adds HARICA Client Authentication ECC / RSA issuing CAs

resolves #363 for DSF 2.0.0

Author: hhund

dsf-docker/bpe_proxy/Dockerfile

@@ -33,7 +33,7 @@ ENV SSL_VERIFY_CLIENT="require"
 ENV SSL_EXPECTED_CLIENT_S_DN_C_VALUES="'DE'"
 
 # expected client certificate issuer DN common-name (CN) values
-ENV SSL_EXPECTED_CLIENT_I_DN_CN_VALUES="'GEANT TLS ECC 1', 'HARICA OV TLS ECC', 'GEANT TLS RSA 1', 'HARICA OV TLS RSA', 'GEANT S/MIME ECC 1', 'HARICA S/MIME ECC', 'GEANT S/MIME RSA 1', 'HARICA S/MIME RSA', 'DFN-Verein Global Issuing CA', 'Fraunhofer User CA - G02', 'D-TRUST SSL Class 3 CA 1 2009', 'Sectigo RSA Organization Validation Secure Server CA', 'GEANT OV RSA CA 4', 'GEANT Personal CA 4', 'GEANT eScience Personal CA 4', 'Sectigo ECC Organization Validation Secure Server CA', 'GEANT OV ECC CA 4', 'GEANT Personal ECC CA 4', 'GEANT eScience Personal ECC CA 4', 'D-TRUST Limited Basic CA 1-2 2019', 'D-TRUST Limited Basic CA 1-3 2019'"
+ENV SSL_EXPECTED_CLIENT_I_DN_CN_VALUES="'GEANT TLS ECC 1', 'HARICA OV TLS ECC', 'GEANT TLS RSA 1', 'HARICA OV TLS RSA', 'GEANT S/MIME ECC 1', 'HARICA Client Authentication ECC', 'HARICA S/MIME ECC', 'GEANT S/MIME RSA 1', 'HARICA Client Authentication RSA', 'HARICA S/MIME RSA', 'DFN-Verein Global Issuing CA', 'Fraunhofer User CA - G02', 'D-TRUST SSL Class 3 CA 1 2009', 'Sectigo RSA Organization Validation Secure Server CA', 'GEANT OV RSA CA 4', 'GEANT Personal CA 4', 'GEANT eScience Personal CA 4', 'Sectigo ECC Organization Validation Secure Server CA', 'GEANT OV ECC CA 4', 'GEANT Personal ECC CA 4', 'GEANT eScience Personal ECC CA 4', 'D-TRUST Limited Basic CA 1-2 2019', 'D-TRUST Limited Basic CA 1-3 2019'"
 
 # timeout (seconds) for reverse proxy to app server http connection, time the proxy waits for a reply
 ENV PROXY_PASS_TIMEOUT_HTTP=60

dsf-docker/fhir_proxy/Dockerfile

@@ -33,7 +33,7 @@ ENV SSL_VERIFY_CLIENT="require"
 ENV SSL_EXPECTED_CLIENT_S_DN_C_VALUES="'DE'"
 
 # expected client certificate issuer DN common-name (CN) values
-ENV SSL_EXPECTED_CLIENT_I_DN_CN_VALUES="'GEANT TLS ECC 1', 'HARICA OV TLS ECC', 'GEANT TLS RSA 1', 'HARICA OV TLS RSA', 'GEANT S/MIME ECC 1', 'HARICA S/MIME ECC', 'GEANT S/MIME RSA 1', 'HARICA S/MIME RSA', 'DFN-Verein Global Issuing CA', 'Fraunhofer User CA - G02', 'D-TRUST SSL Class 3 CA 1 2009', 'Sectigo RSA Organization Validation Secure Server CA', 'GEANT OV RSA CA 4', 'GEANT Personal CA 4', 'GEANT eScience Personal CA 4', 'Sectigo ECC Organization Validation Secure Server CA', 'GEANT OV ECC CA 4', 'GEANT Personal ECC CA 4', 'GEANT eScience Personal ECC CA 4', 'D-TRUST Limited Basic CA 1-2 2019', 'D-TRUST Limited Basic CA 1-3 2019'"
+ENV SSL_EXPECTED_CLIENT_I_DN_CN_VALUES="'GEANT TLS ECC 1', 'HARICA OV TLS ECC', 'GEANT TLS RSA 1', 'HARICA OV TLS RSA', 'GEANT S/MIME ECC 1', 'HARICA Client Authentication ECC', 'HARICA S/MIME ECC', 'GEANT S/MIME RSA 1', 'HARICA Client Authentication RSA', 'HARICA S/MIME RSA', 'DFN-Verein Global Issuing CA', 'Fraunhofer User CA - G02', 'D-TRUST SSL Class 3 CA 1 2009', 'Sectigo RSA Organization Validation Secure Server CA', 'GEANT OV RSA CA 4', 'GEANT Personal CA 4', 'GEANT eScience Personal CA 4', 'Sectigo ECC Organization Validation Secure Server CA', 'GEANT OV ECC CA 4', 'GEANT Personal ECC CA 4', 'GEANT eScience Personal ECC CA 4', 'D-TRUST Limited Basic CA 1-2 2019', 'D-TRUST Limited Basic CA 1-3 2019'"
 
 # timeout (seconds) for reverse proxy to app server http connection, time the proxy waits for a reply
 ENV PROXY_PASS_TIMEOUT_HTTP=60

pom.xml

@@ -817,6 +817,12 @@
 							<clientOnlyCaCommonName>
 								GEANT S/MIME RSA 1
 							</clientOnlyCaCommonName>
+							<clientOnlyCaCommonName>
+								HARICA Client Authentication ECC
+							</clientOnlyCaCommonName>
+							<clientOnlyCaCommonName>
+								HARICA Client Authentication RSA
+							</clientOnlyCaCommonName>
 							<clientOnlyCaCommonName>
 								HARICA S/MIME ECC
 							</clientOnlyCaCommonName>

src/main/resources/cert/HARICA_Client_Authentication_ECC.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAwagAwIBAgIQE8HgrQAH0BtzfX3LWvJSfzAKBggqhkjOPQQDAzBvMQsw
+CQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2Vh
+cmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBFQ0Mg
+Um9vdCBDQSAyMDIxMB4XDTIxMDMxOTA5MTczOVoXDTM2MDMxNTA5MTczOFowcTEL
+MAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
+YXJjaCBJbnN0aXR1dGlvbnMgQ0ExKTAnBgNVBAMMIEhBUklDQSBDbGllbnQgQXV0
+aGVudGljYXRpb24gRUNDMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEqEqssLtH6Kkn
+Sa4ms1u/YGAi0JW3Py7nkN33soahf1Vf8p4L3eNEaCV3/sZXeviOVEyg2O+F0PWz
+gLFZdv4U//ZgLA0qjFDCtYVnB0R5y/953IpMTdgKR+cjrpveu10Lo4IBYzCCAV8w
+EgYDVR0TAQH/BAgwBgEB/wIBADAfBgNVHSMEGDAWgBRSCNK+MoEl/fUal+xOXxq7
+U82QrTBXBggrBgEFBQcBAQRLMEkwRwYIKwYBBQUHMAKGO2h0dHA6Ly9yZXBvLmhh
+cmljYS5nci9jZXJ0cy9IQVJJQ0EtQ2xpZW50LVJvb3QtMjAyMS1FQ0MuY2VyMEQG
+A1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwOi8vcmVwby5oYXJp
+Y2EuZ3IvZG9jdW1lbnRzL0NQUzATBgNVHSUEDDAKBggrBgEFBQcDAjBFBgNVHR8E
+PjA8MDqgOKA2hjRodHRwOi8vY3JsLmhhcmljYS5nci9IQVJJQ0EtQ2xpZW50LVJv
+b3QtMjAyMS1FQ0MuY3JsMB0GA1UdDgQWBBQqHWyH7pXv/Mkv8RzX+Dw52v+X3jAO
+BgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAwZgIxAIE3QcG3SB1Dgj0a8gE7
+ZSKgA7KfGlt+/ajMitsDqHvg7RZCHFmc05ggxGbzXcu2CwIxAI0VJVUxKQbaLnm1
+u8MvlJDaH1hHCujJ3PU9lYRPg5CaOwkgvV+H5OzQhvkn4flaDw==
+-----END CERTIFICATE-----

src/main/resources/cert/HARICA_Client_Authentication_RSA.pem

@@ -0,0 +1,39 @@
+-----BEGIN CERTIFICATE-----
+MIIGzzCCBLegAwIBAgIQZvugWpzzpAYFBJWnGSeXMjANBgkqhkiG9w0BAQsFADBv
+MQswCQYDVQQGEwJHUjE3MDUGA1UECgwuSGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJl
+c2VhcmNoIEluc3RpdHV0aW9ucyBDQTEnMCUGA1UEAwweSEFSSUNBIENsaWVudCBS
+U0EgUm9vdCBDQSAyMDIxMB4XDTIxMDMxOTA5MTkzN1oXDTM2MDMxNTA5MTkzNlow
+cTELMAkGA1UEBhMCR1IxNzA1BgNVBAoMLkhlbGxlbmljIEFjYWRlbWljIGFuZCBS
+ZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ0ExKTAnBgNVBAMMIEhBUklDQSBDbGllbnQg
+QXV0aGVudGljYXRpb24gUlNBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC
+AgEAtdFg0VN118Izv7l4joORHFO+qJQ09hwRqNdfZW9g9SzSjXcAS4mz4+BlOYVC
+PrdKoxs+1iVnoz6Hl1w2wf9xjTI9xQ6O6miM06CbST2rYCo58y0sV6yAs4/ptMHf
+7smx1/ORdAu3AVYbqzYqoCj5gVehlIivyZKpzko7/45N9eWUs24ah3G4nMiVxTOc
+RNYqw3/bfc+WvatbB6qNQRRJfebeDNQ8Hqen3DBPA9qsOf4Nfi4XDVkGgVPJZqfZ
+VTE8fmZIZRq+Ujcp+JRc4V2dFRqvn9xKPA3d+nbbic+JQs24+ZqYiWrcNdYNE64d
+6GlRhU3chNWFCI4RLNa7VpqoBZkFqlx2S5l83VO/G9DELikFa9nvc2BR+2h/pObG
+WmWIqgQf0esW5nzy4+inufbZ4DLwQ9Bao0TMqLsi6ywdyxreFDvfzVuVxm6NWQoO
+fi6uxdgwFEUp7FJ79owErc+RjNUrMzmhW1nlPtoCYaIy/7bW6VAqJ89ZftvRCCdV
+5QeMOYlqdle65NjcaoXh5sC7g8pTA0VlUk2VHaHWPg13HLGQNyo0yWjtRzE6rIpl
+ede96vg/bjB2edSYFUkrEZn5R71C1XhPQ945npiZ6yNv2qMlqasKuQQVEKkpi4bz
+ntA0C8JUWiobnD91o1NXARIlanApakhk21b8ba0O+WsjgyECAwEAAaOCAWMwggFf
+MBIGA1UdEwEB/wQIMAYBAf8CAQAwHwYDVR0jBBgwFoAUoNYHPV4k93ugRC4kUg0Z
+qisEkacwVwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcmVwby5o
+YXJpY2EuZ3IvY2VydHMvSEFSSUNBLUNsaWVudC1Sb290LTIwMjEtUlNBLmNlcjBE
+BgNVHSAEPTA7MDkGBFUdIAAwMTAvBggrBgEFBQcCARYjaHR0cDovL3JlcG8uaGFy
+aWNhLmdyL2RvY3VtZW50cy9DUFMwEwYDVR0lBAwwCgYIKwYBBQUHAwIwRQYDVR0f
+BD4wPDA6oDigNoY0aHR0cDovL2NybC5oYXJpY2EuZ3IvSEFSSUNBLUNsaWVudC1S
+b290LTIwMjEtUlNBLmNybDAdBgNVHQ4EFgQU8qBdeyXizDQ4cBVNxXMsNAswGCYw
+DgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAr9ecjniPGgn1Le9OW
+sgHWRAEAqAMnFEH7S7zlL6nzEN10kjkxWE4P6776V1rYeRWpSNbB71u2zVqAPcKD
+aGiMP0I9oWlmtWxq2/JjEcf0UgRT+e9e2CleQMmTLbai1hpx08tZj/XMd6X5t78M
+w4WJDfRUnfIjHcWTxu1Nkkj64rfGXI4hzjcLD7wFq6ZXVlhTe9sp5sDCfrVZHCMh
+cHCu9odUF7IXPpPzJrKfB/uidE9mLt+V7DXepDJ2VCySL2JAP3yo4LdjrDEZGFZ7
+YZnHzjdeeq/dn+/DJ7BUVDVIMUQZT3MXoI5yb1PZ9JZrQ4x8jZbP3EPrbQK0RPyU
+4hYjxT52BWjMlP9JXtZw4aVMaOZb9QklKzJHTtWsBrer9pi1seDC2Z2pLw6mK+Yl
+NHdsk/qZ/CpK6NNrs4uWm2U3Jj7z9wFk0TCGXSS1HI024960RZTYe/3laBClflSQ
+7T7xD6HwgPfNivqerXzImw87NHgM275Nd63eV/Lhw4XgH0e+NRGk8vYE6re0p6Y9
+L79OnCWtEqywdJcJ8qr3MvviOBphUXxubDYWZzy56DCACVZEKSRKkZUJIM2UEiCz
+2Q9ATajqiODuPR5/lcmORxGauCkS2VIDKUekblssnemMqfrPEPllcLyLBYnlnM7e
+fV8it5CZjT8kxUrFTcE3ZVkpkw==
+-----END CERTIFICATE-----