Security: FastDDS compatibility mode (#328)

* Sign the security config files with the -text option. This produces .ps7 files with the 'Content-Type: text/plain' header, which is what FastDDS expects

* Get the identity subject name directly from the identity certificate, not the identity token.

* Serialize certificate subject name to the format produced by the openssl x509_name_oneline function

* Use the algorithm identifiers that FastDDS expects in IdentityToken and PermissionsToken

* Change logging about protected interpreter submessages to debug level

* Put the interoperability adjustments behind the feature "security_in_fastdds_compatibility_mode". Document the FastDDS-compatibility mode.

* Fix latest clippy warnings and fmt.

* Resolve the interoperability issues by not sending the optional CA subject name and algorithm in PermissionsToken.

Remove the FastDDS interoperability feature.

---------

Co-authored-by: Juhana Helovuo <[email protected]>

SECURITY.md

@@ -72,4 +72,4 @@ The following security configuration files are needed:
 
 Configuration files can be created using any method, but the OpenSSL tool is recommended.
 
-Please see the examples and scripts in the directory [examples/security_configuration_files](examples/security_configuration_files).
+Please see the examples and scripts in the directory [examples/security_configuration_files](examples/security_configuration_files).

examples/security_configuration_files/cert.pem

@@ -1,10 +1,10 @@
 -----BEGIN CERTIFICATE-----
 MIIBbTCCARMCAQEwCgYIKoZIzj0EAwIwQTEdMBsGA1UECgwURXhhbXBsZSBPcmdh
-bml6YXRpb24xIDAeBgNVBAMMF2lkZW50aXR5X2NhX2NvbW1vbl9uYW1lMCAXDTIz
-MTEyNzEzNDUwM1oYDzQ3NjExMDIzMTM0NTAzWjBCMR0wGwYDVQQKDBRFeGFtcGxl
+bml6YXRpb24xIDAeBgNVBAMMF2lkZW50aXR5X2NhX2NvbW1vbl9uYW1lMCAXDTI0
+MDMwODA4Mjk1MVoYDzQ3NjIwMjAyMDgyOTUxWjBCMR0wGwYDVQQKDBRFeGFtcGxl
 IE9yZ2FuaXphdGlvbjEhMB8GA1UEAwwYcGFydGljaXBhbnQxX2NvbW1vbl9uYW1l
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEzhiR7GO/Ga8fOL1c0G14vFntM8gB
-+NRTFKLlBbCG5b20POJmQ4mw9Y+7niTg90vXrNN8CIMmR2XF/qE6/XFSbzAKBggq
-hkjOPQQDAgNIADBFAiBsvD7JF7jIx2BmiN5ZQFO42A3ToeeP87oEKQpElCw7EQIh
-AM5z6IOAyzMsT5EuycjUcVkVLUtJRR4CY42JKdrDCipT
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvs3uxr9HNmkJenoSj+YRdtSCDK4B
+YHpe4Oj8q2ZH++zN9xNdI3Ucw0cvhbob+C30IjaNNYeCUGkLnXFI/WIGTzAKBggq
+hkjOPQQDAgNIADBFAiEAt6W+orACUZ8Q+7Rtj/kagdZ6eh/h5lxh0Chj9eMoat8C
+IHABglChJDrynMX272q89kF5SCVeL+bWlytw46QbDbWa
 -----END CERTIFICATE-----

examples/security_configuration_files/generate-test-certificates-and-signatures.sh

@@ -7,8 +7,8 @@ openssl ecparam -name prime256v1 -out ec_parameters.pem
 openssl req -x509 -newkey param:ec_parameters.pem -keyout permissions_ca_private_key.pem -passout file:password  -out permissions_ca.cert.pem -days 999999 -subj "/O=Example Organization/CN=permissions_ca_common_name"
 
 # Sign the configuration documents
-openssl smime -sign -in governance_unsigned.xml -out governance.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password
-openssl smime -sign -in permissions_unsigned.xml -out permissions.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password
+openssl smime -sign -in governance_unsigned.xml -text -out governance.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password
+openssl smime -sign -in permissions_unsigned.xml -text -out permissions.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password
 
 
 # Create the identity CA

examples/security_configuration_files/governance.p7s

@@ -1,9 +1,11 @@
 MIME-Version: 1.0
-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----0306BCAF9E9FC6C9C12A431F68A469AF"
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----0793F24F1D3500E3B22E6166CF512EF7"
 
 This is an S/MIME signed message
 
-------0306BCAF9E9FC6C9C12A431F68A469AF
+------0793F24F1D3500E3B22E6166CF512EF7
+Content-Type: text/plain
+
 <?xml version="1.0" encoding="UTF-8"?>
 <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
 xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-SECURITY/20170901/omg_shared_ca_governance.xsd">
@@ -35,32 +37,32 @@ xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-SECURITY/20170901/omg
         </domain_rule>
     </domain_access_rules>
 </dds>
-------0306BCAF9E9FC6C9C12A431F68A469AF
+------0793F24F1D3500E3B22E6166CF512EF7
 Content-Type: application/x-pkcs7-signature; name="smime.p7s"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="smime.p7s"
 
 MIIDzwYJKoZIhvcNAQcCoIIDwDCCA7wCAQExDzANBglghkgBZQMEAgEFADALBgkq
-hkiG9w0BBwGgggHjMIIB3zCCAYWgAwIBAgIUArkFHlgvGsil7TuYvQqROBhEJU4w
+hkiG9w0BBwGgggHjMIIB3zCCAYWgAwIBAgIUZ15lOVw1lFhBNlKlgdqzkhBHDsww
 CgYIKoZIzj0EAwIwRDEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xIzAh
-BgNVBAMMGnBlcm1pc3Npb25zX2NhX2NvbW1vbl9uYW1lMCAXDTIzMTEyNzEzNDUw
-M1oYDzQ3NjExMDIzMTM0NTAzWjBEMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXph
+BgNVBAMMGnBlcm1pc3Npb25zX2NhX2NvbW1vbl9uYW1lMCAXDTI0MDMwODA4Mjk1
+MVoYDzQ3NjIwMjAyMDgyOTUxWjBEMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXph
 dGlvbjEjMCEGA1UEAwwacGVybWlzc2lvbnNfY2FfY29tbW9uX25hbWUwWTATBgcq
-hkjOPQIBBggqhkjOPQMBBwNCAATEROqDZhxrXDXM0gWDxy+wavkwB/Gl32rF+bdW
-fPf2oQAkuy0+nqXx7KPAWfBSHEWxyjxnXnNkzVy7S60vsaEto1MwUTAdBgNVHQ4E
-FgQUCbDH5hkTzYiyO2fiDM1kiOXz8wkwHwYDVR0jBBgwFoAUCbDH5hkTzYiyO2fi
-DM1kiOXz8wkwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEArYKx
-izKj1wpRriFmSDncj9T+bocWStWIGDynJUZtZ8sCIEsMHMD9iG0JakUMxZHFfJfm
-t5B+FBfN3Oj18kiBMnnxMYIBsDCCAawCAQEwXDBEMR0wGwYDVQQKDBRFeGFtcGxl
+hkjOPQIBBggqhkjOPQMBBwNCAAQwHk/PoxLxEP27ez5jzmof7KDXkcm9APMamnHe
+G1E4TbBNZr7FVn5MbsW+5HeklhPSAPC1FefXsOb4AcbO4T/xo1MwUTAdBgNVHQ4E
+FgQU1771sTC5VjQST2vWBFVoc6XwiRUwHwYDVR0jBBgwFoAU1771sTC5VjQST2vW
+BFVoc6XwiRUwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBIb4Ro
+lJ6v4JYqORbipeqKCLV7TuNlayxv6962VSk3yQIhAIjkrqBU9QSO+EIP6bsK+jcc
+47gvd+cnf3/zPWJbNt21MYIBsDCCAawCAQEwXDBEMR0wGwYDVQQKDBRFeGFtcGxl
 IE9yZ2FuaXphdGlvbjEjMCEGA1UEAwwacGVybWlzc2lvbnNfY2FfY29tbW9uX25h
-bWUCFAK5BR5YLxrIpe07mL0KkTgYRCVOMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqG
-SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMTEyNzEzNDUw
-M1owLwYJKoZIhvcNAQkEMSIEIFe1thS1OysYioiONd81Avy3O2h5/z8Qox6D3y1g
-YsulMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAL
+bWUCFGdeZTlcNZRYQTZSpYHas5IQRw7MMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqG
+SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI0MDMwODA4Mjk1
+MVowLwYJKoZIhvcNAQkEMSIEILsmD3IAiSdc8ecU97iBACutVtUs1vIkAFJD9GA6
+2eFnMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAL
 BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3
-DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEcwRQIh
-AMEkHzCvzWcJwpIRges7P5+dz8GwtT5EhkijKws4dcSiAiAtOoxP8C3tsiwY7oaF
-lKYuUSDF4YPE/eahOuelWOQkag==
+DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEcwRQIg
+IFxvwTkp1LSD4se94lKBNIuI3JINJdLcDkOuS8GL7DoCIQCtLq0gdAgK+qB1voxN
+TsFSIgqX1s0uBtgJhgUde2Qh6g==
 
-------0306BCAF9E9FC6C9C12A431F68A469AF--
+------0793F24F1D3500E3B22E6166CF512EF7--
 

examples/security_configuration_files/identity_ca.cert.pem

@@ -1,12 +1,12 @@
 -----BEGIN CERTIFICATE-----
-MIIB2TCCAX+gAwIBAgIUW0oyDuzmDq+g+uUs9+i62a5eNBEwCgYIKoZIzj0EAwIw
+MIIB2jCCAX+gAwIBAgIUY/OV21LPUNPB1eb8EAkNzd/4hAswCgYIKoZIzj0EAwIw
 QTEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xIDAeBgNVBAMMF2lkZW50
-aXR5X2NhX2NvbW1vbl9uYW1lMCAXDTIzMTEyNzEzNDUwM1oYDzQ3NjExMDIzMTM0
-NTAzWjBBMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjEgMB4GA1UEAwwX
+aXR5X2NhX2NvbW1vbl9uYW1lMCAXDTI0MDMwODA4Mjk1MVoYDzQ3NjIwMjAyMDgy
+OTUxWjBBMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjEgMB4GA1UEAwwX
 aWRlbnRpdHlfY2FfY29tbW9uX25hbWUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
-AAS8pbgENNkfzuiNJj/UJAKXkHuhnZvCpUSBsrQ6BbvErBL9HD2iuva63bgj6IZC
-7ziSzCpgRgAlfmgHp4XguuXpo1MwUTAdBgNVHQ4EFgQU7E5CjzZeBUNQ4QIUDz5M
-3GjM8OEwHwYDVR0jBBgwFoAU7E5CjzZeBUNQ4QIUDz5M3GjM8OEwDwYDVR0TAQH/
-BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiAx+XreJabZ7RBdBk3bzo3AonU4fCwy
-ap/8wy0fPEi5wgIhAPwgZfuaBYgmCLdCTlKLHLub7phl96PjMMHKSZX1zjFm
+AARBn3Bj3cUezGOooSb9FQUGpCGmZTY9nnkaKYSYjp2Z0s23xZoMxwhjlu3M9GgC
+lyLeuaqodxsPp/+y26Rj0aT3o1MwUTAdBgNVHQ4EFgQUanyJvwa5bc/RyQo0tRGx
+QKKIS10wHwYDVR0jBBgwFoAUanyJvwa5bc/RyQo0tRGxQKKIS10wDwYDVR0TAQH/
+BAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAsE3SzbcvlxhBhswa3l3RmL87V3TT
+728A4h5ah6pfEy4CIQDtFu6vyO95VH3fvHNJS5e5nBpQfYCWoUhSIsUXm8PUsA==
 -----END CERTIFICATE-----

examples/security_configuration_files/identity_ca_private_key.pem

@@ -1,7 +1,7 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAh5ff1fsdQGlAICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQItWF0QRI2FNIEgZBZeKtWNHSbMnLv
-vWEwmummxhjwW+vq4TjPTew2Dp0mkm1R3ZtpUNBoZXIipKuw5/Av/vPNwTzXu3Wl
-I8sc1KlXWkgc9xajAHowaEv2azKASvBm+cXvdkUqAi9/rJIKPsf+scOkL4ZrnLkC
-OpcNrs0jb5PzRWO4pBMRw+5VNRZNK71eJF2DDmL6p1e+NLVnYUY=
+MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhJGY5NxXyseQICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIkbzbgpXSbCQEgZDmMUeVyXa72lbJ
+3aheKK0lxlLZkFPeuCkFxoaW1VPHwqd9aX+dasng+1y0X36enYWfTClVlXJWhbgL
+m9BfQpzpHBgc/jaqMjLUOWF3XRF57harZrZ7ARoyWH5kcRUFgBmaxnuMgxu1zcNN
+FO4l3JBKhCjCU99RUKjsU7mdkkdr0hjEdeuuaw5f/huI1OHUqKI=
 -----END ENCRYPTED PRIVATE KEY-----

examples/security_configuration_files/identity_certificate_request.pem

@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE REQUEST-----
-MIH+MIGkAgEAMEIxHTAbBgNVBAoMFEV4YW1wbGUgT3JnYW5pemF0aW9uMSEwHwYD
+MIH9MIGkAgEAMEIxHTAbBgNVBAoMFEV4YW1wbGUgT3JnYW5pemF0aW9uMSEwHwYD
 VQQDDBhwYXJ0aWNpcGFudDFfY29tbW9uX25hbWUwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAATOGJHsY78Zrx84vVzQbXi8We0zyAH41FMUouUFsIblvbQ84mZDibD1
-j7ueJOD3S9es03wIgyZHZcX+oTr9cVJvoAAwCgYIKoZIzj0EAwIDSQAwRgIhAMaQ
-VLpcxYb5iTkR6YftS8v7EXjdtoaYv4qpEHFkeazRAiEAn5lQepC9PMisZAMcajwI
-lXarBzWPkojvNKnMy3PpjNQ=
+PQMBBwNCAAS+ze7Gv0c2aQl6ehKP5hF21IIMrgFgel7g6PyrZkf77M33E10jdRzD
+Ry+Fuhv4LfQiNo01h4JQaQudcUj9YgZPoAAwCgYIKoZIzj0EAwIDSAAwRQIhAOSi
+Z6mCOeqUXjmscdJLtu7CHknZISSCXDYRf7xQCXqtAiB8WMnijplDFbV+ab+0duSo
+dS7daJnttMXczfuhUvX9IQ==
 -----END CERTIFICATE REQUEST-----

examples/security_configuration_files/key.pem

@@ -1,5 +1,5 @@
 -----BEGIN PRIVATE KEY-----
-MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg+jJ2YcczH0gTaxjb
-c6znOfDSfpexymhkuFxtS/O6J7ehRANCAATOGJHsY78Zrx84vVzQbXi8We0zyAH4
-1FMUouUFsIblvbQ84mZDibD1j7ueJOD3S9es03wIgyZHZcX+oTr9cVJv
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgolJ0IlvkuB71WxUQ
+R9j0d/qj2ucMn05Ex4BWK/b9ipqhRANCAAS+ze7Gv0c2aQl6ehKP5hF21IIMrgFg
+el7g6PyrZkf77M33E10jdRzDRy+Fuhv4LfQiNo01h4JQaQudcUj9YgZP
 -----END PRIVATE KEY-----

examples/security_configuration_files/permissions.p7s

@@ -1,9 +1,11 @@
 MIME-Version: 1.0
-Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----0ACE8DCADB156B6CFC73CD44A50EB831"
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="sha-256"; boundary="----7811F8EBB0502A372D26F1854BDFC3AA"
 
 This is an S/MIME signed message
 
-------0ACE8DCADB156B6CFC73CD44A50EB831
+------7811F8EBB0502A372D26F1854BDFC3AA
+Content-Type: text/plain
+
 <?xml version="1.0" encoding="UTF-8"?>
 <dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:noNamespaceSchemaLocation="http://www.omg.org/spec/DDS-Security/20170901/omg_shared_ca_permissions.xsd">
@@ -61,32 +63,32 @@ This is an S/MIME signed message
         </grant>
     </permissions>
 </dds>
-------0ACE8DCADB156B6CFC73CD44A50EB831
+------7811F8EBB0502A372D26F1854BDFC3AA
 Content-Type: application/x-pkcs7-signature; name="smime.p7s"
 Content-Transfer-Encoding: base64
 Content-Disposition: attachment; filename="smime.p7s"
 
 MIIDzwYJKoZIhvcNAQcCoIIDwDCCA7wCAQExDzANBglghkgBZQMEAgEFADALBgkq
-hkiG9w0BBwGgggHjMIIB3zCCAYWgAwIBAgIUArkFHlgvGsil7TuYvQqROBhEJU4w
+hkiG9w0BBwGgggHjMIIB3zCCAYWgAwIBAgIUZ15lOVw1lFhBNlKlgdqzkhBHDsww
 CgYIKoZIzj0EAwIwRDEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xIzAh
-BgNVBAMMGnBlcm1pc3Npb25zX2NhX2NvbW1vbl9uYW1lMCAXDTIzMTEyNzEzNDUw
-M1oYDzQ3NjExMDIzMTM0NTAzWjBEMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXph
+BgNVBAMMGnBlcm1pc3Npb25zX2NhX2NvbW1vbl9uYW1lMCAXDTI0MDMwODA4Mjk1
+MVoYDzQ3NjIwMjAyMDgyOTUxWjBEMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXph
 dGlvbjEjMCEGA1UEAwwacGVybWlzc2lvbnNfY2FfY29tbW9uX25hbWUwWTATBgcq
-hkjOPQIBBggqhkjOPQMBBwNCAATEROqDZhxrXDXM0gWDxy+wavkwB/Gl32rF+bdW
-fPf2oQAkuy0+nqXx7KPAWfBSHEWxyjxnXnNkzVy7S60vsaEto1MwUTAdBgNVHQ4E
-FgQUCbDH5hkTzYiyO2fiDM1kiOXz8wkwHwYDVR0jBBgwFoAUCbDH5hkTzYiyO2fi
-DM1kiOXz8wkwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEArYKx
-izKj1wpRriFmSDncj9T+bocWStWIGDynJUZtZ8sCIEsMHMD9iG0JakUMxZHFfJfm
-t5B+FBfN3Oj18kiBMnnxMYIBsDCCAawCAQEwXDBEMR0wGwYDVQQKDBRFeGFtcGxl
+hkjOPQIBBggqhkjOPQMBBwNCAAQwHk/PoxLxEP27ez5jzmof7KDXkcm9APMamnHe
+G1E4TbBNZr7FVn5MbsW+5HeklhPSAPC1FefXsOb4AcbO4T/xo1MwUTAdBgNVHQ4E
+FgQU1771sTC5VjQST2vWBFVoc6XwiRUwHwYDVR0jBBgwFoAU1771sTC5VjQST2vW
+BFVoc6XwiRUwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBIb4Ro
+lJ6v4JYqORbipeqKCLV7TuNlayxv6962VSk3yQIhAIjkrqBU9QSO+EIP6bsK+jcc
+47gvd+cnf3/zPWJbNt21MYIBsDCCAawCAQEwXDBEMR0wGwYDVQQKDBRFeGFtcGxl
 IE9yZ2FuaXphdGlvbjEjMCEGA1UEAwwacGVybWlzc2lvbnNfY2FfY29tbW9uX25h
-bWUCFAK5BR5YLxrIpe07mL0KkTgYRCVOMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqG
-SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTIzMTEyNzEzNDUw
-M1owLwYJKoZIhvcNAQkEMSIEIEjonjTFRKfHUE3pci4O1ZL15hhKex62/rN/I9tq
-GFz+MHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAL
+bWUCFGdeZTlcNZRYQTZSpYHas5IQRw7MMA0GCWCGSAFlAwQCAQUAoIHkMBgGCSqG
+SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI0MDMwODA4Mjk1
+MVowLwYJKoZIhvcNAQkEMSIEICqm9+7kfEaMW0WDNZtawrxhPJdzdEEcoaWHjM+i
+vzxHMHkGCSqGSIb3DQEJDzFsMGowCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAL
 BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3
-DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEcwRQIg
-GZCH97FMki/HtAzmUvdY6kot55MUArOXNaFCSy8soSMCIQDwq1i+UlZ9IVoKsNGY
-CiIb+CtznA8D+gwr/HC5R1gsBQ==
+DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMAoGCCqGSM49BAMCBEcwRQIh
+AL1Rk3WhK4MceexeI4p9tRDcP8KVdILfE3s/WvEpDK4RAiBdSJ8rFegC1PE4ON25
+0AYNqkzG6spC+Y5f71ky7LO7gQ==
 
-------0ACE8DCADB156B6CFC73CD44A50EB831--
+------7811F8EBB0502A372D26F1854BDFC3AA--
 

examples/security_configuration_files/permissions_ca.cert.pem

@@ -1,13 +1,13 @@
 -----BEGIN CERTIFICATE-----
-MIIB3zCCAYWgAwIBAgIUArkFHlgvGsil7TuYvQqROBhEJU4wCgYIKoZIzj0EAwIw
+MIIB3zCCAYWgAwIBAgIUZ15lOVw1lFhBNlKlgdqzkhBHDswwCgYIKoZIzj0EAwIw
 RDEdMBsGA1UECgwURXhhbXBsZSBPcmdhbml6YXRpb24xIzAhBgNVBAMMGnBlcm1p
-c3Npb25zX2NhX2NvbW1vbl9uYW1lMCAXDTIzMTEyNzEzNDUwM1oYDzQ3NjExMDIz
-MTM0NTAzWjBEMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjEjMCEGA1UE
+c3Npb25zX2NhX2NvbW1vbl9uYW1lMCAXDTI0MDMwODA4Mjk1MVoYDzQ3NjIwMjAy
+MDgyOTUxWjBEMR0wGwYDVQQKDBRFeGFtcGxlIE9yZ2FuaXphdGlvbjEjMCEGA1UE
 AwwacGVybWlzc2lvbnNfY2FfY29tbW9uX25hbWUwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAATEROqDZhxrXDXM0gWDxy+wavkwB/Gl32rF+bdWfPf2oQAkuy0+nqXx
-7KPAWfBSHEWxyjxnXnNkzVy7S60vsaEto1MwUTAdBgNVHQ4EFgQUCbDH5hkTzYiy
-O2fiDM1kiOXz8wkwHwYDVR0jBBgwFoAUCbDH5hkTzYiyO2fiDM1kiOXz8wkwDwYD
-VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiEArYKxizKj1wpRriFmSDnc
-j9T+bocWStWIGDynJUZtZ8sCIEsMHMD9iG0JakUMxZHFfJfmt5B+FBfN3Oj18kiB
-Mnnx
+PQMBBwNCAAQwHk/PoxLxEP27ez5jzmof7KDXkcm9APMamnHeG1E4TbBNZr7FVn5M
+bsW+5HeklhPSAPC1FefXsOb4AcbO4T/xo1MwUTAdBgNVHQ4EFgQU1771sTC5VjQS
+T2vWBFVoc6XwiRUwHwYDVR0jBBgwFoAU1771sTC5VjQST2vWBFVoc6XwiRUwDwYD
+VR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNIADBFAiBIb4RolJ6v4JYqORbipeqK
+CLV7TuNlayxv6962VSk3yQIhAIjkrqBU9QSO+EIP6bsK+jcc47gvd+cnf3/zPWJb
+Nt21
 -----END CERTIFICATE-----

examples/security_configuration_files/permissions_ca_private_key.pem

@@ -1,7 +1,7 @@
 -----BEGIN ENCRYPTED PRIVATE KEY-----
-MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAgYhktmNPUKMAICCAAw
-DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQIj1ydXc/n75gEgZBzFLDBxbRVlwwa
-i1YeDkIj9Y88OrSpq2alM8FXcyTD2BKXGqcrmKnuadBeCzgvTLjaAwAB1jj+qNJv
-elbr8/gPcxekTtAYHWLi1zs5pFSXe3kzIQHKd8dsAwTOkPbDLo7K23pfClKavJ3k
-P8/ZtngzfxcEafg2kbXEqE31or9bRUNBFyr4ufholfYdLkGNjFI=
+MIHjME4GCSqGSIb3DQEFDTBBMCkGCSqGSIb3DQEFDDAcBAhmjvldsMft4AICCAAw
+DAYIKoZIhvcNAgkFADAUBggqhkiG9w0DBwQI2yilsIvDjOMEgZBbl1NjP9RgQqfk
+6i6niP7e9nvGa8TdcZDG0AdRqRHiCkW8cbHsij6Vu2Gir7D4NC77/u963KIlknKF
+pBv/hK7zKrjWsQzzdkRxtPR4+exS1negnnRIK7gD5E9HLl28kq2vI9/zHfCC6RAp
+YbO8paG13/Ed9otvAycNI2hqi7fuy0B11jx6SeEFPzGzuadqxOs=
 -----END ENCRYPTED PRIVATE KEY-----

examples/security_configuration_files/sign-test-configurations.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
 
 # Sign test configurations
-openssl smime -sign -in governance_unsigned.xml -out governance.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password
-openssl smime -sign -in permissions_unsigned.xml -out permissions.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password
+openssl smime -sign -in governance_unsigned.xml -text -out governance.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password
+openssl smime -sign -in permissions_unsigned.xml -text -out permissions.p7s -signer permissions_ca.cert.pem -inkey permissions_ca_private_key.pem -passin file:password