From 02d096d62236d32a84393515c8e6820422a9d648 Mon Sep 17 00:00:00 2001
From: Ludy <Ludy87@users.noreply.github.com>
Date: Thu, 4 Sep 2025 16:30:32 +0200
Subject: [PATCH] feat(security): add PFX alias for PKCS12; accept
 .crt/.cer/.der certs & .key keys; add certificate-signing tests (#4297)

---
 app/core/.gitignore                           |   4 +
 .../api/security/CertSignController.java      |   1 +
 .../api/security/SignPDFWithCertRequest.java  |  13 +-
 .../templates/security/cert-sign.html         |   6 +-
 .../api/security/CertSignControllerTest.java  | 312 ++++++++++++++++++
 .../src/test/resources/certs/test-cert.cer    |  26 ++
 .../src/test/resources/certs/test-cert.crt    |  26 ++
 .../src/test/resources/certs/test-cert.der    | Bin 0 -> 909 bytes
 .../src/test/resources/certs/test-cert.jks    | Bin 0 -> 2257 bytes
 .../src/test/resources/certs/test-cert.p12    | Bin 0 -> 2718 bytes
 .../src/test/resources/certs/test-cert.pem    |  26 ++
 .../src/test/resources/certs/test-cert.pfx    | Bin 0 -> 2718 bytes
 .../src/test/resources/certs/test-key.key     |  34 ++
 .../src/test/resources/certs/test-key.pem     |  34 ++
 14 files changed, 476 insertions(+), 6 deletions(-)
 create mode 100644 app/core/src/test/java/stirling/software/SPDF/controller/api/security/CertSignControllerTest.java
 create mode 100644 app/core/src/test/resources/certs/test-cert.cer
 create mode 100644 app/core/src/test/resources/certs/test-cert.crt
 create mode 100644 app/core/src/test/resources/certs/test-cert.der
 create mode 100644 app/core/src/test/resources/certs/test-cert.jks
 create mode 100644 app/core/src/test/resources/certs/test-cert.p12
 create mode 100644 app/core/src/test/resources/certs/test-cert.pem
 create mode 100644 app/core/src/test/resources/certs/test-cert.pfx
 create mode 100644 app/core/src/test/resources/certs/test-key.key
 create mode 100644 app/core/src/test/resources/certs/test-key.pem

diff --git a/app/core/.gitignore b/app/core/.gitignore
index 5486f9afe..7d9dd6293 100644
--- a/app/core/.gitignore
+++ b/app/core/.gitignore
@@ -170,6 +170,10 @@ out/
 *.jks
 *.asc
 
+# test-cert
+!**/test/resources/certs/test-cert.*
+!**/test/resources/certs/test-key.*
+
 # SSH Keys
 *.pub
 *.priv
diff --git a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java
index 7675355da..e32f4fac6 100644
--- a/app/core/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java
+++ b/app/core/src/main/java/stirling/software/SPDF/controller/api/security/CertSignController.java
@@ -186,6 +186,7 @@ public class CertSignController {
                         "alias", privateKey, password.toCharArray(), new Certificate[] {cert});
                 break;
             case "PKCS12":
+            case "PFX":
                 ks = KeyStore.getInstance("PKCS12");
                 ks.load(p12File.getInputStream(), password.toCharArray());
                 break;
diff --git a/app/core/src/main/java/stirling/software/SPDF/model/api/security/SignPDFWithCertRequest.java b/app/core/src/main/java/stirling/software/SPDF/model/api/security/SignPDFWithCertRequest.java
index acb4b55fd..ac87fe61d 100644
--- a/app/core/src/main/java/stirling/software/SPDF/model/api/security/SignPDFWithCertRequest.java
+++ b/app/core/src/main/java/stirling/software/SPDF/model/api/security/SignPDFWithCertRequest.java
@@ -15,20 +15,25 @@ public class SignPDFWithCertRequest extends PDFFile {
 
     @Schema(
             description = "The type of the digital certificate",
-            allowableValues = {"PEM", "PKCS12", "JKS"},
+            allowableValues = {"PEM", "PKCS12", "PFX", "JKS"},
             requiredMode = Schema.RequiredMode.REQUIRED)
     private String certType;
 
     @Schema(
             description =
                     "The private key for the digital certificate (required for PEM type"
-                            + " certificates)")
+                            + " certificates, supports .pem, .der, or .key files)")
     private MultipartFile privateKeyFile;
 
-    @Schema(description = "The digital certificate (required for PEM type certificates)")
+    @Schema(
+            description =
+                    "The digital certificate (required for PEM type certificates, supports"
+                            + " .pem, .der, .crt, or .cer files)")
     private MultipartFile certFile;
 
-    @Schema(description = "The PKCS12 keystore file (required for PKCS12 type certificates)")
+    @Schema(
+            description =
+                    "The PKCS12/PFX keystore file (required for PKCS12 or PFX type certificates)")
     private MultipartFile p12File;
 
     @Schema(description = "The JKS keystore file (Java Key Store)")
diff --git a/app/core/src/main/resources/templates/security/cert-sign.html b/app/core/src/main/resources/templates/security/cert-sign.html
index d83f8c249..ea94b7ea9 100644
--- a/app/core/src/main/resources/templates/security/cert-sign.html
+++ b/app/core/src/main/resources/templates/security/cert-sign.html
@@ -31,17 +31,18 @@
                     <option value="" th:text="#{selectFilter}"></option>
                     <option value="PEM">PEM</option>
                     <option value="PKCS12">PKCS12</option>
+                    <option value="PFX">PFX</option>
                     <option value="JKS">JKS</option>
                   </select>
                 </div>
                 <div id="pemGroup" style="display: none;">
                   <div class="mb-3">
                     <label th:text="#{certSign.selectKey}"></label>
-                    <div th:replace="~{fragments/common :: fileSelector(name='privateKeyFile', multipleInputsForSingleRequest=false, notRequired=true, accept='.pem,.der')}"></div>
+                    <div th:replace="~{fragments/common :: fileSelector(name='privateKeyFile', multipleInputsForSingleRequest=false, notRequired=true, accept='.pem,.der,.key')}"></div>
                   </div>
                   <div class="mb-3">
                     <label th:text="#{certSign.selectCert}"></label>
-                    <div th:replace="~{fragments/common :: fileSelector(name='certFile', multipleInputsForSingleRequest=false, notRequired=true, accept='.pem,.der')}"></div>
+                    <div th:replace="~{fragments/common :: fileSelector(name='certFile', multipleInputsForSingleRequest=false, notRequired=true, accept='.pem,.der,.crt,.cer')}"></div>
                   </div>
                 </div>
                 <div class="mb-3" id="p12Group" style="display: none;">
@@ -96,6 +97,7 @@
         var valueToGroupMap = {
           'PEM': pemGroup,
           'PKCS12': p12Group,
+          'PFX': p12Group,
           'JKS': jksGroup
         };
         for (var key in valueToGroupMap) {
diff --git a/app/core/src/test/java/stirling/software/SPDF/controller/api/security/CertSignControllerTest.java b/app/core/src/test/java/stirling/software/SPDF/controller/api/security/CertSignControllerTest.java
new file mode 100644
index 000000000..4cbec3aa6
--- /dev/null
+++ b/app/core/src/test/java/stirling/software/SPDF/controller/api/security/CertSignControllerTest.java
@@ -0,0 +1,312 @@
+package stirling.software.SPDF.controller.api.security;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.apache.pdfbox.Loader;
+import org.apache.pdfbox.pdmodel.PDDocument;
+import org.apache.pdfbox.pdmodel.PDPage;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.http.ResponseEntity;
+import org.springframework.mock.web.MockMultipartFile;
+import org.springframework.web.multipart.MultipartFile;
+
+import stirling.software.SPDF.model.api.security.SignPDFWithCertRequest;
+import stirling.software.common.service.CustomPDFDocumentFactory;
+
+@ExtendWith(MockitoExtension.class)
+class CertSignControllerTest {
+
+    @Mock private CustomPDFDocumentFactory pdfDocumentFactory;
+
+    @InjectMocks private CertSignController certSignController;
+
+    private byte[] pdfBytes;
+    private byte[] pfxBytes;
+    private byte[] p12Bytes;
+    private byte[] jksBytes;
+    private byte[] pemKeyBytes;
+    private byte[] pemCertBytes;
+    private byte[] keyBytes;
+    private byte[] crtCertBytes;
+    private byte[] cerCertBytes;
+    private byte[] derCertBytes;
+
+    @BeforeEach
+    void setUp() throws Exception {
+        try (PDDocument doc = new PDDocument()) {
+            doc.addPage(new PDPage());
+            ByteArrayOutputStream baos = new ByteArrayOutputStream();
+            doc.save(baos);
+            pdfBytes = baos.toByteArray();
+        }
+        ClassPathResource pfxResource = new ClassPathResource("certs/test-cert.pfx");
+        try (InputStream is = pfxResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            pfxBytes = baos.toByteArray();
+        }
+        ClassPathResource p12Resource = new ClassPathResource("certs/test-cert.p12");
+        try (InputStream is = p12Resource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            p12Bytes = baos.toByteArray();
+        }
+        ClassPathResource jksResource = new ClassPathResource("certs/test-cert.jks");
+        try (InputStream is = jksResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            jksBytes = baos.toByteArray();
+        }
+        ClassPathResource pemKeyResource = new ClassPathResource("certs/test-key.pem");
+        try (InputStream is = pemKeyResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            pemKeyBytes = baos.toByteArray();
+        }
+        ClassPathResource pemCertResource = new ClassPathResource("certs/test-cert.pem");
+        try (InputStream is = pemCertResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            pemCertBytes = baos.toByteArray();
+        }
+        ClassPathResource keyResource = new ClassPathResource("certs/test-key.key");
+        try (InputStream is = keyResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            keyBytes = baos.toByteArray();
+        }
+        ClassPathResource crtResource = new ClassPathResource("certs/test-cert.crt");
+        try (InputStream is = crtResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            crtCertBytes = baos.toByteArray();
+        }
+        ClassPathResource cerResource = new ClassPathResource("certs/test-cert.cer");
+        try (InputStream is = cerResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            cerCertBytes = baos.toByteArray();
+        }
+        ClassPathResource derCertResource = new ClassPathResource("certs/test-cert.der");
+        try (InputStream is = derCertResource.getInputStream();
+                ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+            is.transferTo(baos);
+            derCertBytes = baos.toByteArray();
+        }
+
+        when(pdfDocumentFactory.load(any(MultipartFile.class)))
+                .thenAnswer(
+                        invocation -> {
+                            MultipartFile file = invocation.getArgument(0);
+                            return Loader.loadPDF(file.getBytes());
+                        });
+    }
+
+    @Test
+    void testSignPdfWithPfx() throws Exception {
+        MockMultipartFile pdfFile =
+                new MockMultipartFile("fileInput", "test.pdf", "application/pdf", pdfBytes);
+        MockMultipartFile pfxFile =
+                new MockMultipartFile("p12File", "test-cert.pfx", "application/x-pkcs12", pfxBytes);
+
+        SignPDFWithCertRequest request = new SignPDFWithCertRequest();
+        request.setFileInput(pdfFile);
+        request.setCertType("PFX");
+        request.setP12File(pfxFile);
+        request.setPassword("password");
+        request.setShowSignature(false);
+        request.setReason("test");
+        request.setLocation("test");
+        request.setName("tester");
+        request.setPageNumber(1);
+        request.setShowLogo(false);
+
+        ResponseEntity<byte[]> response = certSignController.signPDFWithCert(request);
+
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().length > 0);
+    }
+
+    @Test
+    void testSignPdfWithPkcs12() throws Exception {
+        MockMultipartFile pdfFile =
+                new MockMultipartFile("fileInput", "test.pdf", "application/pdf", pdfBytes);
+        MockMultipartFile p12File =
+                new MockMultipartFile("p12File", "test-cert.p12", "application/x-pkcs12", p12Bytes);
+
+        SignPDFWithCertRequest request = new SignPDFWithCertRequest();
+        request.setFileInput(pdfFile);
+        request.setCertType("PKCS12");
+        request.setP12File(p12File);
+        request.setPassword("password");
+        request.setShowSignature(false);
+        request.setReason("test");
+        request.setLocation("test");
+        request.setName("tester");
+        request.setPageNumber(1);
+        request.setShowLogo(false);
+
+        ResponseEntity<byte[]> response = certSignController.signPDFWithCert(request);
+
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().length > 0);
+    }
+
+    @Test
+    void testSignPdfWithJks() throws Exception {
+        MockMultipartFile pdfFile =
+                new MockMultipartFile("fileInput", "test.pdf", "application/pdf", pdfBytes);
+        MockMultipartFile jksFile =
+                new MockMultipartFile(
+                        "jksFile", "test-cert.jks", "application/octet-stream", jksBytes);
+
+        SignPDFWithCertRequest request = new SignPDFWithCertRequest();
+        request.setFileInput(pdfFile);
+        request.setCertType("JKS");
+        request.setJksFile(jksFile);
+        request.setPassword("password");
+        request.setShowSignature(false);
+        request.setReason("test");
+        request.setLocation("test");
+        request.setName("tester");
+        request.setPageNumber(1);
+        request.setShowLogo(false);
+
+        ResponseEntity<byte[]> response = certSignController.signPDFWithCert(request);
+
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().length > 0);
+    }
+
+    @Test
+    void testSignPdfWithPem() throws Exception {
+        MockMultipartFile pdfFile =
+                new MockMultipartFile("fileInput", "test.pdf", "application/pdf", pdfBytes);
+        MockMultipartFile keyFile =
+                new MockMultipartFile(
+                        "privateKeyFile", "test-key.pem", "application/x-pem-file", pemKeyBytes);
+        MockMultipartFile certFile =
+                new MockMultipartFile(
+                        "certFile", "test-cert.pem", "application/x-pem-file", pemCertBytes);
+
+        SignPDFWithCertRequest request = new SignPDFWithCertRequest();
+        request.setFileInput(pdfFile);
+        request.setCertType("PEM");
+        request.setPrivateKeyFile(keyFile);
+        request.setCertFile(certFile);
+        request.setPassword("password");
+        request.setShowSignature(false);
+        request.setReason("test");
+        request.setLocation("test");
+        request.setName("tester");
+        request.setPageNumber(1);
+        request.setShowLogo(false);
+
+        ResponseEntity<byte[]> response = certSignController.signPDFWithCert(request);
+
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().length > 0);
+    }
+
+    @Test
+    void testSignPdfWithCrt() throws Exception {
+        MockMultipartFile pdfFile =
+                new MockMultipartFile("fileInput", "test.pdf", "application/pdf", pdfBytes);
+        MockMultipartFile keyFile =
+                new MockMultipartFile(
+                        "privateKeyFile", "test-key.key", "application/x-pem-file", keyBytes);
+        MockMultipartFile certFile =
+                new MockMultipartFile(
+                        "certFile", "test-cert.crt", "application/x-x509-ca-cert", crtCertBytes);
+
+        SignPDFWithCertRequest request = new SignPDFWithCertRequest();
+        request.setFileInput(pdfFile);
+        request.setCertType("PEM");
+        request.setPrivateKeyFile(keyFile);
+        request.setCertFile(certFile);
+        request.setPassword("password");
+        request.setShowSignature(false);
+        request.setReason("test");
+        request.setLocation("test");
+        request.setName("tester");
+        request.setPageNumber(1);
+        request.setShowLogo(false);
+
+        ResponseEntity<byte[]> response = certSignController.signPDFWithCert(request);
+
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().length > 0);
+    }
+
+    @Test
+    void testSignPdfWithCer() throws Exception {
+        MockMultipartFile pdfFile =
+                new MockMultipartFile("fileInput", "test.pdf", "application/pdf", pdfBytes);
+        MockMultipartFile keyFile =
+                new MockMultipartFile(
+                        "privateKeyFile", "test-key.key", "application/x-pem-file", keyBytes);
+        MockMultipartFile certFile =
+                new MockMultipartFile(
+                        "certFile", "test-cert.cer", "application/x-x509-ca-cert", cerCertBytes);
+
+        SignPDFWithCertRequest request = new SignPDFWithCertRequest();
+        request.setFileInput(pdfFile);
+        request.setCertType("PEM");
+        request.setPrivateKeyFile(keyFile);
+        request.setCertFile(certFile);
+        request.setPassword("password");
+        request.setShowSignature(false);
+        request.setReason("test");
+        request.setLocation("test");
+        request.setName("tester");
+        request.setPageNumber(1);
+        request.setShowLogo(false);
+
+        ResponseEntity<byte[]> response = certSignController.signPDFWithCert(request);
+
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().length > 0);
+    }
+
+    @Test
+    void testSignPdfWithDer() throws Exception {
+        MockMultipartFile pdfFile =
+                new MockMultipartFile("fileInput", "test.pdf", "application/pdf", pdfBytes);
+        MockMultipartFile keyFile =
+                new MockMultipartFile(
+                        "privateKeyFile", "test-key.key", "application/x-pem-file", keyBytes);
+        MockMultipartFile certFile =
+                new MockMultipartFile(
+                        "certFile", "test-cert.der", "application/x-x509-ca-cert", derCertBytes);
+
+        SignPDFWithCertRequest request = new SignPDFWithCertRequest();
+        request.setFileInput(pdfFile);
+        request.setCertType("PEM");
+        request.setPrivateKeyFile(keyFile);
+        request.setCertFile(certFile);
+        request.setPassword("password");
+        request.setShowSignature(false);
+        request.setReason("test");
+        request.setLocation("test");
+        request.setName("tester");
+        request.setPageNumber(1);
+        request.setShowLogo(false);
+
+        ResponseEntity<byte[]> response = certSignController.signPDFWithCert(request);
+
+        assertNotNull(response.getBody());
+        assertTrue(response.getBody().length > 0);
+    }
+}
diff --git a/app/core/src/test/resources/certs/test-cert.cer b/app/core/src/test/resources/certs/test-cert.cer
new file mode 100644
index 000000000..729f85c73
--- /dev/null
+++ b/app/core/src/test/resources/certs/test-cert.cer
@@ -0,0 +1,26 @@
+Bag Attributes
+    friendlyName: alias
+    localKeyID: 43 4A B0 2D D5 03 52 9F 5B 78 50 64 54 22 AB F7 C8 0B 1F 2B
+subject=C = US, ST = CA, L = SF, O = Test, OU = Test, CN = Test
+issuer=C = US, ST = CA, L = SF, O = Test, OU = Test, CN = Test
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUdWDUiSWDll+owMQEzypIuChp+bcwDQYJKoZIhvcNAQEL
+BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsG
+A1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0yNTA4
+MjYwNzQxMTBaFw0yNjA4MjYwNzQxMTBaMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQI
+DAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3Qx
+DTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM
+SfspXLx1WAKSo3AfDYIJAyeSrqFcTsPoNBEvT2U1b8w+SCTw4xR5sC3pNenbiEQ7
+4sI60hgURtOMOAt+iKvfI0A/9N8/wYadXUyis4qGZPkM/F6H5cBF9VaYisGptY2w
+ad9X8XcZgZFABYA5O50Jb5nbUM8fPwDYz2fISIejIpW36y+ApFsotJQCaISe4UWb
+K7bwW4UycghYh7AqfH/1OvgR35gGeL7S+SC0F+CZqGECgansFOh/yYL6VoatoggV
+oZxjIQblmuSrLtfwN1S7ngn85k3NFMBHm1ehMOHabx5G58Wg05/0mBK8bIrwjrNp
+Wzomit8BQJ7eIYUikZfVAgMBAAGjUzBRMB0GA1UdDgQWBBRm6hGFGnC1dxipumf/
+6ROdNE6/YDAfBgNVHSMEGDAWgBRm6hGFGnC1dxipumf/6ROdNE6/YDAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB66MPy5kZlSlBgsK4HtB1LSr3M
+dmBWbnQQMq9rmD9AIBQV/shiIjMXGRGnt9zaB0Gg9M39iEvISE6ByMpaDQqV0Md5
+9y4XJu0rg/aMXLaHOGDAWJsb7nCGDt12cWdgn1Ni2mmXUHv4SJCRXNQF7mSgIr+p
+Fvd1ljyvzu/iig8qxrcuWoZvY677p3yen4dN8ocgi8Df3KjduGbsTjFAESYqqNQC
+f+bvypQfhHjxdvz5W3Lpk2swUufqOvhO2b6+cshYJX98qLU8mhai/rOnYkHE7haq
+WDH6XEthnVGtk2VJ4XFDbz+FID440DPzy5u/1OZw2Mcoyp6y7rZDKC/D0Uvh
+-----END CERTIFICATE-----
diff --git a/app/core/src/test/resources/certs/test-cert.crt b/app/core/src/test/resources/certs/test-cert.crt
new file mode 100644
index 000000000..729f85c73
--- /dev/null
+++ b/app/core/src/test/resources/certs/test-cert.crt
@@ -0,0 +1,26 @@
+Bag Attributes
+    friendlyName: alias
+    localKeyID: 43 4A B0 2D D5 03 52 9F 5B 78 50 64 54 22 AB F7 C8 0B 1F 2B
+subject=C = US, ST = CA, L = SF, O = Test, OU = Test, CN = Test
+issuer=C = US, ST = CA, L = SF, O = Test, OU = Test, CN = Test
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUdWDUiSWDll+owMQEzypIuChp+bcwDQYJKoZIhvcNAQEL
+BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsG
+A1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0yNTA4
+MjYwNzQxMTBaFw0yNjA4MjYwNzQxMTBaMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQI
+DAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3Qx
+DTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM
+SfspXLx1WAKSo3AfDYIJAyeSrqFcTsPoNBEvT2U1b8w+SCTw4xR5sC3pNenbiEQ7
+4sI60hgURtOMOAt+iKvfI0A/9N8/wYadXUyis4qGZPkM/F6H5cBF9VaYisGptY2w
+ad9X8XcZgZFABYA5O50Jb5nbUM8fPwDYz2fISIejIpW36y+ApFsotJQCaISe4UWb
+K7bwW4UycghYh7AqfH/1OvgR35gGeL7S+SC0F+CZqGECgansFOh/yYL6VoatoggV
+oZxjIQblmuSrLtfwN1S7ngn85k3NFMBHm1ehMOHabx5G58Wg05/0mBK8bIrwjrNp
+Wzomit8BQJ7eIYUikZfVAgMBAAGjUzBRMB0GA1UdDgQWBBRm6hGFGnC1dxipumf/
+6ROdNE6/YDAfBgNVHSMEGDAWgBRm6hGFGnC1dxipumf/6ROdNE6/YDAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB66MPy5kZlSlBgsK4HtB1LSr3M
+dmBWbnQQMq9rmD9AIBQV/shiIjMXGRGnt9zaB0Gg9M39iEvISE6ByMpaDQqV0Md5
+9y4XJu0rg/aMXLaHOGDAWJsb7nCGDt12cWdgn1Ni2mmXUHv4SJCRXNQF7mSgIr+p
+Fvd1ljyvzu/iig8qxrcuWoZvY677p3yen4dN8ocgi8Df3KjduGbsTjFAESYqqNQC
+f+bvypQfhHjxdvz5W3Lpk2swUufqOvhO2b6+cshYJX98qLU8mhai/rOnYkHE7haq
+WDH6XEthnVGtk2VJ4XFDbz+FID440DPzy5u/1OZw2Mcoyp6y7rZDKC/D0Uvh
+-----END CERTIFICATE-----
diff --git a/app/core/src/test/resources/certs/test-cert.der b/app/core/src/test/resources/certs/test-cert.der
new file mode 100644
index 0000000000000000000000000000000000000000..b931702b5ba3e036080df3ae2574304ecfe0b40f
GIT binary patch
literal 909
zcmXqLV(v6(Vk%s~%*4pVBvP7irBk(eTKtLwM_A5ldF;^0{JGtLmyJ`a&7<u*FC!y2
zD}zCZA-4f18*?ZNn=n&oFpR^&!{qD;<FNBE1-lvY8gPS@aq+N(q!yRJxZJ2*W(e0n
zPMp`s)WE{X%)s2l(9j?X$TdUa(#X~(MkQqLF|sl+H!<=v7&I|*F*PwVGMw@Jtr@eY
zG=gc;;sSZzCQfGcN$VEI_#J*>BB<}5YMOt>&O_zHW0A@Yx-U&%-tKU*essv{l7xuc
z<sJ*}x{lTNl^yKA+_yj2HaFI1(dMqUl%G6*;@Y1caQzxKqwC<xt-TvE?}vXZmu#Hq
zz}jGGJ(n|o=Iwy<^7afj&ZnR7XkV-}b^B}mh9%J&Tc$8&w9I?xI$L|&hv-(LB94gm
z4O%tzU#)%!-k-r%vG3APg)QO_X0AwNYFzn7<VF3-re9%gYZq~dE}WCB$o6#Blhu0H
zKbVK?p2zv;neSPV1MaiK7aBagl`rS^{OE$q^S{gx+LP1up>K0$w3S-deMX0Q_Y_-|
zCQiS~#LURRxH#A#&_EU#m9l&+Vk{zQuLN7A3bvL@tlX9U|E2I;6Tkfl2J#?jWflno
zu?Fl4_(2MU85#exuo^G}Ddb=WrYc~tGcr`YIQ;3ETdG$;!iIJ1TV%bx_MRzA2+J!G
zFj}8I!`?wbMD*W@Bqd{UNx|jY@7!W{T=3=W-wy8+9)67{PDSx@O}%iu^1Gh6+FR}B
zZ#^;F+AR_eM9h|cSJ1|Hx2!NdVSaGZt<32G)jvEYOpLk0`YvUG(*BiV-%F?2tUveu
zQ5V0~vF&<MZTZRTelM??H^1HYQ@cX<f%|t>+})A(#?R0}P)%#a6{h-U?@vvUZ>jiL
z_UC7G(aXu%20_nXS^e<4xo=<5i3rvDniX4ZW{EBOw|RMz<B@k_t0D}4#ds&q4O}}p
p)$?JYbH076f}O<$<IksO@4xb_;Kp%{Q}Z^x+vcpHfB2&JLjV?CST_Iw

literal 0
HcmV?d00001

diff --git a/app/core/src/test/resources/certs/test-cert.jks b/app/core/src/test/resources/certs/test-cert.jks
new file mode 100644
index 0000000000000000000000000000000000000000..5b6396b644685f89f16ae11d16a019e1114b623e
GIT binary patch
literal 2257
zcmcJPc{J1w7sqF3>@v1wiEJbM$S%ebVI+g(v9C$CkxV?4jLcY4A^XyxWu!q_#v{vQ
z2_b|?mWN&qWzSB$dY{udz306DzJJ_v&*$9lIrrS}z31*P>@R>oAjn~W{}XVJ06&k=
zL&};t_=^h!g6#uD*bcyfU{gSVVPG_b7Yv3GVY73A<y6nyI(yXqYWA~QDpx~I?}y|7
z&0{<@)TvC>T#8U3zO(=-R@+-Y?!D1zCc@ybJfhIYrTj-Y54OcafIP2#mKK_rP8uzC
zv40H8l;f-ID(}e_c1CQ`5bNX7$N_=rRYtD$#|k`~;mP+8$|FTwVn(<<ni{Vvr7G@T
zt2<6vyeYqwC6$yQo%SL}&*wrIdN;m$Vh77_Z@c-LX_U~v{ixY*$H%hB0QP_xa)ka2
zt=-7g+?Jn3S87zdhYP;5KYg~Ru)~W#@_0=1*VG8{Y+I|M`T-`Kso1~s#8~Ww#00Z3
zXd@HbKRG5@=8Y{Z{=*|h61z0%6|YS1J!7OjOgw(0ZQWHSr+xNyMmfU9`o5Rf+Vf$r
zPP6V4E;GK+Yu~s~K0KR9Hp65Cif?pZABk<8hzR5tjm3Tw8y-vRH!Y4xTaM;>@(c*D
zxoFn!pKerYa9;8G0C6JAy3b-ma4^20R*%Xv`fiF`Q%Q4{acU6{2)Qr0dtfron-$dl
zFj#RokH;2#BVDR^#CqKRvI|Gk2Y+TD6mm+V`e}|D#-dV@BZ%VdBzw7P6Y4pF4Pckk
z^TP8t^%q-3VsV;&TF=!2^{jCMXS_FH;WxRhLaGNym-AT%uCTOgq#YHHUhZajp;d}|
z)<br^l9x<hyG|=<@WXC>(elBIldM?&O5yI9O3FaR-V3AsS&-y*8YDz3GhBF7b92sj
zx)ZJ?{ASBs+3rgCKF>s};7F@=vYs-vmFB1+40Wyq%gW+0I*-EiXK<{5Kf$8Ft_`RD
zAX@Tsl<C-=O%E|6EqZ{3-046EJ<L#Jh|1lj`IS7z+o|DwBoo(mk6mQ<)zFaA)X)o<
zeqnRgOV(@a6<N7mlMRusq03p#mQ0xLV+B=|fq?K2oggvx@=XYG=<F~<IQGE!v&~RK
z;(8{F#0P#+n^;~wHxeQFQ>3Md!Z$Q#xcF7#?Dfhhk#q4?9joqLvyM?+ms;NxtOm#*
zjG^7lZ*`botjpl4)0Umk+%0<ar-<&VrmW+l(P*M0vbsbIvTwe=&@<k3&*&RwAWqJY
z%yc$xU$JbrZ(Z%rFxm--X!D+x2Xi+YtxI^_HfUW2zK@O4k8orjlX@OKA|Df)+7$l7
zw(LoU6=At74ly50wA}Bj;hV49+Y)v0WgHVz@o#xk?<!y<VnJ(=8EpD7(sE-VIrsav
z*BMpR!OYs*xO9@M#$xA(JsxD4!xABXW9;q;Deajm^TC;O#tCys2E%vhz4=2HXM^dj
zZbccoEj39vzbJ70)*Pibol7VDy8goG8?{v3Lft`W%9O}}_os@ZuMAA^;-N1WOdH&4
z``1lOhTt+2@bB>i1kVj^$>qOU-7Lh?&4QRAZa+qEpA;7kxQT<S1(r*tVutWf=Top!
zkKYk4n+$%h)-bG{Rr^SUpEs?J>bq+91W3WiyX-{awe?q|gz54vkd7pW2G;5G=}jH)
zTFz^C)p8u6TDm-8r+F9`L`V}d&l+0odWUG_LoTtE?Y$2>R$`sUKqIaMmBPQac~ClM
zlKO?K-3hO?`8U;ZIyAmilk}6^^zt8pqd0~R+QLr9v*Pw94vKn7wrpS=wV|U|Y?sO1
zp%mG@`vuW5(w2`~Bn>rlYR!C)&L-*#jh)=eljj(XK<+yViv05w9hB4oZ4d~W3=p9S
z01*;GfkMC#2rA5dFhM#t!;Q*lh4rG%YUTX4=>R7Ji6)tmHaWpyb~p&IQ(*^?2<QbE
zf)8@R_7|{nK#UE40SgDj)>MTPVE-v&<AB-ugkJlF?Ej6>e-IE8<WyA$v{W?!O*Iu2
z!0`|@e#8G$S0Y&Q_wm4R5R?e!1_4Ac8-xf3gSyRk<(=!p93ZL1cyUf55-OWoR_JWi
zGONa`eBMVrxLe=s#PVlUM1|s<`rN1ZGrH5wI`4&0rUQ4h*l)&{PD&YI)+RBpN%=08
zMU{yp?`@7fSMm(QWZgb1@pVaca)saI#g*&AF)0S{TiUw$$l&Zx*1h5w&`7UuhZ(t8
zGM)ZS`PL&RxvB?{%eM=rOmY=!mYw2Mud+IjE6`EV>pEM!lUa!H#`oJ2Rf2zKQ#~Lt
zCG)7+=uYB}J&9Jt%3ql0bsRC1^RH5+;bl#`R|UwuFXwttjI+5H3xTQ8U@=o>8)e|(
zTGo;JfW+mym3~e-GKrI5gMx|Uagr&SLl7t!1TMA(aDeFHDn+?q0x;C2ue@<b@zvLb
zO6q(M=J@i}teV^b@t<WWm=GXv>wgQle+u}(-~$*OfF7pbZ9lxKL)*ciKWAH3znJ=1
zSi4u0u~dm-EgHHB?)E{~cvQ>%voHn{DE|EpPsvk)!n{xEW1}pFl(n88@z@SCtC)_r
zj+|`ieeDsON`f*A3b7k^oNLHh?hJ=qkwrX-Yn%|`>;BNzbJQ=>I&#bGev0!Te9@aC
z*;FF18J2On{N2)YA~*UCUCEIY>{Yh=G^*es`P?d5B8f3MMjfxcG;gJ1z$=5M4nm^8
zEWLdoemi`Hu($1WbuP^xuwj1H*|PfB*m$+WK{`5$T75c4plHAHsi$G<qQEl;l^tiS
zM?Q|0=3_n;VjPT#lhD`dJN3OQw`uSTexzOQZNbaM8e=)-mVWHiseb(w3onJoo`iZ8
N-8(^CCtI?={u@Yv;oJZK

literal 0
HcmV?d00001

diff --git a/app/core/src/test/resources/certs/test-cert.p12 b/app/core/src/test/resources/certs/test-cert.p12
new file mode 100644
index 0000000000000000000000000000000000000000..02f74b04fd8f4f816cb6f5c6b2019e0dae133477
GIT binary patch
literal 2718
zcmai$X*d)L7st(Fj2Zh<WKc2oWhA2Plr7g5GNfc*%5LntnHbqg43q4pvhQUlakC_3
zNhIs2#7s1{>pt)M)W`ebob#Oj@5A}_dk!iFmJ0-cP%$tQ2%`j654+0@U;sRcfoXzc
zV5%pvGAag~{s%#x#DHT@qDUZs?qmf0Apn%s?}eTjWq=a@vofI&VCYCqPJ!BnZy68>
zr9&}6p#QrDWTdA<@k1EzVD$h_ATU4z%mz+nJeC~^y+-B}ghP7CEKxCFHoK3NL;X1v
zA2!xb$?DR2MZ&WIYO`EHWn9h$)($7ZA%wclEw%xRxBL^%+p1h1RNST_hu&dJg-heY
z2ZOPlho5ALPijia(#-IZC6Ie%yEHd(ec0x}-)rR&?aK^2)sRf9t{-ymAeLL0>Ja1X
zvP`^9xN-Z1M$arGM_~~eOq4jU!Ghw#(9V3;PoubVdrJ7eirCzC*zF4A%(*q{tUiIy
zyEc=kU(K(hVaupr=|QwLzMEu^vd1=Hii9X)8_ws4e@d|484oqcmUZiNT@6IU+85tS
zzPEh@_d&6ZRgBs^9%%cH@RjaxTrpBQN~re?&5A#}E&{z&XWee4p*8Y(lQItEN;i9^
z+!D<H@o!mW9oFHt#Ol?ZCTe~BO4m7T*T`*1{u^x$g^aa3ma>Ezr4|Y4=_g6yBNCS)
zje^$%SR@eLWTpGvI7H7Y@rx;#pA(><xRm@}?gXE<YEYLo-;?^~kWuz^%g<4!I^;!G
zOPpdvvrvT8k{!KUWA9<HuF1ZyE1KIc)v*KjC>0ixjC>EwWR`rLLOr-B$H~@ZIWRQ{
zofez15wxkXes1dR)f2|qU|0}3a??DT+PofeIy^|zFIz!Wf5LjFu`1wv<KB7{NK!Q(
zt0$oTMknl?)ml~cY@fvs;B9>Nq)REH+r4yjF5nYgct-dLS|K`w<7V~zu0pG*Nwq56
z)e|#Wi16@P!Iz9Y%NAk0Ka)-HJ8f%Q`R&1r%l$L#y(+@J;ssEnlI!%xTGt}##*$tR
zzb&<d$JZLa;n?XpPgzMh?kxUPEI|#<Y8t+B4;*qWbn_k~w*%}{q7&SIapU!Aw1k#s
zXlbv&3gsuj*}W=rB-xV6RQPo+>cYirmg0a*HQJa5KCI*nR&N`t?!Ri4Oq|%#;YS2c
zJ^`8iN-2AJ0kX<gxKD%TahA&Bu_w8)s+56D&#%Zblx%h?0bvmoJlb~CHeyVgOQ&qx
z7T_1}89UQ^00-g#W6a0eZR`jay*_nbWoVJKx|W$fhQeBu%$=xFdh5*9+=*$iAl(wE
z6y5jwxWI?ww(q{_^!ELFzZ7}Pw{Da<)raXyQL184Ayd5{Jqp_673<CwA$(i^MJ{GE
z!<OdIw3P-S+}#(Gw#&!hqFrel@B1!%3`LDa*A7U#n0`|s3H8<_4?!!PlB*LYg()=H
zXuL$ekl}ZXe3q<$iRFIF9Co(;m8rle*lVO@vSyo}hntVN{JGaksIgNe8a<}+p@PfE
z#R90{t|VX8kPsY^<zN`0LqDYJ)y&p5$Pwu^G}I^zHk(^hySqm#OMJ}K+=kqexw&Vd
zdIu64c=qPIegapnea>8;a3?{2Ec^c3kI?LEeV~F})xwc;pB>JG;3B1u7f><u#NU4T
zS6K9^;28R(llZ|&#X;czcNr5506c+mC!zFz2})mcDKu@r&iFqC#Z%sxEy{`{=1R&G
z->5Y60mpzxmBY|Kz)}@d9I}3krtME@DJlyT$F>M{%SVW;FydgqVYQMpfsm^Sf}G^f
zci_pOV|P-$|6sj5Ji^^l!Z~6N+wo|+Gtwc&tQ{#EzJ=IMwu)y6O|P~KDw?ES78zM=
z6`863)+xCe`?M}|T+zt2C77=3Rr8~xau=E9$0<;22bHMf04`?1pKHA~#@>xzS9*l1
zbX-%S(Q*&wly?Qj^~Rkjxr<ZCW@%BO=t+kC9Ud08+~vT0gl)z^GtzF{uk(<zc1*HT
zqr{v6^e|<;Sj;yt<fnLY;HiO}7DIs%y9MoT$%7>|@|BAG^Bb%CUkj;mwclIpGrZ=t
zS8;l#{>I+lPrE37s{zQ!KV>IG*}uY}W=(F9I#Lg!D$L1A5+-_HB5Ha{tPkTsRrfU>
zT`5h&^S*qY%(=7v3w?#3C-9{NQuY%m)BEtb8n=i+3mWx7^_<yROIfxcZQ>j84_vy|
zRPl%E!-x{WDdwip2sg8~#}D>Ot2ScPIhzA%ZtS6G_xNb}57B?Qq;at^<?y2UOF){O
zS}EHNLnZ3DYV3n>@oFo=^%nv*jWq8*18Z)TCgCr8FDBUu(hgmh9_fa>Dci~BR{Oev
zc4KNF;MrkeHdUQczC>kD-0L=W-^$hd%jJnVde_r@4gY4#a_W9)ZLl-nj{z@C-99i^
z<bkSFyt0PL$hWEnIa5X$Ehq=#%5#+?TC$Jf4QG>D;<Lf_qn6y5+XX5~8hJB`2S~B!
zc7(`s_lwS96!v-NmDZ@~Wm|*7#?rh17I&TG_eepoUk^y;DPBOd!cZFOf>k{nTb&xd
zJeapQH+t;)3+rbNVt+@TmE0D_H)z3Q-Ap&B>a!T9L5o2AW%mNpfce&-_p!M$H^s)9
zYS!JY%OB_6<6QOfmGXAby84-vk+vRa(jZqjJ8@TPM{WT#fQFFboi6<FWM1f05E83T
znGHKsa^3cyV%X5oIK`)qhtQagTVdGE+IK8si>M^hmas?S=fFX2)}2fEr+&L`!e{X3
z-H4$X*AqERr)fuu7q?gZ<Bs^oesSYE;zJ^Xg^Jdcd_hERH9i+v@vdmI!>4WcLPf{)
z48pWx@XEax;$hD+2sGhxHMz?v2$ToET9J2O8c_!McC9>C*pUO&juR=)--B?Zub~F6
zp(SgBF9+jYRyil^ZvBX+?-BdbquzSzuj@N5tavA%@*NM)8~#U>@JgShD_c53K-$t#
z)AS18vI8&O`)_&LjQaXACOU;&+hchi%9~$DALBWRHIm0+{n-o$DZf@3_Fq?yx*z|v
zwz+1bM7*2%Mc=Tw&LAMn8Q!54#*)5zuCPj`mUshT{3?v66<)%gR);20^015Mp9HsH
z{R+|_4?n6Rp8$H7x=7DGL~^EZ<XzG>RZUR0F~V&>{sn2^x+*#?iGsz!G)5VkzDq$}
z9C-t3ErnNq(XY6hv--9@J)>=qD+$sCh;KSm`7y2Jt_<B&BpVlVSn#;kyDA6$g7Q@w
zFp&CU=^&02!tb~hGkHd3foVRWjQllfjaFb>(ZqaXo<rKfzammAjHz-u$DED$mDHaO
z_tLbR0kz-lDj*Fgtou1?oLT3KR{6s4$aGKgRVKr*)Li9dE|G76mz?D^P`tkd%g80i
zBmkqcr}Lz9JL!HXp+AUQ?i83y+n`!{0%S(C2{LiKah|k002h=*X`<v%%)dW7Ab_3@
yd=^RQwh@98jZ9+;PDlN?D*BRYOi9B2P$bKHTkx-fX24LM4YEY4c`U=f7XAmBQs6%T

literal 0
HcmV?d00001

diff --git a/app/core/src/test/resources/certs/test-cert.pem b/app/core/src/test/resources/certs/test-cert.pem
new file mode 100644
index 000000000..729f85c73
--- /dev/null
+++ b/app/core/src/test/resources/certs/test-cert.pem
@@ -0,0 +1,26 @@
+Bag Attributes
+    friendlyName: alias
+    localKeyID: 43 4A B0 2D D5 03 52 9F 5B 78 50 64 54 22 AB F7 C8 0B 1F 2B
+subject=C = US, ST = CA, L = SF, O = Test, OU = Test, CN = Test
+issuer=C = US, ST = CA, L = SF, O = Test, OU = Test, CN = Test
+-----BEGIN CERTIFICATE-----
+MIIDiTCCAnGgAwIBAgIUdWDUiSWDll+owMQEzypIuChp+bcwDQYJKoZIhvcNAQEL
+BQAwVDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQswCQYDVQQHDAJTRjENMAsG
+A1UECgwEVGVzdDENMAsGA1UECwwEVGVzdDENMAsGA1UEAwwEVGVzdDAeFw0yNTA4
+MjYwNzQxMTBaFw0yNjA4MjYwNzQxMTBaMFQxCzAJBgNVBAYTAlVTMQswCQYDVQQI
+DAJDQTELMAkGA1UEBwwCU0YxDTALBgNVBAoMBFRlc3QxDTALBgNVBAsMBFRlc3Qx
+DTALBgNVBAMMBFRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM
+SfspXLx1WAKSo3AfDYIJAyeSrqFcTsPoNBEvT2U1b8w+SCTw4xR5sC3pNenbiEQ7
+4sI60hgURtOMOAt+iKvfI0A/9N8/wYadXUyis4qGZPkM/F6H5cBF9VaYisGptY2w
+ad9X8XcZgZFABYA5O50Jb5nbUM8fPwDYz2fISIejIpW36y+ApFsotJQCaISe4UWb
+K7bwW4UycghYh7AqfH/1OvgR35gGeL7S+SC0F+CZqGECgansFOh/yYL6VoatoggV
+oZxjIQblmuSrLtfwN1S7ngn85k3NFMBHm1ehMOHabx5G58Wg05/0mBK8bIrwjrNp
+Wzomit8BQJ7eIYUikZfVAgMBAAGjUzBRMB0GA1UdDgQWBBRm6hGFGnC1dxipumf/
+6ROdNE6/YDAfBgNVHSMEGDAWgBRm6hGFGnC1dxipumf/6ROdNE6/YDAPBgNVHRMB
+Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB66MPy5kZlSlBgsK4HtB1LSr3M
+dmBWbnQQMq9rmD9AIBQV/shiIjMXGRGnt9zaB0Gg9M39iEvISE6ByMpaDQqV0Md5
+9y4XJu0rg/aMXLaHOGDAWJsb7nCGDt12cWdgn1Ni2mmXUHv4SJCRXNQF7mSgIr+p
+Fvd1ljyvzu/iig8qxrcuWoZvY677p3yen4dN8ocgi8Df3KjduGbsTjFAESYqqNQC
+f+bvypQfhHjxdvz5W3Lpk2swUufqOvhO2b6+cshYJX98qLU8mhai/rOnYkHE7haq
+WDH6XEthnVGtk2VJ4XFDbz+FID440DPzy5u/1OZw2Mcoyp6y7rZDKC/D0Uvh
+-----END CERTIFICATE-----
diff --git a/app/core/src/test/resources/certs/test-cert.pfx b/app/core/src/test/resources/certs/test-cert.pfx
new file mode 100644
index 0000000000000000000000000000000000000000..02f74b04fd8f4f816cb6f5c6b2019e0dae133477
GIT binary patch
literal 2718
zcmai$X*d)L7st(Fj2Zh<WKc2oWhA2Plr7g5GNfc*%5LntnHbqg43q4pvhQUlakC_3
zNhIs2#7s1{>pt)M)W`ebob#Oj@5A}_dk!iFmJ0-cP%$tQ2%`j654+0@U;sRcfoXzc
zV5%pvGAag~{s%#x#DHT@qDUZs?qmf0Apn%s?}eTjWq=a@vofI&VCYCqPJ!BnZy68>
zr9&}6p#QrDWTdA<@k1EzVD$h_ATU4z%mz+nJeC~^y+-B}ghP7CEKxCFHoK3NL;X1v
zA2!xb$?DR2MZ&WIYO`EHWn9h$)($7ZA%wclEw%xRxBL^%+p1h1RNST_hu&dJg-heY
z2ZOPlho5ALPijia(#-IZC6Ie%yEHd(ec0x}-)rR&?aK^2)sRf9t{-ymAeLL0>Ja1X
zvP`^9xN-Z1M$arGM_~~eOq4jU!Ghw#(9V3;PoubVdrJ7eirCzC*zF4A%(*q{tUiIy
zyEc=kU(K(hVaupr=|QwLzMEu^vd1=Hii9X)8_ws4e@d|484oqcmUZiNT@6IU+85tS
zzPEh@_d&6ZRgBs^9%%cH@RjaxTrpBQN~re?&5A#}E&{z&XWee4p*8Y(lQItEN;i9^
z+!D<H@o!mW9oFHt#Ol?ZCTe~BO4m7T*T`*1{u^x$g^aa3ma>Ezr4|Y4=_g6yBNCS)
zje^$%SR@eLWTpGvI7H7Y@rx;#pA(><xRm@}?gXE<YEYLo-;?^~kWuz^%g<4!I^;!G
zOPpdvvrvT8k{!KUWA9<HuF1ZyE1KIc)v*KjC>0ixjC>EwWR`rLLOr-B$H~@ZIWRQ{
zofez15wxkXes1dR)f2|qU|0}3a??DT+PofeIy^|zFIz!Wf5LjFu`1wv<KB7{NK!Q(
zt0$oTMknl?)ml~cY@fvs;B9>Nq)REH+r4yjF5nYgct-dLS|K`w<7V~zu0pG*Nwq56
z)e|#Wi16@P!Iz9Y%NAk0Ka)-HJ8f%Q`R&1r%l$L#y(+@J;ssEnlI!%xTGt}##*$tR
zzb&<d$JZLa;n?XpPgzMh?kxUPEI|#<Y8t+B4;*qWbn_k~w*%}{q7&SIapU!Aw1k#s
zXlbv&3gsuj*}W=rB-xV6RQPo+>cYirmg0a*HQJa5KCI*nR&N`t?!Ri4Oq|%#;YS2c
zJ^`8iN-2AJ0kX<gxKD%TahA&Bu_w8)s+56D&#%Zblx%h?0bvmoJlb~CHeyVgOQ&qx
z7T_1}89UQ^00-g#W6a0eZR`jay*_nbWoVJKx|W$fhQeBu%$=xFdh5*9+=*$iAl(wE
z6y5jwxWI?ww(q{_^!ELFzZ7}Pw{Da<)raXyQL184Ayd5{Jqp_673<CwA$(i^MJ{GE
z!<OdIw3P-S+}#(Gw#&!hqFrel@B1!%3`LDa*A7U#n0`|s3H8<_4?!!PlB*LYg()=H
zXuL$ekl}ZXe3q<$iRFIF9Co(;m8rle*lVO@vSyo}hntVN{JGaksIgNe8a<}+p@PfE
z#R90{t|VX8kPsY^<zN`0LqDYJ)y&p5$Pwu^G}I^zHk(^hySqm#OMJ}K+=kqexw&Vd
zdIu64c=qPIegapnea>8;a3?{2Ec^c3kI?LEeV~F})xwc;pB>JG;3B1u7f><u#NU4T
zS6K9^;28R(llZ|&#X;czcNr5506c+mC!zFz2})mcDKu@r&iFqC#Z%sxEy{`{=1R&G
z->5Y60mpzxmBY|Kz)}@d9I}3krtME@DJlyT$F>M{%SVW;FydgqVYQMpfsm^Sf}G^f
zci_pOV|P-$|6sj5Ji^^l!Z~6N+wo|+Gtwc&tQ{#EzJ=IMwu)y6O|P~KDw?ES78zM=
z6`863)+xCe`?M}|T+zt2C77=3Rr8~xau=E9$0<;22bHMf04`?1pKHA~#@>xzS9*l1
zbX-%S(Q*&wly?Qj^~Rkjxr<ZCW@%BO=t+kC9Ud08+~vT0gl)z^GtzF{uk(<zc1*HT
zqr{v6^e|<;Sj;yt<fnLY;HiO}7DIs%y9MoT$%7>|@|BAG^Bb%CUkj;mwclIpGrZ=t
zS8;l#{>I+lPrE37s{zQ!KV>IG*}uY}W=(F9I#Lg!D$L1A5+-_HB5Ha{tPkTsRrfU>
zT`5h&^S*qY%(=7v3w?#3C-9{NQuY%m)BEtb8n=i+3mWx7^_<yROIfxcZQ>j84_vy|
zRPl%E!-x{WDdwip2sg8~#}D>Ot2ScPIhzA%ZtS6G_xNb}57B?Qq;at^<?y2UOF){O
zS}EHNLnZ3DYV3n>@oFo=^%nv*jWq8*18Z)TCgCr8FDBUu(hgmh9_fa>Dci~BR{Oev
zc4KNF;MrkeHdUQczC>kD-0L=W-^$hd%jJnVde_r@4gY4#a_W9)ZLl-nj{z@C-99i^
z<bkSFyt0PL$hWEnIa5X$Ehq=#%5#+?TC$Jf4QG>D;<Lf_qn6y5+XX5~8hJB`2S~B!
zc7(`s_lwS96!v-NmDZ@~Wm|*7#?rh17I&TG_eepoUk^y;DPBOd!cZFOf>k{nTb&xd
zJeapQH+t;)3+rbNVt+@TmE0D_H)z3Q-Ap&B>a!T9L5o2AW%mNpfce&-_p!M$H^s)9
zYS!JY%OB_6<6QOfmGXAby84-vk+vRa(jZqjJ8@TPM{WT#fQFFboi6<FWM1f05E83T
znGHKsa^3cyV%X5oIK`)qhtQagTVdGE+IK8si>M^hmas?S=fFX2)}2fEr+&L`!e{X3
z-H4$X*AqERr)fuu7q?gZ<Bs^oesSYE;zJ^Xg^Jdcd_hERH9i+v@vdmI!>4WcLPf{)
z48pWx@XEax;$hD+2sGhxHMz?v2$ToET9J2O8c_!McC9>C*pUO&juR=)--B?Zub~F6
zp(SgBF9+jYRyil^ZvBX+?-BdbquzSzuj@N5tavA%@*NM)8~#U>@JgShD_c53K-$t#
z)AS18vI8&O`)_&LjQaXACOU;&+hchi%9~$DALBWRHIm0+{n-o$DZf@3_Fq?yx*z|v
zwz+1bM7*2%Mc=Tw&LAMn8Q!54#*)5zuCPj`mUshT{3?v66<)%gR);20^015Mp9HsH
z{R+|_4?n6Rp8$H7x=7DGL~^EZ<XzG>RZUR0F~V&>{sn2^x+*#?iGsz!G)5VkzDq$}
z9C-t3ErnNq(XY6hv--9@J)>=qD+$sCh;KSm`7y2Jt_<B&BpVlVSn#;kyDA6$g7Q@w
zFp&CU=^&02!tb~hGkHd3foVRWjQllfjaFb>(ZqaXo<rKfzammAjHz-u$DED$mDHaO
z_tLbR0kz-lDj*Fgtou1?oLT3KR{6s4$aGKgRVKr*)Li9dE|G76mz?D^P`tkd%g80i
zBmkqcr}Lz9JL!HXp+AUQ?i83y+n`!{0%S(C2{LiKah|k002h=*X`<v%%)dW7Ab_3@
yd=^RQwh@98jZ9+;PDlN?D*BRYOi9B2P$bKHTkx-fX24LM4YEY4c`U=f7XAmBQs6%T

literal 0
HcmV?d00001

diff --git a/app/core/src/test/resources/certs/test-key.key b/app/core/src/test/resources/certs/test-key.key
new file mode 100644
index 000000000..93b8804c0
--- /dev/null
+++ b/app/core/src/test/resources/certs/test-key.key
@@ -0,0 +1,34 @@
+Bag Attributes
+    friendlyName: alias
+    localKeyID: 43 4A B0 2D D5 03 52 9F 5B 78 50 64 54 22 AB F7 C8 0B 1F 2B
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIB/3nui1td5QCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDY04ug+QgB6t2TdOWPgdtIBIIE
+0IaMRXXtpzLzSjlpyQpLMWLX9Lu+MauINVQMpan8qspC3RGkGcCQUzTkliM3Ls5Q
+Pwv02iFlKAzUYg/Z5V/kONfDkuxjeZvLFjmzomtWNy6yIxp4ShZinH8AGon16J6E
+s1+xlQBBLZYrRXX7WCpnHKE2OKquOoFWpYcb23py6FlD7Uq6XB0LEHR+C35tgnTQ
+WkTFK/La+cbJ+zmWA11Nrnz5XzuWTrNoNB4ygVON78T9o25Hf4V8rWhSZj2N79+B
+QuCAvuqZyAO12aUI9sxZZyis00JOnX7xbAeOkJk8Hhk4iQRMUUudKb5rqLrh/lcm
+F9zZjpu6PxJh22ztnRik3L3LyZLdEhMJJGWk4Z/3tKO87K4EiluzwZhAfMLpqfxx
+qfRKu6By97pbfJFBKqBTzmli2eeJLOwhERlovIaDiublFU8o8RE92PxUPOr7kqL7
+3cx8Qx5AF2Mnu7ftcLIGgg/lN+haoxpACDkC5ZvTFCrGr7jD1DlkswSMoai9gknx
+IMjID9nq6pVWyBm+wt9cALeK2wNa5RsE9fFvF/DBathV/WNmBwjnTKCeX3uPP1nw
+CUE6d+zicrz79kRWRnmscE3phTTu3/O9TokCMe3rLzC0f+gOpIE7vXDSeRuek/xs
+7uahAAWm94cHdz8QIBR/Ub+fFyrz/VHStAGlZhs0SoVnCl+VnZ9D9OqiyqslOihg
+LMcNwH8QjEv4zRAU/Sf1OdVJItXyKfII5zSUCW/TpD/vWPlG80Ib/bc+H9uZDZsg
+OADQYSyWjxA6OUThbCi6Wr+OxFUuDwVaMXxKjz1xH3HjmjpWZeTJy6BAuqe/OLDg
+VxDdEyL8fgz+QaaM/uqFarVMTir2A5VYNJzTXh02rUn3mXXHbH7uZYSwSg7fJ/hU
+ycSUkr/TFe9ZfqKOg1+ZKDu7Q97/tkL7gBTQbPqitUSinGvBgtMZKTHBznEn8foq
+NL/VaFSR4MxTOxFyE2e+9riNJmR0tavZCSgA7LcJtcT9l62cbmwmMj8DvEw8fiSD
+AYpgwovMtDoVDVQGb7ixLMz8/ta1BB7zPpr2aK8x5pVz5c+9rW/NiWQ68LCpEiAc
+HxExUVR0b9thC5YvG4VepUtmZ768yTYyus9jDiDNwRH/qttmAosn4pq5gGK+IVao
+oJX5jcroYaQnvXDBwve2XXXKSkIWe62r8h7Jv6mxR9yBQdVeWNtCGQ5AYNJNxI0i
+ZbCmCcQJnIuMHLYddaIEmUuUBFOquQC9y/pVbMbmdWOMw5Nama+/q6bke/XGk81I
+/Ov2gNN4Eu2V9N9MzlF0GiAmk1784qITj9iDIiYXPESnQfybFyhi2DaUM+KmeHpB
+I2KHL2KA0EGVhBjvCd7FVAqDJL7Dy3nCiLxNiDKChCP9+DDXB2mEfZafltSWai6p
+FPfGZJImQ6NO4/I/2aeXIwr4urJVFt3mr2b6w+gGRjr4qur0ZcqpvvcA3Es+tMX1
+eY5Or9V8iw/wj0x+CrHvvsRBfvCTSN/yqweMr5p1xSZm3Hfz906/q8HSaHb/sNne
+HCjUiKWJ6WTrjDjf9ewYnXb6Qxs3P0zjuHwSrpbq0Pr3HQveQvO5Tfrwr5+ikK1k
+FyqiU4e4vjpLujkIj2dmH0CkJ6ase1j/rWU8nLr1XZSR
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/app/core/src/test/resources/certs/test-key.pem b/app/core/src/test/resources/certs/test-key.pem
new file mode 100644
index 000000000..7653012a1
--- /dev/null
+++ b/app/core/src/test/resources/certs/test-key.pem
@@ -0,0 +1,34 @@
+Bag Attributes
+    friendlyName: alias
+    localKeyID: 43 4A B0 2D D5 03 52 9F 5B 78 50 64 54 22 AB F7 C8 0B 1F 2B
+Key Attributes: <No Attributes>
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIXl98lJJ1MUsCAggA
+MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBAcT6pXTGm0w+LUzlVH0GpJBIIE
+0NfOk8+haqEuGskrV8+JJVQLgqpKiOmXBjkiSHGReF4UTocKiUAwrHbvLj+j1VLM
+TNM/G68+SzGuWxI7gxpzA9u7p4Is5+2Sji9KsMuAh2CQlEuzkFsVaD9KXF2rje7g
+0G+4+ExZtsjlt/UqG2plFuWzJwji4J82Cy5dir1MQOOAweq5zG5/nzVpMmNoc1lo
+B9PO18R3SpY6qIp8Q0+d1QJC8zsXi/KKQ3ODiS83x5BL4KkQfjYDK/Lfr9yk5a3t
+JN8wE5jkDyGCLGGWgwy7Xq5N7m+kvcdeIEqKP9g5k5uZ7LppsDFe9dpHVymTHZGu
+tGrB74vi4D28YNhuG5qkTjp6CEehSjMwgWEo0Y6ZGu4WQvoTmkne88zly5vUFNrw
+JFM57YqE8U0Gzy7c/zeGtPq8U7y/Pd4z3muZe9sLpFoFAC7Aoq5yw662mPEBZRVb
+MDw8fK1OY9fnj9qHwQbYAD5AT9GmpwEP4tWkB6qNiDJBR8Jn3VmQ1uwR7oH+BiwX
+Y0xWjgl39JcpMORhzJim7K788FEjDrxR1ptepowC4EKjSeq92BGpO+Flf+lY/xYS
+3QR64h/wJEx7M3FrD7qxSHguW3h8rSMPHQg3YThyBUYsCc1tNpgmhQXNHXlE6G7o
+vdlDawf0Oybq6KzhdU25/kJyTaM7suiDkwyZf8SIElSD8R2VdYmL2AeowJsi26Qc
+0f7l/cL/Pws0j4vxYY+6DD5uw+bCBvsjE5Y8Fw6t0xgYwnMCALjfKr2p3CW/Ifa/
+uynI7Hd548orqkddc834DO6gcPuXMUgZ75RFYglpnD+DDvOzvqh7mrgDiCURZuXd
+eZkF3sr4Wfn4YsQfM0XdfB0/dmzLnGGIzbW9cuB4VQUswDZ9KCnZVMZOC8AMKvSQ
+eZn8VEYSr+qT5m8yKSmeUUQga6G/jN6yHj2mV8ura3o1NHvQpy82lHX3M+2d+cs1
+PWTcYM3AwPpHAM2HyisPYOeNNiEKvo3mtyw2SgV4P6kavdNXFk/xA7mzDWr0QnNX
+/j4ZZFynhUz46joCC6bew0yyRfL1Jqy+XDvtEOmjhy96nJvUDb5IqsMY5ZHRmGkc
+yO3uVQu7kexLcA8mYA5OK1llWuyHxffTyGuL5C0q7+8mBvPrkCakUjsLGAgIWYTE
+ftJ6q8u8xyDghXhRM0lvcoVLjzzjCIDaGVqeXl6HtgJ4grUaNCjESIfsURFylVxk
+3jNFojsxHPtv+zYAG0otqedSKjZaG0uNivjBt/v21luSs+lqEKbv4122yzC8H6pG
+zrS6OGkKb8fIqz3D5nAezMFuMjd+ORiGf/IUJToCeluqVGwXMXExdDSCDf0hFJny
+6y/eKmA88lu6uHYe4TB7ZR2wPyIGl1HPN3xj7Dc/T3wEhCDycKLN4/fY9ZNw5U6E
+F5yVnZFdcaA6qHiY99xvtOPX/EmxibcV6C84QV3HDmdXgjEIH52I9oK0WEjRb2hd
+U2lCnZDNqthn3zn0DZ/aSe4HDe5SfLnzFFGyD1wvCTRcM25901Op4kgVD/BPwWH+
+4E7KiBh91UueWn7m5h1B8cEnpsHwpQLxq2ZdNYzp3ZFyzvzSUXe3QvPveehAgr0M
+lEXzn1/fJpmRPP5hvt6uYqZ+y90BkiT6UlANFHpoA6x0
+-----END ENCRYPTED PRIVATE KEY-----