Add architecture/design documentation

2022-08-02 11:15:23 +02:00 · 2022-08-02 11:15:23 +02:00 · b084872542
commit b084872542
parent c532ec436a
5 changed files with 1974 additions and 0 deletions
--- a/docs/components.puml
+++ b/docs/components.puml
@ -0,0 +1,71 @@
+@startuml
+!include <C4/C4_Component.puml>
+!include <tupadr3/font-awesome/database>
+
+LAYOUT_TOP_DOWN()
+
+System_Ext(SignerClient, "Signer client", "Send commands to signer")
+
+System_Boundary(Signer, "Signer server") {
+  Boundary(SignerSoftware, "Signer Software") {
+    Component(SerialHandler, "Serial link handler", "Go", "Reads and writes to the serial interface, parses and creates frames")
+    Component(ProtocolHandler, "Protocol handler", "Go", "Parses and creates protocol messages")
+    Component(X509SigningHandler, "X.509 signing", "Go", "Handles X.509 certificate signing commands")
+    Component(X509RevocationHandler, "X.509 revocation", "Go", "Handles X.509 certificate revocation commands")
+    Component(OpenPGPSigningHandler, "OpenPGP signing", "Go", Handles OpenPGP key signing commands")
+    Component(X509CRLHandler, "X.509 crl", "Go", "Handles X.509 CRL retrieval commands")
+    Component(HealthHandler, "Health check", "Go", "Handles health check commands")
+    Component(HSMAccess, "HSM access", "Go", "Handles HSM hardware access")
+    Component(SyncHandler, "Synchronization handler", "Go", "Handles synchronization with other signer")
+    ComponentDb(SignerDB, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
+  }
+
+  ContainerQueue(NATS, "NATS Service", "NATS")
+}
+
+System_Boundary(Signer2, "Other signer") {
+  Boundary(SignerSoftware2, "Signer Software") {
+    Component_Ext(SyncHandler2, "Synchronization handler", "Go", "Handles synchronization with other signer")
+    ComponentDb_Ext(SignerDB2, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
+  }
+
+  ContainerQueue_Ext(NATS2, "NATS Service", "NATS")
+}
+
+Component_Ext(HSM, "HSM", "PKCS#11", "Hardware security module")
+
+Rel(SignerClient, SerialHandler, "Uses", "USB serial link")
+
+Rel(SerialHandler, ProtocolHandler, "Uses")
+
+Rel(ProtocolHandler, X509SigningHandler, "Uses")
+Rel(ProtocolHandler, X509CRLHandler, "Uses")
+Rel(ProtocolHandler, X509RevocationHandler, "Uses")
+Rel(ProtocolHandler, OpenPGPSigningHandler, "Uses")
+Rel(ProtocolHandler, HealthHandler, "Uses")
+
+Rel(X509SigningHandler, HSMAccess, "Uses")
+Rel(X509SigningHandler, SignerDB, "Writes")
+
+Rel(X509RevocationHandler, SignerDB, "Writes")
+
+Rel(X509CRLHandler, HSMAccess, "Uses")
+Rel(X509CRLHandler, SignerDB, "Reads")
+
+Rel(OpenPGPSigningHandler, HSMAccess, "Uses")
+Rel(OpenPGPSigningHandler, SignerDB, "Writes")
+
+Rel(HealthHandler, HSMAccess, "Checks")
+Rel(HealthHandler, SignerDB, "Checks")
+
+Rel(SyncHandler, SignerDB, "Uses")
+
+BiRel(SyncHandler, NATS, "Synchronize", "NATS protocol")
+BiRel(NATS, NATS2, "Synchronize", "NATS/TLS")
+BiRel(SyncHandler2, NATS2, "Synchronize", "NATS protocol")
+
+Rel(SyncHandler2, SignerDB2, "Uses")
+
+Rel(HSMAccess, HSM, "Uses", "PKCS#11")
+
+@enduml
--- a/docs/components.svg
+++ b/docs/components.svg
@ -0,0 +1,850 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="965.4px" preserveAspectRatio="none" style="width:1221px;height:965px;background:#FFFFFF;" version="1.1" viewBox="0 0 1221 965" width="1221.6px" zoomAndPan="magnify"><defs/><g><!--MD5=[ef20b3fe45c502f37db21f37a527870c]
+cluster Signer--><g id="cluster_Signer"><rect height="718.2" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="928.8" x="4.2" y="100.2"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="457.2" y="104.7416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="73.2" x="432" y="116.3109">Signer server</text><text fill="#444444" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="36.6" x="450.3" y="125.2582">[System]</text></g><!--MD5=[1bab5bcae8e0c09a8d95c3a3ae22aa87]
+cluster SignerSoftware--><g id="cluster_SignerSoftware"><rect height="662.4" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="811.2" x="18.6" y="141.6"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="412.8" y="146.1416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="88.2" x="380.1" y="157.7109">Signer Software</text></g><!--MD5=[4e4416bf7ebbd0afd89bc8fc82d4e864]
+cluster Signer2--><g id="cluster_Signer2"><rect height="314.4" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="270.6" x="947.4" y="647.4"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="1071.3" y="651.9416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="68.4" x="1048.5" y="663.5109">Other signer</text><text fill="#444444" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="36.6" x="1064.4" y="672.4582">[System]</text></g><!--MD5=[fd28193bdccf8ac8e7e1a1a0fe20b8a9]
+cluster SignerSoftware2--><g id="cluster_SignerSoftware2"><rect height="258.6" rx="1.5" ry="1.5" style="stroke:#444444;stroke-width:0.6;fill:none;stroke-dasharray:7.0,7.0;" width="147.6" x="1056" y="688.8"/><text fill="#444444" font-family="sans-serif" font-size="3.6" font-style="italic" lengthAdjust="spacing" textLength="22.8" x="1118.4" y="693.3416">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="88.2" x="1085.7" y="704.9109">Signer Software</text></g><!--MD5=[8f869394a97c4ccf4e0e1a7d0f555823]
+entity NATS--><g id="elem_NATS"><path d="M842.4,740.1 L920.4,740.1 C923.4,740.1 923.4,757.0688 923.4,757.0688 C923.4,757.0688 923.4,774.0375 920.4,774.0375 L842.4,774.0375 C839.4,774.0375 839.4,757.0688 839.4,757.0688 C839.4,757.0688 839.4,740.1 842.4,740.1 " fill="#438DD5" style="stroke:#3C7FC0;stroke-width:0.3;"/><path d="M920.4,740.1 C917.4,740.1 917.4,757.0688 917.4,757.0688 C917.4,774.0375 920.4,774.0375 920.4,774.0375 " fill="none" style="stroke:#3C7FC0;stroke-width:0.3;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="42.6" x="857.1" y="749.7832">«container»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="72" x="842.4" y="760.3922">NATS Service</text><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="25.2" x="865.8" y="769.3395">[NATS]</text></g><!--MD5=[1b07182dd713ed4e3be3a95ab68a0fd5]
+entity SerialHandler--><g id="elem_SerialHandler"><rect fill="#85BBF0" height="79.05" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="130.2" x="267.9" y="169.8"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="182.4832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="98.4" x="283.8" y="193.0922">Serial link handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="202.0395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="211.5346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="99.6" x="283.2" y="221.3127">Reads and writes to the</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="115.8" x="273.9" y="231.0908">serial interface, parses and</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="64.2" x="300.9" y="240.8689">creates frames</text></g><!--MD5=[3d42f30e2a78c2aed96731e8102a93c9]
+entity ProtocolHandler--><g id="elem_ProtocolHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="101.4" x="282.3" y="294"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="306.6832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="89.4" x="288.3" y="317.2922">Protocol handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="326.2395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="335.7346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="80.4" x="292.8" y="345.5127">Parses and creates</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="80.4" x="292.8" y="355.2908">protocol messages</text></g><!--MD5=[24ea4ec5c7d19a3ad8a972e66335077d]
+entity CommandDispatcher--><g id="elem_CommandDispatcher"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="126.6" x="269.7" y="408"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="420.6832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="114.6" x="275.7" y="431.2922">Command dispatcher</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="440.2395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="449.7346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="97.8" x="284.1" y="459.5127">Dispatch commands to</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="82.8" x="291.6" y="469.2908">command handlers</text></g><!--MD5=[1011eedbd8ff904aa9b61ed64da000c5]
+entity X509SigningHandler--><g id="elem_X509SigningHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="124.2" x="408.3" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="445.5" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="72.6" x="434.1" y="550.9922">X.509 signing</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="462.6" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="469.2" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="107.4" x="416.7" y="579.2127">Handles X.509 certificate</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="80.4" x="430.2" y="588.9908">signing commands</text></g><!--MD5=[1c6dc598b8ad1e32344a0fe24eeaf662]
+entity X509RevocationHandler--><g id="elem_X509RevocationHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="124.2" x="553.5" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="590.7" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="91.2" x="570" y="550.9922">X.509 revocation</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="607.8" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="614.4" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="107.4" x="561.9" y="579.2127">Handles X.509 certificate</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="95.4" x="567.9" y="588.9908">revocation commands</text></g><!--MD5=[6f59e0a59673b0784d2b49aad5931220]
+entity OpenPGPSigningHandler--><g id="elem_OpenPGPSigningHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="110.4" x="28.2" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="58.5" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="92.4" x="37.2" y="550.9922">OpenPGP signing</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="75.6" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="82.2" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="93.6" x="36.6" y="579.2127">Handles OpenPGP key</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="84" x="41.4" y="588.9908">signing commands"</text></g><!--MD5=[ac60de3e2d5367fb8173a39d1f6f967e]
+entity X509CRLHandler--><g id="elem_X509CRLHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="97.8" x="159.9" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="183.9" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="47.4" x="185.1" y="550.9922">X.509 crl</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="201" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="207.6" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="81" x="168.3" y="579.2127">Handles X.509 CRL</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="85.8" x="165.9" y="588.9908">retrieval commands</text></g><!--MD5=[04880e5e31ecc78df75a393e279e8df9]
+entity HealthHandler--><g id="elem_HealthHandler"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="108.6" x="278.7" y="527.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="308.1" y="540.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="69.6" x="298.2" y="550.9922">Health check</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="325.2" y="559.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="569.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="91.8" x="287.1" y="579.2127">Handles health check</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="47.4" x="309.3" y="588.9908">commands</text></g><!--MD5=[58d078c34e72bc75166669b12cea25ab]
+entity HSMAccess--><g id="elem_HSMAccess"><rect fill="#85BBF0" height="69.2719" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="116.4" x="154.8" y="722.7"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="188.1" y="735.3832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="64.2" x="180.9" y="745.9922">HSM access</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="205.2" y="754.9395">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="211.8" y="764.4346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="99.6" x="163.2" y="774.2127">Handles HSM hardware</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="28.8" x="198.6" y="783.9908">access</text></g><!--MD5=[2db99c1383d9a8197df41033e0363f36]
+entity SyncHandler--><g id="elem_SyncHandler"><rect fill="#85BBF0" height="80.4469" rx="1.5" ry="1.5" style="stroke:#78A8D8;stroke-width:0.3;" width="121.2" x="699" y="522"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="734.7" y="534.6832">«component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="85.8" x="714.9" y="545.2922">Synchronization</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="40.8" x="739.2" y="556.4672">handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="751.8" y="565.4145">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="758.4" y="574.9096"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="104.4" x="707.4" y="584.6877">Handles synchronization</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="71.4" x="723.9" y="594.4658">with other signer</text></g><!--MD5=[e834ab3daed066426c91d2e7962575e2]
+entity SignerDB--><g id="elem_SignerDB"><path d="M375.6,726 C375.6,720 439.8,720 439.8,720 C439.8,720 504,720 504,726 L504,788.1375 C504,794.1375 439.8,794.1375 439.8,794.1375 C439.8,794.1375 375.6,794.1375 375.6,788.1375 L375.6,726 " fill="#85BBF0" style="stroke:#78A8D8;stroke-width:0.3;"/><path d="M375.6,726 C375.6,732 439.8,732 439.8,732 C439.8,732 504,732 504,726 " fill="none" style="stroke:#78A8D8;stroke-width:0.3;"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="49.8" x="414.9" y="741.0832">«component»</text><image height="28.8" width="28.8" x="425.4" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACtklEQVR4Xu2XrUqFQRCGTzUIYhOLQWyCGKzHZrAYtYnYLApWwfIVk8kseAHaLV6Cl+AleAk+nMFhndmf72/xE3x5kXPW3dl3Z2Zn58ya189JceaHfpfdBF0/vZ/dvRxd3e8dnm7PjzZ39+H61s7q2gZ/IV8Zh/PjS6ZdPLzdPH94OxmWBWH04PyWnWZ9sbS8gkT0cR5v3zApiMW4AVvW/DDgRZT57ZRxQUixlkYF5yT0ft+4IA5hDdQBmeB3t4JIRruuJnzKW0FDkrcHfOD+Bf3EHxREkbCLqoHLb3aPCGrqFyEFb4DfPSIIntw88jxZA+OBl8Rf+JwglTVuShEj6lz+RbOCorPxLYYQ1+Npw9OZl9X7yQqSjiK6WMl/cR57UPshWkk7/kK+Mg65Pn6zkMyJvmgRQXIyPrAmb7QHOQy61dMdBCl4azHByrzbUuRIRFx6On9R+ggywChzJEYaICKoQZTYkTecpJhzZUGTe+2bqfVDwtrFOnq/coKaqfXUIaUqDonjoF8dstLPE474uwxTTPOBs4Lk2nMmMi5layARgRRxXltBCq2K3m4nymvjk9JbLggKgS0piTgP69giIuwE8SXkAyOMQyZoebSGApQF1b7wBj7NrSBmjH7VU8B/ZveIINHkX8HRQUD91nFBQi5tJVk4xkeqLEg4vCoKtDYWS4kVNE/3vFIS54teFuelUo1xyBlQIPcxZVAaSzNoBcm1x1b0N0qKcu39eIqaD20FCViDPzopyxDFeEtrtKCboBBhCDIvlJIJJsTW4gJlQeYERZAubCaU7LEzsvDut4KQbBdVA2cwu0cENYsfrHZpBZAD0bhHBDXfzYq1MRIIa6bligsScgKyeHhVFEhtxP1+o5A5QSHJrTbtRAhtV1o2r8K2ggx996MdkjRJfklL9hRUj5MT9AU1SPnpo3eZPgAAAABJRU5ErkJggg==" y="742.7813"/><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="116.4" x="381.6" y="780.4922">Certificate repository</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="110.4" x="384.6" y="789.4395">[Go, Embedded Key-Value DB]</text></g><!--MD5=[8940efdef782accd207644e2a21c9a46]
+entity NATS2--><g id="elem_NATS2"><path d="M960,883.5 L1041.6,883.5 C1044.6,883.5 1044.6,900.4688 1044.6,900.4688 C1044.6,900.4688 1044.6,917.4375 1041.6,917.4375 L960,917.4375 C957,917.4375 957,900.4688 957,900.4688 C957,900.4688 957,883.5 960,883.5 " fill="#B3B3B3" style="stroke:#A6A6A6;stroke-width:0.3;"/><path d="M1041.6,883.5 C1038.6,883.5 1038.6,900.4688 1038.6,900.4688 C1038.6,917.4375 1041.6,917.4375 1041.6,917.4375 " fill="none" style="stroke:#A6A6A6;stroke-width:0.3;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="75.6" x="960" y="893.1832">«external_container»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="72" x="961.8" y="903.7922">NATS Service</text><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="25.2" x="985.2" y="912.7395">[NATS]</text></g><!--MD5=[3d669a59ee04a28ec5dc9358aab5f1b1]
+entity SyncHandler2--><g id="elem_SyncHandler2"><rect fill="#CCCCCC" height="80.4469" rx="1.5" ry="1.5" style="stroke:#BFBFBF;stroke-width:0.3;" width="121.2" x="1067.4" y="717"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="82.8" x="1086.6" y="729.6832">«external_component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="85.8" x="1083.3" y="740.2922">Synchronization</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="40.8" x="1107.6" y="751.4672">handler</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="15.6" x="1120.2" y="760.4145">[Go]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="1126.8" y="769.9096"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="104.4" x="1075.8" y="779.6877">Handles synchronization</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="71.4" x="1092.3" y="789.4658">with other signer</text></g><!--MD5=[d6aaf1a0f5c32983fa5796596196f201]
+entity SignerDB2--><g id="elem_SignerDB2"><path d="M1065.6,869.4 C1065.6,863.4 1129.8,863.4 1129.8,863.4 C1129.8,863.4 1194,863.4 1194,869.4 L1194,931.5375 C1194,937.5375 1129.8,937.5375 1129.8,937.5375 C1129.8,937.5375 1065.6,937.5375 1065.6,931.5375 L1065.6,869.4 " fill="#CCCCCC" style="stroke:#BFBFBF;stroke-width:0.3;"/><path d="M1065.6,869.4 C1065.6,875.4 1129.8,875.4 1129.8,875.4 C1129.8,875.4 1194,875.4 1194,869.4 " fill="none" style="stroke:#BFBFBF;stroke-width:0.3;"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="82.8" x="1088.4" y="884.4832">«external_component»</text><image height="28.8" width="28.8" x="1115.4" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACl0lEQVR4Xu2XbZHCMBCGUYACDKDgDKAABTWAghpAAQowgAIMRNQ9kx0yvXeT9DNzvZl7fpWSbN7sbjbbQ9gZB33x28wT9Hq9Ho9H3/fX6/VyuXxFzufz6XQ6R/h5iXRdx7Dn8/l+v9VKlXFBGL3dbqx0WMrxeEQi+tiPWncUBTEZN2BLza8DL6JMFxuQF4QUtbQp7JPQ66qRjCA2oQbaQCbo2l4QyajzWuJTXgWtSd4F+MD9C/rJHxREkdBJzeDwy+rBCwrti1CCO0DXzgqC+/3O9aQGtoObxB94Iy/IQNa2KUWMqHP1G00FZUfjWwwhbsHVhqcrN6v3kwqyjiI7OcG/OI81bhG0knZdhJ99hOPjFxvCmOyNlhFkO+OBOXWjC2Az6E6eniEowV2LCWbW3VaCLRFx6+n8QVkiSMAoYyxGKUD3iAXRYkfesJPRnBsXtLvbPuytHzJaF+vs+TLygsLeeuohVhXXxHHVV4fNlJeJDb/LMMUwHzgVZMeePZFxJVsrQQRSzHlTBSVSVZRhc7HbxieltzwiaAi2rCTiPKxji4i8Iu8ID7x5RBiQyqMaGjAuqPWBF3yaqyBGbH7US+A/WT14QSFq8rfg5hBQXTiSEWRwaBvJwjE+UomiIGN9VTRSbRwtJSqoK/e8VhK72MvivFKqHSPsAQV2HksG+9hYyksVZMceW9lvlBJ27PVtmZQPUwUZzMEfs5RVQDHeSjXamCdoyDAElRsqwQAJsVqMjAuSHYxCupw+WPboiCre/SoIyTqpGexBVg9eUIgfrDq1AeRANu4ZQeHTrKiNjSCslZYrL8hgB2Tx+qpoWG3E/brMT2qChpBbU9qJIaldmdi8GlMFCb77SR2SNUk6YTILBbVjd4K+Ab755zzpVjRDAAAAAElFTkSuQmCC" y="886.1813"/><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="116.4" x="1071.6" y="923.8922">Certificate repository</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="110.4" x="1074.6" y="932.8395">[Go, Embedded Key-Value DB]</text></g><!--MD5=[c25eb3bb2a673e49b4700e0aa1b6b6c8]
+entity SignerClient--><g id="elem_SignerClient"><rect fill="#999999" height="51.1125" rx="1.5" ry="1.5" style="stroke:#8A8A8A;stroke-width:0.3;" width="125.4" x="270.3" y="4.2"/><text fill="#FFFFFF" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="67.2" x="299.4" y="16.8832">«external_system»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="67.8" x="299.1" y="27.4922">Signer client</text><text fill="#FFFFFF" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="331.8" y="37.5533"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="111" x="278.7" y="47.3314">Send commands to signer</text></g><!--MD5=[ff028a7ac4eed75d9278e76cd9053439]
+entity HSM--><g id="elem_HSM"><rect fill="#CCCCCC" height="59.4938" rx="1.5" ry="1.5" style="stroke:#BFBFBF;stroke-width:0.3;" width="127.2" x="149.4" y="870.9"/><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="82.8" x="171.6" y="883.5832">«external_component»</text><text fill="#000000" font-family="sans-serif" font-size="9.6" font-weight="bold" lengthAdjust="spacing" textLength="24.6" x="200.7" y="894.1922">HSM</text><text fill="#000000" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="40.2" x="192.9" y="903.1395">[PKCS#11]</text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="2.4" x="211.8" y="912.6346"> </text><text fill="#000000" font-family="sans-serif" font-size="8.4" lengthAdjust="spacing" textLength="112.8" x="157.8" y="922.4127">Hardware security module</text></g><!--MD5=[c4211f20d77779d002d0636fe4eff351]
+link SignerClient to SerialHandler--><g id="link_SignerClient_SerialHandler"><path d="M333,55.308 C333,83.61 333,130.254 333,164.706 " fill="none" id="SignerClient-to-SerialHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,169.698,334.8,164.898,331.2,164.898,333,169.698" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="352.5" y="80.4832">Uses</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="57" x="333.6" y="88.8645">[USB serial link]</text></g><!--MD5=[a5ac9fd6085cba509022a8449c62ed3f]
+link SerialHandler to ProtocolHandler--><g id="link_SerialHandler_ProtocolHandler"><path d="M333,249.096 C333,261.936 333,276.192 333,289.02 " fill="none" id="SerialHandler-to-ProtocolHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,293.856,334.8,289.056,331.2,289.056,333,293.856" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="333.6" y="274.2832">Uses</text></g><!--MD5=[7ac00e2da23fc9db1b41cffd82dc1741]
+link ProtocolHandler to CommandDispatcher--><g id="link_ProtocolHandler_CommandDispatcher"><path d="M333,363.096 C333,375.696 333,390.072 333,403.068 " fill="none" id="ProtocolHandler-to-CommandDispatcher" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,407.97,334.8,403.17,331.2,403.17,333,407.97" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="333.6" y="388.2832">Uses</text></g><!--MD5=[f01831a2ba420d0c75182d4e788ee6bf]
+link CommandDispatcher to X509SigningHandler--><g id="link_CommandDispatcher_X509SigningHandler"><path d="M372.372,477.06 C389.55,491.868 409.734,509.28 427.314,524.436 " fill="none" id="CommandDispatcher-to-X509SigningHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="431.022,527.64,428.5647,523.1409,426.2123,525.8661,431.022,527.64" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="402.6" y="502.2832">Uses</text></g><!--MD5=[22dbb981dee4bd7a14e7eb60c838fe5b]
+link CommandDispatcher to X509CRLHandler--><g id="link_CommandDispatcher_X509CRLHandler"><path d="M297.408,477.06 C281.946,491.808 263.79,509.136 247.95,524.25 " fill="none" id="CommandDispatcher-to-X509CRLHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="244.398,527.64,249.1119,525.6253,246.6248,523.0225,244.398,527.64" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="279" y="502.2832">Uses</text></g><!--MD5=[dcd6d74b7c49eaccf4c700af4f270b89]
+link CommandDispatcher to X509RevocationHandler--><g id="link_CommandDispatcher_X509RevocationHandler"><path d="M396.426,464.322 C438.582,479.058 494.838,499.95 543,522 C545.448,523.122 547.926,524.292 550.416,525.492 " fill="none" id="CommandDispatcher-to-X509RevocationHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="554.916,527.694,551.3949,523.9682,549.8132,527.2022,554.916,527.694" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="498.6" y="502.2832">Uses</text></g><!--MD5=[ad19a4a48ac5aae50df60ac564a0ef27]
+link CommandDispatcher to OpenPGPSigningHandler--><g id="link_CommandDispatcher_OpenPGPSigningHandler"><path d="M269.574,467.892 C233.754,482.502 188.466,502.002 149.4,522 C147.318,523.068 145.212,524.172 143.094,525.306 " fill="none" id="CommandDispatcher-to-OpenPGPSigningHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="138.732,527.676,143.8082,526.9606,142.0862,523.7992,138.732,527.676" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="204.6" y="502.2832">Uses</text></g><!--MD5=[96a6a8f2b6b590d6cb2b851858bda1f3]
+link CommandDispatcher to HealthHandler--><g id="link_CommandDispatcher_HealthHandler"><path d="M333,477.06 C333,491.31 333,507.972 333,522.72 " fill="none" id="CommandDispatcher-to-HealthHandler" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="333,527.64,334.8,522.84,331.2,522.84,333,527.64" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="333.6" y="502.2832">Uses</text></g><!--MD5=[c03f96c452f26815ba38daf1adeb88ce]
+link X509SigningHandler to HSMAccess--><g id="link_X509SigningHandler_HSMAccess"><path d="M451.68,596.844 C441.522,611.97 427.518,628.44 410.4,637.8 C392.52,647.58 383.766,635.148 364.8,642.6 C321.12,659.772 279.06,693.114 250.338,719.328 " fill="none" id="X509SigningHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="246.726,722.646,251.4773,720.7211,249.04,718.0716,246.726,722.646" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="432" y="631.8832">Uses</text></g><!--MD5=[049c56c40f5ce55919cf848cfeae4412]
+link X509SigningHandler to SignerDB--><g id="link_X509SigningHandler_SignerDB"><path d="M469.302,596.886 C468.6,609.75 467.46,624.492 465.6,637.8 C461.97,663.756 455.796,692.478 450.39,715.182 " fill="none" id="X509SigningHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="449.256,719.934,452.1297,715.6888,448.6298,714.846,449.256,719.934" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="26.4" x="468.6" y="631.8832">Writes</text></g><!--MD5=[82b942a05dde6d4abd870be92d5b79e1]
+link X509RevocationHandler to SignerDB--><g id="link_X509RevocationHandler_SignerDB"><path d="M560.058,596.754 C541.632,609.66 521.898,625.428 506.4,642.6 C486.888,664.218 470.346,692.448 458.622,715.41 " fill="none" id="X509RevocationHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="456.342,719.928,460.1097,716.4518,456.8949,714.8315,456.342,719.928" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="26.4" x="528.6" y="631.8832">Writes</text></g><!--MD5=[f3fbeda310f19b6def0836f108fb90ae]
+link X509CRLHandler to HSMAccess--><g id="link_X509CRLHandler_HSMAccess"><path d="M195.06,596.736 C192.546,604.392 190.308,612.576 189,620.4 C183.504,653.31 191.046,690.624 199.092,717.864 " fill="none" id="X509CRLHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="200.49,722.484,200.8156,717.3679,197.3713,718.4154,200.49,722.484" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="189.6" y="631.8832">Uses</text></g><!--MD5=[1be83cc4a91ae3618c25e12be491020b]
+link X509CRLHandler to SignerDB--><g id="link_X509CRLHandler_SignerDB"><path d="M257.856,596.772 C261.306,598.764 264.774,600.66 268.2,602.4 C288.966,612.93 298.116,607.356 317.4,620.4 C327.9,627.504 372.84,678.642 405.222,716.172 " fill="none" id="X509CRLHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="408.516,719.988,406.7486,715.1759,404.0203,717.5246,408.516,719.988" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="24.6" x="334.8" y="631.8832">Reads</text></g><!--MD5=[1531770e9c84b9a37109fc722a3e41bc]
+link OpenPGPSigningHandler to HSMAccess--><g id="link_OpenPGPSigningHandler_HSMAccess"><path d="M106.122,596.778 C128.91,630.858 163.932,683.22 187.614,718.644 " fill="none" id="OpenPGPSigningHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="190.302,722.658,189.1297,717.6674,186.1373,719.6688,190.302,722.658" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="133.8" y="631.8832">Uses</text></g><!--MD5=[5647650e77d9b601644db74356963c93]
+link OpenPGPSigningHandler to SignerDB--><g id="link_OpenPGPSigningHandler_SignerDB"><path d="M136.014,596.736 C140.448,598.86 144.936,600.786 149.4,602.4 C198.63,620.196 218.544,597.876 265.8,620.4 C276.198,625.356 276.156,630.42 285,637.8 C317.736,665.118 355.692,694.284 385.83,716.886 " fill="none" id="OpenPGPSigningHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="389.844,719.886,387.0778,715.57,384.9219,718.453,389.844,719.886" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="26.4" x="285.6" y="631.8832">Writes</text></g><!--MD5=[01fcd97973dce0a15ca3f22ec6f9a33e]
+link HealthHandler to HSMAccess--><g id="link_HealthHandler_HSMAccess"><path d="M278.544,596.46 C275.058,598.494 271.59,600.492 268.2,602.4 C253.026,610.944 243.534,606.24 233.4,620.4 C213.276,648.522 209.382,688.344 209.796,717.666 " fill="none" id="HealthHandler-to-HSMAccess" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="209.91,722.646,211.5981,717.8055,207.9991,717.8891,209.91,722.646" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="28.8" x="234" y="631.8832">Checks</text></g><!--MD5=[8e666ca13f2e292cf801466daea72d33]
+link HealthHandler to SignerDB--><g id="link_HealthHandler_SignerDB"><path d="M353.514,596.76 C358.086,604.494 362.862,612.696 367.2,620.4 C385.044,652.092 404.376,688.47 418.602,715.65 " fill="none" id="HealthHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="420.84,719.934,420.2057,714.847,417.0172,716.5184,420.84,719.934" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="28.8" x="376.2" y="631.8832">Checks</text></g><!--MD5=[f6d0a255b9300fdc869edf618776ea20]
+link SyncHandler to SignerDB--><g id="link_SyncHandler_SignerDB"><path d="M698.916,597.69 C695.334,599.37 691.74,600.948 688.2,602.4 C633.648,624.714 618.39,627.282 560.4,637.8 C548.544,639.948 516.57,636.144 506.4,642.6 C480.288,659.166 463.206,689.928 452.88,715.326 " fill="none" id="SyncHandler-to-SignerDB" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="451.098,719.838,454.5393,716.0384,451.1924,714.7125,451.098,719.838" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="639" y="631.8832">Uses</text></g><!--MD5=[ce0bb68167ca79996a54c04fb7a06609]
+link SyncHandler to NATS--><g id="link_SyncHandler_NATS"><path d="M802.014,606.336 C811.836,617.628 821.754,630.132 829.8,642.6 C849.354,672.888 865.236,711.81 873.996,735.444 " fill="none" id="SyncHandler-NATS" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="875.652,739.962,875.6884,734.8357,872.3087,736.0758,875.652,739.962" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="798.69,602.55,800.5066,607.3437,803.2107,604.9672,798.69,602.55" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="50.4" x="828.3" y="627.6832">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="57" x="825" y="636.0645">[NATS protocol]</text></g><!--MD5=[ac10af24f910bae24644d4ccf6ac738e]
+link NATS to NATS2--><g id="link_NATS_NATS2"><path d="M895.272,778.308 C907.872,796.488 927.318,823.482 946.2,845.4 C956.484,857.34 968.838,869.826 979.194,879.846 " fill="none" id="NATS-NATS2" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="982.908,883.416,980.6986,878.7902,978.2017,881.3835,982.908,883.416" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="892.53,774.336,893.7738,779.3092,896.7372,777.2651,892.53,774.336" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="50.4" x="946.8" y="835.2832">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="40.8" x="951.6" y="843.6645">[NATS/TLS]</text></g><!--MD5=[06c6604c5c35b105f23e33e7e3e4aba5]
+link SyncHandler2 to NATS2--><g id="link_SyncHandler2_NATS2"><path d="M1089.258,801.108 C1065.864,827.262 1037.148,859.368 1018.908,879.756 " fill="none" id="SyncHandler2-NATS2" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="1015.626,883.428,1020.1677,881.0504,1017.4845,878.6504,1015.626,883.428" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="1092.57,797.412,1088.0251,799.7835,1090.7051,802.1872,1092.57,797.412" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="50.4" x="1068.3" y="835.2832">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="57" x="1065" y="843.6645">[NATS protocol]</text></g><!--MD5=[19a8c02a4a6c3e2efd241ec79f03fa40]
+link SyncHandler2 to SignerDB2--><g id="link_SyncHandler2_SignerDB2"><path d="M1128.504,797.412 C1128.744,816.426 1129.032,839.208 1129.272,858.468 " fill="none" id="SyncHandler2-to-SignerDB2" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="1129.338,863.286,1131.0779,858.4639,1127.4781,858.5089,1129.338,863.286" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="1129.2" y="839.4832">Uses</text></g><!--MD5=[c3f60d65e94da5508ad0c196407a2043]
+link HSMAccess to HSM--><g id="link_HSMAccess_HSM"><path d="M213,791.862 C213,814.242 213,843.42 213,865.824 " fill="none" id="HSMAccess-to-HSM" style="stroke:#666666;stroke-width:0.6;"/><polygon fill="#666666" points="213,870.786,214.8,865.986,211.2,865.986,213,870.786" style="stroke:#666666;stroke-width:0.6;"/><text fill="#666666" font-family="sans-serif" font-size="7.2" font-weight="bold" lengthAdjust="spacing" textLength="19.2" x="224.1" y="835.2832">Uses</text><text fill="#666666" font-family="sans-serif" font-size="7.2" font-style="italic" lengthAdjust="spacing" textLength="40.2" x="213.6" y="843.6645">[PKCS#11]</text></g><!--MD5=[a726e812cabc4afb404b403f544cfdee]
+@startuml
+!include <C4/C4_Component.puml>
+!include <tupadr3/font-awesome/database>
+
+LAYOUT_TOP_DOWN()
+
+System_Ext(SignerClient, "Signer client", "Send commands to signer")
+
+System_Boundary(Signer, "Signer server") {
+  Boundary(SignerSoftware, "Signer Software") {
+    Component(SerialHandler, "Serial link handler", "Go", "Reads and writes to the serial interface, parses and creates frames")
+    Component(ProtocolHandler, "Protocol handler", "Go", "Parses and creates protocol messages")
+    Component(CommandDispatcher, "Command dispatcher", "Go", "Dispatch commands to command handlers")
+    Component(X509SigningHandler, "X.509 signing", "Go", "Handles X.509 certificate signing commands")
+    Component(X509RevocationHandler, "X.509 revocation", "Go", "Handles X.509 certificate revocation commands")
+    Component(OpenPGPSigningHandler, "OpenPGP signing", "Go", Handles OpenPGP key signing commands")
+    Component(X509CRLHandler, "X.509 crl", "Go", "Handles X.509 CRL retrieval commands")
+    Component(HealthHandler, "Health check", "Go", "Handles health check commands")
+    Component(HSMAccess, "HSM access", "Go", "Handles HSM hardware access")
+    Component(SyncHandler, "Synchronization handler", "Go", "Handles synchronization with other signer")
+    ComponentDb(SignerDB, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
+  }
+
+  ContainerQueue(NATS, "NATS Service", "NATS")
+}
+
+System_Boundary(Signer2, "Other signer") {
+  Boundary(SignerSoftware2, "Signer Software") {
+    Component_Ext(SyncHandler2, "Synchronization handler", "Go", "Handles synchronization with other signer")
+    ComponentDb_Ext(SignerDB2, "Certificate repository", "Go, Embedded Key-Value DB", $sprite="database")
+  }
+
+  ContainerQueue_Ext(NATS2, "NATS Service", "NATS")
+}
+
+Component_Ext(HSM, "HSM", "PKCS#11", "Hardware security module")
+
+Rel(SignerClient, SerialHandler, "Uses", "USB serial link")
+
+Rel(SerialHandler, ProtocolHandler, "Uses")
+
+Rel(ProtocolHandler, CommandDispatcher, "Uses")
+
+Rel(CommandDispatcher, X509SigningHandler, "Uses")
+Rel(CommandDispatcher, X509CRLHandler, "Uses")
+Rel(CommandDispatcher, X509RevocationHandler, "Uses")
+Rel(CommandDispatcher, OpenPGPSigningHandler, "Uses")
+Rel(CommandDispatcher, HealthHandler, "Uses")
+
+Rel(X509SigningHandler, HSMAccess, "Uses")
+Rel(X509SigningHandler, SignerDB, "Writes")
+
+Rel(X509RevocationHandler, SignerDB, "Writes")
+
+Rel(X509CRLHandler, HSMAccess, "Uses")
+Rel(X509CRLHandler, SignerDB, "Reads")
+
+Rel(OpenPGPSigningHandler, HSMAccess, "Uses")
+Rel(OpenPGPSigningHandler, SignerDB, "Writes")
+
+Rel(HealthHandler, HSMAccess, "Checks")
+Rel(HealthHandler, SignerDB, "Checks")
+
+Rel(SyncHandler, SignerDB, "Uses")
+
+BiRel(SyncHandler, NATS, "Synchronize", "NATS protocol")
+BiRel(NATS, NATS2, "Synchronize", "NATS/TLS")
+BiRel(SyncHandler2, NATS2, "Synchronize", "NATS protocol")
+
+Rel(SyncHandler2, SignerDB2, "Uses")
+
+Rel(HSMAccess, HSM, "Uses", "PKCS#11")
+
+@enduml
+
+@startuml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+skinparam defaultTextAlignment center
+
+skinparam wrapWidth 200
+skinparam maxMessageSize 150
+
+skinparam LegendBorderColor transparent
+skinparam LegendBackgroundColor transparent
+skinparam LegendFontColor #FFFFFF
+
+skinparam shadowing<<legendArea>> false
+skinparam rectangle<<legendArea>> {
+    backgroundcolor #00000000
+    bordercolor #00000000
+}
+
+skinparam rectangle {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam database {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam queue {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam arrow {
+    Color #666666
+    FontColor #666666
+    FontSize 12
+}
+
+skinparam actor {
+    StereotypeFontSize 12
+    shadowing false
+    style awesome
+}
+
+skinparam person {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam package {
+    StereotypeFontSize 6
+    StereotypeFontColor transparent
+    FontStyle plain
+    BackgroundColor transparent
+}
+
+skinparam rectangle<<boundary>> {
+    Shadowing false
+    StereotypeFontSize 6
+    StereotypeFontColor transparent
+    FontColor #444444
+    BorderColor #444444
+    BackgroundColor transparent
+    BorderStyle dashed
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+skinparam rectangle<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam database<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam queue<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam actor<<person>> {
+    StereotypeFontColor #08427B
+    FontColor #08427B
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam person<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+
+
+skinparam rectangle<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam database<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam queue<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam actor<<external_person>> {
+    StereotypeFontColor #686868
+    FontColor #686868
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam person<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+
+
+skinparam rectangle<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam database<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam queue<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam actor<<system>> {
+    StereotypeFontColor #1168BD
+    FontColor #1168BD
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam person<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+
+
+skinparam rectangle<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam database<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam queue<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam actor<<external_system>> {
+    StereotypeFontColor #999999
+    FontColor #999999
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam person<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+
+
+
+
+
+sprite $person [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+0000000000000000000049BCCA7200000000000000000000
+0000000000000000006EFFFFFFFFB3000000000000000000
+00000000000000001CFFFFFFFFFFFF700000000000000000
+0000000000000001EFFFFFFFFFFFFFF80000000000000000
+000000000000000CFFFFFFFFFFFFFFFF6000000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
+0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
+0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
+0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
+00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+000000000000000BFFFFFFFFFFFFFFFF5000000000000000
+0000000000000001DFFFFFFFFFFFFFF70000000000000000
+00000000000000000BFFFFFFFFFFFF500000000000000000
+0000000000000000005DFFFFFFFFA1000000000000000000
+0000000000000000000037ABB96100000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000025788300000000005886410000000000000
+000000000007DFFFFFFD9643347BFFFFFFFB400000000000
+0000000004EFFFFFFFFFFFFFFFFFFFFFFFFFFB1000000000
+000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD200000000
+00000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE10000000
+0000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0000000
+000000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5000000
+000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
+000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
+00000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF600000
+00000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF800000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
+00000EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000
+000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
+0000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD3000000
+000000014555555555555555555555555555555300000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+sprite $person2 [48x48/16] {
+0000000000000000000049BCCA7200000000000000000000
+0000000000000000006EFFFFFFFFB3000000000000000000
+00000000000000001CFFFFFFFFFFFF700000000000000000
+0000000000000001EFFFFFFFFFFFFFF80000000000000000
+000000000000000CFFFFFFFFFFFFFFFF6000000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
+0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
+0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
+0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
+00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+000000000000000BFFFFFFFFFFFFFFFF5000000000000000
+0000000000000001DFFFFFFFFFFFFFF70000000000000000
+00000000000000000BFFFFFFFFFFFF500000000000000000
+0000000000000000005DFFFFFFFFA1000000000000000000
+0000000000000000000037ABB96100000000000000000000
+000000000002578888300000000005888864100000000000
+0000000007DFFFFFFFFD9643347BFFFFFFFFFB4000000000
+00000004EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB10000000
+0000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD2000000
+000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
+00003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+0000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50000
+0003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0000
+0009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2000
+000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
+000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000
+000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
+000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
+0009FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFF2000
+0003FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFD0000
+0000BFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFF50000
+00003FFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFB00000
+000006FFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFE100000
+0000007FFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFD2000000
+00000004EFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFB10000000
+0000000007DF8FFFFFFFFFFFFFFFFFFFFFF8FB4000000000
+000000000002578888888888888888888864100000000000
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+skinparam rectangle<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam database<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam queue<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam actor<<container>> {
+    StereotypeFontColor #438DD5
+    FontColor #438DD5
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam person<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+
+
+skinparam rectangle<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam database<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam queue<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam actor<<external_container>> {
+    StereotypeFontColor #B3B3B3
+    FontColor #B3B3B3
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam person<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+skinparam rectangle<<component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #85BBF0
+    BorderColor #78A8D8
+}
+skinparam database<<component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #85BBF0
+    BorderColor #78A8D8
+}
+skinparam queue<<component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #85BBF0
+    BorderColor #78A8D8
+}
+skinparam actor<<component>> {
+    StereotypeFontColor #85BBF0
+    FontColor #85BBF0
+    BackgroundColor #85BBF0
+    BorderColor #78A8D8
+}
+skinparam person<<component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #85BBF0
+    BorderColor #78A8D8
+}
+
+
+skinparam rectangle<<external_component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #CCCCCC
+    BorderColor #BFBFBF
+}
+skinparam database<<external_component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #CCCCCC
+    BorderColor #BFBFBF
+}
+skinparam queue<<external_component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #CCCCCC
+    BorderColor #BFBFBF
+}
+skinparam actor<<external_component>> {
+    StereotypeFontColor #CCCCCC
+    FontColor #CCCCCC
+    BackgroundColor #CCCCCC
+    BorderColor #BFBFBF
+}
+skinparam person<<external_component>> {
+    StereotypeFontColor #000000
+    FontColor #000000
+    BackgroundColor #CCCCCC
+    BorderColor #BFBFBF
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+sprite $database [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+0000000000000002469ABBCDCCBAA8631000000000000000
+0000000000037BFFFFFFFFFFFFFFFFFFFEA6200000000000
+0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
+00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
+000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
+000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE000000
+0000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3000000
+00000005DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA10000000
+0000000005BFFFFFFFFFFFFFFFFFFFFFFFFFE82000000000
+00000200000038BEFFFFFFFFFFFFFFFFDA62000000100000
+00000BB2000000000256778988766410000000006E400000
+00000BFFB610000000000000000000000000028EFF400000
+00000BFFFFFC842000000000000000001369DFFFFF400000
+00000BFFFFFFFFFFDB98766556788ACEFFFFFFFFFF400000
+000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
+000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
+00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
+0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
+0000000000038CFFFFFFFFFFFFFFFFFFFEA6200000000000
+00000A6000000002469ABBCDCCBAA863100000002A400000
+00000BFE7100000000000000000000000000004AFF400000
+00000BFFFFC84000000000000000000000259EFFFF400000
+00000BFFFFFFFFEB975432211234458ACFFFFFFFFF400000
+000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
+000002EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000000
+0000002DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80000000
+000000006DFFFFFFFFFFFFFFFFFFFFFFFFFFFFA200000000
+000000000038CFFFFFFFFFFFFFFFFFFFFFEA610000000000
+00000820000000468BDEFFFFFFFEECA75200000006400000
+00000BFA30000000000000011000000000000006DF400000
+00000BFFFD830000000000000000000000015AFFFF400000
+00000BFFFFFFFCA753100000000001468BDFFFFFFF400000
+00000AFFFFFFFFFFFFFFFEDDDEEFFFFFFFFFFFFFFF300000
+000004FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
+0000005FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1000000
+00000002AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE600000000
+00000000017CFFFFFFFFFFFFFFFFFFFFFFFEA50000000000
+000000000000048ACFFFFFFFFFFFFFEB9620000000000000
+000000000000000000123445543320000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+
+skinparam folderBackgroundColor<<FA DATABASE>> White
+
+top to bottom direction
+
+rectangle "==Signer client\n\n Send commands to signer" <<external_system>> as SignerClient 
+
+rectangle "==Signer server\n<size:12>[System]</size>" <<boundary>> as Signer  {
+  rectangle "==Signer Software" <<boundary>> as SignerSoftware  {
+    rectangle "==Serial link handler\n//<size:12>[Go]</size>//\n\n Reads and writes to the serial interface, parses and creates frames" <<component>> as SerialHandler 
+    rectangle "==Protocol handler\n//<size:12>[Go]</size>//\n\n Parses and creates protocol messages" <<component>> as ProtocolHandler 
+    rectangle "==Command dispatcher\n//<size:12>[Go]</size>//\n\n Dispatch commands to command handlers" <<component>> as CommandDispatcher 
+    rectangle "==X.509 signing\n//<size:12>[Go]</size>//\n\n Handles X.509 certificate signing commands" <<component>> as X509SigningHandler 
+    rectangle "==X.509 revocation\n//<size:12>[Go]</size>//\n\n Handles X.509 certificate revocation commands" <<component>> as X509RevocationHandler 
+    rectangle "==OpenPGP signing\n//<size:12>[Go]</size>//\n\n Handles OpenPGP key signing commands"" <<component>> as OpenPGPSigningHandler 
+    rectangle "==X.509 crl\n//<size:12>[Go]</size>//\n\n Handles X.509 CRL retrieval commands" <<component>> as X509CRLHandler 
+    rectangle "==Health check\n//<size:12>[Go]</size>//\n\n Handles health check commands" <<component>> as HealthHandler 
+    rectangle "==HSM access\n//<size:12>[Go]</size>//\n\n Handles HSM hardware access" <<component>> as HSMAccess 
+    rectangle "==Synchronization handler\n//<size:12>[Go]</size>//\n\n Handles synchronization with other signer" <<component>> as SyncHandler 
+    database "<$database>\n==Certificate repository\n//<size:12>[Go, Embedded Key-Value DB]</size>//" <<component>> as SignerDB 
+  }
+
+  queue "==NATS Service\n//<size:12>[NATS]</size>//" <<container>> as NATS 
+}
+
+rectangle "==Other signer\n<size:12>[System]</size>" <<boundary>> as Signer2  {
+  rectangle "==Signer Software" <<boundary>> as SignerSoftware2  {
+    rectangle "==Synchronization handler\n//<size:12>[Go]</size>//\n\n Handles synchronization with other signer" <<external_component>> as SyncHandler2 
+    database "<$database>\n==Certificate repository\n//<size:12>[Go, Embedded Key-Value DB]</size>//" <<external_component>> as SignerDB2 
+  }
+
+  queue "==NATS Service\n//<size:12>[NATS]</size>//" <<external_container>> as NATS2 
+}
+
+rectangle "==HSM\n//<size:12>[PKCS#11]</size>//\n\n Hardware security module" <<external_component>> as HSM 
+
+SignerClient - ->> SerialHandler : **Uses**\n//<size:12>[USB serial link]</size>//
+
+SerialHandler - ->> ProtocolHandler : **Uses**
+
+ProtocolHandler - ->> CommandDispatcher : **Uses**
+
+CommandDispatcher - ->> X509SigningHandler : **Uses**
+CommandDispatcher - ->> X509CRLHandler : **Uses**
+CommandDispatcher - ->> X509RevocationHandler : **Uses**
+CommandDispatcher - ->> OpenPGPSigningHandler : **Uses**
+CommandDispatcher - ->> HealthHandler : **Uses**
+
+X509SigningHandler - ->> HSMAccess : **Uses**
+X509SigningHandler - ->> SignerDB : **Writes**
+
+X509RevocationHandler - ->> SignerDB : **Writes**
+
+X509CRLHandler - ->> HSMAccess : **Uses**
+X509CRLHandler - ->> SignerDB : **Reads**
+
+OpenPGPSigningHandler - ->> HSMAccess : **Uses**
+OpenPGPSigningHandler - ->> SignerDB : **Writes**
+
+HealthHandler - ->> HSMAccess : **Checks**
+HealthHandler - ->> SignerDB : **Checks**
+
+SyncHandler - ->> SignerDB : **Uses**
+
+SyncHandler <<- ->> NATS : **Synchronize**\n//<size:12>[NATS protocol]</size>//
+NATS <<- ->> NATS2 : **Synchronize**\n//<size:12>[NATS/TLS]</size>//
+SyncHandler2 <<- ->> NATS2 : **Synchronize**\n//<size:12>[NATS protocol]</size>//
+
+SyncHandler2 - ->> SignerDB2 : **Uses**
+
+HSMAccess - ->> HSM : **Uses**\n//<size:12>[PKCS#11]</size>//
+
+@enduml
+
+PlantUML version 1.2022.6(Tue Jun 21 19:34:49 CEST 2022)
+(GPL source distribution)
+Java Runtime: OpenJDK Runtime Environment
+JVM: OpenJDK 64-Bit Server VM
+Default Encoding: UTF-8
+Language: de
+Country: DE
+--></g></svg>
--- a/docs/container.puml
+++ b/docs/container.puml
@ -0,0 +1,34 @@
+@startuml
+!include <C4/C4_Container.puml>
+!include <tupadr3/devicons/mysql>
+!include <tupadr3/devicons/php>
+!include <tupadr3/devicons/go>
+!include <tupadr3/font-awesome/users>
+!include <tupadr3/font-awesome/database>
+
+Person_Ext(CommunityMember, "Community Member", $sprite="users")
+
+System_Boundary(Signer, "Signer") {
+     Container(SignerServer, "Signer Server", "Go binary", "Performs certificate signing", $sprite="go")
+     ContainerDb(SignerDB, "Certificate repository", "Key-Value DB", $sprite="database")
+}
+
+System_Boundary(Signer2, "Other Signer") {
+     Container_Ext(SignerServer2, "Signer Server")
+}
+
+System_Boundary(WebDB, "WebDB") {
+    Container_Ext(WebDBApp, "WebDB application", "PHP", "Provides the user interface for requesting certificates", $sprite="php")
+    Container_Ext(SignerClient, "Signer Client", "Go binary", "Handle signing request", $sprite="go")
+    ContainerDb_Ext(DB, "Database", "MySQL/MariaDB", "Hold certificate requests and certificates", $sprite="mysql")
+}
+
+Rel(CommunityMember, WebDBApp, "Uses", "https")
+Rel(WebDBApp, DB, "Uses")
+Rel(SignerClient, DB, "Uses")
+Rel_R(SignerClient, SignerServer, "Uses", "Serial binary protocol")
+Rel(SignerServer, SignerDB, "Uses")
+
+BiRel_R(SignerServer, SignerServer2, "Synchronize", "TLS")
+
+@enduml
--- a/docs/container.svg
+++ b/docs/container.svg
@ -0,0 +1,868 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="676px" preserveAspectRatio="none" style="width:1146px;height:676px;background:#FFFFFF;" version="1.1" viewBox="0 0 1146 676" width="1146px" zoomAndPan="magnify"><defs/><g><!--MD5=[ef20b3fe45c502f37db21f37a527870c]
+cluster Signer--><g id="cluster_Signer"><rect height="455" rx="2.5" ry="2.5" style="stroke:#444444;stroke-width:1.0;fill:none;stroke-dasharray:7.0,7.0;" width="252" x="622" y="191"/><text fill="#444444" font-family="sans-serif" font-size="6" font-style="italic" lengthAdjust="spacing" textLength="38" x="729" y="198.5693">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="58" x="719" y="217.8516">Signer</text><text fill="#444444" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="61" x="717.5" y="232.7637">[System]</text></g><!--MD5=[4e4416bf7ebbd0afd89bc8fc82d4e864]
+cluster Signer2--><g id="cluster_Signer2"><rect height="144" rx="2.5" ry="2.5" style="stroke:#444444;stroke-width:1.0;fill:none;stroke-dasharray:7.0,7.0;" width="178" x="962" y="231"/><text fill="#444444" font-family="sans-serif" font-size="6" font-style="italic" lengthAdjust="spacing" textLength="38" x="1032" y="238.5693">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="116" x="993" y="257.8516">Other Signer</text><text fill="#444444" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="61" x="1020.5" y="272.7637">[System]</text></g><!--MD5=[e3357671149b17f1a809966a4014a4c6]
+cluster WebDB--><g id="cluster_WebDB"><rect height="487" rx="2.5" ry="2.5" style="stroke:#444444;stroke-width:1.0;fill:none;stroke-dasharray:7.0,7.0;" width="473" x="7" y="183"/><text fill="#444444" font-family="sans-serif" font-size="6" font-style="italic" lengthAdjust="spacing" textLength="38" x="224.5" y="190.5693">«boundary»</text><text fill="#444444" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="65" x="211" y="209.8516">WebDB</text><text fill="#444444" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="61" x="213" y="224.7637">[System]</text></g><!--MD5=[101a5fb210317dd4656a370c05fec65b]
+entity SignerServer--><g id="elem_SignerServer"><rect fill="#438DD5" height="147.1563" rx="2.5" ry="2.5" style="stroke:#3C7FC0;stroke-width:0.5;" width="219" x="638.5" y="252"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="71" x="712.5" y="273.1387">«container»</text><image height="48" width="48" x="724" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACU0lEQVR4Xu2YT0oDMRjFe7fvAL2AB+gFPEAPYFeuxJ0LFy7duRJ3gluRCkJBCgUXooIiCPWRhyEmY743EsYiLY8hTb5JfnmTfPNnZHvXG6VRWfW32gJ5+i9A4/2b6en97GwJHVysIJZjzeTorjxLUW8gcuAIprI1CkAI2z1ZoIwjC4p8IIxNYd7Hlw87h7cQxoNQyIIxMJsgEOPv1eKFp4BPsc0BSnsBjYWpp96kU89sYCSOOJGdYEppQKd8IB7nq1f2XsawEjQIyDwjIoBwurUFYl8YG5dg+fiemkQgHJ/fPtbrdeoTmxDM0xsAcT0CiAQYYB1+qRMRCKxgSptiGSYpNOYCWRjpfP4Uy1QWYMGG7HqlNZhVuQM65QPZd6u5VtK/aIUxWCVkxcDcXxk39mnZcykJiCspKt329A9AuF4cEjSdKSrr5Cf5QEzKZT2bsrEzV1I1A4INlTwLAuZuxKBQWSgtgSrztsBE4npYMyCu0LI+ahJuW+Xuy9QMyOQNUldLILGvusROhgMSbR4OSOxkUKDOhJnJAeKeF++LdQGontKoGlC8O7ZyyEKOqCRPqwNZWImT8MhXNvWVkqvMBaIaOuRqC+RJAhJzWl1iJ1sgT8MBtVxDbnpVJKZ7CaiJQ2InEpDodkXuY2eUCqTcqCvSpyQBmbwCOoXJtAeKrxa/UK97swpkwaSp9+EsE5eObo/pQHxjN+GBJmr29RGHZ5UBnVKB4ucLvqHOwsdNVpJ1HD5n0Q8qVupbzHoBlY9XfMAlIgPKC0qm9g4Npi2Qp40D+gS2qDqwz8w3KwAAAABJRU5ErkJggg==" y="275.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="124" x="686" y="338.8203">Signer Server</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="68" x="714" y="353.7324">[Go binary]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="746" y="369.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="195" x="652.5" y="385.8545">Performs certificate signing</text></g><!--MD5=[e834ab3daed066426c91d2e7962575e2]
+entity SignerDB--><g id="elem_SignerDB"><path d="M641,516 C641,506 748,506 748,506 C748,506 855,506 855,516 L855,619.5625 C855,629.5625 748,629.5625 748,629.5625 C748,629.5625 641,629.5625 641,619.5625 L641,516 " fill="#438DD5" style="stroke:#3C7FC0;stroke-width:0.5;"/><path d="M641,516 C641,526 748,526 748,526 C748,526 855,526 855,516 " fill="none" style="stroke:#3C7FC0;stroke-width:0.5;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="71" x="712.5" y="541.1387">«container»</text><image height="48" width="48" x="724" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACs0lEQVR4Xu2XPUqEQQyGvdt3AC/gAbyAB/AAWlmJncUWlnZWYifYWIgoCIIsLAiKCoog6MMGw5jMz/c3+Am+vMjuOJN5J8lksivN1sWkuOKHfpfdBK3tXW8c3G4fzQ/PH46vns5uX+DV4nX++M5fyFfG4ez0nmnr+zerO5feToZlQRjdPVmw02dfPL99IBF9nMfbN0wKYjFuwJY1Pwx4EWV+O2VcEFKspVHBOQm93zcuiENYA3VAJvjdrSCS0a6rCZ/yVtCQ5O0BH7h/QT/xBwVRJOyiauDym90jgpr6RUjBG+B3jwiCm4d3PE/WwHjgJfEXPidIZY2bUsSIOpd/0ayg6Gx8iyHE9Xja8HTmZfV+soKko4guVvJfnMce1H6IVtKOv5CvjEOuj98sJHOiL1pEkJyMD6zJG+1BDoNu9XQHQQreWkywMu+2FDkSEZeezl+UPoIMMMociZEGiAhqECV25A0nKeZcWdDkXvtmav2QsHaxjt6vnKBmaj11SKmKQ+I46FeHrPTzhCP+LsMU03zgrCC59pyJjEvZGkhEIEWc11aQQquit9uJ8tr4pPSWC4JCYEtKIs7DOraICDtBfAn5wAjjkAlaHq2hAGVBtS+8gU9zK4gZo1/1FPCf2T0iSDT5V3B0EFC/dVyQkEtbSRaO8ZEqCxIOr4oCrY3FUmIFzdI9r5TE2bKXxXmpVGMccgYUyH1MGZTG0gxaQXLtsRX9jZKiXHs/nqLmQ1tBAtbgj07KMkQx3tIaLegmKEQYgswLpWSCCbG1uERZkDlBEaQLmwkle+yMLLz7rSAk20XVwBnM7hFBzfIHq11aAeRANO4RQc13s2JtjATCmmm54oKEnIAsHl4VBVIbcb/fKGROUEhyq007EULblZbNq7CtIEPf/WiHJE2SX9KSPQXV4+QEfQE5acTaynZl+AAAAABJRU5ErkJggg==" y="543.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="194" x="651" y="606.8203">Certificate repository</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="90" x="703" y="621.7324">[Key-Value DB]</text></g><!--MD5=[9599733a82a9d3948ec39fd4bd56d8e7]
+entity SignerServer2--><g id="elem_SignerServer2"><rect fill="#B3B3B3" height="66.5625" rx="2.5" ry="2.5" style="stroke:#A6A6A6;stroke-width:0.5;" width="146" x="978" y="292"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="988" y="313.1387">«external_container»</text><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="124" x="989" y="330.8203">Signer Server</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="10" x="1046" y="345.7324">[]</text></g><!--MD5=[a152ece6be45da3feebaa3c76c983657]
+entity WebDBApp--><g id="elem_WebDBApp"><rect fill="#B3B3B3" height="163.4531" rx="2.5" ry="2.5" style="stroke:#A6A6A6;stroke-width:0.5;" width="218" x="23" y="244"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="69" y="265.1387">«external_container»</text><image height="48" width="48" x="108" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAABsklEQVR4Xu2UobqDMAxG9/6vM4PBYDAzGAwGg5m5BoNi/yUf/3LTQgaIXZGjSpOW0yZwu/8zbnbi24SQRwh5hJBHCHmEkEcIeYSQx1WhnxUbOMsloaqq5oVxHG3sLJeEmqYRoWEYbOwse0JlWTYJuBUm9H0vQs/nU6KPxwOrmIDHv6t/E4qiYELKnhDfZ5imqa5rJKBSNrYAP9nBBlaYkLInhFa1OylwUDulaNuWHZal6zr7voU9IS7mJePC9Y4y0B2NozPaJB2GfZiw9R1sCqEVZCUKpOdZJt6f7mi+DzasOG6LCai1TJptyaYQL8P8Y2RSdpSBfh8nUS8aYysmIFkmD98QK4KDcpJVkB1lIA1+XyrCqB7r746Wh3tIr8SOODEPNy+WHLPDdDl0R5cLiLKgs1pl2BTiyhS4Zv/RNJbf0ntBgi6iIS/Ejk6Rq06/IIAxc7b+YXKY95sS8kK6o+sVvZGUAOj+QIJMohysONS5fKtMmrwQO1p/QYeQ5cAGPPJC7L56/YIOke2wD8kLSROATy45BUKyHPWyMY+80BcJIY8Q8gghjxDyCCGPEPIIIY8XBmG9XcKadvYAAAAASUVORK5CYII=" y="267.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="169" x="47.5" y="330.8203">WebDB application</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="33" x="115.5" y="345.7324">[PHP]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="130" y="361.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="190" x="37" y="377.8545">Provides the user interface</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="183" x="40.5" y="394.1514">for requesting certificates</text></g><!--MD5=[c25eb3bb2a673e49b4700e0aa1b6b6c8]
+entity SignerClient--><g id="elem_SignerClient"><rect fill="#B3B3B3" height="147.1563" rx="2.5" ry="2.5" style="stroke:#A6A6A6;stroke-width:0.5;" width="188" x="276" y="252"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="307" y="273.1387">«external_container»</text><image height="48" width="48" x="346" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACMUlEQVR4Xu2YLW/DMBCG9///zpGQEZOQkJKR4pKSkpKi7NW9qnW7pL7LZGXVlAdEju3Yjy+28/Ehb8aHz/hrDqGI/yI0DMM0TSflS2G65pRS/DU5NgvRA0c4+TIDhFBtHEekR8XXeEEsND3BuM/n86dSFCRcZXTMIgBjnF6vV14Cv0zYAiHbCmxEh25jY4fuwsCaOOJCNoIh2QqrxEI83m43tu5raMeiNqjgYkZFCOFy6SvEttA3bsH9frdBohCOj8djnmcbJxahMi/vIMT5CCEaoINZsZGoQnCFky2qaQQpYyOhkGhPl8ulpomrIBoGd79sDka1XAGrxELyM9ScK/YUpQgMZgld0THXl/PGOrWnr0gJcSZV7LIvGj8I4X6xy0Gx9Ylr5BWx0KCbss9Vln27qFi6CSEMjX0WBty7UQeJxkTpKdQYt6gTjdvVuglxhvpcQ9HHFmeVLzN0E5L0AmnTUyjZVptkI/sJJcO8n1CykV2FVjdMRyDENZ98LraBUHtLIy2h+nTsFSHRPaKxeUpbSHQmFn3l8wXbyexVEgqRjhEKOYQiUkLJPa1NspFDKGI/oZ5zKNxeMyS3+5RQlwglG0kJJaPdIHztrGSFMg/qBvkhpYQkPQNWwWD6C9VPi1+w6dmcFRIN0hT9OHNw6uTDI3khfrFL4oWmcnr+xJHok82SFaq/L/iFelKYSddBf2cxHqRm5peYbBJavl7xBZeKrLC8oXTqH6HdOIQi3k7oG+BqKkivtpIyAAAAAElFTkSuQmCC" y="275.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="116" x="312" y="338.8203">Signer Client</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="68" x="336" y="353.7324">[Go binary]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="368" y="369.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="164" x="290" y="385.8545">Handle signing request</text></g><!--MD5=[f9ba5bf973e7832d2ce5ed59077b93f7]
+entity DB--><g id="elem_DB"><path d="M109,492 C109,482 210,482 210,482 C210,482 311,482 311,492 L311,644.4531 C311,654.4531 210,654.4531 210,654.4531 C210,654.4531 109,654.4531 109,644.4531 L109,492 " fill="#B3B3B3" style="stroke:#A6A6A6;stroke-width:0.5;"/><path d="M109,492 C109,502 210,502 210,502 C210,502 311,502 311,492 " fill="none" style="stroke:#A6A6A6;stroke-width:0.5;"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="126" x="147" y="517.1387">«external_container»</text><image height="48" width="48" x="186" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAAB+0lEQVR4Xu2YL5PCMBBH+f5fJwZTg8FgMDWYmhpMDeZU783uXKcsIbulpT3RJ26YNEMev2z+9A7pn3GwDVuzC3nsQh67kEde6Hq9/gj3+53P9vE3yQs9Ho+maS6XS9u2fd9jhtbxeLT9vkBeqBH0c1VVqgVd191ut/P5/Nx9SfJCSJAKf4cW4sGjrmuc1OxLWnkh0LFtq3A6nTSzIcUFeSsEhEQZ2dY/eEQHpJetrZIQQ1LdtnUEKgjRZ0GnklCSkNxaYfpMwc3BEaKS2Ips6wv0WSonR4gxKN7ISJ1gW6fjCCWZkchqYsoWWXe+kIYUKRHml55sCvbBFHwhYHcO/nQqaebEhYT46Uycbc3BkiQkd2EWCAkRT/zMn1ndISEmIl4ZM0MKCQVX/sCckHwhXWW2tcickKYJ6bXk+Xmej0PyhZJMme5DVDefWXS2xwvUXLCnISTEUaX3EKq7FyIlFbcfExKiGnDSw4EB0GKrtJ1y0FlfFgr3KkNIKElNaDaVwBiRkBS9V/ENkfMnKqR3sSF/Mgvu3QOalhtVVOgVvjq+Wyok1Ml7i30w4nOhqWBDrlrphYNoDSGV6OXlSd8/C/W3nlBw415DKMm1Eye3otNqQkn+gYGTuzbXE0pynrhXylWFlPKr1QZCSbbZd3vYNkIFdiGPXchjF/L4BaraQhgnzQ/BAAAAAElFTkSuQmCC" y="519.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="86" x="167" y="582.8203">Database</text><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="104" x="158" y="597.7324">[MySQL/MariaDB]</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="4" x="208" y="613.5576"> </text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="174" x="123" y="629.8545">Hold certificate requests</text><text fill="#FFFFFF" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="110" x="155" y="646.1514">and certificates</text></g><!--MD5=[3e583eb1a56cc46676fe476ee2ce7b26]
+entity CommunityMember--><g id="elem_CommunityMember"><rect fill="#686868" height="100.5938" rx="2.5" ry="2.5" style="stroke:#8A8A8A;stroke-width:0.5;" width="202" x="31" y="7"/><text fill="#FFFFFF" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="110" x="77" y="28.1387">«external_person»</text><image height="48" width="48" x="108" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAIAAADYYG7QAAACv0lEQVR4Xu2YvXPCMAzF++dmzszMzNyZmZmZOTMzMzN7+i6iQnmyZCctpb3rb+CuEEnP1oedvnW/jDf+4tX8KUHb7fZ9ou97/m054m232+XeyoJgebvdRsP5fM4dJez3e/I2DEPkrSAI9tZYgdPIS8LxeGRHE9frteiNBWFj2dRwuVzo+RwkiF0YsOts4AVhM9luDhSTSQJCsv2czWZDJiyIku05HA5kksDGDpQHmbAgtnCgJuzzSAq+OZ1O+IR3WjEbO/zyWBBqjY3m6Jrgi3+bQJ1pWqv7jXZ+xJ5gQVFTKNgDdAei8g9zRDd2jn+Y4xuNBeGJZFkIgGeqagSsHur5WwNlX2BBXdz50qXVRVsgKOp8tDMHnigIAnBk+x+FJdWXr9gjUb0331zKQxDMkAtsgO2UfkL/jAo5QW075w05RURK3EOQ7S9kx56psvNdw6DzyGlqz1SUBBZmK9X22l1QVDeKFFB1KHgQrNH5TFA1F08VNJrM3gVVjzA5VtelLGo0ixbuXVBLpK5hIz1dw7AdzZl9F9Qy66qDziNt3+JcmmaZIMna0sHYUkCjabQFgtCosrGNpS3Tr1qdAgtK0gwdKB070NoPVwUZyZWp/8dgLNa13u0RAB7xp0aK1qDXDxgivzDBp3wTtVthMApy2xo+kaGOL+n8R0jtUvgSE0TFRmqz+DcFWRseUP8wwWN277vocFWiNY3TVcTfr+EdMaIia3lHyAT16d1IQRjJZqTDUrwDWTJBK8ZgCxxmTiaoZXtW4C/2llBQ40BbQV5JoaAn5UvgYIZQUHEsfRe+PZVQUEvLrMa/jimhIPbxrSR1/RpByTR6jSB54SzydwQ9aSoKa2poSK8vX8T/n0oJBS29PrczBG/1QiioS+8eq7HvhEUyQd10A0GL4vS5fQ2MWWxMMg+ViqCf519QjV8n6AOTSRU5+daFHAAAAABJRU5ErkJggg==" y="30.9688"/><text fill="#FFFFFF" font-family="sans-serif" font-size="16" font-weight="bold" lengthAdjust="spacing" textLength="182" x="41" y="93.8203">Community Member</text></g><!--MD5=[c52992fcbcf59ccdca97959ce2768ea1]
+link CommunityMember to WebDBApp--><g id="link_CommunityMember_WebDBApp"><path d="M132,108.22 C132,144.03 132,193.32 132,235.8 " fill="none" id="CommunityMember-to-WebDBApp" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="132,243.93,135,235.93,129,235.93,132,243.93" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="138" y="150.1387">Uses</text><text fill="#666666" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="42" x="133" y="164.1074">[https]</text></g><!--MD5=[fbee06156ef50357168ac4da65a408ea]
+link WebDBApp to DB--><g id="link_WebDBApp_DB"><path d="M158.19,407.25 C165.16,428.74 172.74,452.11 179.9,474.19 " fill="none" id="WebDBApp-to-DB" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="182.41,481.93,182.7937,473.3946,177.0868,475.247,182.41,481.93" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="172" y="449.1387">Uses</text></g><!--MD5=[8e269143aa189eb9f060cb639be57569]
+link SignerClient to DB--><g id="link_SignerClient_DB"><path d="M321.56,399.31 C305.69,423.17 287.84,450 271.15,475.08 " fill="none" id="SignerClient-to-DB" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="266.71,481.76,273.6388,476.7608,268.6432,473.4376,266.71,481.76" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="295" y="449.1387">Uses</text></g><!--MD5=[b3005e99766578fbe5ee5803a6e5628f]
+link SignerClient to SignerServer--><g id="link_SignerClient_SignerServer"><path d="M464.41,325.5 C514.64,325.5 576.88,325.5 630.25,325.5 " fill="none" id="SignerClient-to-SignerServer" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="638.39,325.5,630.39,322.5,630.39,328.5,638.39,325.5" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="535.25" y="305.6387">Uses</text><text fill="#666666" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="138" x="482.25" y="319.6074">[Serial binary protocol]</text></g><!--MD5=[b3dbe02d649f4bbe8ed0e680cc5251a2]
+link SignerServer to SignerDB--><g id="link_SignerServer_SignerDB"><path d="M748,399.31 C748,430.53 748,466.83 748,497.66 " fill="none" id="SignerServer-to-SignerDB" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="748,505.78,751,497.78,745,497.78,748,505.78" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="32" x="749" y="449.1387">Uses</text></g><!--MD5=[782e5345118d7400edc1b4060f7ed2cd]
+link SignerServer to SignerServer2--><g id="link_SignerServer_SignerServer2"><path d="M865.83,325.5 C900.67,325.5 938,325.5 969.95,325.5 " fill="none" id="SignerServer-SignerServer2" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="977.96,325.5,969.96,322.5,969.96,328.5,977.96,325.5" style="stroke:#666666;stroke-width:1.0;"/><polygon fill="#666666" points="857.82,325.5,865.82,328.5,865.82,322.5,857.82,325.5" style="stroke:#666666;stroke-width:1.0;"/><text fill="#666666" font-family="sans-serif" font-size="12" font-weight="bold" lengthAdjust="spacing" textLength="84" x="875.75" y="305.6387">Synchronize</text><text fill="#666666" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="32" x="901.75" y="319.6074">[TLS]</text></g><!--MD5=[08082fb63f4eba00557ff8f29c4025d6]
+@startuml
+!include <C4/C4_Container.puml>
+!include <tupadr3/devicons/mysql>
+!include <tupadr3/devicons/php>
+!include <tupadr3/devicons/go>
+!include <tupadr3/font-awesome/users>
+!include <tupadr3/font-awesome/database>
+
+Person_Ext(CommunityMember, "Community Member", $sprite="users")
+
+System_Boundary(Signer, "Signer") {
+     Container(SignerServer, "Signer Server", "Go binary", "Performs certificate signing", $sprite="go")
+     ContainerDb(SignerDB, "Certificate repository", "Key-Value DB", $sprite="database")
+}
+
+System_Boundary(Signer2, "Other Signer") {
+     Container_Ext(SignerServer2, "Signer Server")
+}
+
+System_Boundary(WebDB, "WebDB") {
+    Container_Ext(WebDBApp, "WebDB application", "PHP", "Provides the user interface for requesting certificates", $sprite="php")
+    Container_Ext(SignerClient, "Signer Client", "Go binary", "Handle signing request", $sprite="go")
+    ContainerDb_Ext(DB, "Database", "MySQL/MariaDB", "Hold certificate requests and certificates", $sprite="mysql")
+}
+
+Rel(CommunityMember, WebDBApp, "Uses", "https")
+Rel(WebDBApp, DB, "Uses")
+Rel(SignerClient, DB, "Uses")
+Rel_R(SignerClient, SignerServer, "Uses", "Serial binary protocol")
+Rel(SignerServer, SignerDB, "Uses")
+
+BiRel_R(SignerServer, SignerServer2, "Synchronize", "TLS")
+
+@enduml
+
+@startuml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+skinparam defaultTextAlignment center
+
+skinparam wrapWidth 200
+skinparam maxMessageSize 150
+
+skinparam LegendBorderColor transparent
+skinparam LegendBackgroundColor transparent
+skinparam LegendFontColor #FFFFFF
+
+skinparam shadowing<<legendArea>> false
+skinparam rectangle<<legendArea>> {
+    backgroundcolor #00000000
+    bordercolor #00000000
+}
+
+skinparam rectangle {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam database {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam queue {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam arrow {
+    Color #666666
+    FontColor #666666
+    FontSize 12
+}
+
+skinparam actor {
+    StereotypeFontSize 12
+    shadowing false
+    style awesome
+}
+
+skinparam person {
+    StereotypeFontSize 12
+    shadowing false
+}
+
+skinparam package {
+    StereotypeFontSize 6
+    StereotypeFontColor transparent
+    FontStyle plain
+    BackgroundColor transparent
+}
+
+skinparam rectangle<<boundary>> {
+    Shadowing false
+    StereotypeFontSize 6
+    StereotypeFontColor transparent
+    FontColor #444444
+    BorderColor #444444
+    BackgroundColor transparent
+    BorderStyle dashed
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+skinparam rectangle<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam database<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam queue<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam actor<<person>> {
+    StereotypeFontColor #08427B
+    FontColor #08427B
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+skinparam person<<person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #08427B
+    BorderColor #073B6F
+}
+
+
+skinparam rectangle<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam database<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam queue<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam actor<<external_person>> {
+    StereotypeFontColor #686868
+    FontColor #686868
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+skinparam person<<external_person>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #686868
+    BorderColor #8A8A8A
+}
+
+
+skinparam rectangle<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam database<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam queue<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam actor<<system>> {
+    StereotypeFontColor #1168BD
+    FontColor #1168BD
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+skinparam person<<system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #1168BD
+    BorderColor #3C7FC0
+}
+
+
+skinparam rectangle<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam database<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam queue<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam actor<<external_system>> {
+    StereotypeFontColor #999999
+    FontColor #999999
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+skinparam person<<external_system>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #999999
+    BorderColor #8A8A8A
+}
+
+
+
+
+
+sprite $person [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+0000000000000000000049BCCA7200000000000000000000
+0000000000000000006EFFFFFFFFB3000000000000000000
+00000000000000001CFFFFFFFFFFFF700000000000000000
+0000000000000001EFFFFFFFFFFFFFF80000000000000000
+000000000000000CFFFFFFFFFFFFFFFF6000000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
+0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
+0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
+0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
+00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+000000000000000BFFFFFFFFFFFFFFFF5000000000000000
+0000000000000001DFFFFFFFFFFFFFF70000000000000000
+00000000000000000BFFFFFFFFFFFF500000000000000000
+0000000000000000005DFFFFFFFFA1000000000000000000
+0000000000000000000037ABB96100000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000025788300000000005886410000000000000
+000000000007DFFFFFFD9643347BFFFFFFFB400000000000
+0000000004EFFFFFFFFFFFFFFFFFFFFFFFFFFB1000000000
+000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFD200000000
+00000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE10000000
+0000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB0000000
+000000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF5000000
+000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
+000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
+00000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF600000
+00000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF800000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+00001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA00000
+00000EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000
+000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
+0000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD3000000
+000000014555555555555555555555555555555300000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+sprite $person2 [48x48/16] {
+0000000000000000000049BCCA7200000000000000000000
+0000000000000000006EFFFFFFFFB3000000000000000000
+00000000000000001CFFFFFFFFFFFF700000000000000000
+0000000000000001EFFFFFFFFFFFFFF80000000000000000
+000000000000000CFFFFFFFFFFFFFFFF6000000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+00000000000001FFFFFFFFFFFFFFFFFFF900000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFF00000000000000
+0000000000000BFFFFFFFFFFFFFFFFFFFF40000000000000
+0000000000000EFFFFFFFFFFFFFFFFFFFF70000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000FFFFFFFFFFFFFFFFFFFFF80000000000000
+0000000000000DFFFFFFFFFFFFFFFFFFFF60000000000000
+0000000000000AFFFFFFFFFFFFFFFFFFFF40000000000000
+00000000000006FFFFFFFFFFFFFFFFFFFE00000000000000
+00000000000000EFFFFFFFFFFFFFFFFFF800000000000000
+000000000000007FFFFFFFFFFFFFFFFFF100000000000000
+000000000000000BFFFFFFFFFFFFFFFF5000000000000000
+0000000000000001DFFFFFFFFFFFFFF70000000000000000
+00000000000000000BFFFFFFFFFFFF500000000000000000
+0000000000000000005DFFFFFFFFA1000000000000000000
+0000000000000000000037ABB96100000000000000000000
+000000000002578888300000000005888864100000000000
+0000000007DFFFFFFFFD9643347BFFFFFFFFFB4000000000
+00000004EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB10000000
+0000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD2000000
+000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE100000
+00003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB00000
+0000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF50000
+0003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD0000
+0009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF2000
+000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
+000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFB000
+001FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000
+000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8000
+000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF6000
+0009FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFF2000
+0003FFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFFD0000
+0000BFFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFF50000
+00003FFFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFFB00000
+000006FFFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFFE100000
+0000007FFFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFFD2000000
+00000004EFFF8FFFFFFFFFFFFFFFFFFFFFF8FFFB10000000
+0000000007DF8FFFFFFFFFFFFFFFFFFFFFF8FB4000000000
+000000000002578888888888888888888864100000000000
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+skinparam rectangle<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam database<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam queue<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam actor<<container>> {
+    StereotypeFontColor #438DD5
+    FontColor #438DD5
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+skinparam person<<container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #438DD5
+    BorderColor #3C7FC0
+}
+
+
+skinparam rectangle<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam database<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam queue<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam actor<<external_container>> {
+    StereotypeFontColor #B3B3B3
+    FontColor #B3B3B3
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+skinparam person<<external_container>> {
+    StereotypeFontColor #FFFFFF
+    FontColor #FFFFFF
+    BackgroundColor #B3B3B3
+    BorderColor #A6A6A6
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+sprite $mysql [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+00000006EEB6000000000000000000000000000000000000
+0000000D95AFE61000000000000000000000000000000000
+000000099002AFFC84000000000000000000000000000000
+00000002E2000147CFC40000000000000000000000000000
+000000007C00000003AF9000000000000000000000000000
+000000000E5000000005EC10000000000000000000000000
+0000000005D0000000001CD1000000000000000000000000
+0000000000E40000000000AE200000000000000000000000
+00000000007B00000000000BD10000000000000000000000
+00000000001F100000000000CC0000000000000000000000
+00000000000A9000000000002F9000000000000000000000
+000000000001F2000000000007F300000000000000000000
+00000000000089000000000000DC00000000000000000000
+0000000000007A0000000000004F40000000000000000000
+000000000000960000000000000CC0000000000000000000
+000000000000D300000000000004F4000000000000000000
+000000000000F100000000000000CC000000000000000000
+000000000001F0000000000000004F400000000000000000
+000000000001F002E000000000000CC00000000000000000
+000000000000F209F7000000000003F70000000000000000
+000000000000B50DFF1000000000009F7000000000000000
+0000000000004B2F7D80000000000007EE50000000000000
+0000000000000CFF22E100000000000005DC200000000000
+00000000000001C7004A0000000000000007E50000000000
+0000000000000000000530000000000000002C8000000000
+00000000000000000000000000000000000249F600000000
+0000000000000000000000000000000009FFC95100000000
+0000000000000000000000000000000009F4000000000000
+0000000000000000000000000000000000AF500000000000
+000000000000000000000000000000000006FA0000000000
+0000000000000000000000000000000000003DC000000000
+000000000000000000000000000000000000007B00000000
+000000000000000000000000000000000000000130000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+
+skinparam folderBackgroundColor<<DEV MYSQL>> White
+sprite $php [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000CCC000000000000000000000000
+000000000000000000003FFD000000000000000000000000
+000000000000000000006FFA000000000000000000000000
+000000000266666630009FFB665200056666651000000000
+0000000009FFFFFFFE40DFFFFFFFB00FFFFFFFFB00000000
+000000000CFFFFFFFFF1FFFFFFFFF73FFFFFFFFF80000000
+000000000FFF1005FFF8FFD000BFF86FFA001BFFD0000000
+000000002FFE0000DFFCFFA000BFF69FF70004FFE0000000
+000000005FFC0000FFFEFF7000EFF3CFF50007FFD0000000
+000000008FF90006FFFDFF4001FFF1FFF2000CFF80000000
+00000000CFF8237FFF9FFF1004FFE3FFF224BFFF10000000
+00000000FFFFFFFFFC3FFD0007FFB6FFFFFFFFF500000000
+00000002FFFFFFFF806FFA000AFF89FFFFFFFC3000000000
+00000005FFC444300024420003441CFF6443100000000000
+00000008FF7000000000000000000FFF0000000000000000
+0000000BFF4000000000000000003FFD0000000000000000
+000000089910000000000000000039960000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+
+skinparam folderBackgroundColor<<DEV PHP>> White
+sprite $go [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000156677666673000000000000000000
+000000000000000056510000000003640440000000000000
+00000000000555782233200000433314B226300000000000
+000000000063008031000400040000313830700000000000
+0000000000606C13000000304120000408C0700000000000
+0000000000606703BD1000303EF400030170700000000000
+0000000000446103FF2000303BE200020087000000000000
+000000000003A00333000030120000120042000000000000
+00000000000070004100047EC33214300005000000000000
+0000000000006000023323AEB50110000006000000000000
+000000000001500000001100003000000006000000000000
+000000000002400000000356452000000006000000000000
+000000000002300000000034030000000006000000000000
+000000000001400000000036330000000006000000000000
+000000000000500000000000000000000006000000000000
+000000000000600000000000000000000006000000000000
+000000000000600000000000000000000005000000000000
+000000000000600000000000000000000006000000000000
+000000000000600000000000000000000006100000000000
+000000000023700000000000000000000006240000000000
+000000000120600000000000000000000006032000000000
+000000000053800000000000000000000006330000000000
+000000000000600000000000000000000006000000000000
+000000000000600000000000000000000006000000000000
+000000000000600000000000000000000006000000000000
+000000000000500000000000000000000005000000000000
+000000000000500000000000000000000005000000000000
+000000000000500000000000000000000005000000000000
+000000000000500000000000000000000006000000000000
+000000000000400000000000000000000007000000000000
+000000000000500000000000000000000005000000000000
+000000000000600000000000000000000014000000000000
+000000000000610000000000000000000060000000000000
+000000000000070000000000000000000160000000000000
+000000000000034000000000000000000800000000000000
+000000000000007510000000000000014600000000000000
+000000000000021032000000000000670030000000000000
+000000000000042045664221134666113140000000000000
+000000000000043300002345431000001330000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+
+skinparam folderBackgroundColor<<DEV GO>> White
+sprite $users [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000355100000000000000000000003541000000000
+00000005EFFFFB10000000000000000006EFFFFA10000000
+0000006FFFFFFFE100000000000000008FFFFFFFD1000000
+000003FFFFFFFFFC0000000000000004FFFFFFFFFB000000
+00000AFFFFFFFFFF300000000000000BFFFFFFFFFF200000
+00000EFFFFFFFFFF700000000000000FFFFFFFFFFF600000
+00000FFFFFFFFFFF800004898620000FFFFFFFFFFF700000
+00000DFFFFFFFFFF6007FFFFFFFC300EFFFFFFFFFF500000
+000008FFFFFFFFFF21CFFFFFFFFFF609FFFFFFFFFF100000
+000001EFFFFFFFF90CFFFFFFFFFFFF52FFFFFFFFF8000000
+0000003FFFFFFFB09FFFFFFFFFFFFFF24FFFFFFFA0000000
+00000002AFFFD702FFFFFFFFFFFFFFFA02AFFFD600000000
+0002C92000110007FFFFFFFFFFFFFFFF0000110005C80000
+000DFFFB5100240BFFFFFFFFFFFFFFFF41410037EFFF5000
+003FFFFFFFFFFB0DFFFFFFFFFFFFFFFF53FFFFFFFFFFB000
+007FFFFFFFFFFB0DFFFFFFFFFFFFFFFF53FFFFFFFFFFF000
+00AFFFFFFFFFFC0BFFFFFFFFFFFFFFFF44FFFFFFFFFFF200
+00BFFFFFFFFFFF07FFFFFFFFFFFFFFFF08FFFFFFFFFFF300
+00CFFFFFFFFFFF52FFFFFFFFFFFFFFFA0CFFFFFFFFFFF400
+00CFFFFFFFFFFFC09FFFFFFFFFFFFFF23FFFFFFFFFFFF500
+00CFFFFFFFFFFFE30DFFFFFFFFFFFF60AFFFFFFFFFFFF500
+008FFFFFFFFE710001CFFFFFFFFFF600004AFFFFFFFFF100
+000BFFFFFFB106AB6008FFFFFFFC3019B9304FFFFFFF5000
+000048AAA804EFFFFC20058A973006FFFFFB13AAA9610000
+00000000004FFFFFFFF930000016DFFFFFFFC00000000000
+0000000001EFFFFFFFFFFFCABDFFFFFFFFFFF80000000000
+0000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFF0000000000
+000000000EFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000000
+000000003FFFFFFFFFFFFFFFFFFFFFFFFFFFFFC000000000
+000000007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000
+00000000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF300000000
+00000000DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF500000000
+00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000000
+00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF800000000
+00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF900000000
+00000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF900000000
+00000000EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF700000000
+00000000AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000000
+000000002FFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000000000
+0000000004FFFFFFFFFFFFFFFFFFFFFFFFFFFB0000000000
+000000000018CEEEEEEEEEEEEEEEEEEEEEDA500000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+
+skinparam folderBackgroundColor<<FA USERS>> White
+sprite $database [48x48/16] {
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+0000000000000002469ABBCDCCBAA8631000000000000000
+0000000000037BFFFFFFFFFFFFFFFFFFFEA6200000000000
+0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
+00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
+000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
+000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+00000BFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF400000
+000006FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE000000
+0000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3000000
+00000005DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA10000000
+0000000005BFFFFFFFFFFFFFFFFFFFFFFFFFE82000000000
+00000200000038BEFFFFFFFFFFFFFFFFDA62000000100000
+00000BB2000000000256778988766410000000006E400000
+00000BFFB610000000000000000000000000028EFF400000
+00000BFFFFFC842000000000000000001369DFFFFF400000
+00000BFFFFFFFFFFDB98766556788ACEFFFFFFFFFF400000
+000008FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF100000
+000000CFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7000000
+00000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE40000000
+0000000029EFFFFFFFFFFFFFFFFFFFFFFFFFFC6000000000
+0000000000038CFFFFFFFFFFFFFFFFFFFEA6200000000000
+00000A6000000002469ABBCDCCBAA863100000002A400000
+00000BFE7100000000000000000000000000004AFF400000
+00000BFFFFC84000000000000000000000259EFFFF400000
+00000BFFFFFFFFEB975432211234458ACFFFFFFFFF400000
+000009FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF200000
+000002EFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA000000
+0000002DFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF80000000
+000000006DFFFFFFFFFFFFFFFFFFFFFFFFFFFFA200000000
+000000000038CFFFFFFFFFFFFFFFFFFFFFEA610000000000
+00000820000000468BDEFFFFFFFEECA75200000006400000
+00000BFA30000000000000011000000000000006DF400000
+00000BFFFD830000000000000000000000015AFFFF400000
+00000BFFFFFFFCA753100000000001468BDFFFFFFF400000
+00000AFFFFFFFFFFFFFFFEDDDEEFFFFFFFFFFFFFFF300000
+000004FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFD000000
+0000005FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC1000000
+00000002AFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE600000000
+00000000017CFFFFFFFFFFFFFFFFFFFFFFFEA50000000000
+000000000000048ACFFFFFFFFFFFFFEB9620000000000000
+000000000000000000123445543320000000000000000000
+000000000000000000000000000000000000000000000000
+000000000000000000000000000000000000000000000000
+}
+
+
+skinparam folderBackgroundColor<<FA DATABASE>> White
+
+rectangle "<$users>\n==Community Member" <<external_person>> as CommunityMember 
+
+rectangle "==Signer\n<size:12>[System]</size>" <<boundary>> as Signer  {
+     rectangle "<$go>\n==Signer Server\n//<size:12>[Go binary]</size>//\n\n Performs certificate signing" <<container>> as SignerServer 
+     database "<$database>\n==Certificate repository\n//<size:12>[Key-Value DB]</size>//" <<container>> as SignerDB 
+}
+
+rectangle "==Other Signer\n<size:12>[System]</size>" <<boundary>> as Signer2  {
+     rectangle "==Signer Server\n//<size:12>[]</size>//" <<external_container>> as SignerServer2 
+}
+
+rectangle "==WebDB\n<size:12>[System]</size>" <<boundary>> as WebDB  {
+    rectangle "<$php>\n==WebDB application\n//<size:12>[PHP]</size>//\n\n Provides the user interface for requesting certificates" <<external_container>> as WebDBApp 
+    rectangle "<$go>\n==Signer Client\n//<size:12>[Go binary]</size>//\n\n Handle signing request" <<external_container>> as SignerClient 
+    database "<$mysql>\n==Database\n//<size:12>[MySQL/MariaDB]</size>//\n\n Hold certificate requests and certificates" <<external_container>> as DB 
+}
+
+CommunityMember - ->> WebDBApp : **Uses**\n//<size:12>[https]</size>//
+WebDBApp - ->> DB : **Uses**
+SignerClient - ->> DB : **Uses**
+SignerClient -RIGHT->> SignerServer : **Uses**\n//<size:12>[Serial binary protocol]</size>//
+SignerServer - ->> SignerDB : **Uses**
+
+SignerServer <<-RIGHT->> SignerServer2 : **Synchronize**\n//<size:12>[TLS]</size>//
+
+@enduml
+
+PlantUML version 1.2022.6(Tue Jun 21 19:34:49 CEST 2022)
+(GPL source distribution)
+Java Runtime: OpenJDK Runtime Environment
+JVM: OpenJDK 64-Bit Server VM
+Default Encoding: UTF-8
+Language: de
+Country: DE
+--></g></svg>
--- a/docs/design.md
+++ b/docs/design.md
@ -0,0 +1,151 @@
+# Signer system design
+
+This document describes the system design of the CAcert signer software. The document describes the integration as well
+as technical design decisions.
+
+## Context
+
+The signer is used to handle X.509 certificate and OpenPGP public key signing, X.509 certificate revocation and CRL
+handling. The signer receives commands via a serial link.
+
+![C4 Context diagram of the Signer showing the interaction with the surrounding systems described in the sections below](container.svg "Signer Context diagram")
+
+### WebDB
+
+*WebDB* is the system running the user facing *WebDB application*. The *Signer client* that is part of the *WebDB*
+system, polls certificate and public key signing as well as certificate revocation request information from the
+*WebDB database* periodically. The *Signer client* takes care of fetching CRLs and health information from the
+*Signer server*  periodically.
+
+The requests are send via a binary protocol (msgpack + COBS) over a serial link.
+
+*Note:* the database polling may be replaced with an event broker like Redis or NATS in the future.
+
+### Signer
+
+The *Signer* system runs the signer software. The system is only reachable via a serial link from the outside.
+Information coming over that connection is trusted in the sense that requested certificate attributes where checked by
+the requesting *WebDB application*.
+
+The *Signer Server* synchronizes with another Signer via a dedicated internal network link (crossover cable). The
+synchronization is required to make information related to issued and revoked certificates available on both signers.
+
+## Signer components
+
+The Signer server is structured into several components with clear responsibilities.
+
+![C4 Component diagram showing the components of the signer described in the sections below.](components.svg "Components of the signer")
+
+The Singer server is implemented in [Go](https://golang.org/), configured via YAML and running as a standalone
+process.
+
+### Serial link handler
+
+The serial link handler handles all communication over the serial link. It reads raw bytes and writes raw bytes, it
+handles the serial link and takes care of connection and configuration.
+
+The raw bytes are framed using
+[Consistent Overhead Byte Stuffing (COBS)](https://en.wikipedia.org/wiki/Consistent_Overhead_Byte_Stuffing).
+
+Frame data consists of msgpack formatted protocol messages and a CRC32 code to ensure integrity. Broken frames are
+rejected with an error frame.
+
+Used libraries:
+- [github.com/tarm/serial](https://pkg.go.dev/github.com/tarm/serial)
+- [github.com/justincpresley/go-cobs](https://pkg.go.dev/github.com/justincpresley/go-cobs)
+
+### Protocol handler
+
+The protocol handler receives [msgpack](https://msgpack.org/) information from the serial link handler and sends
+msgpack information to the serial link handler.
+
+The protocol handler inspects incoming msgpack messages and dispatches the parsed payload to the appropriate command
+handler. The result from the command handler is serialized back to a msgpack message and sent to the serial link
+handler.
+
+Used library:
+- [github.com/shamaton/msgpackgen](https://pkg.go.dev/github.com/shamaton/msgpackgen)
+
+*TODO:* the protocol message have to be described in more detail
+
+### X.509 signing handler
+
+The X.509 signing handler takes care of X.509 certificate signing. It needs to support certificate profiles. The
+profiles decide which attributes from the request are used/accepted, which is private key is used and which extensions
+are set in the resulting certificate.
+
+Actual signing is performed by the *HSM access* component. Signed certificate information is stored in the
+*Certificate repository*.
+
+### X.509 revocation handler
+
+The X.509 revocation handler takes care of X.509 certificate revocation. It expects an issuer DN and serial number and
+supports an optional revocation reason. The revocation handler marks the corresponding certificate as revoked in the
+*Certificate repository*.
+
+*Note:* CRLs are not generated immediately
+
+### X.509 CRL handler
+
+The X.509 CRL handler takes care of generating certificate revocation lists. The handler expects an issuer DN, checks
+for non-expired, revoked certificates in the *Certificate repository* and generates a CRL.
+
+The *HSM access* component is used to sign the CRL.
+
+*TODO:* Clarify whether the CRL should contain expired certificates within a configurable grace period (see RFCs and
+potential other reference material for guidance)
+
+*TODO:* Do we need specific CRLs for specific certificate profiles (i.e. only for server certificates)?
+
+### OpenPGP signing handler
+
+The OpenPGP signing handler takes care of OpenPGP key signing.
+
+Actual signing is performed by the *HSM access* component. Signed OpenPGP key information is stored in the
+*Certificate repository*.
+
+Used library:
+- [github.com/ProtonMail/go-crypto/openpgp](https://pkg.go.dev/github.com/ProtonMail/go-crypto/openpgp)
+
+### Health check handler
+
+The Health check handler takes care of providing signer health information to the signer client. The health check data
+contains:
+
+- accessibility and consistency information of the *Certificate repository*
+- expiry information for the signing certificates
+- health information for the HSM
+- version information
+- current time of the signer
+
+### HSM access
+
+The HSM access component provides signing capabilities backed by HSMs (hardware security modules). It uses the PKCS#11
+protocol to access the HSM hardware or SoftHSM.
+
+Used libraries:
+- [github.com/ThalesIgnite/crypto11](https://pkg.go.dev/github.com/ThalesIgnite/crypto11)
+- SoftHSM2 (from [Debian package](https://tracker.debian.org/pkg/softhsm2))
+- [OpenSC](https://github.com/OpenSC/OpenSC/wiki) (from [Debian package](https://tracker.debian.org/pkg/opensc)) for
+  access to [SmartCardHSM or NitroKey HSM](https://github.com/OpenSC/OpenSC/wiki/SmartCardHSM) 
+
+### Certificate repository
+
+The certificate repository stores information about issued and revoked X.509 certificates as well as signed OpenPGP
+keys.
+
+*TODO:* define the data format for the certificate repository
+
+Used library:
+- [github.com/dgraph-io/badger/v3](https://pkg.go.dev/github.com/dgraph-io/badger/v3)
+
+### Synchronization handler
+
+The synchronization handler is used to synchronize state (signing, revocation and CRL issuing information) between
+signers. The handler acts as a producer and consumer for synchronization messages. The message transport should use
+a lightweight existing middleware like [NATS](https://nats.io/).
+
+The synchronization handler may require support for replaying messages when a signer comes back after a service
+interruption or when a new signer is set up.
+
+*TODO:* specify the synchronization protocol in much more detail