diff --git a/.travis.yml b/.travis.yml
index f4528c70..707e4fc9 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,7 +4,8 @@ dist: trusty
jdk:
- oraclejdk8
- openjdk8
- - openjdk7
+ - openjdk10
+ - openjdk11
before_install:
- export TZ=Europe/Prague
@@ -31,7 +32,6 @@ deploy:
- target/eet-client-*.*
on:
tags: true
- jdk: openjdk7
- provider: script
script: scripts/deploy-pages.sh
diff --git a/README.md b/README.md
index 88848678..638eaac9 100644
--- a/README.md
+++ b/README.md
@@ -182,6 +182,11 @@ Since EET client has to deal with lots of encryption and security, up-to-date ve
Supported and tested are following versions:
- Oracle JDK 8
+- OpenJDK 8
+- OpenJDK 10
+- OpenJDK 11
+
+For following JDK versions please stay on 3.0.0 release:
- Oracle JDK 7
- OpenJDK 7
- OpenJDK 6
diff --git a/pom.xml b/pom.xml
index 3a1c0e3f..d3927e4c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,14 +22,18 @@
UTF-8
- 3.0.10
+
+
+ 3.3.5
4.12
1.7.24
- 2.3
+ 2.11.1
2.19.1
- 0.7.7.201606060606
+ 0.8.5
3.0.1
2.10.4
+ 2.3.0
@@ -102,6 +106,11 @@
test
+
+ javax.xml.ws
+ jaxws-api
+ ${jaxws.version}
+
junit
@@ -113,7 +122,7 @@
org.mockito
mockito-core
- 2.8.9
+ 2.21.0
test
@@ -125,7 +134,7 @@
org.apache.cxf
cxf-codegen-plugin
- 3.0.9
+ 3.3.5
generate-sources
@@ -172,7 +181,7 @@
org.apache.maven.plugins
maven-compiler-plugin
- 3.5.1
+ 3.8.0
1.6
1.6
@@ -361,4 +370,4 @@
-
\ No newline at end of file
+
diff --git a/src/main/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtension.java b/src/main/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtension.java
index 29015eef..848c57ee 100644
--- a/src/main/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtension.java
+++ b/src/main/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtension.java
@@ -1,6 +1,7 @@
package cz.tomasdvorak.eet.client.security;
import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.xml.security.Init;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -15,6 +16,8 @@ public MerlinWithCRLDistributionPointsExtension() {
}
private void configureSystemProperties() {
+ Init.init();
+
final boolean crlDownloadEnabled = Boolean.getBoolean("com.sun.security.enableCRLDP");
final boolean checkRevocationEnabled = Boolean.getBoolean("com.sun.net.ssl.checkRevocation");
final String value = Security.getProperty("com.sun.security.onlyCheckRevocationOfEECert");
diff --git a/src/main/java/cz/tomasdvorak/eet/client/security/WSS4JEetOutInterceptor.java b/src/main/java/cz/tomasdvorak/eet/client/security/WSS4JEetOutInterceptor.java
index db6b6f94..f58cc668 100644
--- a/src/main/java/cz/tomasdvorak/eet/client/security/WSS4JEetOutInterceptor.java
+++ b/src/main/java/cz/tomasdvorak/eet/client/security/WSS4JEetOutInterceptor.java
@@ -13,7 +13,7 @@
/**
* Specialization of {@link WSS4JOutInterceptor} that uses exchange to mark
* messages that have to be validated by {@link WSS4JEetInInterceptor}
- *
+ *
* @author Petr Kalivoda
*
*/
@@ -34,12 +34,12 @@ public void handleMessage(SoapMessage message) throws Fault {
TrzbaType request = (TrzbaType) requestObj;
TrzbaHlavickaType header = request.getHlavicka();
- // validation is required if isOvereni is unspecified or false.
- boolean required = header == null || !Boolean.TRUE.equals(header.isOvereni());
+ // validation is required if getOvereni is unspecified or false.
+ boolean required = header == null || !Boolean.TRUE.equals(header.getOvereni());
message.getExchange().put(WSS4JEetInInterceptor.PROP_SIGNATURE_REQUIRED, required);
}
}
}
-}
\ No newline at end of file
+}
diff --git a/src/test/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtensionTest.java b/src/test/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtensionTest.java
index 36e2019d..cf4d7383 100644
--- a/src/test/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtensionTest.java
+++ b/src/test/java/cz/tomasdvorak/eet/client/security/MerlinWithCRLDistributionPointsExtensionTest.java
@@ -1,12 +1,5 @@
package cz.tomasdvorak.eet.client.security;
-import cz.tomasdvorak.eet.client.exceptions.InvalidKeystoreException;
-import org.apache.wss4j.common.crypto.Merlin;
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.junit.Before;
-import org.junit.Ignore;
-import org.junit.Test;
-
import java.io.InputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
@@ -16,6 +9,14 @@
import java.util.Collection;
import java.util.regex.Pattern;
+import org.apache.wss4j.common.crypto.Merlin;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
+
+import cz.tomasdvorak.eet.client.exceptions.InvalidKeystoreException;
+
public class MerlinWithCRLDistributionPointsExtensionTest {
private KeyStore keystore;
@@ -29,16 +30,16 @@ public void setUp() throws Exception {
keystore = getTruststore("/certificates/rca15_rsa.der", "/certificates/2qca16_rsa.der");
}
-
+ @Ignore("Disabled due to expired test certificate as well")
@Test
public void verifyTrustPlayground() throws Exception {
final Merlin crypto = new MerlinWithCRLDistributionPointsExtension();
final boolean enableRevocation = true;
final Collection subjectCertConstraints = new ArrayList();
subjectCertConstraints.add(Pattern.compile(SecureEETCommunication.SUBJECT_CERT_CONSTRAINTS));
- final X509Certificate[] certsPlayground = {playgroundCertificate};
+ final X509Certificate[] certsPlayground = { playgroundCertificate };
crypto.setTrustStore(keystore);
- crypto.verifyTrust(certsPlayground, enableRevocation, subjectCertConstraints);
+ crypto.verifyTrust(certsPlayground, enableRevocation, subjectCertConstraints, null);
}
@Ignore("Disabled due to expired production certificate. Help needed, please see https://github.com/todvora/eet-client/issues/35#issuecomment-340262163")
@@ -48,16 +49,14 @@ public void verifyTrustProduction() throws WSSecurityException {
final boolean enableRevocation = true;
final Collection subjectCertConstraints = new ArrayList();
subjectCertConstraints.add(Pattern.compile(SecureEETCommunication.SUBJECT_CERT_CONSTRAINTS));
- final X509Certificate[] certsProduction = {productionCertificate};
+ final X509Certificate[] certsProduction = { productionCertificate };
crypto.setTrustStore(keystore);
- crypto.verifyTrust(certsProduction, enableRevocation, subjectCertConstraints);
+ crypto.verifyTrust(certsProduction, enableRevocation, subjectCertConstraints, null);
}
-
-
private KeyStore getTruststore(final String... certificate) throws InvalidKeystoreException {
final InputStream[] streams = new InputStream[certificate.length];
- for(int i = 0; i< certificate.length; i++) {
+ for (int i = 0; i < certificate.length; i++) {
streams[i] = (getClass().getResourceAsStream(certificate[i]));
}
return new ServerKey(streams).getTrustStore();
@@ -68,4 +67,4 @@ private X509Certificate getEETCertificate(final String path) throws CertificateE
final CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
return (X509Certificate) certificateFactory.generateCertificate(is);
}
-}
\ No newline at end of file
+}
diff --git a/src/test/java/cz/tomasdvorak/eet/client/security/SecurityCodesGeneratorTest.java b/src/test/java/cz/tomasdvorak/eet/client/security/SecurityCodesGeneratorTest.java
index 065b2d3c..a74dd1fa 100644
--- a/src/test/java/cz/tomasdvorak/eet/client/security/SecurityCodesGeneratorTest.java
+++ b/src/test/java/cz/tomasdvorak/eet/client/security/SecurityCodesGeneratorTest.java
@@ -15,7 +15,7 @@ public class SecurityCodesGeneratorTest {
@Before
public void setUp() throws Exception {
testData = Arrays.asList(
- new DemoRequestHolder("/keys/CZ1212121218.p12", "eet", "/requests/CZ1212121218.valid.v3.1.xml"),
+ new DemoRequestHolder("/keys/CZ683555118.p12", "eet", "/requests/CZ683555118.valid.v3.1.xml"),
new DemoRequestHolder("/keys/CZ00000019.p12", "eet", "/requests/CZ00000019.valid.v3.1.xml")
);
}
diff --git a/src/test/java/cz/tomasdvorak/eet/client/utils/CertificateUtilsTest.java b/src/test/java/cz/tomasdvorak/eet/client/utils/CertificateUtilsTest.java
index f74cd012..5f399ede 100644
--- a/src/test/java/cz/tomasdvorak/eet/client/utils/CertificateUtilsTest.java
+++ b/src/test/java/cz/tomasdvorak/eet/client/utils/CertificateUtilsTest.java
@@ -18,7 +18,7 @@ public class CertificateUtilsTest {
@Test
public void testServerKeyInfo() throws Exception {
final X509Certificate x509Certificate = getCertificate("/keys/crls-demo-cert.pem");
- Assert.assertEquals("{subject='SERIALNUMBER=ICA - 10461704, OID.2.5.4.97=NTRCZ-72080043, O=Česká republika - Generální finanční ředitelství, C=CZ, CN=Elektronická evidence tržeb - Playground', issuer='SERIALNUMBER=NTRCZ-26439395, O=\"První certifikační autorita, a.s.\", CN=I.CA Qualified 2 CA/RSA 02/2016, C=CZ', SerialNumber=11390220, validFrom=2018-05-24T10:42:21+02:00, validTo=2019-05-24T10:42:21+02:00}", CertificateUtils.getCertificateInfo(x509Certificate));
+ Assert.assertEquals("{subject='O=Generální finanční ředitelství, CN=GFR EET test CA 1, C=CZ', issuer='O=Generální finanční ředitelství, CN=GFR EET test CA 1, C=CZ', SerialNumber=16777216, validFrom=2016-05-02T13:52:28+02:00, validTo=2026-04-30T13:52:28+02:00}", CertificateUtils.getCertificateInfo(x509Certificate));
}
@@ -39,4 +39,4 @@ private X509Certificate getCertificate(final String path) throws CertificateExce
return (X509Certificate) certificateFactory.generateCertificate(is);
}
-}
\ No newline at end of file
+}
diff --git a/src/test/resources/keys/CZ00000019.p12 b/src/test/resources/keys/CZ00000019.p12
index 589d50a5..9882d934 100644
Binary files a/src/test/resources/keys/CZ00000019.p12 and b/src/test/resources/keys/CZ00000019.p12 differ
diff --git a/src/test/resources/keys/CZ683555118.p12 b/src/test/resources/keys/CZ683555118.p12
index 7a68e742..2771f3d6 100644
Binary files a/src/test/resources/keys/CZ683555118.p12 and b/src/test/resources/keys/CZ683555118.p12 differ
diff --git a/src/test/resources/keys/crls-demo-cert.pem b/src/test/resources/keys/crls-demo-cert.pem
index 3736b603..bdf89063 100644
--- a/src/test/resources/keys/crls-demo-cert.pem
+++ b/src/test/resources/keys/crls-demo-cert.pem
@@ -1,3 +1,86 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 16777216 (0x1000000)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=CZ, CN=GFR EET test CA 1, O=Gener\xC3\xA1ln\xC3\xAD finan\xC4\x8Dn\xC3\xAD \xC5\x99editelstv\xC3\xAD
+ Validity
+ Not Before: May 2 11:52:28 2016 GMT
+ Not After : Apr 30 11:52:28 2026 GMT
+ Subject: C=CZ, CN=GFR EET test CA 1, O=Gener\xC3\xA1ln\xC3\xAD finan\xC4\x8Dn\xC3\xAD \xC5\x99editelstv\xC3\xAD
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cd:8d:c9:1c:79:aa:2c:14:88:cb:b1:2f:24:36:
+ 27:dd:07:d7:95:da:9f:fb:2e:37:46:6c:c1:28:af:
+ 41:13:a2:97:1a:f6:20:9b:25:f8:f0:27:87:37:4d:
+ 18:c5:c8:cb:e5:ee:9b:54:45:c0:79:76:02:b1:b0:
+ e5:18:d5:c2:f1:83:59:32:10:ae:34:5d:39:cb:cc:
+ 81:ec:7c:93:a8:85:58:93:18:ee:b3:12:b7:95:3a:
+ 7e:44:20:88:5d:15:e1:3f:42:bc:2c:e7:3a:03:93:
+ db:51:b3:d4:66:14:d1:81:e4:e6:77:82:bc:e4:db:
+ a5:6f:b0:36:77:4e:f3:8b:f7:c7:3c:a2:87:4e:bb:
+ a1:2e:30:4d:63:ad:c2:4d:a0:5b:a1:9f:86:3a:51:
+ a3:bc:7b:bc:f5:ce:a9:f3:10:82:89:68:d2:36:8e:
+ 9d:6a:0b:22:5b:50:a1:17:86:21:30:8d:81:fe:1e:
+ 80:98:e2:8f:ad:bb:93:16:2b:c8:58:4e:61:b9:4e:
+ ca:ac:95:84:ed:ef:4b:b2:04:6f:e8:89:da:85:9e:
+ 7e:68:44:36:04:4b:e0:f7:b4:44:b2:65:a4:87:e8:
+ 49:87:13:68:81:ed:f8:5c:47:41:a3:0b:86:6b:21:
+ c0:98:21:e2:1c:e3:8c:0c:27:1e:3e:d3:8c:b4:a5:
+ 09:b9
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Subject Alternative Name:
+ email:epodpora@fs.mfcr.cz
+ X509v3 Certificate Policies:
+ Policy: 2.16.840.1.101.3.2.1.48.1
+ User Notice:
+ Explicit Text: Tato CA je pouze TESTOVACI
+
+ X509v3 Subject Key Identifier:
+ 7A:5A:FC:0D:CB:EC:36:A6:0D:DA:69:19:66:8C:9B:EF:82:C3:A9:34
+ Signature Algorithm: sha256WithRSAEncryption
+ bc:7f:58:bb:0f:e5:e9:70:05:c4:9e:86:37:52:75:24:17:14:
+ 38:6b:7d:e1:f0:79:71:14:02:86:52:c0:4e:1d:6f:d9:81:53:
+ fc:07:8d:41:84:24:7e:ec:9c:db:ad:f8:16:35:85:94:6c:4e:
+ 13:05:84:bf:25:6a:cd:9b:84:30:50:ec:b6:50:1f:27:02:ef:
+ 00:6f:86:c3:77:9d:9e:10:d9:11:88:2b:b2:d2:49:13:eb:7e:
+ 43:62:d7:16:41:e6:e6:d9:a8:ef:12:bd:1f:4e:8b:c1:8d:47:
+ 3d:2e:fc:0e:7a:f9:d7:7d:9f:de:a6:d8:ec:87:73:d3:8c:c1:
+ be:c3:c4:07:41:1c:54:6a:97:59:b4:e0:0d:fd:dc:ba:c7:89:
+ 2e:a8:10:00:16:01:b0:c3:d7:15:1e:91:fd:4d:86:b8:ce:e9:
+ 0c:b3:27:a9:b8:6c:04:22:d0:40:8e:2b:81:0e:fe:8b:73:5d:
+ b6:41:8b:1a:09:01:d3:30:20:01:a5:51:75:03:2d:08:b9:1e:
+ 62:ec:4f:b2:3d:af:77:f1:95:a8:79:c1:6b:96:2c:58:5b:d4:
+ 7e:b0:7f:d2:7d:af:05:db:6c:78:9a:3d:1c:ef:25:59:33:a9:
+ 3b:19:db:c9:75:2f:40:57:00:1c:55:c1:9f:8a:ac:cf:9d:2d:
+ 4b:9d:96:0c
-----BEGIN CERTIFICATE-----
-MIIGpTCCBI2gAwIBAgIEAK3NDDANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJDWjEoMCYGA1UEAwwfSS5DQSBRdWFsaWZpZWQgMiBDQS9SU0EgMDIvMjAxNjEtMCsGA1UECgwkUHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRhLCBhLnMuMRcwFQYDVQQFEw5OVFJDWi0yNjQzOTM5NTAeFw0xODA1MjQwODQyMjFaFw0xOTA1MjQwODQyMjFaMIG3MTMwMQYDVQQDDCpFbGVrdHJvbmlja8OhIGV2aWRlbmNlIHRyxb5lYiAtIFBsYXlncm91bmQxCzAJBgNVBAYTAkNaMUEwPwYDVQQKDDjEjGVza8OhIHJlcHVibGlrYSAtIEdlbmVyw6FsbsOtIGZpbmFuxI1uw60gxZllZGl0ZWxzdHbDrTEXMBUGA1UEYQwOTlRSQ1otNzIwODAwNDMxFzAVBgNVBAUTDklDQSAtIDEwNDYxNzA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkGgreA9ELs/8drXtr3Lz/+9HvtEBVLlbWTqliqD247PKCeWD2ZfofGYDmKXH989sLeODwpC5RU689FHP6K0TA53Y4lWp+1UgVlgFUkNtNYSKj32GuN9XQaWP3m0eApUX2YwsLn4t612k1O678cv2b8bqQRhHLS+/79TIxZxeVu1f8xOmHsn/ZBwXvLazOUaIVTOp2ICifYlhJnh9+tfJfZsw/ALwlIlh3QhjxiVjdo3jw1dUEvbwyo/h3QJ56PHSwZ2dk+GeSnQREfGppmmDbxDAy2e00p0J+bcqoctM5GK7C2dL/n6iWzGOyOrCs2sLsMp/SN7ZQnUvLiho60P+QIDAQABo4IB7jCCAeowOAYDVR0RBDEwL4ETZXBvZHBvcmFAZnMubWZjci5jeqAYBgorBgEEAYG4SAQGoAoMCDEwNDYxNzA0MA4GA1UdDwEB/wQEAwIGwDBFBgNVHSAEPjA8MDAGDSsGAQQBgbhICgEhAQEwHzAdBggrBgEFBQcCARYRaHR0cDovL3d3dy5pY2EuY3owCAYGBACPegEBMIGPBgNVHR8EgYcwgYQwKqAooCaGJGh0dHA6Ly9xY3JsZHAxLmljYS5jei8ycWNhMTZfcnNhLmNybDAqoCigJoYkaHR0cDovL3FjcmxkcDIuaWNhLmN6LzJxY2ExNl9yc2EuY3JsMCqgKKAmhiRodHRwOi8vcWNybGRwMy5pY2EuY3ovMnFjYTE2X3JzYS5jcmwwZQYIKwYBBQUHAQEEWTBXMCoGCCsGAQUFBzAChh5odHRwOi8vcS5pY2EuY3ovMnFjYTE2X3JzYS5jZXIwKQYIKwYBBQUHMAGGHWh0dHA6Ly9vY3NwLmljYS5jei8ycWNhMTZfcnNhMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDFSbzFp5SajTmTLuQKOdh43FAIxMB8GA1UdIwQYMBaAFHSCCJHj2WRocYXW6zHkct+LJrFtMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQA6PyKyFC90HRyP/2bKqPbvMInwzEoSRX97LFedZS5LXAaVfMbf5omCbJcUsn7SJJZOCi1ttBG4hw9DV1bupZjtxUiYQSSznORnZd3ClaKNdjmO3IfURFIVE+u0eYg7tz3da7tbLj+g8r+P0QvbrGJ3dT9tgSBEC1YkVQPZsjNlf87EDdFixyQsuuDvw5N98i8hL/lshgFWWaX8vStT0sP+H+Y3GzBASE8JIVHi05/NK992jKRCacAN6lrOUi6eM5p6dd9njstOckFtMDnTLVZDuqyT7NHR38OJzLO30xko84a/pmuZRxufr8FxBhLKqaLbgcTh64m8gMGBjjoALeycw0U9vP+01WqjOtmrc157LG+4T1J+BF1vCiUW0CWxw8sC87Eac+YyBIqr9mwQUzyZ2vh5cqtxFRs4/e06EpEnFPZdn/dtUTeaSMT/AShr/Gu2yu3xwFz6Jwrrf9SdL/lT1eO9ICzG25O6xoFC0UWhfcWFCfxq7I+Mve6w2a2EVrTHjCikWnggtGIqhL6KfrU5PDQEOa6Dxvo6S4VhkXBcqa1i4Up4YXetM381MfpJTgi2aa2FgtNgzG8Ta4woKk1N1Ya+FsVwIOeGcGosAU5A1WkWrAZ4sOKl0rgHY2k1lUU9sIP/t3JZtJHPapLGuKeijRACjHx7YU5RQOKaTtVYWA==
------END CERTIFICATE-----
\ No newline at end of file
+MIID1zCCAr+gAwIBAgIEAQAAADANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJD
+WjEaMBgGA1UEAwwRR0ZSIEVFVCB0ZXN0IENBIDExLTArBgNVBAoMJEdlbmVyw6Fs
+bsOtIGZpbmFuxI1uw60gxZllZGl0ZWxzdHbDrTAeFw0xNjA1MDIxMTUyMjhaFw0y
+NjA0MzAxMTUyMjhaMFgxCzAJBgNVBAYTAkNaMRowGAYDVQQDDBFHRlIgRUVUIHRl
+c3QgQ0EgMTEtMCsGA1UECgwkR2VuZXLDoWxuw60gZmluYW7EjW7DrSDFmWVkaXRl
+bHN0dsOtMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzY3JHHmqLBSI
+y7EvJDYn3QfXldqf+y43RmzBKK9BE6KXGvYgmyX48CeHN00YxcjL5e6bVEXAeXYC
+sbDlGNXC8YNZMhCuNF05y8yB7HyTqIVYkxjusxK3lTp+RCCIXRXhP0K8LOc6A5Pb
+UbPUZhTRgeTmd4K85Nulb7A2d07zi/fHPKKHTruhLjBNY63CTaBboZ+GOlGjvHu8
+9c6p8xCCiWjSNo6dagsiW1ChF4YhMI2B/h6AmOKPrbuTFivIWE5huU7KrJWE7e9L
+sgRv6InahZ5+aEQ2BEvg97REsmWkh+hJhxNoge34XEdBowuGayHAmCHiHOOMDCce
+PtOMtKUJuQIDAQABo4GoMIGlMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
+AgEGMB4GA1UdEQQXMBWBE2Vwb2Rwb3JhQGZzLm1mY3IuY3owQwYDVR0gBDwwOjA4
+BgpghkgBZQMCATABMCowKAYIKwYBBQUHAgIwHBoaVGF0byBDQSBqZSBwb3V6ZSBU
+RVNUT1ZBQ0kwHQYDVR0OBBYEFHpa/A3L7DamDdppGWaMm++Cw6k0MA0GCSqGSIb3
+DQEBCwUAA4IBAQC8f1i7D+XpcAXEnoY3UnUkFxQ4a33h8HlxFAKGUsBOHW/ZgVP8
+B41BhCR+7JzbrfgWNYWUbE4TBYS/JWrNm4QwUOy2UB8nAu8Ab4bDd52eENkRiCuy
+0kkT635DYtcWQebm2ajvEr0fTovBjUc9LvwOevnXfZ/eptjsh3PTjMG+w8QHQRxU
+apdZtOAN/dy6x4kuqBAAFgGww9cVHpH9TYa4zukMsyepuGwEItBAjiuBDv6Lc122
+QYsaCQHTMCABpVF1Ay0IuR5i7E+yPa938ZWoecFrlixYW9R+sH/Sfa8F22x4mj0c
+7yVZM6k7GdvJdS9AVwAcVcGfiqzPnS1LnZYM
+-----END CERTIFICATE-----
diff --git a/src/test/resources/requests/CZ00000019.valid.v3.1.xml b/src/test/resources/requests/CZ00000019.valid.v3.1.xml
index 0076286d..4d4fb152 100644
--- a/src/test/resources/requests/CZ00000019.valid.v3.1.xml
+++ b/src/test/resources/requests/CZ00000019.valid.v3.1.xml
@@ -1,2 +1,2 @@
-MIIEmDCCA4CgAwIBAgIEdHOXJzANBgkqhkiG9w0BAQsFADB3MRIwEAYKCZImiZPyLGQBGRYCQ1oxQzBBBgNVBAoMOsSMZXNrw6EgUmVwdWJsaWthIOKAkyBHZW5lcsOhbG7DrSBmaW5hbsSNbsOtIMWZZWRpdGVsc3R2w60xHDAaBgNVBAMTE0VFVCBDQSAxIFBsYXlncm91bmQwHhcNMTYwOTMwMDkwMzU5WhcNMTkwOTMwMDkwMzU5WjBDMRIwEAYKCZImiZPyLGQBGRYCQ1oxEzARBgNVBAMTCkNaMDAwMDAwMTkxGDAWBgNVBA0TD3ByYXZuaWNrYSBvc29iYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnNUPW8rAlLi2KAwu12W1vqLj02mWIifq/Jp0/tUjf9B8RpkDAD3GOqDdVuHSfxej92WiEouDy7X8uXzIDdZu4pXA3t3KntxM8rAlu2U6SqtF3kTR+AJCdwfkM53U3z4/qoyKqdQ8lGuMxJKs7X5uIjcY/UDSXMK9OTmXRhndjYcX1oILr5F2ONf1Z0kWyl/S9wI0cl0gQ1F91mzqgnlH80u2inMmmBp42ndR4TGS1nvjer5D73bkLg07TdeqnUg609WwjUJN96OKZMsKXzBMzt09NbhQcABWnAWbRTSVhsAdDO8vfmWx2C+gXUlkIvtO+9fbj81GS1xdNoAkpARUcCAwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFL/0b0Iw6FY33UT8iJEy1V7nZVR6MB8GA1UdIwQYMBaAFHwwdqzM1ofR7Mkf4nAILONf3gwHMA4GA1UdDwEB/wQEAwIGwDBjBgNVHSAEXDBaMFgGCmCGSAFlAwIBMAEwSjBIBggrBgEFBQcCAjA8DDpUZW50byBjZXJ0aWZpa8OhdCBieWwgdnlkw6FuIHBvdXplIHBybyB0ZXN0b3ZhY8OtIMO6xI1lbHkuMIGXBgNVHR8EgY8wgYwwgYmggYaggYOGKWh0dHA6Ly9jcmwuY2ExLXBnLmVldC5jei9lZXRjYTFwZy9hbGwuY3JshipodHRwOi8vY3JsMi5jYTEtcGcuZWV0LmN6L2VldGNhMXBnL2FsbC5jcmyGKmh0dHA6Ly9jcmwzLmNhMS1wZy5lZXQuY3ovZWV0Y2ExcGcvYWxsLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAvXdWsU+Ibd1VysKnjoy6RCYVcI9+oRUSSTvQQDJLFjwn5Sm6Hebhci8ERGwAzd2R6uqPdzl1KCjmHOitypZ66e+/e9wj3BaDqgBKRZYvxZykaVUdtQgG0819JZmiXTbGgOCKiUPIXO80cnP7U1ZPkVNV7WZwh0I2k/fg1VLTI5HA/x4BeD77wiEOExa7eqePJET0jpTVK3LxSW59LLIJROh4/kfKQbTvDL5Ypw8WagAMVCPvWnGJIcUru+ApLU4pZD9bdHSa1Ib4LpFhtWrkHYM/XqKbj2bNKKjTo5T3sU0Bf2QD3QzkmcjlNVG0V+qAgimwTdPueU/mtExw+7z1/A==M8/dBI/LLuwxP8ZoeRKVVpzIhQhyUDI0l6bglhNWKC0=DlFiF51sdtc0zeqgCsuSY6EU5emX7Hka6Ox3gviR4dpqyrwj6O8cm4oWkUTl+erINf9CpOG2y1z5y83+DubuGmiOPsACeEZjwF5TCme/uU1tzXs+LsLS8WXZvuMUejFOrUFEUKyzRvHJW5lskV/DhiMsTwJ/MEtGtjRVuWnAEcHxq/3ALsc3HfSi/qAqAiGlz3OpIKf3Hai6iiD37eJwHNd9QdJy4D32DJwY4Gw21ku7TO3FiLdtBT+Xdr3At8sWbbihFwErKrutT/FAVQKffUzCjHdEm9//W/shHufxYdnEh0m8cYp5Z5xK2bfnfhaKPB0rUZrrcw8T7LlvZKGogg==a0asEiJhFCBlVtptSspKvEZhcrvnzF7SQ55C4DhnStnSu1b37GUI2+Dlme9P94UCPZ1oCUPJdsYOBZ3IX6aEgEe0FJKXYX0kXraYCJKIo3g64wRchE7iblIOBCK1uHh8qqHA66Isnhb6hqBOOdlt2aWO/0jCzlfeQr0axpPF1mohMnP3h3ICaxZh0dnMdju5OmMrq+91PL5T9KkR7bfGHqAoWJ0kmxY/mZumtRfGil2/xf7I5pdVeYXPgDO/Tojzm6J95n68fPDOXTDrTzKYmqDjpg3kmWepLNQKFXRmkQrkBLToJWG1LDUDm3UTTmPWzq4c0XnGcXJDZglxfolGpA==9356D566-A3E48838-FB403790-D201244E-95DCBD92
+MIIEmDCCA4CgAwIBAgIEdHOXJzANBgkqhkiG9w0BAQsFADB3MRIwEAYKCZImiZPyLGQBGRYCQ1oxQzBBBgNVBAoMOsSMZXNrw6EgUmVwdWJsaWthIOKAkyBHZW5lcsOhbG7DrSBmaW5hbsSNbsOtIMWZZWRpdGVsc3R2w60xHDAaBgNVBAMTE0VFVCBDQSAxIFBsYXlncm91bmQwHhcNMTYwOTMwMDkwMzU5WhcNMTkwOTMwMDkwMzU5WjBDMRIwEAYKCZImiZPyLGQBGRYCQ1oxEzARBgNVBAMTCkNaMDAwMDAwMTkxGDAWBgNVBA0TD3ByYXZuaWNrYSBvc29iYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnNUPW8rAlLi2KAwu12W1vqLj02mWIifq/Jp0/tUjf9B8RpkDAD3GOqDdVuHSfxej92WiEouDy7X8uXzIDdZu4pXA3t3KntxM8rAlu2U6SqtF3kTR+AJCdwfkM53U3z4/qoyKqdQ8lGuMxJKs7X5uIjcY/UDSXMK9OTmXRhndjYcX1oILr5F2ONf1Z0kWyl/S9wI0cl0gQ1F91mzqgnlH80u2inMmmBp42ndR4TGS1nvjer5D73bkLg07TdeqnUg609WwjUJN96OKZMsKXzBMzt09NbhQcABWnAWbRTSVhsAdDO8vfmWx2C+gXUlkIvtO+9fbj81GS1xdNoAkpARUcCAwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFL/0b0Iw6FY33UT8iJEy1V7nZVR6MB8GA1UdIwQYMBaAFHwwdqzM1ofR7Mkf4nAILONf3gwHMA4GA1UdDwEB/wQEAwIGwDBjBgNVHSAEXDBaMFgGCmCGSAFlAwIBMAEwSjBIBggrBgEFBQcCAjA8DDpUZW50byBjZXJ0aWZpa8OhdCBieWwgdnlkw6FuIHBvdXplIHBybyB0ZXN0b3ZhY8OtIMO6xI1lbHkuMIGXBgNVHR8EgY8wgYwwgYmggYaggYOGKWh0dHA6Ly9jcmwuY2ExLXBnLmVldC5jei9lZXRjYTFwZy9hbGwuY3JshipodHRwOi8vY3JsMi5jYTEtcGcuZWV0LmN6L2VldGNhMXBnL2FsbC5jcmyGKmh0dHA6Ly9jcmwzLmNhMS1wZy5lZXQuY3ovZWV0Y2ExcGcvYWxsLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAvXdWsU+Ibd1VysKnjoy6RCYVcI9+oRUSSTvQQDJLFjwn5Sm6Hebhci8ERGwAzd2R6uqPdzl1KCjmHOitypZ66e+/e9wj3BaDqgBKRZYvxZykaVUdtQgG0819JZmiXTbGgOCKiUPIXO80cnP7U1ZPkVNV7WZwh0I2k/fg1VLTI5HA/x4BeD77wiEOExa7eqePJET0jpTVK3LxSW59LLIJROh4/kfKQbTvDL5Ypw8WagAMVCPvWnGJIcUru+ApLU4pZD9bdHSa1Ib4LpFhtWrkHYM/XqKbj2bNKKjTo5T3sU0Bf2QD3QzkmcjlNVG0V+qAgimwTdPueU/mtExw+7z1/A==M8/dBI/LLuwxP8ZoeRKVVpzIhQhyUDI0l6bglhNWKC0=DlFiF51sdtc0zeqgCsuSY6EU5emX7Hka6Ox3gviR4dpqyrwj6O8cm4oWkUTl+erINf9CpOG2y1z5y83+DubuGmiOPsACeEZjwF5TCme/uU1tzXs+LsLS8WXZvuMUejFOrUFEUKyzRvHJW5lskV/DhiMsTwJ/MEtGtjRVuWnAEcHxq/3ALsc3HfSi/qAqAiGlz3OpIKf3Hai6iiD37eJwHNd9QdJy4D32DJwY4Gw21ku7TO3FiLdtBT+Xdr3At8sWbbihFwErKrutT/FAVQKffUzCjHdEm9//W/shHufxYdnEh0m8cYp5Z5xK2bfnfhaKPB0rUZrrcw8T7LlvZKGogg==hdBqjqCTaEfJ6JI06H+c4OLvRGtntcwLlG0fucEkla++g9RLxP55jYlPLFf6Sdpm5jPC+hpBHry98zsPBlbwkcFiWdmgT2VBCtXxrwfRmJQOHNRdWhItDsHC4p45G+KmtC4uJCFAqFNL+E999wevPaS6Q02WktmvWI5+XUZnN75hR+G94oznpJS8T140850/FsYDlvPw0ZVWJwDMBzVrOWWxPSN3SBwa40TjD3dVIMlMC1Bo0NccnFp0y7GxNMSfIzDhF5R4S2Rmawe85znZ0PiHXMkPDhXLLpPx1pNiMsTwfeoEnhEMSU/PjjmLpbUzaRfLwZzgf+7Bl0ZX+/lsqA==F049C3F1-165CDCDA-2E35BC3A-FCB5C660-4B84D0B7
diff --git a/src/test/resources/requests/CZ1212121218.valid.v3.1.xml b/src/test/resources/requests/CZ683555118.valid.v3.1.xml
similarity index 83%
rename from src/test/resources/requests/CZ1212121218.valid.v3.1.xml
rename to src/test/resources/requests/CZ683555118.valid.v3.1.xml
index eb3511bb..44daafe6 100644
--- a/src/test/resources/requests/CZ1212121218.valid.v3.1.xml
+++ b/src/test/resources/requests/CZ683555118.valid.v3.1.xml
@@ -1,2 +1,2 @@
-MIIEmDCCA4CgAwIBAgIEVjaXMDANBgkqhkiG9w0BAQsFADB3MRIwEAYKCZImiZPyLGQBGRYCQ1oxQzBBBgNVBAoMOsSMZXNrw6EgUmVwdWJsaWthIOKAkyBHZW5lcsOhbG7DrSBmaW5hbsSNbsOtIMWZZWRpdGVsc3R2w60xHDAaBgNVBAMTE0VFVCBDQSAxIFBsYXlncm91bmQwHhcNMTYwOTMwMDkwMjQ0WhcNMTkwOTMwMDkwMjQ0WjBDMRIwEAYKCZImiZPyLGQBGRYCQ1oxFTATBgNVBAMTDENaMTIxMjEyMTIxODEWMBQGA1UEDRMNZnl6aWNrYSBvc29iYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIY6O5tIJmB+GFrZsIAjZukigWqFWm9JR6y+O23BFSFIsNxLXlSr+o8PMlvc2xn325R2mlBmfWGSeNVC+VzNj0lUnXt5xkFAQTzUAGy5Vw395w0gjffP0a0aEOJbpP/j/NKVwMmcNCgmR7TMdrHFY+iVlUeBXayShQUi5iwkioSJ7lVHnZpo/vPEuGK1P9ZCbr60HwyRrsgmE+ZPtlBUi5zPtNj0tFVRQ6p31fgDBFNKS+vRL8p9pBI0u2x+Ju64j2LBm4wbyX1tlgqNV0Eg/B+aHIi5LJNfX4AKEVQggso4ymD6RLP84UsYR03gRxGRVdrVx45LW0zslUg2M/OFFl8CAwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJPcMF6yIt00KetjxoNkR6lS1Sc7MB8GA1UdIwQYMBaAFHwwdqzM1ofR7Mkf4nAILONf3gwHMA4GA1UdDwEB/wQEAwIGwDBjBgNVHSAEXDBaMFgGCmCGSAFlAwIBMAEwSjBIBggrBgEFBQcCAjA8DDpUZW50byBjZXJ0aWZpa8OhdCBieWwgdnlkw6FuIHBvdXplIHBybyB0ZXN0b3ZhY8OtIMO6xI1lbHkuMIGXBgNVHR8EgY8wgYwwgYmggYaggYOGKWh0dHA6Ly9jcmwuY2ExLXBnLmVldC5jei9lZXRjYTFwZy9hbGwuY3JshipodHRwOi8vY3JsMi5jYTEtcGcuZWV0LmN6L2VldGNhMXBnL2FsbC5jcmyGKmh0dHA6Ly9jcmwzLmNhMS1wZy5lZXQuY3ovZWV0Y2ExcGcvYWxsLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAOd3TksJlO4Cq6BfuAoWUqJP28p10f11W60X2TZ0LLEIeJHvlZ2to6Pht8Pf50ZE4XPKyJclUDhT4dEoR0JcCiFZci8Oei35p6PAZ/dFEXBLHylMO5JOY5JNwhUJNkhE2oSoCDBWpZ+tF6sPPeQv+dR9Zcj6vy767D0XGz6zyrxB3Lb1t03SO+pGac/1C7dc3rOkBkqxz7b7dVRl7hT31ct/TTSMBBvPqStiUNF375nKb1pRTSZtj5jt8m8UHChmu6bWyFGYLqil9XFHr3xeIGK8hRb4pPdjMEOY6HULZwImPg3SnP8fInbXA47hWoHb7pGwpdE5Jybveo6ae8HNx4w==TWpSLQpOXSUe8k6Q8lAd7DyMhWkTIcbHNifrPnWDG/M=SX8rtbZ6ip6ayGLQsmoSjd5wVKJEXfbOIqP75E3HchB5QD09YYKuMpXVzLawtJHNVFPE8AvN0jqQaQkJCS2NaI0BZfBsryEx/Pnoq8dkwEYbEa7XgBIzblVNmN9iiaQoQPC2Q/PHCwhOSYUmMRM8liwBnkdaqNWw/6BySw7PWcS/BMDm3d3O/igheuO8Tbi3ksybTDun5lf8xsWdFFRZ2hJX4rJm9p2ro128AbDO6yJIy/sfsyEvMFkpSQ8pms66EIgz0OflhplvPxOsYjA4V0aB31M5t2qXAUNKBcaZkyUZDhLSgBf63GzcfQ501s8R/fwmH07NxfDFmSsrsP3LHw==JvCv0lXfT74zuviJaHeO91guUfum1MKhq0NNPxW0YlBGvIIt+I4QxEC3QP6BRwEkIS14n2WN+9oQ8nhQPYwZX7L4W9Ie7CYv1ojcl/YiF4560EdB3IpRNRj3UjQlwSZ5ucSM9vWqp0UTbhJDSUk5/WjC/CEiSYv7OQIqa0NJ0f0+ldzGveLRSF34eu2iqAhs/yfDnENlnMDPVB5ko/zQO0vcC93k5DEWEoytTIAsKd6jKSO7eama8Qe+d0wq9vBzudkfLgCe2C1iERJuyHknhjo9KOx10h5wk99QqVGX8tthpAmryDcX2N0ZGkzJHuzzebnYsxXFYI2tKOJLiLLoLQ==3F9119C1-FBF34535-D30B60F8-9859E4A6-C8C8AAFA
+MIIEmDCCA4CgAwIBAgIEVjaXMDANBgkqhkiG9w0BAQsFADB3MRIwEAYKCZImiZPyLGQBGRYCQ1oxQzBBBgNVBAoMOsSMZXNrw6EgUmVwdWJsaWthIOKAkyBHZW5lcsOhbG7DrSBmaW5hbsSNbsOtIMWZZWRpdGVsc3R2w60xHDAaBgNVBAMTE0VFVCBDQSAxIFBsYXlncm91bmQwHhcNMTYwOTMwMDkwMjQ0WhcNMTkwOTMwMDkwMjQ0WjBDMRIwEAYKCZImiZPyLGQBGRYCQ1oxFTATBgNVBAMTDENaMTIxMjEyMTIxODEWMBQGA1UEDRMNZnl6aWNrYSBvc29iYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIY6O5tIJmB+GFrZsIAjZukigWqFWm9JR6y+O23BFSFIsNxLXlSr+o8PMlvc2xn325R2mlBmfWGSeNVC+VzNj0lUnXt5xkFAQTzUAGy5Vw395w0gjffP0a0aEOJbpP/j/NKVwMmcNCgmR7TMdrHFY+iVlUeBXayShQUi5iwkioSJ7lVHnZpo/vPEuGK1P9ZCbr60HwyRrsgmE+ZPtlBUi5zPtNj0tFVRQ6p31fgDBFNKS+vRL8p9pBI0u2x+Ju64j2LBm4wbyX1tlgqNV0Eg/B+aHIi5LJNfX4AKEVQggso4ymD6RLP84UsYR03gRxGRVdrVx45LW0zslUg2M/OFFl8CAwEAAaOCAV4wggFaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFJPcMF6yIt00KetjxoNkR6lS1Sc7MB8GA1UdIwQYMBaAFHwwdqzM1ofR7Mkf4nAILONf3gwHMA4GA1UdDwEB/wQEAwIGwDBjBgNVHSAEXDBaMFgGCmCGSAFlAwIBMAEwSjBIBggrBgEFBQcCAjA8DDpUZW50byBjZXJ0aWZpa8OhdCBieWwgdnlkw6FuIHBvdXplIHBybyB0ZXN0b3ZhY8OtIMO6xI1lbHkuMIGXBgNVHR8EgY8wgYwwgYmggYaggYOGKWh0dHA6Ly9jcmwuY2ExLXBnLmVldC5jei9lZXRjYTFwZy9hbGwuY3JshipodHRwOi8vY3JsMi5jYTEtcGcuZWV0LmN6L2VldGNhMXBnL2FsbC5jcmyGKmh0dHA6Ly9jcmwzLmNhMS1wZy5lZXQuY3ovZWV0Y2ExcGcvYWxsLmNybDANBgkqhkiG9w0BAQsFAAOCAQEAOd3TksJlO4Cq6BfuAoWUqJP28p10f11W60X2TZ0LLEIeJHvlZ2to6Pht8Pf50ZE4XPKyJclUDhT4dEoR0JcCiFZci8Oei35p6PAZ/dFEXBLHylMO5JOY5JNwhUJNkhE2oSoCDBWpZ+tF6sPPeQv+dR9Zcj6vy767D0XGz6zyrxB3Lb1t03SO+pGac/1C7dc3rOkBkqxz7b7dVRl7hT31ct/TTSMBBvPqStiUNF375nKb1pRTSZtj5jt8m8UHChmu6bWyFGYLqil9XFHr3xeIGK8hRb4pPdjMEOY6HULZwImPg3SnP8fInbXA47hWoHb7pGwpdE5Jybveo6ae8HNx4w==TWpSLQpOXSUe8k6Q8lAd7DyMhWkTIcbHNifrPnWDG/M=SX8rtbZ6ip6ayGLQsmoSjd5wVKJEXfbOIqP75E3HchB5QD09YYKuMpXVzLawtJHNVFPE8AvN0jqQaQkJCS2NaI0BZfBsryEx/Pnoq8dkwEYbEa7XgBIzblVNmN9iiaQoQPC2Q/PHCwhOSYUmMRM8liwBnkdaqNWw/6BySw7PWcS/BMDm3d3O/igheuO8Tbi3ksybTDun5lf8xsWdFFRZ2hJX4rJm9p2ro128AbDO6yJIy/sfsyEvMFkpSQ8pms66EIgz0OflhplvPxOsYjA4V0aB31M5t2qXAUNKBcaZkyUZDhLSgBf63GzcfQ501s8R/fwmH07NxfDFmSsrsP3LHw==cunvTtcuESCZK0sCTDboY8/7+cIKlKuKAInvfVHqO+zlZbnNxoxdXduC0qPOsRl8kHVmWEWku8+m2tnLTtbBF04v53imLPiWOWxzFHJUAVfhLf905t3h18RBW/c3hZApCunaQy2Ak7gOPAVlRZuVBlUuNrp2ZRViLgorQfNzvAXES7blkRCriDz+lDUOOf68ubZ+qj/WHO/omvJ80EyqJJI36/3yIJGj5DYmqaluaDUb1OZDZHaOWXujs1OCwr4l117C9KQ4gNZz8mkOqvsJvTfdmQZPazJ5FDUQGdrjJ+0Z78Ei7JS30UsG8STyHiyvEefsfX+aM43fhWvY/luCNQ==29397034-32967103-4F1710A3-E761C04C-334D684F