8\ - 1tES/w/Q5ML4rIXKHv6aWlg5cpLuxY6q/T39AxxHnn7CZfIhj+A7kFQGQzy98qRj/qUDgTGF2VoEVX5hDRpkINZhStsW5pTVWtppLVc\ - CLn7L67FKp8pj8z1S5XY/5akbflY0NPy/a9u71aVHPA+O3RaOlNKG9ZzIKBjApdoDuEEabhwmUmqxbtPhKOSklhv0qOJ1rvuMZLCOha\ - S1u3C1KyLok+6WI0oSr+hnLwzR69j9Mcfrq98HjvYpmZgSgOKaRe4XsKIBpNQAAAAAAAA=="""); - - issuer.setTimestamp(ZonedDateTime.parse("2022-03-25T12:14:49+01:00")); - issuer.setName("example-de"); - issuer.setDomain("domain"); - issuer.setUuid("b446e0e1-ff8b-45a0-8da0-303caa533ae5"); - - list.add(issuer); - return list; - } -} diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml deleted file mode 100644 index ce649d3..0000000 --- a/src/test/resources/application.yml +++ /dev/null @@ -1,67 +0,0 @@ -spring: - application: - name: tng-key-distribution - datasource: - driver-class-name: org.h2.Driver - url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1; - username: sa - password: '' - jackson: - deserialization: - read-unknown-enum-values-using-default-value: true - jpa: - database-platform: org.hibernate.dialect.H2Dialect - hibernate: - ddl-auto: validate - liquibase: - change-log: classpath:db/changelog.yaml - h2: - console: - enabled: true - path: /h2-console - profiles: - active: - - test - main: - allow-bean-definition-overriding: true -dgc: - synchroniseCertificates: - timeInterval: 60000 - lockLimit: 1800000 - trustedIssuerDownloader: - enabled: false - timeInterval: 60000 - lockLimit: 1800000 - gateway: - connector: - enabled: false - did: - cron: "" - enableDidGeneration: true - didUploadProvider: dummy - didSigningProvider: dummy - git: - workdir: "" - prefix: "" - url: "" - pat: "" - ld-proof-verification-method: did:web:dummy.net - ld-proof-domain: d0m4in - did-id: did:web:abc - trust-list-path: trustlist - trust-list-ref-path: trustlist-ref - did-controller: did:web:def - trust-list-id-prefix: did:web:abc - trust-list-controller-prefix: did:web:abc - contextMapping: - "[https://www.w3.org/ns/did/v1]": did_v1.json - "[https://w3id.org/security/suites/jws-2020/v1]": jws-2020_v1.json - virtualCountries: - EU: XEU - group-deny-list: - - UPLOAD - group-name-mapping: - CSCA: CSA -universal: - resolver: "https://dev.uniresolver.io/1.0/identifiers" - diff --git a/templates/file-header.txt b/templates/file-header.txt deleted file mode 100644 index 0696c7a..0000000 --- a/templates/file-header.txt +++ /dev/null @@ -1,19 +0,0 @@ -/*- - * ---license-start - * WorldHealthOrganization / tng-key-distribution - * --- - * Copyright (C) 2021 T-Systems International GmbH and all other contributors - * --- - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ---license-end - */