jandd/cacert-gosigner
1
0
Fork 0
Code Issues Pull requests Projects Releases Activity

Add architecture/design documentation

Browse source
This commit is contained in:
Jan Dittberner 2022-08-02 11:15:23 +02:00 committed by Jan Dittberner
parent c532ec436a
commit b084872542
5 changed files with 1974 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
docs/components.puml Normal file
View file

@ -0,0 +1,71 @@
@startuml
!include <C4/C4_Component.puml>
!include <tupadr3/font-awesome/database>
LAYOUT_TOP_DOWN()
System_Ext(SignerClient, "Signer client", "Send commands to signer")
System_Boundary(Signer, "Signer server") {
Boundary(SignerSoftware, "Signer Software") {
Component(SerialHandler, "Serial link handler", "Go", "Reads and writes to the serial interface, parses and creates frames")
Component(ProtocolHandler, "Protocol handler", "Go", "Parses and creates protocol messages")
Component(X509SigningHandler, "X.509 signing", "Go", "Handles X.509 certificate signing commands")
Component(X509RevocationHandler, "X.509 revocation", "Go", "Handles X.509 certificate revocation commands")
Component(OpenPGPSigningHandler, "OpenPGP signing", "Go", Handles OpenPGP key signing commands")
Component(X509CRLHandler, "X.509 crl", "Go", "Handles X.509 CRL retrieval commands")
Component(HealthHandler, "Health check", "Go", "Handles health check commands")
Component(HSMAccess, "HSM access", "Go", "Handles HSM hardware access")
Component(SyncHandler, "Synchronization handler", "Go", "Handles synchronization with other signer")
ComponentDb(SignerDB, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
}
ContainerQueue(NATS, "NATS Service", "NATS")
}
System_Boundary(Signer2, "Other signer") {
Boundary(SignerSoftware2, "Signer Software") {
Component_Ext(SyncHandler2, "Synchronization handler", "Go", "Handles synchronization with other signer")
ComponentDb_Ext(SignerDB2, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
}
ContainerQueue_Ext(NATS2, "NATS Service", "NATS")
}
Component_Ext(HSM, "HSM", "PKCS#11", "Hardware security module")
Rel(SignerClient, SerialHandler, "Uses", "USB serial link")
Rel(SerialHandler, ProtocolHandler, "Uses")
Rel(ProtocolHandler, X509SigningHandler, "Uses")
Rel(ProtocolHandler, X509CRLHandler, "Uses")
Rel(ProtocolHandler, X509RevocationHandler, "Uses")
Rel(ProtocolHandler, OpenPGPSigningHandler, "Uses")
Rel(ProtocolHandler, HealthHandler, "Uses")
Rel(X509SigningHandler, HSMAccess, "Uses")
Rel(X509SigningHandler, SignerDB, "Writes")
Rel(X509RevocationHandler, SignerDB, "Writes")
Rel(X509CRLHandler, HSMAccess, "Uses")
Rel(X509CRLHandler, SignerDB, "Reads")
Rel(OpenPGPSigningHandler, HSMAccess, "Uses")
Rel(OpenPGPSigningHandler, SignerDB, "Writes")
Rel(HealthHandler, HSMAccess, "Checks")
Rel(HealthHandler, SignerDB, "Checks")
Rel(SyncHandler, SignerDB, "Uses")
BiRel(SyncHandler, NATS, "Synchronize", "NATS protocol")
BiRel(NATS, NATS2, "Synchronize", "NATS/TLS")
BiRel(SyncHandler2, NATS2, "Synchronize", "NATS protocol")
Rel(SyncHandler2, SignerDB2, "Uses")
Rel(HSMAccess, HSM, "Uses", "PKCS#11")
@enduml

850
docs/components.svg Normal file
View file

@ -0,0 +1,850 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="965.4px" preserveAspectRatio="none" style="width:1221px;height:965px;background:#FFFFFF;" version="1.1" viewBox="0 0 1221 965" width="1221.6px" zoomAndPan="magnify"><defs/><g><!--MD5=[ef20b3fe45c502f37db21f37a527870c]
cluster Signer--><g id="cluster_Signer"><rect height="718.2" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="928.8" x="4.2" y="100.2"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="457.2" y="104.7416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="73.2" x="432" y="116.3109">Signer server</text><text fill="#444444" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="36.6" x="450.3" y="125.2582">[System]</text></g><!--MD5=[1bab5bcae8e0c09a8d95c3a3ae22aa87]
cluster SignerSoftware--><g id="cluster_SignerSoftware"><rect height="662.4" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="811.2" x="18.6" y="141.6"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="412.8" y="146.1416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="88.2" x="380.1" y="157.7109">Signer Software</text></g><!--MD5=[4e4416bf7ebbd0afd89bc8fc82d4e864]
cluster Signer2--><g id="cluster_Signer2"><rect height="314.4" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="270.6" x="947.4" y="647.4"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="1071.3" y="651.9416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="68.4" x="1048.5" y="663.5109">Other signer</text><text fill="#444444" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="36.6" x="1064.4" y="672.4582">[System]</text></g><!--MD5=[fd28193bdccf8ac8e7e1a1a0fe20b8a9]
cluster SignerSoftware2--><g id="cluster_SignerSoftware2"><rect height="258.6" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="147.6" x="1056" y="688.8"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="1118.4" y="693.3416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="88.2" x="1085.7" y="704.9109">Signer Software</text></g><!--MD5=[8f869394a97c4ccf4e0e1a7d0f555823]
entity NATS--><g id="elem_NATS"><path d="M842.4,740.1 L920.4,740.1 C923.4,740.1 923.4,757.0688 923.4,757.0688 C923.4,757.0688 923.4,774.0375 920.4,774.0375 L842.4,774.0375 C839.4,774.0375 839.4,757.0688 839.4,757.0688 C839.4,757.0688 839.4,740.1 842.4,740.1 " fill="#438DD5" style="stroke:#3C7FC0;stroke-width:0.3;"/><path d="M920.4,740.1 C917.4,740.1 917.4,757.0688 917.4,757.0688 C917.4,774.0375 920.4,774.0375 920.4,774.0375 " fill="none" style="stroke:#3C7FC0;stroke-width:0.3;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="42.6" x="857.1" y="749.7832">«container»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="72" x="842.4" y="760.3922">NATS Service</text><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="25.2" x="865.8" y="769.3395">[NATS]</text></g><!--MD5=[1b07182dd713ed4e3be3a95ab68a0fd5]
entity SerialHandler--><g id="elem_SerialHandler"><rect fill="#85BBF0" height="79.05" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="130.2" x="267.9" y="169.8"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="182.4832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="98.4" x="283.8" y="193.0922">Serial link handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="202.0395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="211.5346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="99.6" x="283.2" y="221.3127">Reads and writes to the</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="115.8" x="273.9" y="231.0908">serial interface, parses and</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="64.2" x="300.9" y="240.8689">creates frames</text></g><!--MD5=[3d42f30e2a78c2aed96731e8102a93c9]
entity ProtocolHandler--><g id="elem_ProtocolHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="101.4" x="282.3" y="294"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="306.6832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="89.4" x="288.3" y="317.2922">Protocol handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="326.2395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="335.7346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="80.4" x="292.8" y="345.5127">Parses and creates</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="80.4" x="292.8" y="355.2908">protocol messages</text></g><!--MD5=[24ea4ec5c7d19a3ad8a972e66335077d]
entity CommandDispatcher--><g id="elem_CommandDispatcher"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="126.6" x="269.7" y="408"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="420.6832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="114.6" x="275.7" y="431.2922">Command dispatcher</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="440.2395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="449.7346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="97.8" x="284.1" y="459.5127">Dispatch commands to</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="82.8" x="291.6" y="469.2908">command handlers</text></g><!--MD5=[1011eedbd8ff904aa9b61ed64da000c5]
entity X509SigningHandler--><g id="elem_X509SigningHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="124.2" x="408.3" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="445.5" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="72.6" x="434.1" y="550.9922">X.509 signing</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="462.6" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="469.2" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="107.4" x="416.7" y="579.2127">Handles X.509 certificate</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="80.4" x="430.2" y="588.9908">signing commands</text></g><!--MD5=[1c6dc598b8ad1e32344a0fe24eeaf662]
entity X509RevocationHandler--><g id="elem_X509RevocationHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="124.2" x="553.5" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="590.7" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="91.2" x="570" y="550.9922">X.509 revocation</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="607.8" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="614.4" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="107.4" x="561.9" y="579.2127">Handles X.509 certificate</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="95.4" x="567.9" y="588.9908">revocation commands</text></g><!--MD5=[6f59e0a59673b0784d2b49aad5931220]
entity OpenPGPSigningHandler--><g id="elem_OpenPGPSigningHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="110.4" x="28.2" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="58.5" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="92.4" x="37.2" y="550.9922">OpenPGP signing</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="75.6" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="82.2" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="93.6" x="36.6" y="579.2127">Handles OpenPGP key</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="84" x="41.4" y="588.9908">signing commands"</text></g><!--MD5=[ac60de3e2d5367fb8173a39d1f6f967e]
entity X509CRLHandler--><g id="elem_X509CRLHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="97.8" x="159.9" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="183.9" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="47.4" x="185.1" y="550.9922">X.509 crl</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="201" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="207.6" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="81" x="168.3" y="579.2127">Handles X.509 CRL</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="85.8" x="165.9" y="588.9908">retrieval commands</text></g><!--MD5=[04880e5e31ecc78df75a393e279e8df9]
entity HealthHandler--><g id="elem_HealthHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="108.6" x="278.7" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="69.6" x="298.2" y="550.9922">Health check</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="91.8" x="287.1" y="579.2127">Handles health check</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="47.4" x="309.3" y="588.9908">commands</text></g><!--MD5=[58d078c34e72bc75166669b12cea25ab]
entity HSMAccess--><g id="elem_HSMAccess"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="116.4" x="154.8" y="722.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="188.1" y="735.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="64.2" x="180.9" y="745.9922">HSM access</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="205.2" y="754.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="211.8" y="764.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="99.6" x="163.2" y="774.2127">Handles HSM hardware</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="28.8" x="198.6" y="783.9908">access</text></g><!--MD5=[2db99c1383d9a8197df41033e0363f36]
entity SyncHandler--><g id="elem_SyncHandler"><rect fill="#85BBF0" height="80.4469" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="121.2" x="699" y="522"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="734.7" y="534.6832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="85.8" x="714.9" y="545.2922">Synchronization</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="40.8" x="739.2" y="556.4672">handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="751.8" y="565.4145">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="758.4" y="574.9096"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="104.4" x="707.4" y="584.6877">Handles synchronization</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="71.4" x="723.9" y="594.4658">with other signer</text></g><!--MD5=[e834ab3daed066426c91d2e7962575e2]
entity SignerDB--><g id="elem_SignerDB"><path d="M375.6,726 C375.6,720 439.8,720 439.8,720 C439.8,720 504,720 504,726 L504,788.1375 C504,794.1375 439.8,794.1375 439.8,794.1375 C439.8,794.1375 375.6,794.1375 375.6,788.1375 L375.6,726 " fill="#85BBF0" style="stroke:#78A8D8;stroke-width:0.3;"/><path d="M375.6,726 C375.6,732 439.8,732 439.8,732 C439.8,732 504,732 504,726 " fill="none" style="stroke:#78A8D8;stroke-width:0.3;"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="414.9" y="741.0832">«component»</text><image height="28.8" width="28.8" x="425.4" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACtklEQVR4Xu2XrUqFQRCGTzUIYhOLQWyCGKzHZrAYtYnYLApWwfIVk8kseAHaLV6Cl+AleAk+nMFhndmf72/xE3x5kXPW3dl3Z2Zn58ya189JceaHfpfdBF0/vZ/dvRxd3e8dnm7PjzZ39+H61s7q2gZ/IV8Zh/PjS6ZdPLzdPH94OxmWBWH04PyWnWZ9sbS8gkT0cR5v3zApiMW4AVvW/DDgRZT57ZRxQUixlkYF5yT0ft+4IA5hDdQBmeB3t4JIRruuJnzKW0FDkrcHfOD+Bf3EHxREkbCLqoHLb3aPCGrqFyEFb4DfPSIIntw88jxZA+OBl8Rf+JwglTVuShEj6lz+RbOCorPxLYYQ1+Npw9OZl9X7yQqSjiK6WMl/cR57UPshWkk7/kK+Mg65Pn6zkMyJvmgRQXIyPrAmb7QHOQy61dMdBCl4azHByrzbUuRIRFx6On9R+ggywChzJEYaICKoQZTYkTecpJhzZUGTe+2bqfVDwtrFOnq/coKaqfXUIaUqDonjoF8dstLPE474uwxTTPOBs4Lk2nMmMi5layARgRRxXltBCq2K3m4nymvjk9JbLggKgS0piTgP69giIuwE8SXkAyOMQyZoebSGApQF1b7wBj7NrSBmjH7VU8B/ZveIINHkX8HRQUD91nFBQi5tJVk4xkeqLEg4vCoKtDYWS4kVNE/3vFIS54teFuelUo1xyBlQIPcxZVAaSzNoBcm1x1b0N0qKcu39eIqaD20FCViDPzopyxDFeEtrtKCboBBhCDIvlJIJJsTW4gJlQeYERZAubCaU7LEzsvDut4KQbBdVA2cwu0cENYsfrHZpBZAD0bhHBDXfzYq1MRIIa6bligsScgKyeHhVFEhtxP1+o5A5QSHJrTbtRAhtV1o2r8K2ggx996MdkjRJfklL9hRUj5MT9AU1SPnpo3eZPgAAAABJRU5ErkJggg==" y="742.7813"/><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="116.4" x="381.6" y="780.4922">Certificate repository</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="110.4" x="384.6" y="789.4395">[Go, Embedded Key-Value DB]</text></g><!--MD5=[8940efdef782accd207644e2a21c9a46]
entity NATS2--><g id="elem_NATS2"><path d="M960,883.5 L1041.6,883.5 C1044.6,883.5 1044.6,900.4688 1044.6,900.4688 C1044.6,900.4688 1044.6,917.4375 1041.6,917.4375 L960,917.4375 C957,917.4375 957,900.4688 957,900.4688 C957,900.4688 957,883.5 960,883.5 " fill="#B3B3B3" style="stroke:#A6A6A6;stroke-width:0.3;"/><path d="M1041.6,883.5 C1038.6,883.5 1038.6,900.4688 1038.6,900.4688 C1038.6,917.4375 1041.6,917.4375 1041.6,917.4375 " fill="none" style="stroke:#A6A6A6;stroke-width:0.3;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="75.6" x="960" y="893.1832">«external_container»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="72" x="961.8" y="903.7922">NATS Service</text><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="25.2" x="985.2" y="912.7395">[NATS]</text></g><!--MD5=[3d669a59ee04a28ec5dc9358aab5f1b1]
entity SyncHandler2--><g id="elem_SyncHandler2"><rect fill="#CCCCCC" height="80.4469" rx="1.5" ry="1.5" style="stroke:#BFBFBF;stroke-width:0.3;" width="121.2" x="1067.4" y="717"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="82.8" x="1086.6" y="729.6832">«external_component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="85.8" x="1083.3" y="740.2922">Synchronization</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="40.8" x="1107.6" y="751.4672">handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="1120.2" y="760.4145">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="1126.8" y="769.9096"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="104.4" x="1075.8" y="779.6877">Handles synchronization</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="71.4" x="1092.3" y="789.4658">with other signer</text></g><!--MD5=[d6aaf1a0f5c32983fa5796596196f201]
entity SignerDB2--><g id="elem_SignerDB2"><path d="M1065.6,869.4 C1065.6,863.4 1129.8,863.4 1129.8,863.4 C1129.8,863.4 1194,863.4 1194,869.4 L1194,931.5375 C1194,937.5375 1129.8,937.5375 1129.8,937.5375 C1129.8,937.5375 1065.6,937.5375 1065.6,931.5375 L1065.6,869.4 " fill="#CCCCCC" style="stroke:#BFBFBF;stroke-width:0.3;"/><path d="M1065.6,869.4 C1065.6,875.4 1129.8,875.4 1129.8,875.4 C1129.8,875.4 1194,875.4 1194,869.4 " fill="none" style="stroke:#BFBFBF;stroke-width:0.3;"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="82.8" x="1088.4" y="884.4832">«external_component»</text><image height="28.8" width="28.8" x="1115.4" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACl0lEQVR4Xu2XbZHCMBCGUYACDKDgDKAABTWAghpAAQowgAIMRNQ9kx0yvXeT9DNzvZl7fpWSbN7sbjbbQ9gZB33x28wT9Hq9Ho9H3/fX6/VyuXxFzufz6XQ6R/h5iXRdx7Dn8/l+v9VKlXFBGL3dbqx0WMrxeEQi+tiPWncUBTEZN2BLza8DL6JMFxuQF4QUtbQp7JPQ66qRjCA2oQbaQCbo2l4QyajzWuJTXgWtSd4F+MD9C/rJHxREkdBJzeDwy+rBCwrti1CCO0DXzgqC+/3O9aQGtoObxB94Iy/IQNa2KUWMqHP1G00FZUfjWwwhbsHVhqcrN6v3kwqyjiI7OcG/OI81bhG0knZdhJ99hOPjFxvCmOyNlhFkO+OBOXWjC2Az6E6eniEowV2LCWbW3VaCLRFx6+n8QVkiSMAoYyxGKUD3iAXRYkfesJPRnBsXtLvbPuytHzJaF+vs+TLygsLeeuohVhXXxHHVV4fNlJeJDb/LMMUwHzgVZMeePZFxJVsrQQRSzHlTBSVSVZRhc7HbxieltzwiaAi2rCTiPKxji4i8Iu8ID7x5RBiQyqMaGjAuqPWBF3yaqyBGbH7US+A/WT14QSFq8rfg5hBQXTiSEWRwaBvJwjE+UomiIGN9VTRSbRwtJSqoK/e8VhK72MvivFKqHSPsAQV2HksG+9hYyksVZMceW9lvlBJ27PVtmZQPUwUZzMEfs5RVQDHeSjXamCdoyDAElRsqwQAJsVqMjAuSHYxCupw+WPboiCre/SoIyTqpGexBVg9eUIgfrDq1AeRANu4ZQeHTrKiNjSCslZYrL8hgB2Tx+qpoWG3E/brMT2qChpBbU9qJIaldmdi8GlMFCb77SR2SNUk6YTILBbVjd4K+Ab755zzpVjRDAAAAAElFTkSuQmCC" y="886.1813"/><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="116.4" x="1071.6" y="923.8922">Certificate repository</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="110.4" x="1074.6" y="932.8395">[Go, Embedded Key-Value DB]</text></g><!--MD5=[c25eb3bb2a673e49b4700e0aa1b6b6c8]
entity SignerClient--><g id="elem_SignerClient"><rect fill="#999999" height="51.1125" rx="1.5" ry="1.5" style="stroke:#8A8A8A;stroke-width:0.3;" width="125.4" x="270.3" y="4.2"/><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="67.2" x="299.4" y="16.8832">«external_system»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="67.8" x="299.1" y="27.4922">Signer client</text><text fill="#FFFFFF" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="37.5533"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="111" x="278.7" y="47.3314">Send commands to signer</text></g><!--MD5=[ff028a7ac4eed75d9278e76cd9053439]
entity HSM--><g id="elem_HSM"><rect fill="#CCCCCC" height="59.4938" rx="1.5" ry="1.5" style="stroke:#BFBFBF;stroke-width:0.3;" width="127.2" x="149.4" y="870.9"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="82.8" x="171.6" y="883.5832">«external_component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="24.6" x="200.7" y="894.1922">HSM</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="40.2" x="192.9" y="903.1395">[PKCS#11]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="211.8" y="912.6346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="112.8" x="157.8" y="922.4127">Hardware security module</text></g><!--MD5=[c4211f20d77779d002d0636fe4eff351]
link SignerClient to SerialHandler--><g id="link_SignerClient_SerialHandler"><path d="M333,55.308 C333,83.61 333,130.254 333,164.706 " fill="none" id="SignerClient-to-SerialHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,169.698,334.8,164.898,331.2,164.898,333,169.698" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="352.5" y="80.4832">Uses</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="57" x="333.6" y="88.8645">[USB serial link]</text></g><!--MD5=[a5ac9fd6085cba509022a8449c62ed3f]
link SerialHandler to ProtocolHandler--><g id="link_SerialHandler_ProtocolHandler"><path d="M333,249.096 C333,261.936 333,276.192 333,289.02 " fill="none" id="SerialHandler-to-ProtocolHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,293.856,334.8,289.056,331.2,289.056,333,293.856" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="333.6" y="274.2832">Uses</text></g><!--MD5=[7ac00e2da23fc9db1b41cffd82dc1741]
link ProtocolHandler to CommandDispatcher--><g id="link_ProtocolHandler_CommandDispatcher"><path d="M333,363.096 C333,375.696 333,390.072 333,403.068 " fill="none" id="ProtocolHandler-to-CommandDispatcher" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,407.97,334.8,403.17,331.2,403.17,333,407.97" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="333.6" y="388.2832">Uses</text></g><!--MD5=[f01831a2ba420d0c75182d4e788ee6bf]
link CommandDispatcher to X509SigningHandler--><g id="link_CommandDispatcher_X509SigningHandler"><path d="M372.372,477.06 C389.55,491.868 409.734,509.28 427.314,524.436 " fill="none" id="CommandDispatcher-to-X509SigningHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="431.022,527.64,428.5647,523.1409,426.2123,525.8661,431.022,527.64" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="402.6" y="502.2832">Uses</text></g><!--MD5=[22dbb981dee4bd7a14e7eb60c838fe5b]
link CommandDispatcher to X509CRLHandler--><g id="link_CommandDispatcher_X509CRLHandler"><path d="M297.408,477.06 C281.946,491.808 263.79,509.136 247.95,524.25 " fill="none" id="CommandDispatcher-to-X509CRLHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="244.398,527.64,249.1119,525.6253,246.6248,523.0225,244.398,527.64" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="279" y="502.2832">Uses</text></g><!--MD5=[dcd6d74b7c49eaccf4c700af4f270b89]
link CommandDispatcher to X509RevocationHandler--><g id="link_CommandDispatcher_X509RevocationHandler"><path d="M396.426,464.322 C438.582,479.058 494.838,499.95 543,522 C545.448,523.122 547.926,524.292 550.416,525.492 " fill="none" id="CommandDispatcher-to-X509RevocationHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="554.916,527.694,551.3949,523.9682,549.8132,527.2022,554.916,527.694" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="498.6" y="502.2832">Uses</text></g><!--MD5=[ad19a4a48ac5aae50df60ac564a0ef27]
link CommandDispatcher to OpenPGPSigningHandler--><g id="link_CommandDispatcher_OpenPGPSigningHandler"><path d="M269.574,467.892 C233.754,482.502 188.466,502.002 149.4,522 C147.318,523.068 145.212,524.172 143.094,525.306 " fill="none" id="CommandDispatcher-to-OpenPGPSigningHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="138.732,527.676,143.8082,526.9606,142.0862,523.7992,138.732,527.676" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="204.6" y="502.2832">Uses</text></g><!--MD5=[96a6a8f2b6b590d6cb2b851858bda1f3]
link CommandDispatcher to HealthHandler--><g id="link_CommandDispatcher_HealthHandler"><path d="M333,477.06 C333,491.31 333,507.972 333,522.72 " fill="none" id="CommandDispatcher-to-HealthHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,527.64,334.8,522.84,331.2,522.84,333,527.64" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="333.6" y="502.2832">Uses</text></g><!--MD5=[c03f96c452f26815ba38daf1adeb88ce]
link X509SigningHandler to HSMAccess--><g id="link_X509SigningHandler_HSMAccess"><path d="M451.68,596.844 C441.522,611.97 427.518,628.44 410.4,637.8 C392.52,647.58 383.766,635.148 364.8,642.6 C321.12,659.772 279.06,693.114 250.338,719.328 " fill="none" id="X509SigningHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="246.726,722.646,251.4773,720.7211,249.04,718.0716,246.726,722.646" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="432" y="631.8832">Uses</text></g><!--MD5=[049c56c40f5ce55919cf848cfeae4412]
link X509SigningHandler to SignerDB--><g id="link_X509SigningHandler_SignerDB"><path d="M469.302,596.886 C468.6,609.75 467.46,624.492 465.6,637.8 C461.97,663.756 455.796,692.478 450.39,715.182 " fill="none" id="X509SigningHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="449.256,719.934,452.1297,715.6888,448.6298,714.846,449.256,719.934" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="26.4" x="468.6" y="631.8832">Writes</text></g><!--MD5=[82b942a05dde6d4abd870be92d5b79e1]
link X509RevocationHandler to SignerDB--><g id="link_X509RevocationHandler_SignerDB"><path d="M560.058,596.754 C541.632,609.66 521.898,625.428 506.4,642.6 C486.888,664.218 470.346,692.448 458.622,715.41 " fill="none" id="X509RevocationHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="456.342,719.928,460.1097,716.4518,456.8949,714.8315,456.342,719.928" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="26.4" x="528.6" y="631.8832">Writes</text></g><!--MD5=[f3fbeda310f19b6def0836f108fb90ae]
link X509CRLHandler to HSMAccess--><g id="link_X509CRLHandler_HSMAccess"><path d="M195.06,596.736 C192.546,604.392 190.308,612.576 189,620.4 C183.504,653.31 191.046,690.624 199.092,717.864 " fill="none" id="X509CRLHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="200.49,722.484,200.8156,717.3679,197.3713,718.4154,200.49,722.484" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="189.6" y="631.8832">Uses</text></g><!--MD5=[1be83cc4a91ae3618c25e12be491020b]
link X509CRLHandler to SignerDB--><g id="link_X509CRLHandler_SignerDB"><path d="M257.856,596.772 C261.306,598.764 264.774,600.66 268.2,602.4 C288.966,612.93 298.116,607.356 317.4,620.4 C327.9,627.504 372.84,678.642 405.222,716.172 " fill="none" id="X509CRLHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="408.516,719.988,406.7486,715.1759,404.0203,717.5246,408.516,719.988" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="24.6" x="334.8" y="631.8832">Reads</text></g><!--MD5=[1531770e9c84b9a37109fc722a3e41bc]
link OpenPGPSigningHandler to HSMAccess--><g id="link_OpenPGPSigningHandler_HSMAccess"><path d="M106.122,596.778 C128.91,630.858 163.932,683.22 187.614,718.644 " fill="none" id="OpenPGPSigningHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="190.302,722.658,189.1297,717.6674,186.1373,719.6688,190.302,722.658" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="133.8" y="631.8832">Uses</text></g><!--MD5=[5647650e77d9b601644db74356963c93]
link OpenPGPSigningHandler to SignerDB--><g id="link_OpenPGPSigningHandler_SignerDB"><path d="M136.014,596.736 C140.448,598.86 144.936,600.786 149.4,602.4 C198.63,620.196 218.544,597.876 265.8,620.4 C276.198,625.356 276.156,630.42 285,637.8 C317.736,665.118 355.692,694.284 385.83,716.886 " fill="none" id="OpenPGPSigningHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="389.844,719.886,387.0778,715.57,384.9219,718.453,389.844,719.886" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="26.4" x="285.6" y="631.8832">Writes</text></g><!--MD5=[01fcd97973dce0a15ca3f22ec6f9a33e]
link HealthHandler to HSMAccess--><g id="link_HealthHandler_HSMAccess"><path d="M278.544,596.46 C275.058,598.494 271.59,600.492 268.2,602.4 C253.026,610.944 243.534,606.24 233.4,620.4 C213.276,648.522 209.382,688.344 209.796,717.666 " fill="none" id="HealthHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="209.91,722.646,211.5981,717.8055,207.9991,717.8891,209.91,722.646" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="28.8" x="234" y="631.8832">Checks</text></g><!--MD5=[8e666ca13f2e292cf801466daea72d33]
link HealthHandler to SignerDB--><g id="link_HealthHandler_SignerDB"><path d="M353.514,596.76 C358.086,604.494 362.862,612.696 367.2,620.4 C385.044,652.092 404.376,688.47 418.602,715.65 " fill="none" id="HealthHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="420.84,719.934,420.2057,714.847,417.0172,716.5184,420.84,719.934" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="28.8" x="376.2" y="631.8832">Checks</text></g><!--MD5=[f6d0a255b9300fdc869edf618776ea20]
link SyncHandler to SignerDB--><g id="link_SyncHandler_SignerDB"><path d="M698.916,597.69 C695.334,599.37 691.74,600.948 688.2,602.4 C633.648,624.714 618.39,627.282 560.4,637.8 C548.544,639.948 516.57,636.144 506.4,642.6 C480.288,659.166 463.206,689.928 452.88,715.326 " fill="none" id="SyncHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="451.098,719.838,454.5393,716.0384,451.1924,714.7125,451.098,719.838" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="639" y="631.8832">Uses</text></g><!--MD5=[ce0bb68167ca79996a54c04fb7a06609]
link SyncHandler to NATS--><g id="link_SyncHandler_NATS"><path d="M802.014,606.336 C811.836,617.628 821.754,630.132 829.8,642.6 C849.354,672.888 865.236,711.81 873.996,735.444 " fill="none" id="SyncHandler-NATS" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="875.652,739.962,875.6884,734.8357,872.3087,736.0758,875.652,739.962" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="798.69,602.55,800.5066,607.3437,803.2107,604.9672,798.69,602.55" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="50.4" x="828.3" y="627.6832">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="57" x="825" y="636.0645">[NATS protocol]</text></g><!--MD5=[ac10af24f910bae24644d4ccf6ac738e]
link NATS to NATS2--><g id="link_NATS_NATS2"><path d="M895.272,778.308 C907.872,796.488 927.318,823.482 946.2,845.4 C956.484,857.34 968.838,869.826 979.194,879.846 " fill="none" id="NATS-NATS2" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="982.908,883.416,980.6986,878.7902,978.2017,881.3835,982.908,883.416" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="892.53,774.336,893.7738,779.3092,896.7372,777.2651,892.53,774.336" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="50.4" x="946.8" y="835.2832">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="40.8" x="951.6" y="843.6645">[NATS/TLS]</text></g><!--MD5=[06c6604c5c35b105f23e33e7e3e4aba5]
link SyncHandler2 to NATS2--><g id="link_SyncHandler2_NATS2"><path d="M1089.258,801.108 C1065.864,827.262 1037.148,859.368 1018.908,879.756 " fill="none" id="SyncHandler2-NATS2" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="1015.626,883.428,1020.1677,881.0504,1017.4845,878.6504,1015.626,883.428" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="1092.57,797.412,1088.0251,799.7835,1090.7051,802.1872,1092.57,797.412" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="50.4" x="1068.3" y="835.2832">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="57" x="1065" y="843.6645">[NATS protocol]</text></g><!--MD5=[19a8c02a4a6c3e2efd241ec79f03fa40]
link SyncHandler2 to SignerDB2--><g id="link_SyncHandler2_SignerDB2"><path d="M1128.504,797.412 C1128.744,816.426 1129.032,839.208 1129.272,858.468 " fill="none" id="SyncHandler2-to-SignerDB2" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="1129.338,863.286,1131.0779,858.4639,1127.4781,858.5089,1129.338,863.286" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="1129.2" y="839.4832">Uses</text></g><!--MD5=[c3f60d65e94da5508ad0c196407a2043]
link HSMAccess to HSM--><g id="link_HSMAccess_HSM"><path d="M213,791.862 C213,814.242 213,843.42 213,865.824 " fill="none" id="HSMAccess-to-HSM" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="213,870.786,214.8,865.986,211.2,865.986,213,870.786" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="224.1" y="835.2832">Uses</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="40.2" x="213.6" y="843.6645">[PKCS#11]</text></g><!--MD5=[a726e812cabc4afb404b403f544cfdee]
@startuml
!include <C4/C4_Component.puml>
!include <tupadr3/font-awesome/database>
LAYOUT_TOP_DOWN()
System_Ext(SignerClient, "Signer client", "Send commands to signer")
System_Boundary(Signer, "Signer server") {
Boundary(SignerSoftware, "Signer Software") {
Component(SerialHandler, "Serial link handler", "Go", "Reads and writes to the serial interface, parses and creates frames")
Component(ProtocolHandler, "Protocol handler", "Go", "Parses and creates protocol messages")
Component(CommandDispatcher, "Command dispatcher", "Go", "Dispatch commands to command handlers")
Component(X509SigningHandler, "X.509 signing", "Go", "Handles X.509 certificate signing commands")
Component(X509RevocationHandler, "X.509 revocation", "Go", "Handles X.509 certificate revocation commands")
Component(OpenPGPSigningHandler, "OpenPGP signing", "Go", Handles OpenPGP key signing commands")
Component(X509CRLHandler, "X.509 crl", "Go", "Handles X.509 CRL retrieval commands")
Component(HealthHandler, "Health check", "Go", "Handles health check commands")
Component(HSMAccess, "HSM access", "Go", "Handles HSM hardware access")
Component(SyncHandler, "Synchronization handler", "Go", "Handles synchronization with other signer")
ComponentDb(SignerDB, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
}
ContainerQueue(NATS, "NATS Service", "NATS")
}
System_Boundary(Signer2, "Other signer") {
Boundary(SignerSoftware2, "Signer Software") {
Component_Ext(SyncHandler2, "Synchronization handler", "Go", "Handles synchronization with other signer")
ComponentDb_Ext(SignerDB2, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
}
ContainerQueue_Ext(NATS2, "NATS Service", "NATS")
}
Component_Ext(HSM, "HSM", "PKCS#11", "Hardware security module")
Rel(SignerClient, SerialHandler, "Uses", "USB serial link")
Rel(SerialHandler, ProtocolHandler, "Uses")
Rel(ProtocolHandler, CommandDispatcher, "Uses")
Rel(CommandDispatcher, X509SigningHandler, "Uses")
Rel(CommandDispatcher, X509CRLHandler, "Uses")
Rel(CommandDispatcher, X509RevocationHandler, "Uses")
Rel(CommandDispatcher, OpenPGPSigningHandler, "Uses")
Rel(CommandDispatcher, HealthHandler, "Uses")
Rel(X509SigningHandler, HSMAccess, "Uses")
Rel(X509SigningHandler, SignerDB, "Writes")
Rel(X509RevocationHandler, SignerDB, "Writes")
Rel(X509CRLHandler, HSMAccess, "Uses")
Rel(X509CRLHandler, SignerDB, "Reads")
Rel(OpenPGPSigningHandler, HSMAccess, "Uses")
Rel(OpenPGPSigningHandler, SignerDB, "Writes")
Rel(HealthHandler, HSMAccess, "Checks")
Rel(HealthHandler, SignerDB, "Checks")
Rel(SyncHandler, SignerDB, "Uses")
BiRel(SyncHandler, NATS, "Synchronize", "NATS protocol")
BiRel(NATS, NATS2, "Synchronize", "NATS/TLS")
BiRel(SyncHandler2, NATS2, "Synchronize", "NATS protocol")
Rel(SyncHandler2, SignerDB2, "Uses")
Rel(HSMAccess, HSM, "Uses", "PKCS#11")
@enduml
@startuml
skinparam defaultTextAlignment center
skinparam wrapWidth 200
skinparam maxMessageSize 150
skinparam LegendBorderColor transparent
skinparam LegendBackgroundColor transparent
skinparam LegendFontColor #FFFFFF
skinparam shadowing<<legendArea>> false
skinparam rectangle<<legendArea>> {
backgroundcolor #00000000
bordercolor #00000000
}
skinparam rectangle {
StereotypeFontSize 12
shadowing false
}
skinparam database {
StereotypeFontSize 12
shadowing false
}
skinparam queue {
StereotypeFontSize 12
shadowing false
}
skinparam arrow {
Color #666666
FontColor #666666
FontSize 12
}
skinparam actor {
StereotypeFontSize 12
shadowing false
style awesome
}
skinparam person {
StereotypeFontSize 12
shadowing false
}
skinparam package {
StereotypeFontSize 6
StereotypeFontColor transparent
FontStyle plain
BackgroundColor transparent
}
skinparam rectangle<<boundary>> {
Shadowing false
StereotypeFontSize 6
StereotypeFontColor transparent
FontColor #444444
BorderColor #444444
BackgroundColor transparent
BorderStyle dashed
}
skinparam rectangle<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam database<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam queue<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam actor<<person>> {
StereotypeFontColor #08427B
FontColor #08427B
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam person<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam rectangle<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam database<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam queue<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam actor<<external_person>> {
StereotypeFontColor #686868
FontColor #686868
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam person<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam rectangle<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam database<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam queue<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam actor<<system>> {
StereotypeFontColor #1168BD
FontColor #1168BD
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam person<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam rectangle<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam database<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam queue<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam actor<<external_system>> {
StereotypeFontColor #999999
FontColor #999999
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam person<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
sprite $person [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
0000000000000000000049BCCA7200000000000000000000
0000000000000000006EFFFFFFFFB3000000000000000000
00000000000000001CFFFFFFFFFFFF700000000000000000
0000000000000001EFFFFFFFFFFFFFF80000000000000000
000000000000000CFFFFFFFFFFFFFFFF6000000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
000000000000000BFFFFFFFFFFFFFFFF5000000000000000
0000000000000001DFFFFFFFFFFFFFF70000000000000000
00000000000000000BFFFFFFFFFFFF500000000000000000
0000000000000000005DFFFFFFFFA1000000000000000000
0000000000000000000037ABB96100000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000025788300000000005886410000000000000
000000000007DFFFFFFD9643347BFFFFFFFB400000000000
0000000004EFFFFFFFFFFFFFFFFFFFFFFFFFFB1000000000
000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD200000000
00000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE10000000
0000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0000000
000000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5000000
000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
00000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF600000
00000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF800000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
00000EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000
000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
0000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD3000000
000000014555555555555555555555555555555300000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
sprite $person2 [48x48/16] {
0000000000000000000049BCCA7200000000000000000000
0000000000000000006EFFFFFFFFB3000000000000000000
00000000000000001CFFFFFFFFFFFF700000000000000000
0000000000000001EFFFFFFFFFFFFFF80000000000000000
000000000000000CFFFFFFFFFFFFFFFF6000000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
000000000000000BFFFFFFFFFFFFFFFF5000000000000000
0000000000000001DFFFFFFFFFFFFFF70000000000000000
00000000000000000BFFFFFFFFFFFF500000000000000000
0000000000000000005DFFFFFFFFA1000000000000000000
0000000000000000000037ABB96100000000000000000000
000000000002578888300000000005888864100000000000
0000000007DFFFFFFFFD9643347BFFFFFFFFFB4000000000
00000004EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB10000000
0000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD2000000
000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
00003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
0000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50000
0003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0000
0009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2000
000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000
000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
0009FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFF2000
0003FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFD0000
0000BFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFF50000
00003FFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFB00000
000006FFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFE100000
0000007FFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFD2000000
00000004EFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFB10000000
0000000007DF8FFFFFFFFFFFFFFFFFFFFFF8FB4000000000
000000000002578888888888888888888864100000000000
}
skinparam rectangle<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam database<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam queue<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam actor<<container>> {
StereotypeFontColor #438DD5
FontColor #438DD5
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam person<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam rectangle<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam database<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam queue<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam actor<<external_container>> {
StereotypeFontColor #B3B3B3
FontColor #B3B3B3
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam person<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam rectangle<<component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #85BBF0
BorderColor #78A8D8
}
skinparam database<<component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #85BBF0
BorderColor #78A8D8
}
skinparam queue<<component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #85BBF0
BorderColor #78A8D8
}
skinparam actor<<component>> {
StereotypeFontColor #85BBF0
FontColor #85BBF0
BackgroundColor #85BBF0
BorderColor #78A8D8
}
skinparam person<<component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #85BBF0
BorderColor #78A8D8
}
skinparam rectangle<<external_component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #CCCCCC
BorderColor #BFBFBF
}
skinparam database<<external_component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #CCCCCC
BorderColor #BFBFBF
}
skinparam queue<<external_component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #CCCCCC
BorderColor #BFBFBF
}
skinparam actor<<external_component>> {
StereotypeFontColor #CCCCCC
FontColor #CCCCCC
BackgroundColor #CCCCCC
BorderColor #BFBFBF
}
skinparam person<<external_component>> {
StereotypeFontColor #000000
FontColor #000000
BackgroundColor #CCCCCC
BorderColor #BFBFBF
}
sprite $database [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
0000000000000002469ABBCDCCBAA8631000000000000000
0000000000037BFFFFFFFFFFFFFFFFFFFEA6200000000000
0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE000000
0000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3000000
00000005DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA10000000
0000000005BFFFFFFFFFFFFFFFFFFFFFFFFFE82000000000
00000200000038BEFFFFFFFFFFFFFFFFDA62000000100000
00000BB2000000000256778988766410000000006E400000
00000BFFB610000000000000000000000000028EFF400000
00000BFFFFFC842000000000000000001369DFFFFF400000
00000BFFFFFFFFFFDB98766556788ACEFFFFFFFFFF400000
000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
0000000000038CFFFFFFFFFFFFFFFFFFFEA6200000000000
00000A6000000002469ABBCDCCBAA863100000002A400000
00000BFE7100000000000000000000000000004AFF400000
00000BFFFFC84000000000000000000000259EFFFF400000
00000BFFFFFFFFEB975432211234458ACFFFFFFFFF400000
000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
000002EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000000
0000002DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80000000
000000006DFFFFFFFFFFFFFFFFFFFFFFFFFFFFA200000000
000000000038CFFFFFFFFFFFFFFFFFFFFFEA610000000000
00000820000000468BDEFFFFFFFEECA75200000006400000
00000BFA30000000000000011000000000000006DF400000
00000BFFFD830000000000000000000000015AFFFF400000
00000BFFFFFFFCA753100000000001468BDFFFFFFF400000
00000AFFFFFFFFFFFFFFFEDDDEEFFFFFFFFFFFFFFF300000
000004FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
0000005FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1000000
00000002AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE600000000
00000000017CFFFFFFFFFFFFFFFFFFFFFFFEA50000000000
000000000000048ACFFFFFFFFFFFFFEB9620000000000000
000000000000000000123445543320000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
skinparam folderBackgroundColor<<FA DATABASE>> White
top to bottom direction
rectangle "==Signer client\n\n Send commands to signer" <<external_system>> as SignerClient
rectangle "==Signer server\n<size:12>[System]</size>" <<boundary>> as Signer {
rectangle "==Signer Software" <<boundary>> as SignerSoftware {
rectangle "==Serial link handler\n//<size:12>[Go]</size>//\n\n Reads and writes to the serial interface, parses and creates frames" <<component>> as SerialHandler
rectangle "==Protocol handler\n//<size:12>[Go]</size>//\n\n Parses and creates protocol messages" <<component>> as ProtocolHandler
rectangle "==Command dispatcher\n//<size:12>[Go]</size>//\n\n Dispatch commands to command handlers" <<component>> as CommandDispatcher
rectangle "==X.509 signing\n//<size:12>[Go]</size>//\n\n Handles X.509 certificate signing commands" <<component>> as X509SigningHandler
rectangle "==X.509 revocation\n//<size:12>[Go]</size>//\n\n Handles X.509 certificate revocation commands" <<component>> as X509RevocationHandler
rectangle "==OpenPGP signing\n//<size:12>[Go]</size>//\n\n Handles OpenPGP key signing commands"" <<component>> as OpenPGPSigningHandler
rectangle "==X.509 crl\n//<size:12>[Go]</size>//\n\n Handles X.509 CRL retrieval commands" <<component>> as X509CRLHandler
rectangle "==Health check\n//<size:12>[Go]</size>//\n\n Handles health check commands" <<component>> as HealthHandler
rectangle "==HSM access\n//<size:12>[Go]</size>//\n\n Handles HSM hardware access" <<component>> as HSMAccess
rectangle "==Synchronization handler\n//<size:12>[Go]</size>//\n\n Handles synchronization with other signer" <<component>> as SyncHandler
database "<$database>\n==Certificate repository\n//<size:12>[Go, Embedded Key-Value DB]</size>//" <<component>> as SignerDB
}
queue "==NATS Service\n//<size:12>[NATS]</size>//" <<container>> as NATS
}
rectangle "==Other signer\n<size:12>[System]</size>" <<boundary>> as Signer2 {
rectangle "==Signer Software" <<boundary>> as SignerSoftware2 {
rectangle "==Synchronization handler\n//<size:12>[Go]</size>//\n\n Handles synchronization with other signer" <<external_component>> as SyncHandler2
database "<$database>\n==Certificate repository\n//<size:12>[Go, Embedded Key-Value DB]</size>//" <<external_component>> as SignerDB2
}
queue "==NATS Service\n//<size:12>[NATS]</size>//" <<external_container>> as NATS2
}
rectangle "==HSM\n//<size:12>[PKCS#11]</size>//\n\n Hardware security module" <<external_component>> as HSM
SignerClient - ->> SerialHandler : **Uses**\n//<size:12>[USB serial link]</size>//
SerialHandler - ->> ProtocolHandler : **Uses**
ProtocolHandler - ->> CommandDispatcher : **Uses**
CommandDispatcher - ->> X509SigningHandler : **Uses**
CommandDispatcher - ->> X509CRLHandler : **Uses**
CommandDispatcher - ->> X509RevocationHandler : **Uses**
CommandDispatcher - ->> OpenPGPSigningHandler : **Uses**
CommandDispatcher - ->> HealthHandler : **Uses**
X509SigningHandler - ->> HSMAccess : **Uses**
X509SigningHandler - ->> SignerDB : **Writes**
X509RevocationHandler - ->> SignerDB : **Writes**
X509CRLHandler - ->> HSMAccess : **Uses**
X509CRLHandler - ->> SignerDB : **Reads**
OpenPGPSigningHandler - ->> HSMAccess : **Uses**
OpenPGPSigningHandler - ->> SignerDB : **Writes**
HealthHandler - ->> HSMAccess : **Checks**
HealthHandler - ->> SignerDB : **Checks**
SyncHandler - ->> SignerDB : **Uses**
SyncHandler <<- ->> NATS : **Synchronize**\n//<size:12>[NATS protocol]</size>//
NATS <<- ->> NATS2 : **Synchronize**\n//<size:12>[NATS/TLS]</size>//
SyncHandler2 <<- ->> NATS2 : **Synchronize**\n//<size:12>[NATS protocol]</size>//
SyncHandler2 - ->> SignerDB2 : **Uses**
HSMAccess - ->> HSM : **Uses**\n//<size:12>[PKCS#11]</size>//
@enduml
PlantUML version 1.2022.6(Tue Jun 21 19:34:49 CEST 2022)
(GPL source distribution)
Java Runtime: OpenJDK Runtime Environment
JVM: OpenJDK 64-Bit Server VM
Default Encoding: UTF-8
Language: de
Country: DE
--></g></svg>
Side by side

After

Width:  |  Height:  |  Size: 60 KiB

34
docs/container.puml Normal file
View file

@ -0,0 +1,34 @@
@startuml
!include <C4/C4_Container.puml>
!include <tupadr3/devicons/mysql>
!include <tupadr3/devicons/php>
!include <tupadr3/devicons/go>
!include <tupadr3/font-awesome/users>
!include <tupadr3/font-awesome/database>
Person_Ext(CommunityMember, "Community Member", $sprite="users")
System_Boundary(Signer, "Signer") {
Container(SignerServer, "Signer Server", "Go binary", "Performs certificate signing", $sprite="go")
ContainerDb(SignerDB, "Certificate repository", "Key-Value DB", $sprite="database")
}
System_Boundary(Signer2, "Other Signer") {
Container_Ext(SignerServer2, "Signer Server")
}
System_Boundary(WebDB, "WebDB") {
Container_Ext(WebDBApp, "WebDB application", "PHP", "Provides the user interface for requesting certificates", $sprite="php")
Container_Ext(SignerClient, "Signer Client", "Go binary", "Handle signing request", $sprite="go")
ContainerDb_Ext(DB, "Database", "MySQL/MariaDB", "Hold certificate requests and certificates", $sprite="mysql")
}
Rel(CommunityMember, WebDBApp, "Uses", "https")
Rel(WebDBApp, DB, "Uses")
Rel(SignerClient, DB, "Uses")
Rel_R(SignerClient, SignerServer, "Uses", "Serial binary protocol")
Rel(SignerServer, SignerDB, "Uses")
BiRel_R(SignerServer, SignerServer2, "Synchronize", "TLS")
@enduml

868
docs/container.svg Normal file
View file

@ -0,0 +1,868 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="676px" preserveAspectRatio="none" style="width:1146px;height:676px;background:#FFFFFF;" version="1.1" viewBox="0 0 1146 676" width="1146px" zoomAndPan="magnify"><defs/><g><!--MD5=[ef20b3fe45c502f37db21f37a527870c]
cluster Signer--><g id="cluster_Signer"><rect height="455" rx="2.5" ry="2.5" style="stroke:#444444;stroke-width:1.0;fill:none;stroke-dasharray:7.0,7.0;" width="252" x="622" y="191"/><text fill="#444444" font-family="sans-serif" font-size="6" font-style="italic" lengthAdjust="spacing" textLength="38" x="729" y="198.5693">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="58" x="719" y="217.8516">Signer</text><text fill="#444444" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="61" x="717.5" y="232.7637">[System]</text></g><!--MD5=[4e4416bf7ebbd0afd89bc8fc82d4e864]
cluster Signer2--><g id="cluster_Signer2"><rect height="144" rx="2.5" ry="2.5" style="stroke:#444444;stroke-width:1.0;fill:none;stroke-dasharray:7.0,7.0;" width="178" x="962" y="231"/><text fill="#444444" font-family="sans-serif" font-size="6" font-style="italic" lengthAdjust="spacing" textLength="38" x="1032" y="238.5693">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="116" x="993" y="257.8516">Other Signer</text><text fill="#444444" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="61" x="1020.5" y="272.7637">[System]</text></g><!--MD5=[e3357671149b17f1a809966a4014a4c6]
cluster WebDB--><g id="cluster_WebDB"><rect height="487" rx="2.5" ry="2.5" style="stroke:#444444;stroke-width:1.0;fill:none;stroke-dasharray:7.0,7.0;" width="473" x="7" y="183"/><text fill="#444444" font-family="sans-serif" font-size="6" font-style="italic" lengthAdjust="spacing" textLength="38" x="224.5" y="190.5693">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="65" x="211" y="209.8516">WebDB</text><text fill="#444444" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="61" x="213" y="224.7637">[System]</text></g><!--MD5=[101a5fb210317dd4656a370c05fec65b]
entity SignerServer--><g id="elem_SignerServer"><rect fill="#438DD5" height="147.1563" rx="2.5" ry="2.5" style="stroke:#3C7FC0;stroke-width:0.5;" width="219" x="638.5" y="252"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="71" x="712.5" y="273.1387">«container»</text><image height="48" width="48" x="724" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACU0lEQVR4Xu2YT0oDMRjFe7fvAL2AB+gFPEAPYFeuxJ0LFy7duRJ3gluRCkJBCgUXooIiCPWRhyEmY743EsYiLY8hTb5JfnmTfPNnZHvXG6VRWfW32gJ5+i9A4/2b6en97GwJHVysIJZjzeTorjxLUW8gcuAIprI1CkAI2z1ZoIwjC4p8IIxNYd7Hlw87h7cQxoNQyIIxMJsgEOPv1eKFp4BPsc0BSnsBjYWpp96kU89sYCSOOJGdYEppQKd8IB7nq1f2XsawEjQIyDwjIoBwurUFYl8YG5dg+fiemkQgHJ/fPtbrdeoTmxDM0xsAcT0CiAQYYB1+qRMRCKxgSptiGSYpNOYCWRjpfP4Uy1QWYMGG7HqlNZhVuQM65QPZd6u5VtK/aIUxWCVkxcDcXxk39mnZcykJiCspKt329A9AuF4cEjSdKSrr5Cf5QEzKZT2bsrEzV1I1A4INlTwLAuZuxKBQWSgtgSrztsBE4npYMyCu0LI+ahJuW+Xuy9QMyOQNUldLILGvusROhgMSbR4OSOxkUKDOhJnJAeKeF++LdQGontKoGlC8O7ZyyEKOqCRPqwNZWImT8MhXNvWVkqvMBaIaOuRqC+RJAhJzWl1iJ1sgT8MBtVxDbnpVJKZ7CaiJQ2InEpDodkXuY2eUCqTcqCvSpyQBmbwCOoXJtAeKrxa/UK97swpkwaSp9+EsE5eObo/pQHxjN+GBJmr29RGHZ5UBnVKB4ucLvqHOwsdNVpJ1HD5n0Q8qVupbzHoBlY9XfMAlIgPKC0qm9g4Npi2Qp40D+gS2qDqwz8w3KwAAAABJRU5ErkJggg==" y="275.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="124" x="686" y="338.8203">Signer Server</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="68" x="714" y="353.7324">[Go binary]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="746" y="369.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="195" x="652.5" y="385.8545">Performs certificate signing</text></g><!--MD5=[e834ab3daed066426c91d2e7962575e2]
entity SignerDB--><g id="elem_SignerDB"><path d="M641,516 C641,506 748,506 748,506 C748,506 855,506 855,516 L855,619.5625 C855,629.5625 748,629.5625 748,629.5625 C748,629.5625 641,629.5625 641,619.5625 L641,516 " fill="#438DD5" style="stroke:#3C7FC0;stroke-width:0.5;"/><path d="M641,516 C641,526 748,526 748,526 C748,526 855,526 855,516 " fill="none" style="stroke:#3C7FC0;stroke-width:0.5;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="71" x="712.5" y="541.1387">«container»</text><image height="48" width="48" x="724" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACs0lEQVR4Xu2XPUqEQQyGvdt3AC/gAbyAB/AAWlmJncUWlnZWYifYWIgoCIIsLAiKCoog6MMGw5jMz/c3+Am+vMjuOJN5J8lksivN1sWkuOKHfpfdBK3tXW8c3G4fzQ/PH46vns5uX+DV4nX++M5fyFfG4ez0nmnr+zerO5feToZlQRjdPVmw02dfPL99IBF9nMfbN0wKYjFuwJY1Pwx4EWV+O2VcEFKspVHBOQm93zcuiENYA3VAJvjdrSCS0a6rCZ/yVtCQ5O0BH7h/QT/xBwVRJOyiauDym90jgpr6RUjBG+B3jwiCm4d3PE/WwHjgJfEXPidIZY2bUsSIOpd/0ayg6Gx8iyHE9Xja8HTmZfV+soKko4guVvJfnMce1H6IVtKOv5CvjEOuj98sJHOiL1pEkJyMD6zJG+1BDoNu9XQHQQreWkywMu+2FDkSEZeezl+UPoIMMMociZEGiAhqECV25A0nKeZcWdDkXvtmav2QsHaxjt6vnKBmaj11SKmKQ+I46FeHrPTzhCP+LsMU03zgrCC59pyJjEvZGkhEIEWc11aQQquit9uJ8tr4pPSWC4JCYEtKIs7DOraICDtBfAn5wAjjkAlaHq2hAGVBtS+8gU9zK4gZo1/1FPCf2T0iSDT5V3B0EFC/dVyQkEtbSRaO8ZEqCxIOr4oCrY3FUmIFzdI9r5TE2bKXxXmpVGMccgYUyH1MGZTG0gxaQXLtsRX9jZKiXHs/nqLmQ1tBAtbgj07KMkQx3tIaLegmKEQYgswLpWSCCbG1uERZkDlBEaQLmwkle+yMLLz7rSAk20XVwBnM7hFBzfIHq11aAeRANO4RQc13s2JtjATCmmm54oKEnIAsHl4VBVIbcb/fKGROUEhyq007EULblZbNq7CtIEPf/WiHJE2SX9KSPQXV4+QEfQE5acTaynZl+AAAAABJRU5ErkJggg==" y="543.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="194" x="651" y="606.8203">Certificate repository</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="90" x="703" y="621.7324">[Key-Value DB]</text></g><!--MD5=[9599733a82a9d3948ec39fd4bd56d8e7]
entity SignerServer2--><g id="elem_SignerServer2"><rect fill="#B3B3B3" height="66.5625" rx="2.5" ry="2.5" style="stroke:#A6A6A6;stroke-width:0.5;" width="146" x="978" y="292"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="988" y="313.1387">«external_container»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="124" x="989" y="330.8203">Signer Server</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="10" x="1046" y="345.7324">[]</text></g><!--MD5=[a152ece6be45da3feebaa3c76c983657]
entity WebDBApp--><g id="elem_WebDBApp"><rect fill="#B3B3B3" height="163.4531" rx="2.5" ry="2.5" style="stroke:#A6A6A6;stroke-width:0.5;" width="218" x="23" y="244"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="69" y="265.1387">«external_container»</text><image height="48" width="48" x="108" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAABsklEQVR4Xu2UobqDMAxG9/6vM4PBYDAzGAwGg5m5BoNi/yUf/3LTQgaIXZGjSpOW0yZwu/8zbnbi24SQRwh5hJBHCHmEkEcIeYSQx1WhnxUbOMsloaqq5oVxHG3sLJeEmqYRoWEYbOwse0JlWTYJuBUm9H0vQs/nU6KPxwOrmIDHv6t/E4qiYELKnhDfZ5imqa5rJKBSNrYAP9nBBlaYkLInhFa1OylwUDulaNuWHZal6zr7voU9IS7mJePC9Y4y0B2NozPaJB2GfZiw9R1sCqEVZCUKpOdZJt6f7mi+DzasOG6LCai1TJptyaYQL8P8Y2RSdpSBfh8nUS8aYysmIFkmD98QK4KDcpJVkB1lIA1+XyrCqB7r746Wh3tIr8SOODEPNy+WHLPDdDl0R5cLiLKgs1pl2BTiyhS4Zv/RNJbf0ntBgi6iIS/Ejk6Rq06/IIAxc7b+YXKY95sS8kK6o+sVvZGUAOj+QIJMohysONS5fKtMmrwQO1p/QYeQ5cAGPPJC7L56/YIOke2wD8kLSROATy45BUKyHPWyMY+80BcJIY8Q8gghjxDyCCGPEPIIIY8XBmG9XcKadvYAAAAASUVORK5CYII=" y="267.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="169" x="47.5" y="330.8203">WebDB application</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="33" x="115.5" y="345.7324">[PHP]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="130" y="361.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="190" x="37" y="377.8545">Provides the user interface</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="183" x="40.5" y="394.1514">for requesting certificates</text></g><!--MD5=[c25eb3bb2a673e49b4700e0aa1b6b6c8]
entity SignerClient--><g id="elem_SignerClient"><rect fill="#B3B3B3" height="147.1563" rx="2.5" ry="2.5" style="stroke:#A6A6A6;stroke-width:0.5;" width="188" x="276" y="252"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="307" y="273.1387">«external_container»</text><image height="48" width="48" x="346" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACMUlEQVR4Xu2YLW/DMBCG9///zpGQEZOQkJKR4pKSkpKi7NW9qnW7pL7LZGXVlAdEju3Yjy+28/Ehb8aHz/hrDqGI/yI0DMM0TSflS2G65pRS/DU5NgvRA0c4+TIDhFBtHEekR8XXeEEsND3BuM/n86dSFCRcZXTMIgBjnF6vV14Cv0zYAiHbCmxEh25jY4fuwsCaOOJCNoIh2QqrxEI83m43tu5raMeiNqjgYkZFCOFy6SvEttA3bsH9frdBohCOj8djnmcbJxahMi/vIMT5CCEaoINZsZGoQnCFky2qaQQpYyOhkGhPl8ulpomrIBoGd79sDka1XAGrxELyM9ScK/YUpQgMZgld0THXl/PGOrWnr0gJcSZV7LIvGj8I4X6xy0Gx9Ylr5BWx0KCbss9Vln27qFi6CSEMjX0WBty7UQeJxkTpKdQYt6gTjdvVuglxhvpcQ9HHFmeVLzN0E5L0AmnTUyjZVptkI/sJJcO8n1CykV2FVjdMRyDENZ98LraBUHtLIy2h+nTsFSHRPaKxeUpbSHQmFn3l8wXbyexVEgqRjhEKOYQiUkLJPa1NspFDKGI/oZ5zKNxeMyS3+5RQlwglG0kJJaPdIHztrGSFMg/qBvkhpYQkPQNWwWD6C9VPi1+w6dmcFRIN0hT9OHNw6uTDI3khfrFL4oWmcnr+xJHok82SFaq/L/iFelKYSddBf2cxHqRm5peYbBJavl7xBZeKrLC8oXTqH6HdOIQi3k7oG+BqKkivtpIyAAAAAElFTkSuQmCC" y="275.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="116" x="312" y="338.8203">Signer Client</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="68" x="336" y="353.7324">[Go binary]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="368" y="369.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="164" x="290" y="385.8545">Handle signing request</text></g><!--MD5=[f9ba5bf973e7832d2ce5ed59077b93f7]
entity DB--><g id="elem_DB"><path d="M109,492 C109,482 210,482 210,482 C210,482 311,482 311,492 L311,644.4531 C311,654.4531 210,654.4531 210,654.4531 C210,654.4531 109,654.4531 109,644.4531 L109,492 " fill="#B3B3B3" style="stroke:#A6A6A6;stroke-width:0.5;"/><path d="M109,492 C109,502 210,502 210,502 C210,502 311,502 311,492 " fill="none" style="stroke:#A6A6A6;stroke-width:0.5;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="147" y="517.1387">«external_container»</text><image height="48" width="48" x="186" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAAB+0lEQVR4Xu2YL5PCMBBH+f5fJwZTg8FgMDWYmhpMDeZU783uXKcsIbulpT3RJ26YNEMev2z+9A7pn3GwDVuzC3nsQh67kEde6Hq9/gj3+53P9vE3yQs9Ho+maS6XS9u2fd9jhtbxeLT9vkBeqBH0c1VVqgVd191ut/P5/Nx9SfJCSJAKf4cW4sGjrmuc1OxLWnkh0LFtq3A6nTSzIcUFeSsEhEQZ2dY/eEQHpJetrZIQQ1LdtnUEKgjRZ0GnklCSkNxaYfpMwc3BEaKS2Ips6wv0WSonR4gxKN7ISJ1gW6fjCCWZkchqYsoWWXe+kIYUKRHml55sCvbBFHwhYHcO/nQqaebEhYT46Uycbc3BkiQkd2EWCAkRT/zMn1ndISEmIl4ZM0MKCQVX/sCckHwhXWW2tcickKYJ6bXk+Xmej0PyhZJMme5DVDefWXS2xwvUXLCnISTEUaX3EKq7FyIlFbcfExKiGnDSw4EB0GKrtJ1y0FlfFgr3KkNIKElNaDaVwBiRkBS9V/ENkfMnKqR3sSF/Mgvu3QOalhtVVOgVvjq+Wyok1Ml7i30w4nOhqWBDrlrphYNoDSGV6OXlSd8/C/W3nlBw415DKMm1Eye3otNqQkn+gYGTuzbXE0pynrhXylWFlPKr1QZCSbbZd3vYNkIFdiGPXchjF/L4BaraQhgnzQ/BAAAAAElFTkSuQmCC" y="519.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="86" x="167" y="582.8203">Database</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="104" x="158" y="597.7324">[MySQL/MariaDB]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="208" y="613.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="174" x="123" y="629.8545">Hold certificate requests</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="110" x="155" y="646.1514">and certificates</text></g><!--MD5=[3e583eb1a56cc46676fe476ee2ce7b26]
entity CommunityMember--><g id="elem_CommunityMember"><rect fill="#686868" height="100.5938" rx="2.5" ry="2.5" style="stroke:#8A8A8A;stroke-width:0.5;" width="202" x="31" y="7"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="110" x="77" y="28.1387">«external_person»</text><image height="48" width="48" x="108" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACv0lEQVR4Xu2YvXPCMAzF++dmzszMzNyZmZmZOTMzMzN7+i6iQnmyZCctpb3rb+CuEEnP1oedvnW/jDf+4tX8KUHb7fZ9ou97/m054m232+XeyoJgebvdRsP5fM4dJez3e/I2DEPkrSAI9tZYgdPIS8LxeGRHE9frteiNBWFj2dRwuVzo+RwkiF0YsOts4AVhM9luDhSTSQJCsv2czWZDJiyIku05HA5kksDGDpQHmbAgtnCgJuzzSAq+OZ1O+IR3WjEbO/zyWBBqjY3m6Jrgi3+bQJ1pWqv7jXZ+xJ5gQVFTKNgDdAei8g9zRDd2jn+Y4xuNBeGJZFkIgGeqagSsHur5WwNlX2BBXdz50qXVRVsgKOp8tDMHnigIAnBk+x+FJdWXr9gjUb0331zKQxDMkAtsgO2UfkL/jAo5QW075w05RURK3EOQ7S9kx56psvNdw6DzyGlqz1SUBBZmK9X22l1QVDeKFFB1KHgQrNH5TFA1F08VNJrM3gVVjzA5VtelLGo0ixbuXVBLpK5hIz1dw7AdzZl9F9Qy66qDziNt3+JcmmaZIMna0sHYUkCjabQFgtCosrGNpS3Tr1qdAgtK0gwdKB070NoPVwUZyZWp/8dgLNa13u0RAB7xp0aK1qDXDxgivzDBp3wTtVthMApy2xo+kaGOL+n8R0jtUvgSE0TFRmqz+DcFWRseUP8wwWN277vocFWiNY3TVcTfr+EdMaIia3lHyAT16d1IQRjJZqTDUrwDWTJBK8ZgCxxmTiaoZXtW4C/2llBQ40BbQV5JoaAn5UvgYIZQUHEsfRe+PZVQUEvLrMa/jimhIPbxrSR1/RpByTR6jSB54SzydwQ9aSoKa2poSK8vX8T/n0oJBS29PrczBG/1QiioS+8eq7HvhEUyQd10A0GL4vS5fQ2MWWxMMg+ViqCf519QjV8n6AOTSRU5+daFHAAAAABJRU5ErkJggg==" y="30.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="182" x="41" y="93.8203">Community Member</text></g><!--MD5=[c52992fcbcf59ccdca97959ce2768ea1]
link CommunityMember to WebDBApp--><g id="link_CommunityMember_WebDBApp"><path d="M132,108.22 C132,144.03 132,193.32 132,235.8 " fill="none" id="CommunityMember-to-WebDBApp" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="132,243.93,135,235.93,129,235.93,132,243.93" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="138" y="150.1387">Uses</text><text fill="#666666" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="42" x="133" y="164.1074">[https]</text></g><!--MD5=[fbee06156ef50357168ac4da65a408ea]
link WebDBApp to DB--><g id="link_WebDBApp_DB"><path d="M158.19,407.25 C165.16,428.74 172.74,452.11 179.9,474.19 " fill="none" id="WebDBApp-to-DB" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="182.41,481.93,182.7937,473.3946,177.0868,475.247,182.41,481.93" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="172" y="449.1387">Uses</text></g><!--MD5=[8e269143aa189eb9f060cb639be57569]
link SignerClient to DB--><g id="link_SignerClient_DB"><path d="M321.56,399.31 C305.69,423.17 287.84,450 271.15,475.08 " fill="none" id="SignerClient-to-DB" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="266.71,481.76,273.6388,476.7608,268.6432,473.4376,266.71,481.76" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="295" y="449.1387">Uses</text></g><!--MD5=[b3005e99766578fbe5ee5803a6e5628f]
link SignerClient to SignerServer--><g id="link_SignerClient_SignerServer"><path d="M464.41,325.5 C514.64,325.5 576.88,325.5 630.25,325.5 " fill="none" id="SignerClient-to-SignerServer" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="638.39,325.5,630.39,322.5,630.39,328.5,638.39,325.5" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="535.25" y="305.6387">Uses</text><text fill="#666666" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="138" x="482.25" y="319.6074">[Serial binary protocol]</text></g><!--MD5=[b3dbe02d649f4bbe8ed0e680cc5251a2]
link SignerServer to SignerDB--><g id="link_SignerServer_SignerDB"><path d="M748,399.31 C748,430.53 748,466.83 748,497.66 " fill="none" id="SignerServer-to-SignerDB" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="748,505.78,751,497.78,745,497.78,748,505.78" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="749" y="449.1387">Uses</text></g><!--MD5=[782e5345118d7400edc1b4060f7ed2cd]
link SignerServer to SignerServer2--><g id="link_SignerServer_SignerServer2"><path d="M865.83,325.5 C900.67,325.5 938,325.5 969.95,325.5 " fill="none" id="SignerServer-SignerServer2" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="977.96,325.5,969.96,322.5,969.96,328.5,977.96,325.5" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="857.82,325.5,865.82,328.5,865.82,322.5,857.82,325.5" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="84" x="875.75" y="305.6387">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="32" x="901.75" y="319.6074">[TLS]</text></g><!--MD5=[08082fb63f4eba00557ff8f29c4025d6]
@startuml
!include <C4/C4_Container.puml>
!include <tupadr3/devicons/mysql>
!include <tupadr3/devicons/php>
!include <tupadr3/devicons/go>
!include <tupadr3/font-awesome/users>
!include <tupadr3/font-awesome/database>
Person_Ext(CommunityMember, "Community Member", $sprite="users")
System_Boundary(Signer, "Signer") {
Container(SignerServer, "Signer Server", "Go binary", "Performs certificate signing", $sprite="go")
ContainerDb(SignerDB, "Certificate repository", "Key-Value DB", $sprite="database")
}
System_Boundary(Signer2, "Other Signer") {
Container_Ext(SignerServer2, "Signer Server")
}
System_Boundary(WebDB, "WebDB") {
Container_Ext(WebDBApp, "WebDB application", "PHP", "Provides the user interface for requesting certificates", $sprite="php")
Container_Ext(SignerClient, "Signer Client", "Go binary", "Handle signing request", $sprite="go")
ContainerDb_Ext(DB, "Database", "MySQL/MariaDB", "Hold certificate requests and certificates", $sprite="mysql")
}
Rel(CommunityMember, WebDBApp, "Uses", "https")
Rel(WebDBApp, DB, "Uses")
Rel(SignerClient, DB, "Uses")
Rel_R(SignerClient, SignerServer, "Uses", "Serial binary protocol")
Rel(SignerServer, SignerDB, "Uses")
BiRel_R(SignerServer, SignerServer2, "Synchronize", "TLS")
@enduml
@startuml
skinparam defaultTextAlignment center
skinparam wrapWidth 200
skinparam maxMessageSize 150
skinparam LegendBorderColor transparent
skinparam LegendBackgroundColor transparent
skinparam LegendFontColor #FFFFFF
skinparam shadowing<<legendArea>> false
skinparam rectangle<<legendArea>> {
backgroundcolor #00000000
bordercolor #00000000
}
skinparam rectangle {
StereotypeFontSize 12
shadowing false
}
skinparam database {
StereotypeFontSize 12
shadowing false
}
skinparam queue {
StereotypeFontSize 12
shadowing false
}
skinparam arrow {
Color #666666
FontColor #666666
FontSize 12
}
skinparam actor {
StereotypeFontSize 12
shadowing false
style awesome
}
skinparam person {
StereotypeFontSize 12
shadowing false
}
skinparam package {
StereotypeFontSize 6
StereotypeFontColor transparent
FontStyle plain
BackgroundColor transparent
}
skinparam rectangle<<boundary>> {
Shadowing false
StereotypeFontSize 6
StereotypeFontColor transparent
FontColor #444444
BorderColor #444444
BackgroundColor transparent
BorderStyle dashed
}
skinparam rectangle<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam database<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam queue<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam actor<<person>> {
StereotypeFontColor #08427B
FontColor #08427B
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam person<<person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #08427B
BorderColor #073B6F
}
skinparam rectangle<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam database<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam queue<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam actor<<external_person>> {
StereotypeFontColor #686868
FontColor #686868
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam person<<external_person>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #686868
BorderColor #8A8A8A
}
skinparam rectangle<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam database<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam queue<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam actor<<system>> {
StereotypeFontColor #1168BD
FontColor #1168BD
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam person<<system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #1168BD
BorderColor #3C7FC0
}
skinparam rectangle<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam database<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam queue<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam actor<<external_system>> {
StereotypeFontColor #999999
FontColor #999999
BackgroundColor #999999
BorderColor #8A8A8A
}
skinparam person<<external_system>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #999999
BorderColor #8A8A8A
}
sprite $person [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
0000000000000000000049BCCA7200000000000000000000
0000000000000000006EFFFFFFFFB3000000000000000000
00000000000000001CFFFFFFFFFFFF700000000000000000
0000000000000001EFFFFFFFFFFFFFF80000000000000000
000000000000000CFFFFFFFFFFFFFFFF6000000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
000000000000000BFFFFFFFFFFFFFFFF5000000000000000
0000000000000001DFFFFFFFFFFFFFF70000000000000000
00000000000000000BFFFFFFFFFFFF500000000000000000
0000000000000000005DFFFFFFFFA1000000000000000000
0000000000000000000037ABB96100000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000025788300000000005886410000000000000
000000000007DFFFFFFD9643347BFFFFFFFB400000000000
0000000004EFFFFFFFFFFFFFFFFFFFFFFFFFFB1000000000
000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD200000000
00000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE10000000
0000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0000000
000000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5000000
000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
00000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF600000
00000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF800000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
00000EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000
000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
0000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD3000000
000000014555555555555555555555555555555300000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
sprite $person2 [48x48/16] {
0000000000000000000049BCCA7200000000000000000000
0000000000000000006EFFFFFFFFB3000000000000000000
00000000000000001CFFFFFFFFFFFF700000000000000000
0000000000000001EFFFFFFFFFFFFFF80000000000000000
000000000000000CFFFFFFFFFFFFFFFF6000000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
000000000000007FFFFFFFFFFFFFFFFFF100000000000000
000000000000000BFFFFFFFFFFFFFFFF5000000000000000
0000000000000001DFFFFFFFFFFFFFF70000000000000000
00000000000000000BFFFFFFFFFFFF500000000000000000
0000000000000000005DFFFFFFFFA1000000000000000000
0000000000000000000037ABB96100000000000000000000
000000000002578888300000000005888864100000000000
0000000007DFFFFFFFFD9643347BFFFFFFFFFB4000000000
00000004EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB10000000
0000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD2000000
000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
00003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
0000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50000
0003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0000
0009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2000
000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000
000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
0009FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFF2000
0003FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFD0000
0000BFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFF50000
00003FFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFB00000
000006FFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFE100000
0000007FFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFD2000000
00000004EFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFB10000000
0000000007DF8FFFFFFFFFFFFFFFFFFFFFF8FB4000000000
000000000002578888888888888888888864100000000000
}
skinparam rectangle<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam database<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam queue<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam actor<<container>> {
StereotypeFontColor #438DD5
FontColor #438DD5
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam person<<container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #438DD5
BorderColor #3C7FC0
}
skinparam rectangle<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam database<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam queue<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam actor<<external_container>> {
StereotypeFontColor #B3B3B3
FontColor #B3B3B3
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
skinparam person<<external_container>> {
StereotypeFontColor #FFFFFF
FontColor #FFFFFF
BackgroundColor #B3B3B3
BorderColor #A6A6A6
}
sprite $mysql [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
00000006EEB6000000000000000000000000000000000000
0000000D95AFE61000000000000000000000000000000000
000000099002AFFC84000000000000000000000000000000
00000002E2000147CFC40000000000000000000000000000
000000007C00000003AF9000000000000000000000000000
000000000E5000000005EC10000000000000000000000000
0000000005D0000000001CD1000000000000000000000000
0000000000E40000000000AE200000000000000000000000
00000000007B00000000000BD10000000000000000000000
00000000001F100000000000CC0000000000000000000000
00000000000A9000000000002F9000000000000000000000
000000000001F2000000000007F300000000000000000000
00000000000089000000000000DC00000000000000000000
0000000000007A0000000000004F40000000000000000000
000000000000960000000000000CC0000000000000000000
000000000000D300000000000004F4000000000000000000
000000000000F100000000000000CC000000000000000000
000000000001F0000000000000004F400000000000000000
000000000001F002E000000000000CC00000000000000000
000000000000F209F7000000000003F70000000000000000
000000000000B50DFF1000000000009F7000000000000000
0000000000004B2F7D80000000000007EE50000000000000
0000000000000CFF22E100000000000005DC200000000000
00000000000001C7004A0000000000000007E50000000000
0000000000000000000530000000000000002C8000000000
00000000000000000000000000000000000249F600000000
0000000000000000000000000000000009FFC95100000000
0000000000000000000000000000000009F4000000000000
0000000000000000000000000000000000AF500000000000
000000000000000000000000000000000006FA0000000000
0000000000000000000000000000000000003DC000000000
000000000000000000000000000000000000007B00000000
000000000000000000000000000000000000000130000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
skinparam folderBackgroundColor<<DEV MYSQL>> White
sprite $php [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000CCC000000000000000000000000
000000000000000000003FFD000000000000000000000000
000000000000000000006FFA000000000000000000000000
000000000266666630009FFB665200056666651000000000
0000000009FFFFFFFE40DFFFFFFFB00FFFFFFFFB00000000
000000000CFFFFFFFFF1FFFFFFFFF73FFFFFFFFF80000000
000000000FFF1005FFF8FFD000BFF86FFA001BFFD0000000
000000002FFE0000DFFCFFA000BFF69FF70004FFE0000000
000000005FFC0000FFFEFF7000EFF3CFF50007FFD0000000
000000008FF90006FFFDFF4001FFF1FFF2000CFF80000000
00000000CFF8237FFF9FFF1004FFE3FFF224BFFF10000000
00000000FFFFFFFFFC3FFD0007FFB6FFFFFFFFF500000000
00000002FFFFFFFF806FFA000AFF89FFFFFFFC3000000000
00000005FFC444300024420003441CFF6443100000000000
00000008FF7000000000000000000FFF0000000000000000
0000000BFF4000000000000000003FFD0000000000000000
000000089910000000000000000039960000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
skinparam folderBackgroundColor<<DEV PHP>> White
sprite $go [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000156677666673000000000000000000
000000000000000056510000000003640440000000000000
00000000000555782233200000433314B226300000000000
000000000063008031000400040000313830700000000000
0000000000606C13000000304120000408C0700000000000
0000000000606703BD1000303EF400030170700000000000
0000000000446103FF2000303BE200020087000000000000
000000000003A00333000030120000120042000000000000
00000000000070004100047EC33214300005000000000000
0000000000006000023323AEB50110000006000000000000
000000000001500000001100003000000006000000000000
000000000002400000000356452000000006000000000000
000000000002300000000034030000000006000000000000
000000000001400000000036330000000006000000000000
000000000000500000000000000000000006000000000000
000000000000600000000000000000000006000000000000
000000000000600000000000000000000005000000000000
000000000000600000000000000000000006000000000000
000000000000600000000000000000000006100000000000
000000000023700000000000000000000006240000000000
000000000120600000000000000000000006032000000000
000000000053800000000000000000000006330000000000
000000000000600000000000000000000006000000000000
000000000000600000000000000000000006000000000000
000000000000600000000000000000000006000000000000
000000000000500000000000000000000005000000000000
000000000000500000000000000000000005000000000000
000000000000500000000000000000000005000000000000
000000000000500000000000000000000006000000000000
000000000000400000000000000000000007000000000000
000000000000500000000000000000000005000000000000
000000000000600000000000000000000014000000000000
000000000000610000000000000000000060000000000000
000000000000070000000000000000000160000000000000
000000000000034000000000000000000800000000000000
000000000000007510000000000000014600000000000000
000000000000021032000000000000670030000000000000
000000000000042045664221134666113140000000000000
000000000000043300002345431000001330000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
skinparam folderBackgroundColor<<DEV GO>> White
sprite $users [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000355100000000000000000000003541000000000
00000005EFFFFB10000000000000000006EFFFFA10000000
0000006FFFFFFFE100000000000000008FFFFFFFD1000000
000003FFFFFFFFFC0000000000000004FFFFFFFFFB000000
00000AFFFFFFFFFF300000000000000BFFFFFFFFFF200000
00000EFFFFFFFFFF700000000000000FFFFFFFFFFF600000
00000FFFFFFFFFFF800004898620000FFFFFFFFFFF700000
00000DFFFFFFFFFF6007FFFFFFFC300EFFFFFFFFFF500000
000008FFFFFFFFFF21CFFFFFFFFFF609FFFFFFFFFF100000
000001EFFFFFFFF90CFFFFFFFFFFFF52FFFFFFFFF8000000
0000003FFFFFFFB09FFFFFFFFFFFFFF24FFFFFFFA0000000
00000002AFFFD702FFFFFFFFFFFFFFFA02AFFFD600000000
0002C92000110007FFFFFFFFFFFFFFFF0000110005C80000
000DFFFB5100240BFFFFFFFFFFFFFFFF41410037EFFF5000
003FFFFFFFFFFB0DFFFFFFFFFFFFFFFF53FFFFFFFFFFB000
007FFFFFFFFFFB0DFFFFFFFFFFFFFFFF53FFFFFFFFFFF000
00AFFFFFFFFFFC0BFFFFFFFFFFFFFFFF44FFFFFFFFFFF200
00BFFFFFFFFFFF07FFFFFFFFFFFFFFFF08FFFFFFFFFFF300
00CFFFFFFFFFFF52FFFFFFFFFFFFFFFA0CFFFFFFFFFFF400
00CFFFFFFFFFFFC09FFFFFFFFFFFFFF23FFFFFFFFFFFF500
00CFFFFFFFFFFFE30DFFFFFFFFFFFF60AFFFFFFFFFFFF500
008FFFFFFFFE710001CFFFFFFFFFF600004AFFFFFFFFF100
000BFFFFFFB106AB6008FFFFFFFC3019B9304FFFFFFF5000
000048AAA804EFFFFC20058A973006FFFFFB13AAA9610000
00000000004FFFFFFFF930000016DFFFFFFFC00000000000
0000000001EFFFFFFFFFFFCABDFFFFFFFFFFF80000000000
0000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000
000000000EFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000000
000000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFC000000000
000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000
00000000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF300000000
00000000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF500000000
00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000000
00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF800000000
00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF900000000
00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF900000000
00000000EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000000
00000000AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000000
000000002FFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000000000
0000000004FFFFFFFFFFFFFFFFFFFFFFFFFFFB0000000000
000000000018CEEEEEEEEEEEEEEEEEEEEEDA500000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
skinparam folderBackgroundColor<<FA USERS>> White
sprite $database [48x48/16] {
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
0000000000000002469ABBCDCCBAA8631000000000000000
0000000000037BFFFFFFFFFFFFFFFFFFFEA6200000000000
0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE000000
0000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3000000
00000005DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA10000000
0000000005BFFFFFFFFFFFFFFFFFFFFFFFFFE82000000000
00000200000038BEFFFFFFFFFFFFFFFFDA62000000100000
00000BB2000000000256778988766410000000006E400000
00000BFFB610000000000000000000000000028EFF400000
00000BFFFFFC842000000000000000001369DFFFFF400000
00000BFFFFFFFFFFDB98766556788ACEFFFFFFFFFF400000
000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
0000000000038CFFFFFFFFFFFFFFFFFFFEA6200000000000
00000A6000000002469ABBCDCCBAA863100000002A400000
00000BFE7100000000000000000000000000004AFF400000
00000BFFFFC84000000000000000000000259EFFFF400000
00000BFFFFFFFFEB975432211234458ACFFFFFFFFF400000
000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
000002EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000000
0000002DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80000000
000000006DFFFFFFFFFFFFFFFFFFFFFFFFFFFFA200000000
000000000038CFFFFFFFFFFFFFFFFFFFFFEA610000000000
00000820000000468BDEFFFFFFFEECA75200000006400000
00000BFA30000000000000011000000000000006DF400000
00000BFFFD830000000000000000000000015AFFFF400000
00000BFFFFFFFCA753100000000001468BDFFFFFFF400000
00000AFFFFFFFFFFFFFFFEDDDEEFFFFFFFFFFFFFFF300000
000004FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
0000005FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1000000
00000002AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE600000000
00000000017CFFFFFFFFFFFFFFFFFFFFFFFEA50000000000
000000000000048ACFFFFFFFFFFFFFEB9620000000000000
000000000000000000123445543320000000000000000000
000000000000000000000000000000000000000000000000
000000000000000000000000000000000000000000000000
}
skinparam folderBackgroundColor<<FA DATABASE>> White
rectangle "<$users>\n==Community Member" <<external_person>> as CommunityMember
rectangle "==Signer\n<size:12>[System]</size>" <<boundary>> as Signer {
rectangle "<$go>\n==Signer Server\n//<size:12>[Go binary]</size>//\n\n Performs certificate signing" <<container>> as SignerServer
database "<$database>\n==Certificate repository\n//<size:12>[Key-Value DB]</size>//" <<container>> as SignerDB
}
rectangle "==Other Signer\n<size:12>[System]</size>" <<boundary>> as Signer2 {
rectangle "==Signer Server\n//<size:12>[]</size>//" <<external_container>> as SignerServer2
}
rectangle "==WebDB\n<size:12>[System]</size>" <<boundary>> as WebDB {
rectangle "<$php>\n==WebDB application\n//<size:12>[PHP]</size>//\n\n Provides the user interface for requesting certificates" <<external_container>> as WebDBApp
rectangle "<$go>\n==Signer Client\n//<size:12>[Go binary]</size>//\n\n Handle signing request" <<external_container>> as SignerClient
database "<$mysql>\n==Database\n//<size:12>[MySQL/MariaDB]</size>//\n\n Hold certificate requests and certificates" <<external_container>> as DB
}
CommunityMember - ->> WebDBApp : **Uses**\n//<size:12>[https]</size>//
WebDBApp - ->> DB : **Uses**
SignerClient - ->> DB : **Uses**
SignerClient -RIGHT->> SignerServer : **Uses**\n//<size:12>[Serial binary protocol]</size>//
SignerServer - ->> SignerDB : **Uses**
SignerServer <<-RIGHT->> SignerServer2 : **Synchronize**\n//<size:12>[TLS]</size>//
@enduml
PlantUML version 1.2022.6(Tue Jun 21 19:34:49 CEST 2022)
(GPL source distribution)
Java Runtime: OpenJDK Runtime Environment
JVM: OpenJDK 64-Bit Server VM
Default Encoding: UTF-8
Language: de
Country: DE
--></g></svg>
Side by side

After

Width:  |  Height:  |  Size: 44 KiB

151
docs/design.md Normal file
View file

@ -0,0 +1,151 @@
# Signer system design
This document describes the system design of the CAcert signer software. The document describes the integration as well
as technical design decisions.
## Context
The signer is used to handle X.509 certificate and OpenPGP public key signing, X.509 certificate revocation and CRL
handling. The signer receives commands via a serial link.
![C4 Context diagram of the Signer showing the interaction with the surrounding systems described in the sections below](container.svg "Signer Context diagram")
### WebDB
*WebDB* is the system running the user facing *WebDB application*. The *Signer client* that is part of the *WebDB*
system, polls certificate and public key signing as well as certificate revocation request information from the
*WebDB database* periodically. The *Signer client* takes care of fetching CRLs and health information from the
*Signer server* periodically.
The requests are send via a binary protocol (msgpack + COBS) over a serial link.
*Note:* the database polling may be replaced with an event broker like Redis or NATS in the future.
### Signer
The *Signer* system runs the signer software. The system is only reachable via a serial link from the outside.
Information coming over that connection is trusted in the sense that requested certificate attributes where checked by
the requesting *WebDB application*.
The *Signer Server* synchronizes with another Signer via a dedicated internal network link (crossover cable). The
synchronization is required to make information related to issued and revoked certificates available on both signers.
## Signer components
The Signer server is structured into several components with clear responsibilities.
![C4 Component diagram showing the components of the signer described in the sections below.](components.svg "Components of the signer")
The Singer server is implemented in [Go](https://golang.org/), configured via YAML and running as a standalone
process.
### Serial link handler
The serial link handler handles all communication over the serial link. It reads raw bytes and writes raw bytes, it
handles the serial link and takes care of connection and configuration.
The raw bytes are framed using
[Consistent Overhead Byte Stuffing (COBS)](https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing).
Frame data consists of msgpack formatted protocol messages and a CRC32 code to ensure integrity. Broken frames are
rejected with an error frame.
Used libraries:
- [github.com/tarm/serial](https://pkg.go.dev/github.com/tarm/serial)
- [github.com/justincpresley/go-cobs](https://pkg.go.dev/github.com/justincpresley/go-cobs)
### Protocol handler
The protocol handler receives [msgpack](https://msgpack.org/) information from the serial link handler and sends
msgpack information to the serial link handler.
The protocol handler inspects incoming msgpack messages and dispatches the parsed payload to the appropriate command
handler. The result from the command handler is serialized back to a msgpack message and sent to the serial link
handler.
Used library:
- [github.com/shamaton/msgpackgen](https://pkg.go.dev/github.com/shamaton/msgpackgen)
*TODO:* the protocol message have to be described in more detail
### X.509 signing handler
The X.509 signing handler takes care of X.509 certificate signing. It needs to support certificate profiles. The
profiles decide which attributes from the request are used/accepted, which is private key is used and which extensions
are set in the resulting certificate.
Actual signing is performed by the *HSM access* component. Signed certificate information is stored in the
*Certificate repository*.
### X.509 revocation handler
The X.509 revocation handler takes care of X.509 certificate revocation. It expects an issuer DN and serial number and
supports an optional revocation reason. The revocation handler marks the corresponding certificate as revoked in the
*Certificate repository*.
*Note:* CRLs are not generated immediately
### X.509 CRL handler
The X.509 CRL handler takes care of generating certificate revocation lists. The handler expects an issuer DN, checks
for non-expired, revoked certificates in the *Certificate repository* and generates a CRL.
The *HSM access* component is used to sign the CRL.
*TODO:* Clarify whether the CRL should contain expired certificates within a configurable grace period (see RFCs and
potential other reference material for guidance)
*TODO:* Do we need specific CRLs for specific certificate profiles (i.e. only for server certificates)?
### OpenPGP signing handler
The OpenPGP signing handler takes care of OpenPGP key signing.
Actual signing is performed by the *HSM access* component. Signed OpenPGP key information is stored in the
*Certificate repository*.
Used library:
- [github.com/ProtonMail/go-crypto/openpgp](https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp)
### Health check handler
The Health check handler takes care of providing signer health information to the signer client. The health check data
contains:
- accessibility and consistency information of the *Certificate repository*
- expiry information for the signing certificates
- health information for the HSM
- version information
- current time of the signer
### HSM access
The HSM access component provides signing capabilities backed by HSMs (hardware security modules). It uses the PKCS#11
protocol to access the HSM hardware or SoftHSM.
Used libraries:
- [github.com/ThalesIgnite/crypto11](https://pkg.go.dev/github.com/ThalesIgnite/crypto11)
- SoftHSM2 (from [Debian package](https://tracker.debian.org/pkg/softhsm2))
- [OpenSC](https://github.com/OpenSC/OpenSC/wiki) (from [Debian package](https://tracker.debian.org/pkg/opensc)) for
access to [SmartCardHSM or NitroKey HSM](https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM)
### Certificate repository
The certificate repository stores information about issued and revoked X.509 certificates as well as signed OpenPGP
keys.
*TODO:* define the data format for the certificate repository
Used library:
- [github.com/dgraph-io/badger/v3](https://pkg.go.dev/github.com/dgraph-io/badger/v3)
### Synchronization handler
The synchronization handler is used to synchronize state (signing, revocation and CRL issuing information) between
signers. The handler acts as a producer and consumer for synchronization messages. The message transport should use
a lightweight existing middleware like [NATS](https://nats.io/).
The synchronization handler may require support for replaying messages when a signer comes back after a service
interruption or when a new signer is set up.
*TODO:* specify the synchronization protocol in much more detail