From 9ea8e80ba5bf1d7c70d3491b5e72d09c313f99dd Mon Sep 17 00:00:00 2001
From: Michael Lux <michael.lux@aisec.fraunhofer.de>
Date: Fri, 27 Jan 2023 09:39:22 +0100
Subject: [PATCH 1/3] Combined and improved EST process and certificate
 handling

---
 .../src/main/angular/src/app/app.module.ts    |   4 +-
 .../src/main/angular/src/app/app.routing.ts   |   4 +-
 .../src/app/keycerts/est-cert.component.html  |  51 ----
 .../src/app/keycerts/est-cert.component.ts    |  50 ----
 .../keycerts/identitynewest.component.html    |   8 +
 .../app/keycerts/identitynewest.component.ts  |   9 +-
 .../src/app/keycerts/keycerts.component.html  |  62 +++--
 .../fhg/aisec/ids/webconsole/api/CertApi.kt   | 220 +++++++++---------
 .../webconsole/api/data/EstCaCertRequest.kt   |  22 --
 .../ids/webconsole/api/data/EstIdRequest.kt   |   2 +-
 10 files changed, 150 insertions(+), 282 deletions(-)
 delete mode 100644 ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.html
 delete mode 100644 ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.ts
 delete mode 100644 ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstCaCertRequest.kt

diff --git a/ids-webconsole/src/main/angular/src/app/app.module.ts b/ids-webconsole/src/main/angular/src/app/app.module.ts
index 89c84b2e..72940b65 100644
--- a/ids-webconsole/src/main/angular/src/app/app.module.ts
+++ b/ids-webconsole/src/main/angular/src/app/app.module.ts
@@ -53,7 +53,6 @@ import { DetailUserComponent } from './users/userdetail.component';
 import { UserService } from './users/user.service';
 import { UserCardComponent } from './users/user-card.component';
 import { NewIdentityESTComponent } from './keycerts/identitynewest.component';
-import { ESTCertComponent } from './keycerts/est-cert.component';
 import { ESTService } from './keycerts/est-service';
 
 @NgModule({
@@ -102,8 +101,7 @@ import { ESTService } from './keycerts/est-service';
         DetailUserComponent,
         UserCardComponent,
         UsersComponent,
-        NewIdentityESTComponent,
-        ESTCertComponent
+        NewIdentityESTComponent
     ],
     providers: [
         HTTP_PROVIDER,
diff --git a/ids-webconsole/src/main/angular/src/app/app.routing.ts b/ids-webconsole/src/main/angular/src/app/app.routing.ts
index b0900a1b..20f64cfa 100644
--- a/ids-webconsole/src/main/angular/src/app/app.routing.ts
+++ b/ids-webconsole/src/main/angular/src/app/app.routing.ts
@@ -20,7 +20,6 @@ import { NewUserComponent } from './users/usernew.component';
 import { DetailUserComponent } from './users/userdetail.component';
 import { RoutesComponent } from './routes/routes.component';
 import { NewIdentityESTComponent } from './keycerts/identitynewest.component';
-import { ESTCertComponent } from './keycerts/est-cert.component';
 
 const appRoutes: Routes = [
   // Pages using the "home" layout (with sidebar and topnav)
@@ -43,8 +42,7 @@ const appRoutes: Routes = [
       { path: 'usernew', component: NewUserComponent, canActivate: [AuthGuard] },
       { path: 'userdetail', component: DetailUserComponent, canActivate: [AuthGuard] },
       { path: 'certificates', component: KeycertsComponent, canActivate: [AuthGuard]  },
-      { path: 'identitynewest', component: NewIdentityESTComponent, canActivate: [AuthGuard] },
-      { path: 'est-cert', component: ESTCertComponent, canActivate: [AuthGuard] }
+      { path: 'identitynewest', component: NewIdentityESTComponent, canActivate: [AuthGuard] }
     ]
   },
   // Pages using the "login" layout (centered full page without sidebar)
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.html b/ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.html
deleted file mode 100644
index 125b63b8..00000000
--- a/ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.html
+++ /dev/null
@@ -1,51 +0,0 @@
-<!-- Status cards -->
-<div class="mdl-grid">
-    <div class="mdl-card card-dark mdl-cell mdl-cell--12-col">
-        <div class="mdl-card__title">
-            <h2 class="mdl-card__title-text">EST CA Certificate</h2>
-        </div>
-        <div class="mdl-card__supporting-text">
-
-            <form [formGroup]="myForm" class="mdl-cell--12-col mdl-grid">
-                <div class="mdl-cell--12-col">
-                    <div mdl-textfield
-                         class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
-                        <label class="mdl-textfield__label" for="estUrl">EST Url</label>
-                        <input class="mdl-textfield__input" id="estUrl" type="text" formControlName="estUrl">
-                    </div>
-                </div>
-
-                <div class="mdl-cell--12-col">
-                    <div mdl-textfield
-                         class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
-                        <label class="mdl-textfield__label" for="certificateHash">Root CA CertificateHash
-                            (SHA-256)</label>
-                        <input class="mdl-textfield__input" id="certificateHash" type="text"
-                               formControlName="certificateHash">
-                    </div>
-                </div>
-
-                <div class="mdl-cell--8-col">
-                    <div mdl-textarea
-                         class="mdl-textfield mdl-js-textfield  mdl-text-field--textarea mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
-                        <label class="mdl-textfield__label" for="certificate">Certificate</label>
-                        <textarea class="mdl-text-field__input" mdl-text-field--disabled aria-labelledby="my-label-id"
-                                  rows="8"
-                                  cols="100" maxlength="5000" id="certificate" type="text" formControlName="certificate"
-                                  readonly></textarea>
-                    </div>
-                </div>
-            </form>
-
-            <div class="mdl-cell--4-col">
-                <button class="mdl-button mdl-js-button mdl-button--raised" (click)="fetchEstCert()">
-                    Get certificate
-                </button>
-                <button class="mdl-button mdl-js-button mdl-button--raised" (click)="storeEstCert()">
-                    Store certificate
-                </button>
-            </div>
-
-        </div>
-    </div>
-</div>
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.ts b/ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.ts
deleted file mode 100644
index 3e599384..00000000
--- a/ids-webconsole/src/main/angular/src/app/keycerts/est-cert.component.ts
+++ /dev/null
@@ -1,50 +0,0 @@
-import { Component, OnInit } from '@angular/core';
-import { UntypedFormBuilder, UntypedFormGroup, Validators } from '@angular/forms';
-import { Title } from '@angular/platform-browser';
-import { Router } from '@angular/router';
-
-import { ESTService } from './est-service';
-import { NGXLogger } from 'ngx-logger';
-
-@Component({
-    templateUrl: './est-cert.component.html'
-})
-export class ESTCertComponent implements OnInit {
-    public myForm: UntypedFormGroup;
-    public cacert = '';
-
-    constructor(private readonly fb: UntypedFormBuilder,
-                private readonly titleService: Title,
-                private readonly log: NGXLogger,
-                private readonly estService: ESTService,
-                private readonly router: Router) {
-        this.titleService.setTitle('Set EST CA cert');
-    }
-
-    public ngOnInit(): void {
-        // the short way to create a FormGroup
-        this.myForm = this.fb.group({
-            estUrl: ['', Validators.required as any],
-            certificateHash: '',
-            certificate: ''
-        });
-    }
-
-    public async fetchEstCert(): Promise<void> {
-        await this.estService.requestEstCaCert(
-            this.myForm.get('estUrl')?.value,
-            this.myForm.get('certificateHash')?.value
-        ).subscribe(e => {
-            this.myForm.patchValue({
-                certificate: e
-            });
-            this.cacert = e;
-            this.log.error('Error during EST root certificate fetch', e);
-        });
-    }
-
-    public async storeEstCert(): Promise<void> {
-         await this.estService.uploadEstCaCert(this.cacert).subscribe(() => this.router.navigate(['/certificates']));
-    }
-
-}
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.html b/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.html
index 7cfff4e0..8f9dbdbe 100644
--- a/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.html
+++ b/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.html
@@ -17,6 +17,14 @@ <h5>EST Enrollment</h5>
                         <input class="mdl-textfield__input" id="estUrl" type="url" formControlName="estUrl">
                     </div>
                 </div>
+                <div class="mdl-cell--12-col">
+                    <div mdl-textfield
+                         class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
+                        <label class="mdl-textfield__label" for="rootCertHash">Root CA Certificate Hash*</label>
+                        <input class="mdl-textfield__input" id="rootCertHash" type="text" formControlName="rootCertHash"
+                               required minlength="1">
+                    </div>
+                </div>
                 <div class="mdl-cell--12-col">
                     <div mdl-textfield
                          class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label has-placeholder mdl-cell--12-col form-group">
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.ts b/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.ts
index d6a8023b..c332ef43 100644
--- a/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.ts
+++ b/ids-webconsole/src/main/angular/src/app/keycerts/identitynewest.component.ts
@@ -1,5 +1,5 @@
 import { Component, OnInit } from '@angular/core';
-import { UntypedFormBuilder, UntypedFormGroup } from '@angular/forms';
+import { UntypedFormBuilder, UntypedFormGroup, Validators } from '@angular/forms';
 import { Title } from '@angular/platform-browser';
 import { Router } from '@angular/router';
 
@@ -22,9 +22,10 @@ export class NewIdentityESTComponent implements OnInit {
     public ngOnInit(): void {
         // the short way to create a FormGroup
         this.myForm = this.fb.group({
-            estUrl: '',
-            iet: '',
-            alias: '1'
+            estUrl: ['https://daps-dev.aisec.fraunhofer.de', Validators.required],
+            rootCertHash: ['7d3f260abb4b0bfa339c159398c0ab480a251faa385639218198adcad9a3c17d', Validators.required],
+            iet: ['', Validators.required],
+            alias: ['1', Validators.required]
         });
     }
 
diff --git a/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.html b/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.html
index f86cd92c..90166399 100755
--- a/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.html
+++ b/ids-webconsole/src/main/angular/src/app/keycerts/keycerts.component.html
@@ -1,40 +1,36 @@
 <div class="mdl-grid">
 
-	<div class="card-dark mdl-card mdl-cell mdl-cell--6-col  mdl-shadow--2dp">
-		<div class="mdl-card__title">
-			<h2 class="mdl-card__title-text">My Identities</h2>
-		</div>
-		<div class="mdl-card__supporting-text">
-			<certificate-card [certificates]="identities" [onDeleteCallback]="deleteIdentity"></certificate-card>
-		</div>
-		<div class="mdl-card__menu">
-			<button routerLink="/identitynew"
-				class="mdl-button mdl-js-button mdl-button--icon mdl-color--white mdl-color-text--black">
-				<icon class="material-icons">add</icon>
-			</button>
-      <button routerLink="/identitynewest"
-              class="mdl-button mdl-js-button mdl-button--icon mdl-color--white mdl-color-text--black">
-        <em class="material-icons">important_devices</em>
-      </button>
-		</div>
-	</div>
+    <div class="card-dark mdl-card mdl-cell mdl-cell--6-col  mdl-shadow--2dp">
+        <div class="mdl-card__title">
+            <h2 class="mdl-card__title-text">My Identities</h2>
+        </div>
+        <div class="mdl-card__supporting-text">
+            <certificate-card [certificates]="identities" [onDeleteCallback]="deleteIdentity"></certificate-card>
+        </div>
+        <div class="mdl-card__menu">
+            <button routerLink="/identitynew"
+                    class="mdl-button mdl-js-button mdl-button--icon mdl-color--white mdl-color-text--black">
+                <icon class="material-icons">add</icon>
+            </button>
+            <button routerLink="/identitynewest"
+                    class="ml-2 mdl-button mdl-js-button mdl-button--icon mdl-color--white mdl-color-text--black">
+                <icon class="material-icons">important_devices</icon>
+            </button>
+        </div>
+    </div>
 
 
-	<div class="card-dark mdl-card mdl-cell mdl-cell--6-col  mdl-shadow--2dp">
-		<div class="mdl-card__title">
-			<h2 class="mdl-card__title-text">Trusted Certificates</h2>
-		</div>
-		<div class="mdl-card__supporting-text">
-			<certificate-card [certificates]="certificates" [onDeleteCallback]="deleteCert"></certificate-card>
-		</div>
-		<div class="mdl-card__menu">
-			<file-uploading #cu2 (change)="cu2.upload()" [multiple]="true"></file-uploading>
-      <button routerLink="/est-cert"
-              class="mdl-button mdl-js-button mdl-button--icon mdl-color--white mdl-color-text--black">
-        <em class="material-icons">important_devices</em>
-      </button>
-		</div>
-	</div>
+    <div class="card-dark mdl-card mdl-cell mdl-cell--6-col  mdl-shadow--2dp">
+        <div class="mdl-card__title">
+            <h2 class="mdl-card__title-text">Trusted Certificates</h2>
+        </div>
+        <div class="mdl-card__supporting-text">
+            <certificate-card [certificates]="certificates" [onDeleteCallback]="deleteCert"></certificate-card>
+        </div>
+        <div class="mdl-card__menu">
+            <file-uploading #cu2 (change)="cu2.upload()" [multiple]="true"></file-uploading>
+        </div>
+    </div>
 
 
 </div>
diff --git a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt b/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt
index 3dcee31d..5fdf6a4a 100644
--- a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt
+++ b/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt
@@ -26,7 +26,6 @@ import de.fhg.aisec.ids.api.acme.AcmeTermsOfService
 import de.fhg.aisec.ids.api.settings.Settings
 import de.fhg.aisec.ids.webconsole.ApiController
 import de.fhg.aisec.ids.webconsole.api.data.Cert
-import de.fhg.aisec.ids.webconsole.api.data.EstCaCertRequest
 import de.fhg.aisec.ids.webconsole.api.data.EstIdRequest
 import de.fhg.aisec.ids.webconsole.api.data.Identity
 import de.fhg.aisec.ids.webconsole.api.helper.ProcessExecutor
@@ -64,12 +63,10 @@ import sun.security.pkcs10.PKCS10
 import sun.security.x509.X500Name
 import java.io.ByteArrayInputStream
 import java.io.ByteArrayOutputStream
-import java.io.DataInputStream
 import java.io.File
 import java.io.FileInputStream
 import java.io.FileOutputStream
 import java.io.IOException
-import java.io.InputStream
 import java.io.PrintStream
 import java.net.URI
 import java.net.URISyntaxException
@@ -242,40 +239,55 @@ class CertApi(@Autowired private val settings: Settings) {
     //     return "Error: certificate has NOT been uploaded to $trustStoreName"
     // }
 
-    @PostMapping("/est_ca_certs", consumes = [MediaType.APPLICATION_JSON], produces = [MediaType.TEXT_PLAIN])
-    @ApiOperation(
-        value = "Get CA certificate from EST",
-        notes = ""
-    )
-    @ApiResponses(
-        ApiResponse(code = 200, message = "EST CA certificate"),
-        ApiResponse(code = 500, message = "Error fetching CA certificate via EST")
-    )
-    suspend fun requestEstCaCerts(@RequestBody request: EstCaCertRequest): String {
-        val ucUrl = "${request.url}/.well-known/est/cacerts"
+    private inline fun notThrowing(block: () -> Unit): Boolean {
+        return try {
+            block()
+            true
+        } catch (t: Throwable) {
+            false
+        }
+    }
+
+    private fun X509Certificate.isValid() = notThrowing { this.checkValidity() }
+
+    private fun X509Certificate.verify(maybeIssuer: X509Certificate) =
+        notThrowing { this.verify(maybeIssuer.publicKey) }
+
+    private suspend fun fetchEstCaCerts(estUrl: String, permittedHash: String): List<X509Certificate> {
+        val ucUrl = "$estUrl/.well-known/est/cacerts"
         val response = insecureHttpClient.get(ucUrl)
         if (response.status.value !in 200..299) {
             throw ResponseStatusException(
                 HttpStatus.INTERNAL_SERVER_ERROR,
-                "Failed to fetch root certificate, error code ${response.status.value}"
+                "Failed to fetch CA certificates, error code ${response.status.value}"
             )
         }
         val res = response.bodyAsText()
         val encoded = Base64.getDecoder().decode(res.replace(WHITESPACE_REGEX, ""))
-        val certs = PKCS7(encoded).certificates
-        val certHash = sha256Hash(certs[0])
-
-        return if (certHash == request.hash) {
-            certs.joinToString("\n") {
-                val s = Base64.getMimeEncoder(64, "\n".toByteArray()).encode(it.encoded).decodeToString()
-                "-----BEGIN CERTIFICATE-----\n$s\n-----END CERTIFICATE-----"
+        // List of accepted certificates (during iteration below)
+        val acceptedCerts = mutableListOf<X509Certificate>()
+        // Iteration over received certificates, collecting the accepted ones
+        PKCS7(encoded).certificates.forEach { cert ->
+            if (cert.isValid()) {
+                val certHash = cert.sha256Hash()
+                if (certHash == permittedHash) {
+                    // Root certificate with right hash will be accepted immediately
+                    acceptedCerts += cert
+                } else {
+                    if (acceptedCerts.any { cert.verify(it) }) {
+                        // A certificate without the right hash will be accepted
+                        // if it was signed with an already accepted root certificate.
+                        acceptedCerts += cert
+                    } else {
+                        LOG.warn("Rejected EST CA cert:\n$cert\nExpected hash $permittedHash instead of $certHash " +
+                            "or valid signature by an earlier CA certificate from the list with the right hash.")
+                    }
+                }
+            } else {
+                LOG.warn("Rejected EST CA cert:\n$cert\nThe certificate is not valid!")
             }
-        } else {
-            throw ResponseStatusException(
-                HttpStatus.INTERNAL_SERVER_ERROR,
-                "Hash check for EST root failed, expected was ${request.hash}, actual hash is $certHash."
-            )
         }
+        return acceptedCerts
     }
 
     /**
@@ -301,9 +313,9 @@ class CertApi(@Autowired private val settings: Settings) {
         return byteArray.joinToString("") { hexLookup.computeIfAbsent(it) { num: Byte -> byteToHex(num.toInt()) } }
     }
 
-    private fun sha256Hash(certificate: Certificate): String {
+    private fun Certificate.sha256Hash(): String {
         val sha256 = MessageDigest.getInstance("SHA-256")
-        sha256.update(certificate.encoded)
+        sha256.update(this.encoded)
         val digest = sha256.digest()
         return encodeHexString(digest).lowercase()
     }
@@ -317,13 +329,20 @@ class CertApi(@Autowired private val settings: Settings) {
         ApiResponse(code = 200, message = "EST CA certificate"),
         ApiResponse(code = 500, message = "No certificate found")
     )
-    fun storeEstCACerts(@RequestBody certificates: String): Boolean {
-        return certificates.split("-----END CERTIFICATE-----").map {
+    fun storeEstCACerts(@RequestBody certificates: String) {
+        certificates.split("-----END CERTIFICATE-----").map {
             it.replace(CLEAR_PEM_REGEX, "")
         }.filter { it.isNotEmpty() }.map { c ->
             val trustStoreName = settings.connectorConfig.truststoreName
-            storeCertFromString(getKeystoreFile(trustStoreName), c)
-        }.all { it }
+            val encoded = Base64.getDecoder().decode(c.replace(WHITESPACE_REGEX, ""))
+            val cf = CertificateFactory.getInstance("X.509")
+            val cert = cf.generateCertificate(ByteArrayInputStream(encoded)) as X509Certificate
+            try {
+                storeCertificate(trustStoreName, listOf(cert))
+            } catch (t: Throwable) {
+                LOG.error("Error saving a CA certificate", t)
+            }
+        }
     }
 
     @PostMapping("/request_est_identity", consumes = [MediaType.APPLICATION_JSON])
@@ -332,21 +351,43 @@ class CertApi(@Autowired private val settings: Settings) {
         notes = ""
     )
     @ApiResponses(
-        ApiResponse(code = 200, message = "EST CA certificate"),
+        ApiResponse(code = 200, message = "EST CA certificate fetched"),
         ApiResponse(code = 500, message = "No certificate found")
     )
     suspend fun requestEstIdentity(@RequestBody r: EstIdRequest) {
-        LOG.debug("Requesting certificate over EST...")
-        LOG.debug("Step 1 - generate Keys")
+        LOG.debug("Started EST process.")
+
+        LOG.debug("Fetching CA certificates...")
+        val caCerts = fetchEstCaCerts(r.estUrl, r.rootCertHash)
+        caCerts.firstOrNull { it.verify(it) }?.let {
+            LOG.debug("Storing root CA certificate in TrustStore...")
+            storeCertificate(settings.connectorConfig.truststoreName, listOf(it))
+        } ?: LOG.warn("No (valid) root CA certificate has been found. EST process may fail!")
+
+        LOG.debug("Generating keys...")
         KeyPairGenerator.getInstance("RSA").apply { initialize(4096) }.generateKeyPair().let { keys ->
-            LOG.debug("Step 2 - generate CSR")
+            LOG.debug("Creating CSR...")
             generatePKCS10(keys).let { csr ->
-                LOG.debug("Step 3 - send requests")
+                LOG.debug("Sending EST request...")
                 sendEstIdReq(r, csr).let { pkcs7 ->
-                    LOG.debug("Step 4 - extract certificate")
                     pkcs7.certificates.firstOrNull { it.publicKey == keys.public }?.let {
-                        LOG.debug("Step 5 - save certificate")
-                        storeEstId(keys.private, it, r.alias)
+                        LOG.debug("Found EST certificate, assembling certificate chain...")
+                        val certificateChain = mutableListOf(it)
+                        var lastCertificate = it
+                        // The last certificate (root) is self-signed
+                        while(!lastCertificate.verify(lastCertificate)) {
+                            // Find CA certificate signing last element of chain
+                            caCerts.firstOrNull { ca -> lastCertificate.verify(ca) }?.let { nextCa ->
+                                certificateChain += nextCa
+                                lastCertificate = nextCa
+                            } ?: throw RuntimeException(
+                                "Could not create certificate chain, " +
+                                    "did not find signer for this certificate:\n$lastCertificate"
+                            )
+                        }
+                        LOG.debug("Storing EST certificate (full chain) using alias \"{}\"...", r.alias)
+                        storeCertificate(settings.connectorConfig.keystoreName, certificateChain, keys.private, r.alias)
+                        LOG.debug("EST enrollment completed successfully!")
                     }
                 }
             }
@@ -370,8 +411,7 @@ class CertApi(@Autowired private val settings: Settings) {
     }
 
     private suspend fun sendEstIdReq(r: EstIdRequest, csr: ByteArray): PKCS7 {
-        val trustStoreName = settings.connectorConfig.truststoreName
-        val trustStoreFile = getKeystoreFile(trustStoreName)
+        val trustStoreFile = getKeystoreFile(settings.connectorConfig.truststoreName)
         val trustManagers = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()).also { tmf ->
             KeyStore.getInstance("pkcs12").also {
                 FileInputStream(trustStoreFile).use { fis ->
@@ -424,72 +464,30 @@ class CertApi(@Autowired private val settings: Settings) {
         return PKCS7(encoded)
     }
 
-    private fun storeEstId(key: PrivateKey, cert: Certificate, alias: String): Boolean {
-        val keyStoreName = settings.connectorConfig.keystoreName
-        return storeCertFromString(
-            getKeystoreFile(keyStoreName),
-            Base64.getEncoder().encode(cert.encoded).decodeToString(),
-            key,
-            alias
-        )
-    }
-
-    /** Stores a certificate in a JKS truststore.  */
-    private fun storeCert(trustStoreFile: File, certFile: File): Boolean {
-        val alias = certFile.name.replace(".", "_")
-        return try {
-            val cf = CertificateFactory.getInstance("X.509")
-            val certStream = fullStream(certFile.absolutePath)
-            val certs = cf.generateCertificate(certStream)
-            val keystore = KeyStore.getInstance("pkcs12")
-            val password = KEYSTORE_PWD
-            FileInputStream(trustStoreFile).use { fis ->
-                keystore.load(fis, password.toCharArray())
-            }
-            // Add the certificate
-            keystore.setCertificateEntry(alias, certs)
-            FileOutputStream(trustStoreFile).use { fos ->
-                keystore.store(fos, password.toCharArray())
-            }
-            true
-        } catch (e: Exception) {
-            LOG.error(e.message, e)
-            false
-        }
-    }
-
-    private fun storeCertFromString(
-        trustStoreFile: File,
-        cert: String,
+    private fun storeCertificate(
+        storeFilename: String,
+        certificateChain: List<X509Certificate>,
         key: PrivateKey? = null,
         alias: String? = null
-    ): Boolean {
-        val encoded = Base64.getDecoder().decode(cert.replace(WHITESPACE_REGEX, ""))
-        val cf = CertificateFactory.getInstance("X.509")
-        val c = cf.generateCertificate(ByteArrayInputStream(encoded)) as X509Certificate
-        return try {
-            val keystore = KeyStore.getInstance("pkcs12")
-            val password = KEYSTORE_PWD.toCharArray()
-            FileInputStream(trustStoreFile).use { fis ->
-                keystore.load(fis, password)
-            }
-            val entryAlias = alias ?: c.subjectX500Principal.name.let { name ->
-                name.split(",").map { it.split("=") }.firstOrNull { it[0] == "CN" }?.get(1) ?: name
-            }
-            if (key == null) {
-                // Add a CA certificate
-                keystore.setCertificateEntry(entryAlias, c)
-            } else {
-                // Add an identity certificate with private key
-                keystore.setKeyEntry(entryAlias, key, password, arrayOf(c))
-            }
-            FileOutputStream(trustStoreFile).use { fos ->
-                keystore.store(fos, password)
-            }
-            true
-        } catch (e: Exception) {
-            LOG.error(e.message, e)
-            false
+    ) {
+        val storeFile = getKeystoreFile(storeFilename)
+        val keystore = KeyStore.getInstance("pkcs12")
+        val password = KEYSTORE_PWD.toCharArray()
+        FileInputStream(storeFile).use { fis ->
+            keystore.load(fis, password)
+        }
+        val entryAlias = alias ?: certificateChain[0].subjectX500Principal.name.let { name ->
+            name.split(",").map { it.split("=") }.firstOrNull { it[0] == "CN" }?.get(1) ?: name
+        }
+        if (key == null) {
+            // Add a CA certificate
+            keystore.setCertificateEntry(entryAlias, certificateChain[0])
+        } else {
+            // Add an identity certificate with private key
+            keystore.setKeyEntry(entryAlias, key, password, certificateChain.toTypedArray())
+        }
+        FileOutputStream(storeFile).use { fos ->
+            keystore.store(fos, password)
         }
     }
 
@@ -677,13 +675,5 @@ class CertApi(@Autowired private val settings: Settings) {
                 jackson()
             }
         }
-
-        @Throws(IOException::class)
-        private fun fullStream(fileName: String): InputStream {
-            DataInputStream(FileInputStream(fileName)).use { dis ->
-                val bytes = dis.readAllBytes()
-                return ByteArrayInputStream(bytes)
-            }
-        }
     }
 }
diff --git a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstCaCertRequest.kt b/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstCaCertRequest.kt
deleted file mode 100644
index a5b83ae6..00000000
--- a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstCaCertRequest.kt
+++ /dev/null
@@ -1,22 +0,0 @@
-/*-
- * ========================LICENSE_START=================================
- * ids-webconsole
- * %%
- * Copyright (C) 2019 Fraunhofer AISEC
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * =========================LICENSE_END==================================
- */
-package de.fhg.aisec.ids.webconsole.api.data
-
-data class EstCaCertRequest(val url: String, val hash: String)
diff --git a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstIdRequest.kt b/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstIdRequest.kt
index a3fbe37f..e9399468 100644
--- a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstIdRequest.kt
+++ b/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/data/EstIdRequest.kt
@@ -19,4 +19,4 @@
  */
 package de.fhg.aisec.ids.webconsole.api.data
 
-data class EstIdRequest(val estUrl: String, val iet: String, val alias: String)
+data class EstIdRequest(val estUrl: String, val rootCertHash: String, val iet: String, val alias: String)

From b4207b9ea1231ac9356adbf47e48a1f794196e4c Mon Sep 17 00:00:00 2001
From: Michael Lux <michael.lux@aisec.fraunhofer.de>
Date: Fri, 27 Jan 2023 10:07:02 +0100
Subject: [PATCH 2/3] Fixed Dockerfiles and debug output on start

---
 Dockerfile                                    |  6 +++-
 ids-connector/Dockerfile                      | 11 +++----
 .../fhg/aisec/ids/ConnectorConfiguration.kt   | 29 ++++++++-----------
 .../src/main/resources/application.yml        |  8 ++---
 4 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index c8571efd..33ffdd35 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,4 +23,8 @@ WORKDIR "/root"
 # Ports to expose
 EXPOSE 8080 29292
 ENTRYPOINT ["java"]
-CMD ["--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector"]
+CMD ["--add-exports=java.base/sun.security.x509=ALL-UNNAMED", \
+"--add-exports=java.base/sun.security.pkcs=ALL-UNNAMED", \
+"--add-exports=java.base/sun.security.pkcs10=ALL-UNNAMED", \
+"--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector", \
+"--spring.config.location=classpath:application.yml,optional:/root/etc/application.yml"]
diff --git a/ids-connector/Dockerfile b/ids-connector/Dockerfile
index ce661936..3992255e 100644
--- a/ids-connector/Dockerfile
+++ b/ids-connector/Dockerfile
@@ -3,17 +3,18 @@ FROM $BASE_IMAGE
 
 LABEL AUTHOR="Michael Lux (michael.lux@aisec.fraunhofer.de)"
 
-# Add the actual core platform JARs to /root/jars, as two layers
-ADD build/libs/libraryJars/* /root/jars/
-ADD build/libs/projectJars/* /root/jars/
-
 WORKDIR "/root"
 
 # Ports to expose
 EXPOSE 8080 29292
 
+# Add the actual core platform JARs to /root/jars, as two layers
+ADD build/libs/libraryJars/* /root/jars/
+ADD build/libs/projectJars/* /root/jars/
+
 ENTRYPOINT ["java"]
 CMD ["--add-exports=java.base/sun.security.x509=ALL-UNNAMED", \
 "--add-exports=java.base/sun.security.pkcs=ALL-UNNAMED", \
 "--add-exports=java.base/sun.security.pkcs10=ALL-UNNAMED", \
-"--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector"]
+"--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector", \
+"--spring.config.location=classpath:application.yml,optional:/root/etc/application.yml"]
\ No newline at end of file
diff --git a/ids-connector/src/main/kotlin/de/fhg/aisec/ids/ConnectorConfiguration.kt b/ids-connector/src/main/kotlin/de/fhg/aisec/ids/ConnectorConfiguration.kt
index 3647c9f5..9da511ea 100644
--- a/ids-connector/src/main/kotlin/de/fhg/aisec/ids/ConnectorConfiguration.kt
+++ b/ids-connector/src/main/kotlin/de/fhg/aisec/ids/ConnectorConfiguration.kt
@@ -32,7 +32,6 @@ import org.springframework.context.ApplicationContext
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import java.net.URI
-import java.util.Arrays
 
 @Configuration
 class ConnectorConfiguration {
@@ -77,12 +76,10 @@ class ConnectorConfiguration {
     @Bean
     fun listBeans(ctx: ApplicationContext): CommandLineRunner {
         return CommandLineRunner {
-            val beans: Array<String> = ctx.beanDefinitionNames
-
-            Arrays.sort(beans)
-
-            for (bean in beans) {
-                TrustedConnector.LOG.info("Loaded bean: {}", bean)
+            if (TrustedConnector.LOG.isDebugEnabled) {
+                ctx.beanDefinitionNames.sorted().forEach {
+                    TrustedConnector.LOG.debug("Loaded bean: {}", it)
+                }
             }
         }
     }
@@ -90,10 +87,10 @@ class ConnectorConfiguration {
     @Bean
     fun listContainers(ctx: ApplicationContext): CommandLineRunner {
         return CommandLineRunner {
-            val containers = cml?.list(false)
-
-            for (container in containers ?: emptyList()) {
-                TrustedConnector.LOG.debug("Container: {}", container.names)
+            if (TrustedConnector.LOG.isDebugEnabled) {
+                cml?.list(false)?.forEach {
+                    TrustedConnector.LOG.debug("Container: {}", it.names)
+                }
             }
         }
     }
@@ -101,12 +98,10 @@ class ConnectorConfiguration {
     @Bean
     fun showConnectorProfile(ctx: ApplicationContext): CommandLineRunner {
         return CommandLineRunner {
-            val connector = im.connector
-
-            if (connector == null) {
-                TrustedConnector.LOG.info("No connector profile stored yet.")
-            } else {
-                TrustedConnector.LOG.info("Connector profile: {}", connector)
+            if (TrustedConnector.LOG.isDebugEnabled) {
+                im.connector?.let {
+                    TrustedConnector.LOG.debug("Connector profile:\n{}", im.connectorAsJsonLd)
+                } ?: TrustedConnector.LOG.debug("No connector profile stored yet.")
             }
         }
     }
diff --git a/ids-connector/src/main/resources/application.yml b/ids-connector/src/main/resources/application.yml
index 0d9f9e32..20ee1bce 100644
--- a/ids-connector/src/main/resources/application.yml
+++ b/ids-connector/src/main/resources/application.yml
@@ -1,10 +1,10 @@
 logging:
   level:
-    ROOT: INFO
-    de.fhg.aisec: DEBUG
+    root: info
+#    de.fhg.aisec: debug
     # Use for IDSCP2 debugging
-#    de.fhg.aisec.ids.idscp2: TRACE
-#    de.fhg.aisec.ids.camel.idscp2: TRACE
+#    de.fhg.aisec.ids.idscp2: trace
+#    de.fhg.aisec.ids.camel.idscp2: trace
 
 spring:
   web:

From 737d85514eb060992bb8407631d8f0c928b729b3 Mon Sep 17 00:00:00 2001
From: Michael Lux <michael.lux@aisec.fraunhofer.de>
Date: Fri, 27 Jan 2023 10:10:09 +0100
Subject: [PATCH 3/3] Numerous example improvements and cleanups

---
 .../src/main/resources/etc/application.yml    |  13 +-
 .../main/resources/etc/client-keystore.p12    | Bin 0 -> 6366 bytes
 .../main/resources/etc/consumer-keystore.p12  | Bin 4190 -> 0 bytes
 .../main/resources/etc/provider-keystore.p12  | Bin 4190 -> 0 bytes
 .../main/resources/etc/server-keystore.p12    | Bin 0 -> 6366 bytes
 .../src/main/resources/etc/settings.mapdb     | Bin 2097152 -> 2097152 bytes
 .../src/main/resources/etc/settings2.mapdb    | Bin 2097152 -> 2097152 bytes
 .../src/main/resources/etc/tls.properties     |   4 +-
 .../src/main/resources/etc/truststore.p12     | Bin 2407 -> 1271 bytes
 .../example-getting-started/compose.yaml      |  14 +-
 .../example-idscp2-localloop.xml              |   2 +-
 .../example-ids-multipart-uc/compose.yaml     |  12 +-
 .../example-multipart-uc-client.xml           |   6 +-
 .../make-contract.xml                         |   2 +-
 .../example-ids-multipart/compose.yaml        |  12 +-
 .../example-multipart-client.xml              |   2 +-
 .../resources/example-idscp2-uc/compose.yaml  |  16 +-
 .../example-idscp2-client.xml                 |   6 +-
 .../example-idscp2-uc/make-contract.xml       |   2 +-
 .../example-idscp2/compose-broadcast.yaml     |  16 +-
 .../resources/example-idscp2/compose.yaml     |  12 +-
 .../example-idscp2-client-broadcast.xml       |   4 +-
 .../example-idscp2/example-idscp2-client.xml  |   2 +-
 .../example-idscp2-server-broadcast.xml       |   2 +-
 .../resources/route-examples/demo-route.md    |   7 -
 .../resources/route-examples/demo-route.xml   | 162 ------------------
 .../route-examples/example-idscp2-client.xml  |  41 -----
 .../ids-multipart-echo-route.xml              |  42 -----
 .../route-examples/ids-multipart-route.xml    |  40 -----
 .../fhg/aisec/ids/webconsole/api/CertApi.kt   |   8 +-
 30 files changed, 52 insertions(+), 375 deletions(-)
 create mode 100644 examples/src/main/resources/etc/client-keystore.p12
 delete mode 100644 examples/src/main/resources/etc/consumer-keystore.p12
 delete mode 100644 examples/src/main/resources/etc/provider-keystore.p12
 create mode 100644 examples/src/main/resources/etc/server-keystore.p12
 delete mode 100644 examples/src/main/resources/route-examples/demo-route.md
 delete mode 100644 examples/src/main/resources/route-examples/demo-route.xml
 delete mode 100644 examples/src/main/resources/route-examples/example-idscp2-client.xml
 delete mode 100644 examples/src/main/resources/route-examples/ids-multipart-echo-route.xml
 delete mode 100644 examples/src/main/resources/route-examples/ids-multipart-route.xml

diff --git a/examples/src/main/resources/etc/application.yml b/examples/src/main/resources/etc/application.yml
index 6ac2cd50..2a75d6ae 100644
--- a/examples/src/main/resources/etc/application.yml
+++ b/examples/src/main/resources/etc/application.yml
@@ -1,15 +1,6 @@
-logging:
-  level:
-    root: info
+#logging:
+#  level:
 #    de.fhg.aisec: debug
-    # Use for IDSCP2 debugging
-#    de.fhg.aisec.ids.idscp2: trace
-#    de.fhg.aisec.ids.camel.idscp2: trace
-
-spring:
-  web:
-    resources:
-      static-locations: classpath:/www/
 
 ids-multipart:
   daps-bean-name: rootDaps
\ No newline at end of file
diff --git a/examples/src/main/resources/etc/client-keystore.p12 b/examples/src/main/resources/etc/client-keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..3a2ac465b6d4d623fd1430aeeefe03d6ad6169b5
GIT binary patch
literal 6366
zcma);RZtuXlZ6==Y_P#CxVyVskilVaw=hU>_rVEn0TN__1$T!82*D+|1`^y|6J&4I
zZr#83Y4@S4tH0ByAG;1OoNNUdfWiwW%S6Luk5P%a!vUZJir{3?KsZ^%KRARJ4r2UY
z5{MWG2jTyNasDYxG_3z|VS@n3MR3esUN~kqufx9%R2*JoUeW)I*t{G-qCr8lP-d=)
z^9wP+_S45F1n&z=9x^fu7#Tpzi;afy-xrZFQIUA5&@ioHQ~>rUKma=s{AC%)8qyLT
zvNbJcjX#4?0)%5~+YOtzc*#5QFC#wex91)qt1=w`8=B{)Pomubg6Vi?-jf}$4*_$&
zTXlcb#8rzMbLbz<ui#`k#1`|VF@(`#PtJ|0I`Sqw8SI!7mXJB)pKKRQ9s8&HIFW0&
z<4A~D$hoELP9&&A^z9i0qBs{09xAb%=s7@<l&A(GVTbYr8-93jHPg#LOF=SGLHdHE
zGxeuHzt|!bq$sHLy!RR}8uG$0-j1-=(><%3IgXd4ul}6Kwb%(R254=H@%EYUS?P3|
zrE+Qce<eSX-M47*M4H+aNep0|<>5HSL|zl=>Vl>n3sXd)y-$u!T9lGherc4v53dMP
z@35twnuozUGXlH&{0#j#esR|VsdWxliR~d#E#uSSSMtc)X!Mh*mglg(*UGkW8p)j%
z(M|McdcaY6AfDd6>$d$dYnk9f-nos7dYB(P2G;a@du^RyIT{G+!y1$YWHgzFugt30
z8?5fB9Q0=L(^S$k1)XgP-YA~=CH)ce0|R?q+l1F8$fVpUjtl5*^~ngU1)z()v$Avz
zQ(_AYJ`nro8w_n+H{*F5xoT-;%K*%p6Hw>t1wCq+-Pn^iEYr*PegWd|6=2z4no#ZH
zUm+aHm}3s=4&O}0X1t0x`8@zRji&vpXC$X<GY&Xrf=HnDs5gbSk%WnFmRDzSXZH#~
z9sA=jnZ&YC?bPA&VJpFXwwV>de2B7X1PM+SZi(MxD~$?T63;A?f;?g$ZNzH_iBjIi
zrEs+8hZvdX;1?BnU5Br|rs*E(Hkudi9GzD50-Ea6^A_V1{z}OnpERFg-Hm1>0At|N
zPyQzMjFk>Yje+3WTMMn+R)d`aFHSAiaRwJBT~xNdm5%VRJDIMx;|ofh6pHs|35z1W
zHa*#7iM}&ltJv91suBADLoGfJcm5z$^Hya6vKf&rhVC$M>_&C^n@oj(>m>JdQbV72
zXiu-&`lc|~I0B|@KV$ebparYx?Io()EZzk9A#-8u*k8fezn08N2!IUqgX7YE5F;fo
zTJR{i1nUM!(<ZGF1aeGl;*C`M+g%;zf3<SzwN0;n53vpgY5?3+7D!$;=Qt1=iT+e;
zWZRn<7{0r=-zs;wh*aH4E&VkWrA2T5yzIlVC$NzU#`zHaTrcXD`mj^qgEE?*)DwN_
zvvXq><q3*@^x4i|QV-axzby^_e9S;dvHp@jUBXZFuw|pyU(DN+Q<+}!Od8hO?7LEA
z;&(^l1?ESNqbjVzi2r^TY-KB~&fj%*`_p&u#gg$?-|^1U%(pdwXw3)-z$Y-(AxEHb
zUSVho^W01ao26<%+J{s5O6EyDj$r|{2$fZBXeZ$1BUG+WaPH41P+pnYrHq|~ZvVw|
zixId8&mZG>vB$vXA??@q{&!O~6xzjE{)wyFUVmz1ZT&4f<7P29ZI>QKGGSYTS*jc_
zMh~>FXb9%IoEdOAbhi3Jlz>#wGU^6$dJ{cFsxX}|(utYmc}O@s?S-)PcXBQdW3LA*
zHhOefdJ=kL_K*%h(o!fh-~BNs#y`+7`%5=wblaS=#D`-mZQEcOve<imy+SEoGs?1=
zZ&pR7;Ym^gq(6Ee*>wcIU^s6sfsNDu)(`_5B-)tr4m}chX-^Hb;cSYXaYn64ytz^l
z)L(CocwYBHONmyMEIukdoxx6B=0zYr4W5|Oezx~fFY(vS{rkzTVSEt=N;7{Ra7_#^
z43b-{bWpLKsr8yz%%l>uB05<Zk_H9IcW50yS(#@by_6WZj5Z&ZE`(<k&OV*LBij_M
z%x&&Y>KEJnjM0|Nv@%jvTwKM6;ELbr5g6{5$swDX$dLs}q}1Cv;*SqVn|WT2ITG%%
z^jjqHYd=**J4hTXLOCrYfkK6Ga@q7EH?c7viVoN7={oC-egu*0LJY3+8(9E%Vji*E
z%v8gA9APCP*YiC>8R1zQbKrR_BQMdx3~|!-PjwQRT_Yop>E`z|*yI@M8-ule?_W&$
zaQK`lABI<5qU4R{4a1}eY?Y?Yy=-qxv*guBuP)!~+Qu#laC#4Mrj7ReJ=$!E)bP1z
ze?}V}chcRhGIgB^pw47I!S%N18A{S<vsNm#0&SWF>jz=BPBSC;Y48Is3tXxwU;0>d
zw(bTkvd6?1h;=$l^MCxgvK}i}-N~=sI|U31H@+S`hgr&BljsAj!d!iziu_ww^WFWC
zE>p25PtTt|DVplBnrIno|Kev^=8G4_NL#wTEQ9R3F3067MH>Veh%sx;Ia>rMmdK_*
zzq@kE1$`4buBhrN(%0yE7#0Rrpfv3qg?O-NR_hd(?p75r&CBNlxi8d=PAd{R3$J-f
z7jdbU)4)Ljo5p38+^)ZER#|Tbx<_^1gCWCMbZ3O+(?37C`xIU$k(lJ8d3D2pGaIOq
zUoVc=G+>WPPeKnQry>ItAXh26MA62PMSg7~O3iN<Gc(-32b==;DMiw&*30bG+Z{(G
z@@*|*4Wk06j?QAgT~oyv4%hB4>p??qtd;U7?=vmb4zTh>?><`47tf%3@@anUmuElZ
z*+);^(Er7=E(_(hWD5iLv3t%&CT0xDg>#qiRfb#~_?MSfJEg`f#j!_IUymFF+{|!x
z*7f+modflov=D<FEABY>KEbSS%GtR1?=~9tsvh-r@geM)Eb3uV9%&1EDC_R6{2uxW
z%a~@V$A)9wJ0*>$xioz@UcQoL>e7{eCy=3P#z=Mm^Oz4d&#^BlI|*6@j7Ag5+Ib)#
z-mSW5mPVJYAz5L^a0?2Jsgj!&dp&s#bIS8u*?Lc=xD`)t{$^^osYBn8+Ki?jLAp=*
z45-v&c_M2$DRQ(xbsBLD0umrPc<r+o{^Kh`njUnEeYWfr%bW$c9=_>BewM4LC;Dd1
ze5NKzte=_ZsVMmqOL+ADwc%o~&W~J&eywwrcy3sWyvB6rPtpup4fVKVOA`5Mu0Wr!
z#%4ws!yEl}l_)_Ih3{quGFr#>NVpfJl>OH}D8s}?4GZ>cby1*p-3B*~BR1kgNLRr@
zT#wpUPLqBYOnE-|AUxl?@81UB36CEKCoi5ayw&Hvo&4ZE=H2-?Fxi@%t+D|QYj8xB
zB3}FhC0EutD<{57%&PSM<4ikHmF{dH>c>@xa}8$=P(O6HL@?KV-w8!L<0n7e=cSE&
zw5%=R6XwPLH?Cn4@d2rkk@$G&{)345h=2t8Fjsq8K4B3-QC?v&Q4wKLVO}_{&c93O
zXhm>b`G1f!G63nHCh{Kz@PCEFkF$~{Gm@WA)9!1Mg6$MfW8@-m|3BeyAp<kL8QMy0
z>Lmteq#h*=hvW3lzRqR2F5YsCN+yk4;xh{F1~oj`a(}hM;H}hGmku(w(%4(6TI=(S
zvMNKqRovpY3zD>y#GxXEY>V=oVqw=l@@RM*f~D0`ku5aU->bxyo9d5yx|p(40`crR
zzHCNfFy&Rsl4bJCG0X_i9t#11!tZMf5E+s#Y{@}AJhRL-4x?IHC&p=8JFm>JGf|?$
zhEUsbqYmHlS5(NDkL~rAc7l`3LiX7L{e(qRHgTRE*)8uinl8hlX>enUip>&-HH{q;
z)c*REdi<W=J^$xzjF+~N7Ju(GTNXg;ewTG(b1c07QC+QDD*KnQ!>s|~6w+VxE=Cx)
z16wgVIQi5k(37vJ-GqkYxsX@rIX#%*lnL4PDYR_mPO3Oudz!@6efEaO8z6qD#En=M
z@Q#>oALqLJyfKi-jFY`y&Dm%=5cBaM%XfEB$ENEQClTtEwN_&QihpN1at^4Cll1{9
zQE~5hSF~smg7iaHIkJ~E9-$9l)Wu2)FDNrpc$oM~cU_Sj`hd3v*_-wd<&o0cC-gy6
z3Ve=irZTKd@pjJ8qI9g$5};mwed44+{9}4KsO2ioSmqhxqC)Mx0&COY$I%evj=)JT
zA(P&Y=WQr*8+s(cCGIYE47Ho<9K?-~IEKo2NvNAnhD~ZN6G(0T3FPdw-3?=TNl`=v
zx$75t#7ELX$_0}=1BmV_Y4eW-^j-)zlX6QJZVEA)D3o#n9EJNtj4w8q=9tk76DA@#
z)&lUdXDDdzrO96ys&(x@CY0nTv>vICm8nd1Hh2`<?N^pmbgJG8p0wWXWR`Cf(&~v*
zKu=F;#890ns#dK8Sv916D09@62R-{86W@^~p@6)J(L(F9L)$&`Ka*M}&rO~o#3su#
z<ztDd-?JU#83m=S+rOx{WAznfyByJJXFh5|Fei-+(B_M<iZ)lm{Dm5RvJ!pS&X?@k
z<jNz~2q}N{jmnpEG%s^9d_cPXJ3y_A>sIMBXP!K(?$zk#TRoGb4QGuwFyq*Z%iJ3%
zOZA=tzz>I{)g!k(b>RH753mfOV^{Z~6`o#uNZY|oI#S8=_mlMZun*yn4%*(6R%)9m
zKPGKP&4;ddO9U#JH1W8fgiNHE{c4dPiyz@dbi_W_fFN->{E>;qVDGpp|KSxooltm@
zqImi_R06g&#eV$ZSK;{89;@@<&vD4CB{|vmkjV-DKS@Y1ZSTCk^%*B5D<x3?T?Fb*
z;r7?=BQ^US_SJy*+}RF3w#Cffw(`N-VFFA)yzP&GvgIH7rybTQL%k1sLM0=yo!C1)
z3ZjhB>6e%DJpwJ7(uq6qf5mof#D|=ixWP7X?8kGn*$jRONDz%VdVNX^&bAh9Bf=}E
ze?u~&d>D1{X&l$}l@6A87cxVFZ2^i%aj{N9XSQzcyfNKEoe0c47zyDwp$V*4;gFgU
ztxO18;rT=wR&1}zC?f{$J6F$TgAiO4c<d&(mt2ez6@KAt6^gi9skjt$bpK9bzeX!>
zX>dI>mPss=78YB&^1DP#^C$2dD<g|$7=wfJhSyzqCz&Tvys4cQ-&8UCK-TNZKG{nH
zEAi`s@@F<Ys2g>&$MUMAl&!-@m+a%HWt!8si34fIS21pZLM*D6<o?*dHHhBfL5$!!
zwcENy$Q07^cAz(-fc@G*r7)5kX^(r8c`Cf)(EJp%rzEYZZLkq3et%*K^cd_pgI@N-
z(LdV7L$lCpG_B-qRz0!cHTjizGWM9gAT{dMQyo#x?Lfb07*+r+^;52yo)v$y<5C;7
zL2H*A9+3Y<&l;0#j-v2k<opGM>qIFta<^K97Gv$X_u9uLkIy1k=2yK9;@o&L*?0td
z&u&uWTQ$)g+Cj-{M)-@(;=OnxzJT()cn|5TZYN-D)zfY!fGp|*-ZvuM+;)DCQ8V`f
zBU$pqk8PgguYy|Q-C{y)@h34xZ$(Y%(z`u}Pu*ryzdQ_OOf)KS#lJ0oFl$jaFNvn_
z4P7Bub%SKm{`I59tG3K}xzNDE{jJe=o(m7mEBU;*I3L}TTCJ~a7i{G7yJ_GWa^i{{
zZ<kL@U$>mU1b^+SPD<m(h#Yml-N?JtvheqGa|#&!D~ilcTmC2o%+s#vk4O-NowIrW
z?QHexjO-ZIA;2{r7zk9tNXH^9SK)ZDS`#mkXS%G{b)PLf#=TOMii7G4tw%+1!36us
zd9xfnXI1Nr7IzY>ATa)+pq&>Qs`JNqrTTY%D~L5`ir;}bvJdIIJP#L`Wv4YvuaiS*
z7S7VN-jknYmmAdhMTaLnwK9m4a`1RE`LUQ2NKOzc<`h7eWs-Y|*EOj((Q9o=u4_M{
z6k$>68rW=KdNq;mu3_Nm=GIb+nbhwF@RgJ25u-gfGR2nJ3zPJKRVfX1E*)<!ZPYat
zy3MW&fG5nd8yvmj>hqk$PT0{Wi+r=IxZt%d1y1t#DF&~Vs8f_z1$)<Q+<1OD0X7M6
z{}m=wNEzA~_T%AIlP1DR_Jb1ijm5e^mB$w{DJnmCmQqHMlY9eim5WIfKe1p;M`>$;
zpCHbKGSHS<=i1WJ^#>t0){Jvu5b1DUAGDZr%zi|$>+5$9qqvj?j5H@XD{tibEKc7N
z(vL*u*6TqA)KbEh2@k#IOY}~xJe#d6_H*8)@xO9n!D({0@oi)mrKNN?1gf$mz{wXc
zipN=$@yOnn4P1q20>VC@sNNpK%(N({x(Z^bLfTD?#Zkjxw=|t<v;P@Io@;qq^*Aip
zD|9m9EPhX1R_M^(F{gUuveD3gN<3r6muW#m_|%kzsXF<TbuL1OK@jtu%!Yn!NY}JK
zi!nvdQLTdl-SE*!U;$@`D+`FFoW&o|cq%SOdR+#qs25_iDO<!=qlu#B3ha6pNx@90
zzz!%1i7mllsi4|8clbn5WFSE45r^^sBTqdijqKd3{N0d$YcNQYN85Tv=}jz59nURF
z)>^=1_#`nuQnSBs6hx3KLG<NKv*92*)ZKDA4Sy*sb5U1*@6jM=exbV8=*+#_!-;T>
zQ7-p|p5oWvG*`D0l8aiTm>|i0<c&o<F!?QNYd<dIY7SDBv;V&0PjYKwWoaK*R<_@f
zq9!;M;Z*4=FWN4)iZ(Sn?Bm*8D86KuYI#F)gb^ZBN-nmtzdJwa_WS81sv=|(JK~Wj
z<9<8#(2JSf8Z#zxlRfd?r=0sPfN0Np7_u3yPzeXGeI=>WsiW#0F5g)fR+q74YAWp?
zwCN+pYwNBK8xG4+UaCIUINf*`pPPcxKi!zv{k}~vr-0KtmeHdM^$CjOv)bOAtB16O
z?yfP|)rNyMwyxUl&~UwXjSY)FSyu|0KkY8N={NhHV`MFO4)Cj0oQ^hgatX(vw;;#H
ziVq;1^-75?7>0R9g0$~8xw7<>D!fg5yG71d@Y>0*K5KYZ<8QP_g%9I|Nkv8yoOXHx
z^D=@}>8w%@f98xsqmDeQfhxWq-dbqV$sR^tjk(7b5+hrQbBQS&rkj+QSQOX$<CwK<
zzGy>ZI4Ej7I*!G6hp~84A!)=gl%TpXmMC(oMTfK^ebbc80;-u8Hl@v`@RQ*PY5u8$
z{_m4syukb8u%g4)-==E>PIQ`&bQ7JKLZju6x(l}ZvS)Jr>O77z&WTvw%)mw8SB^El
z)HBTD5&G$L1W00--W0a4$TaRZ3>_l6zRJ=;bF|<3t9L(6E8hpTMsr7iSe+-%SbT;I
z#mFiSskzjmvr8~5C%eNh0tu%AUcYx`7?;+0Zj6N_z{71we;tI|hKt)sl4Gr^cA!+u
znVEcb;t($_(P}t*f<7}`wv}}55>VTjkS0TfiVFXd!^oC2-yPN)GIXmX1UT!-Dkqr!
z$>+v93W{*qX+eQFMm9iNFmxx5D+M{SI~P>GK|A8vuj}7h^~1yY8$_=;9n`w)86rx9
zTHVQFbG}{V*uF&7Q%sCVnh|ct*`tZO1w;f?54pMBk+WGI*dve}y#5T37FIvofCV-f
zx`je@<f8aG(`bFd@yjfFBbD|ok-#1oj6%itFhP-0k41he7jzL&2i41tZM#-EGEdl}
zN=Wm*Bfjwc{FwZ`MN6h&6K5N@*M;3rp0c9$=eE#d;@EI`t`0D~{aJA5@9Y9O|8-7#
z8#HI#JmLyi_>8j$C@ODsuhV`jx+h5LrH(K5Heb@!;8_*6hh;i9ykmaN*T3$>+ItK8
z16Xn28>o;;=Kn|-%({i(EkE~Wrb?7w+DdWd7}{A0#zlGFi%gBd_wuAK4(V_ty`;SF
zJ{fwAcXN65iwFfw0IRLFqwyK7^Go^DE-G2w@eme#VOSkd-yih;eSb_DP6SY!l`^2}
z)kZ5}D!4bzkrCfAYdaGRs3xk(Lb@p*SA<#9%-~h_^fO-9s;*cYJnw^KR62-QqYrr1
z>k|cuCBJz4kv4EjmjJU0u<<`<s$Gy|Qo-YaW}`+bZ-0K>c{Xm}tEfz4mUTS0lf#@a
zqahq9twU1`myl?Zr{LVz;*syWVcgz@<T0AY&`4XaH`5-`S+Trw{R&bN-4L9q*}~u?
zj<sg4^vZk(bx@v-<D(Y|$^6SjfMJN}q0y?z+Rx6Q1QSVAf@o?-S+ez$1gVV7vtal+
zpayW8&;7-iz!54<#pWCv(Qu01Ge3%*<LK)_=^1YNr)l?B`_bJ9?DT-u!`<)nyi&Y$
zyqIXH9JnaR6sSl*qSPn+?$O)%MToEJBJDsQ^v#oyIglv)?1b~8aG3e?qta<PuvzEC
MBO@0X83XCR0CWTBOaK4?

literal 0
HcmV?d00001

diff --git a/examples/src/main/resources/etc/consumer-keystore.p12 b/examples/src/main/resources/etc/consumer-keystore.p12
deleted file mode 100644
index 6d06667964f592f482ec6b13fc50528e5a770cc2..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4190
zcma)9X*3j$*EWmE46@5kvX5a5Df`Y)BC-@FWC@LZ-;E`rtO=p9WgC%w3xkBRWuK6;
zPlzEzcsu8P&+m8MPyhdid+xc<bD!tqJ<mnr81DfAAS8~F6#|urL&qJ`11<pYI7VtP
zjuC*wF`OcCFroiP!Pvk!7}H;v{%=7cwEw4~g8_he9JC9GgSI1`{!viVBkv-w|2xtl
z;b2w=i)Q$US3@kH+Y2|-oKwN3wX+H!P?Qk}5J1vFX#Up`2&JY%@<O1tacF=e2n>(_
zGd?>CN&Mqe8>d^3eNjYL$pywijl0Rh)x~;e2c$K~XuC_JMitK=o5!LxW;@qdjkJce
zm5~r*@kJ${EuPt{;zqEh3Nj+8liu>zagKuEds;XR%1%8xF-yhr@o3cTbq&4|WoS4l
z@G2zFyrCt2R#hjyd)``Uqk=!AA=2|u$2pzOOz_=pQWimSkKzZ+HkEM&dHvSxDV}<{
zNS+!@bk{opZY{NPQCmg5G|ownul>SLMgOUx^GbnsMJmfG?VmaP3_&|tw@7R09fi?1
z13YbZ$&J3?#sL~F5F21p@8ti}g|m|Ug=Ewg-u4?a3Za%z^2bD;wD5Q{T}?fRDAbu4
z^`;ov2nX1FU$GTUzzZoLtaIKUUOg!2f$6~~92-XJm2W%6n-_^%fQ~Y=w(bB)dNI2F
z43h9TPTN*X&0Xfn^YkzY37pu*0&RN>swH)K8k<&YXo@(X;0nGzN{@reH8N~REw+!(
zC9Lr=v*;2&+<YjdZ?++u8Cv*!B;4^SB5P=^(O_(J_Okcx{HCa}ue{*)X*PF*(-r1t
zN+E3<AzX=1J)dA&m+}ch1?CXyJ7lF^Y&7M?w_Km`Gqvl&Gap(k(kxd#PE+!&o2{Eh
ze-`zIhjC(pYqiUj2_s8N*C4n-_R-|#``ix{+-3*cMO~aNK<|^#S8Y>^L}EqOPi$Y_
zIjDn>Y7$BF2o_LS+bcA3eh&6%hr;%!NLI#2qlaZOEq9|xeqWUTh{Z!GIFeZCs1fAQ
zVc1AlcN+67Ztd7^L<ngwl^>_AVLVvew-%TMAAKlh?&MzXY(Ys_!<6*ZyU%Sw1YrBm
z^P||jeuRK<`Teqq<4b+^8&0;tULJlUK7AbFmy|Z+3^OP7&aHCPY*7s)O}(UFzMr)w
zV$?X$NoUtm-*=+Tk_GyL2($xu>-m&W0>R_<3rF~Hy~&Ug^4(Fq?cV95J^i`3LCirY
z<?|$PXHuwbpsu}A+$Db9gxeOWc$%2Re*8(M^Dv%z=$BWAVD5u{=T6-#`4>e*O1=tx
z(*ay&Xkd3`=Vf60t<}T*@|#EL>|50fA&G*mnwsK(--Rhc@Am8b03Awmt>DmSP?LUL
zj0jQB9m!k}^i%mK_8`mSp;|?u8Y!(AK@+ge0lc>N5!2DOUD=O2E=|aA6raD5dS|PE
z68FSDRuf1;e}b#HuL`u)^@+Mb&c41M)Lp>`k7xA>OBR(mEP5TsNGsMTEG&C3m%hy_
zG0SU=Pf!tm*+K>X%J680d&F)k@E1nq%uxGsP5oH#!?@%*_`?+%?J^Tmp)Ftbj|Bum
zZ=r&9vqR#H@%&MQxwx=NUmGj@8niv7qo+%~u9*D%#A>sZ9?nM?XlO=#E<h`JHab5G
zU=_Z}k@YPZo?TL7exrAyp)HlI@?H!_QlopG^mJeXTH_=h_p2y&h+5Zb?bn~c8$FkK
zQe>7vp$9@wMGI1ja-9>n`bC(dVf=oUPr~L0KQmi-F6o839^Q9Lk~A>isTuE|t%a<B
z-Tc%X{D#&{!Z@Q}@zZju&Q21VFvh8Bbaw<vTA$9M8T3hU0yw^d4)!gJb=uzZs&{+M
zJ5z6%Ba@j+JQ)J^Q~hP7n~Vwu$gn|uH@!3(M;}xfo`~=XGNj#nvY?CIp62Rsm8q1;
za_5TQf6>o%Pn4EWdKHIoVQqqj)HjQ4;?s|c)T@&$I;>;*Eq2t%9D|kcKQS8*G#)^a
z&s0QrvW4{7lGRf|*txG4U(WPSMSO6wTikELR!qE}mZlfCJ55WX{vm{rT>v^SF9mg{
zP<V-emJrjnU)G~5^i`xHBdn@igtGg0Y~afy;>K|sD8C7Fag+A$CH~($<$GH)^TH4j
z-p41COcoHlL1Uv#u+|;kFImj#l*xwJMuqIVU^$FJX?Mzfj^2`Y48XfNsT*ShM4LH5
z^K=g`#4F)TJ{y{o`s5w5(mvu0&pn*HAV6pQ@UVVWTOPw7{w9S|A?Pkhp)E$Jin#mV
zE!;62T;%no%cRkiATH_uaxgM`%|dn8>w9K<jAxNke5VbYCb)9O2oPR<E?8+#d@-s`
zV+*N+ZysF}%dXn?vR03HZ9@nw@srYfCg_Q5#f4y<f3%i`1VE*&_(F=Lxa2_SpFt%<
zbnmawGL+|%KD=jcB+gVR8rX|9ZoK{C&Bo6@{3?8NuhGm@qi5#Q#PXDNTraj%`5j_S
z;9EVk!&bT4J|E%EnJ|QPViutP>PPeSRZ7<zmWb=KT~M)rBidab-q+pmn7NI3Cjr7(
zT6!L*7NfGnE($B}gJH;|`K_wu`RdkQi`I?Uj-Pom3Ky@-Daf6yYMie>cbs>{))wU4
z%-`gdk|y7b&6rT5u`2F^<;^to8i1a(_nQ*EmaVU&oD9Rfn}xG$a>~ixsK83<LH-9P
z`44PcJ(j{6U9|?V9X;0kI;QN#rTama(z%}O7f1{1m96_JoF0#Z3tgKU*Qy1l%3@;_
zr~x(bs@XVK*6+}&j4u*Z4pTkqP#(F70+V&0N+Rur+zj+_K)eZtwGdDE@Qy>K>sA@}
zR1?Tc)IU7DC1JZ@W4~*Q(rdg2GLW2)e-gy1HC@vMEoQhMNt!Unxe#w#DeYv{d)c_E
zcw|+f@N|y!VK+w;Cv)40B4GQSkn<6t3Ru)QSxc=yXQ>Be{G~?D*Gi;)@v+gB7^Lmn
z*8y33+aYPA43c-pE;_2$0lqBr`tcr0rXeOdq`O{qw7McPK|N*TMHtjVj9TE+=?car
zKymr^gMP(P;9xhuL^@F6qRx*}tSr~H;{cm0duq|`QQ-mlj)ihl_-dAvy%kf!Vx=mH
zow{GlMV1XvPMXW@c)X!yueOgaKJUgvNNu&=83M@*e6BDe<~Mb5)YE}xLzhq8(eTfN
zsv(I*g$-of!qXEM9Pr$(#nNv5VcAz2<hY^)?@KlGP9fc4j?myo)2C*U^QlcGN%sb`
zc}%*B@T1NEE~8M*e&u1<i?gH~QI*7+S(Yij9sy=C8CZ7G7pTHp39c4^S^XLMJY|18
z1E4<j;hr+shGX5Q(c$-&0qPedNk-CKYr;oyC3=-Kv?5^<1n9i@Mq;_ND_NM474CNL
zeq;U1<ML84SCd0?cVO=E)LiqPQNfl_L+c!*-<_(yyE%|;IY1{W8%<oz^M`RFyGH|}
zDMwi}(He3FGV(~Kf8rXHRR+ulq>@2i{ug4CVFfeaaltwY$jD!lk(a$Hs~{&Me;tXV
z9{XqM0tAnv?*0pP00C5gThqS`;6H`KBFjqyETJ#p`r>fdr)E}6Z#oO%zX^xlV99IF
z!owh~N3Np-lAwi19JRWN2;LDs+rWuh$y}i3!ugaBywz(KgG4j=I;~Q`*7!Jq@L7)6
z>H#Xv;i22bI@1G7UFJ?gu$WA>`*K`%yOJ^MqU?LkGPNfNWjE~Sj9nJC>4#RSMMs+A
z2k7wx9@u8(mc463p9{wY6lXD=@reP;hPJUezGNID*xaNv`vC~g!Ns{}Jxq8zoa}t-
zJQ|Qu2X<b~BlEM~@W)n#VVO@7zp!6Gft@aI9efY0P}BkS4pqssaMyPG4u+kVzfT~T
zQI4u|EK&q)CB^m~=0|jn&{*{)g!<a5f9F)oR$cIXnv*`x@|7WQx<g*lb)?bzO~Mu7
zw@8q8n8+O^zL&DHicuM(tCIui(VGV9`@`Ml3kt#&u`*!>Ye)u1M57JHFC@p`NrUNY
zrL!k_-~Y)%TOpZOz%KF7E6<;PW%8?-g@U?Zn^hj?5`LHXTsdv`oE+J^s@NXAr=#Kw
zPDIIF)ILe$_%PQ%gSVvLhw|JS(E6_W-Z!MWG3^=&5+`f$Cm_Pdkya7gMQt}t6^q>_
zumsQbkyXFZOxP30d0~=iXFp2T+vU||U#zc(>ptz2I2Fu|sO?yCh}a7Au|h6n<fCAW
zwdN55#cq}Nf<4oXPJX}9)y@Hjrs>kY!hU;Tm-&irVJ1zbQOOmfZ|a#|eX8~3LMqNZ
zBAa8`muzwAkP#W~lggFSEioK?>*=$doVJy)<xGD^2e+dT)qJyFsiWBHt0{tEt11^!
zYzV4^#n*K(oXOvx$G_1jZ%e0|ZGN5lV6%SM#relKeI_gm_h8Tc()&iYzY?XgpB~;$
z+x>F|N2(k*>=b?bneL2TTX;c|E`K=SRBYVd=6#u_^^?8sC;L**u`Q+Ce9dC@hJCD}
zFYbG+21uB%TrOfi>|)`>Uc$RmGWu6}$PRujn~U35R;UQ^c@+kU?c5J&bxLeoMYNBv
zs7JcmT{j#-hy3u+l`hQqj*x*IY_FD&+ZjAAE9B7X9e5^q56ZLyJRGf>mS7+rUayk{
zPxRA&O4tA%zaCJuciE7$@h(>zaF(wOn`-iv1s3RDpBcc%iY3RDmVEd#VfXM`p`L0F
zhE4Y48OpI<+IQUHr>l+8!7m=mn6vHlFA1OBDwB>6<SG(p?&jvId-l=P^>p7IzcaEx
zmv=mvtFFowqWfqfl5uuq`bU^yRiVpv8L9KCzR?A<AaU!HMQ1)**AKp()i2d-E}Vsp
z4Us)>x!Rj)e46(bbOAlBzF9c13uWLVJepEGJZ(?(O4REg>T!on4@)8LRgVNAfurks
z-lomyF>5V&g=MG|K2VF}4)$gjm5)NQ<W1dOH@bKINHKV4PQ#8tRZR9Evvm<qg^@J!
zvslNh?abJ;A05Hg%!NrqmxZ70IVx-7BUyM{f^l`|b$V5fdl6qoXT{Z9p^>AJ1wmVr
z(PJCh$ls=>DYHCMv!Zn|-#@jm#h}R;;VInvj1`OL(DikiZk>xp24dx=d^FoXIJHsU
z_5e{qzg=$PvB`}OZ#7Z2d3<b1r_S_Jgb@zK0-RZTSMW&t8eKpb8?WeoVXojSr8WQ`
z)zn`0aPD#TRf9s!4Eo<u40%ONYF!#JbvKz3LP4$hSvM$kX{$BznI*M}2?=Ei`ou@N
zKER$J1bu>!W1HxC1`CRh?V7^F=j}w;@;%uJ{P}0y8&M_olz6IEQ<z0m?vLQZYO<n6
zQ_PsQpV>F@gzA8jfRM3T$~;9|t-_<uwJIi9t}UTO@7~X5Kz)+wH&U)``WFEgwOi5c
zii10e4_eZ^kt)c`NGOCFeh~!ZqNW0~I&$xCoE)RYd<2ZMdII_2AE_KVz^u%Xr9!fp
XeJubm_3>Th8(16Zp}!}ahU$L+a_PrE

diff --git a/examples/src/main/resources/etc/provider-keystore.p12 b/examples/src/main/resources/etc/provider-keystore.p12
deleted file mode 100644
index a4dbe7e85783648b633db20563aa4038a00e3d9d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 4190
zcma)8S5OlSmn9(}p;tkA?_eS=AXR!%5b0e?=uLXZ00|uoMOx@ZlmsafKm<j)(vgk`
zNQ=^>O5JZ}cfNo2Y4_pIopa7T=k3lM2!hrM2q1<aXc<YtqDUR&DHY%rpcFw%0z%LN
zAPAZ(2!fpde@Wy_AOtzxKQz@p116>T9~UJ#09c9ue}o{w9T51x4iYMeB?R^#NC^=G
zF@8#?G;rP4dvaqa&Se}cfno!y)B%A)v_Jqigp!o(zY~FA5+Vo(DcAw218^Y*0YpKx
z5<A~DKChmTWq+rGV6{5;KnSqW3bCWY-K}!!4>p`xdI=FGGUC@mk$yb+OD<Nf?TMFU
zZEplmRZ(<xL?fG5MsC{ZcFz^Z>%FkzCl4bxmR(yX57?--b#>^vGW`Z&uU~pJzUcSh
zcd<JP*O&UC+8xlc(A;5^WSoNoNEc=M$aXTR-p&=fE`?pjN;PvONmW)u+lh2vt=35n
zR+ruyG_;G=@IsEHV4dJ+8d8C;o|YxgE`~niC$|b}A%iVBQ3p152$P(+a%HGSWO`$s
z2;7RjXj{|{xb@mw&iCV>0Qa%-KAFKfC%$BKCo%}V;Z%-ja~<$vafgP`jOUYb_#eZ{
zvn=!|X#sR)p8U@FeGC*K0mVS90G5&xrAW4Gc`rf%v$J-6@0hpcPwL^(kgNjo_I#R*
ziJW`wZe9#I$>1jMF7wy$Pa$EtOm2$h{rz;080}d0_lK-Y{0m;5td=l_k8xW`d(M=r
zNU}U%iew=mUk$+SIQY?=RD7<G^ylCzYqFYsz&RaUI`l{j(>OWLgcR63rX=4l@;l<g
z3JWjIimUW?>|m{I62juNzg-@EP<jd;$?XbTX;%G4q$#gR(#y@z8nv?Pk@`Yq_`6{q
zw4bnIP~3@5$2|5Ib78qC*4im@2id1yldAqzzTt3BEApLyMarj!EUh=aIjMIVy>^k9
z$d1=Z*c_MU%Q@%AxxI2G3mO!m)<`t!d26O$U+UXIUE2{FlGg*(H!P|h*aJKTS$~wR
z@oHAKPqLL85OF!z_T^k|$bK@b3TeIc$YRYWr`{ZF`qr7OPOJ3{5n&*hO)uU2P{Q(g
zJG!wTAyIuR<HhV=Q4c=OmFbVc!pxz9RGg0TS^(+S!OzS)*pV|>w-<u<olDWYt#WHk
zbfi||FDrjE-+aI3hQ}R0B*UkEQFLp%hMGxf&>@%NO;Br2h0ycKp*C_&wdP;(T~eW_
zR)E<?EM~HDJFGcef>$aOjO0mJ^OD+ak0!R`;MyWpHO`XhGAu@%7^iTNR7_7RbLWOv
zPrV(x-{_aS6#a(B&@r=x@Y$QTFUH!s^0MB*(X>fCN(Xn*dV`$ca#Z457S%Yqo^o<`
zmm*|HTSud{Tx3^xsBY)a>GMTN+3pY*50$iYOXTZW92C!mF@O$bzClO8=ckVu9_}eM
z>oTbw$;SPG7hK*r4UihCWgES2YT*#^aI8<S3C|gxICp2g&5`Ixz=#+K%=l1(czly>
zTqV1P0zvPc-t-JB<Vjl)I6U!x61YRZyXr6C(qeu@l|Ht~l|uvv7Eb*}F<V8Q&3PXY
z{N^u7?KSPqv%W5cX(<F*dHb3}5`ycW)b{$O2tri_ii2j~8sBXxCg?d%q~;F88L&t3
zuVeR)G6vg7{W|s#{FADWLVnT8>{JB4`sr4)`z;xMTqq$p{peTXhB&V*y3%uVwQ&sP
z6YZv>Y0?h+7A%o@a`_}?gC_COm-9lY0)~z3%T%hH(knKoKx?V2V)O+opOD8yd4)CF
zAb<32l9Xr9!E|V%tESpDHMT{`HTG~{upI-HulP;L^HR=fA&=oU&4_x;6up-uWKna3
zXKP;VgIH&9>*LGTZnh{|yo^f<?2pO{HKP%|E$PT?{HS$%?aecRnvbtQKVaeuf$+z~
zx=wn$1qRY^mNSL#flR9)p_u)#R8?pWov_Q^5Mv5Fw6nlll-4Z}b@_9d*Q;s}*59ZZ
zwzR2^QFrdO0|%PjaTQW(Dih2qrSp*rtk`y9NcS0$P0A?*x|<3PsGeE`p)TWNxRB!c
zDTemgHl^W{+7M}`O(rwbvC#A_J*kOWeOb_1Rmj|RD1+b(HPqVkkI2Xlhf_t;p6EFq
zIjA-JMw0TlaQp#+^os1&>iM99li+L@Cgc>NS8l;Gz**Zv!#d{t?UzW`pFBT8v2DZm
zZck=|$1`Q!p%+UDjiK4p@qUK4KOb+!n~jdzyVEv|idEJhEHG|1Ss6xm|79LBPh`)H
zbp{z;)c@-9Ec$CcQ^x(a3!)piqFz@U82anQYqxU*uaMVtwtL!VHww+MHsD)!2vH+%
z+i0_iJK0k@4hm?^OTGE|q$-4^#*0%ROd`%3oz8iF^5(^y2NBQDVV2of5i~Z1m9;lw
zJjtK?=(K-)H78|Gr#7G}@SO7!-WDVHHGh0!9^U`Ylita~j%;S%kvqUFj;bp1&THxP
zjC<8P`A=3_yLf}ITYMS%Cpn(4<?69SYl=>0R;0Dpz4*DNK|~<K&<Yc&6UoTVX%=mv
z+A5w4g`dVgxnF>&(v4;>^<aJ2!0zBsi+cFZCtTc<?d1}!F6Hw?EtKsic1A}7THF(s
zvZKN~AGeE>j6<7f0d8o(Ts7$&ot6n7{qHo7AV7#93onPVvkLZXX+N?ui~B<MEt!|d
zvD^c7T%CFL@5qy=87icm?iZs{^Q&-h4NU}nzavZS!^liW+|=-wlg&5$<H3b14ZU}*
zEX6d5EwW@xZ8Ni$htRCF%&i%j({9g_ap&SMPvzI6;-$Tjv|X_;_q<y&8BSiuMSojC
zLtR1&Y*zsB!U-I#{AD|8>}GI4jK8^b^MG?f{L*9Bt$lTSE1D^eZSI7aRzptV>ZqSv
zvT9Yji0$jIF8N@+xly*=uv!(T!3On+S^;$Odb9g-%j4kpyL;vYQ~`eSLuKpAZ-`yb
zSoiM8-z4JBQ?b38Xe*Xq={7=Y(P>SGnoRejaFi?h_;vLzp^2@>(UvyiZx*X!yC)^1
z+gUn-OatOQ`kTj+iSEIE90~`Q=&xN9LUM7JX%uH^-CmJDlYab=*Yw_%TsJ>OfE8$D
zxoprg?FPizZzop`@}Y4rOxVJMWInj7;(EBL3#T$Wo-VpB{R6Utb+zN<gS&RW-@@=*
z_k<D_tCf@Q^1U;;`0SEbub=wdnRw~Y)P}tW;SFyH_yf$fTlE6^!rO2)Bi7Cl1HCS<
z+vhwnBTP6W6YOc%eT!SvODZM0K|W_fhurfTb)Gt&4e<%Cc%1V$N&~u<fpVq{x>v$H
zU!mK+S$P`g8whGF33$R!KGQ+Jq!|3YklW#^?W;e;N5{IrrS`^9AzfN~bT`9Xz{zDz
zobSSgu-eAgGe52PUBwLy6vV63UC<ciJ-xwNqBat2j?=#Awtd|iJiOW+tW4#6AS=SM
z>Pb4GK$|@CAcUf+2r3Jq`?s!v8KEFfAQ2S8^B;-{$_S!2arbuNhRVu8Wu;`LAy63P
z9t1%${_oK((ozIT_dir85J2?L!v9AB{9onJLclL~O@e}B!GvP#M0;_GzIyxj|EC<T
zkb8J0ItH)SfZ=SxU#K9l2olu@vneh9L`OIKL&4x{ea>sp_Tpu*JhmAnf{-Du`pa<q
zJ&<{6;Gy=Cy8E%E59_-XDedH$^q{+C)F$j&YnZwNG~?G0F+o;5d`9W^J^j0_)d|%(
zq6d(_q0VBJA4bi}_iFYnNV$!&gvaC2Iqie#4mBhvmNP$@V+sN+#&r+ee4d%n5u~GY
zj2-UdD?g5F4%d{bhh)I(%=!n%aA73GXFo-W7`#8d<5Vqsu=$iWR6bIRWwE5KVy#$A
zju+Txt}gXPb3idfB0ZsZfx-nIx@(<P_sT`^%OgX*E?2uK8LI>Dk;XfJ-FVYW!<JXv
zX>L<0RGZRs7{#JKvspxCB<DoFYi-D>zFvkrP+H(davgOz%gTMkzngqle}H{3*Mt;|
zb*qD)hxkk~=DIcu+=q|qh}H!B-7(&0S;X2!h1^)n6TfiMEN)ijAg8$sNY^-u-&l2C
z{ncmU^qTV&yfDuBb)Z?_fTJHDfx<*7{zaH{&F)YPJ+t*%n!xy)-v7?{qpBm1v&6lv
z>7!V+GC8Vuye^~MNZwif_s-q*wcVEt2Y8leq8wy$qqfZa^IuZVkA<s<cIADIZv<+r
zod&yMJebZHwsbp7Ys=%6W74e|v&w2~LcqXuA+xBHcj|r+P*l#LuN)d{4@{LFHdZ|z
zyCtbGPY~X}c=n5BXMM-+%mFB>6a>+Q{rEI49E1*l?if=M=cc^((L<#i@lHsX?w|B{
zO?zwo!X0+Uo!)}COBa$)G~iO*M90z}64pmL{hL&t73bX3)u#7jS#?}x7FQuhU+O?>
zi+0-Cvb$fs(;NLJOa4$5w<<=BG$gsE3SQ7m+4mL|0Vg;A`Ey^Tq56#e2N^2Q&m6+f
z<WE02jO{U;)2;7A3(z`wcAR6}?#a2yaP@H*#+uz-xx&{~qqNTp-H#gAvF<rl4YQ9f
z^<^vzWjlKLZ>daS_B9Q1Y+rigna6uIM}9L`#lH>Q;qfI}TfN2KI|UmtY<j~sp9OnO
zMlid&XVXP6v0vdu^65J88*>gN)b7PxaYiQ?p~jO4$*PK<>e8+`;iiVEQV5dwLgIF?
zg%7Bn>(9NS!vi>l>;B9{-8->rl+tu@#thBk7Jt~y7G(t3rv@G0#cHP)VOq;WamkrV
zc#bLajrWku^$<OW<=CoE4nL!$i=)ZAhg@FJ7hWcXv7BXC(<6TVT{9y|^_+ar3{S-|
zCr)+~3irpHkZyOBhT+J)iA+;~{in9l$@~T1@soBx2kEP`XOe{Ok+Rn>BRbJ`h5UDO
zpBP`+YcSWL@rI-uUz9y_diQ|6;ZgW@YAM(EQ5n|6=CRH=s+0z6pK>HUba+z<n!{af
z-%(?;+1nf%t$H7&rlhno#J$}T!x@NFJG636RKSU%BNQiR`Z#tyt*ZPamp?|8XPg}t
zWZAwi)1bUs^5#2o<rbH1T^->1*=)fD!?$B9-|zqu2A)u1c?`FIFX86OM8NO;6)pPh
z8ZVWO(P4XU_2&{g-7F9Cl()=GZ&PPh+!l|y)_gj_tC%L*hPVR)xSkkeTfZ7ddPWed
zkL_BuCkp-k^4!^TA~j#S;;h{S*Ai=VHJYb#sgear9*Sdxv2&SI^QAeK#NyT%Dhug>
zO-80d8!5Oh>jnRaPovX;_?Zo_huNQ5=7&wEVXUDU+_P9M?D9EWlDPs&u~%|(*=q}s
zt>Q{o=xKc*?1i~ehuNhB)M7FZ`OZPVyWnCAtTb7mez<?13g=Zx2ZO-ca?z~7y>-yE
z<bklr8hahZ_5wr+!UF-5l88|g16fIkK#W#Tx1k+5LS5~sKBkvhb9mI<jtvlFb-{%{
Z<bBEQtGkPFwLuy68BD#~Kp+{>e*x6A(~kfE

diff --git a/examples/src/main/resources/etc/server-keystore.p12 b/examples/src/main/resources/etc/server-keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..6c361effd41e5160328cef2941f122550764fcc4
GIT binary patch
literal 6366
zcma)=RZtrYvxbpC2<}#-c<}(mAy8b3Tc8vxQrxXjpuvhuk)pvJiWQfj#UZ#uae`C4
zrJQf(ocaDaSLa;p?CkUI?#<r3vtStYG6p&(7)G6f4dRMWiMS;|2cqY}sKWs;>QDdR
zk6;)s>;IB)DF85Bl7BG4KLNtV`=2R%Ty%^)7zhD|fjYpp|4v{LfQ`Xo|0(go+yHWb
zLn`%jIU8klJtj_}5JDwHt>791gM%0Y{W%yP8|S|_Vt}yF!1UN4iwG5T8%zK?7l8Od
z+QAF0P5|&gfJ5&D$Gif-K-%*2d}uiV5q7j{&Qv=qNM%6bW0%>@8ENk$Y``Z>0Ac6G
zM=^Xr`ZT}_xP+)TSKEIQ&H~8S>&@=1(>5mJdb)vYg~qBUkI(I?&Q*++giO3PT4kq`
zQWrYpAab~U?!Bz$V#uMg^G8d~xV6ffscd1~JbP{?U2V<4mxV1g>a>}Ez&?K`Lyg*a
zd_uq@%6}wY8%w-y%bvT0WNt5_J&?;~RAG}t$$L7ZXnJ(p@B0(EnNs8IE+HTC_k`r~
zHug!+Oo%HE0)KHOzpy2xiq6C=${QMQL;kf)J6v9q4k&T?9Pf>0T@m4RwK|v8vkslw
zw!;~;mdaGWQ8W~)%u$KDD@@n|Cbqx1wK;bI?KmZ6Hz8TW-gDIbsV#t{7VOB%F*ZgW
zK!eQ*@!0xrGUrrV2t#;3zMrsD#hBBJVV%dJ6tWxip=aC`tdDRKZfaRWnsz{h9H@Av
z8D>1xGv2<vJJNUFw->MAHXuT-eUIFZ=D>M~V)%@81fs^4_bl8y7m~_d;*e2Ea_~Di
z?OW`z?MpSd7R4oH5Y_5Gyq#nEMT9tsJR=c(hEj3euD14*nm1Ud;>k+=%t)L+am8uT
zELapJ6@^3eci5(C_@lS-j05sp63!=R`^O8C=WK*-Duy3<AFyDVm;`@-PR>uIV%bl`
zUDH;H3EcPLQtHr5Nr;WJvKs(5t9DS&Yc27ktH#7Yv{4ze%)4lVRrKd|siYpK2TvWR
zcy~n(x#F1%E+S$X$Eu0mK!GHA2ZK~+^8kQXEm7=O%EdC-$rkW~9|!^UoQtc3#AR4-
zKQdCM(eVKPoKHD0JhFp5LwMqdo?I8N>KXTAzNn@_8PyD}aCaPf0v(}Wtf-%ghb09k
z_*U=W{LCsq1c<Fl;4His$*;Kb19OkoTO?_v2$D@4rbIE13YS{!O}svcNM4#1vj5q-
znI8jFtZpk)({|g%sN8h3)Ri&9n&!=VnG70(Uxo6#S?xZo=`%l~VW>+pdu6IqKOQnA
zUr@Pm3DEA61IF_=|6mv9q0l+%Q%AaE4m~W@sA_ZE*k7mGKxDW^V}IXyz%ACl;yWjQ
zXkmB07BNDCo8}u{6owt$#gX@R#-j@NUY+iY{)7tJQ#Wyybrsk>o5ND0+9H*CgAq9(
zt(-s=;@l$FfT}$=+(O*`#2x%;@pCTmr*g_~1!%t&PoNWp7w5rG<^nN^3O*aR8m#Vt
z?^i0vXTKnub4~FzG4AZm;U%lOn@xQFl0Yl7MOV6EdHKvp<NeSBrhOnr`)QA6pk*Rb
zbE?vBdZFlneJgw&Hg<E+zU)o_b#)*UOK=V|hUZPPG(r~uQkp>lTmi~{^G9}(k~bTB
zmKR2X^!7&T)YapfpL7LW{P17DoGg$2!UHG_l$Cd@2-H_PhY57F?`&pc4Et0LrwgLA
zH=d()Up^;3F!fjCUTHFVmD1cW$$8$=tk5ipG~l<}EYufy&D?sGp`_<~^eKF@YGZMf
zalBW=sFz`}%DEKZoAS8R^bTvA$&4n*p3laEM3KsNZ%TNm-X0sP39EKZw5hjsNrMk{
z<t<@e>_nj-5!Rls8AO4MpMC76;{eHES>2YV5$cw9mD~gfzO)@!JpZx$0j4J^%*l4M
zxl@M<4QI14ZNSFg-T&z`&Q4~~_bp!o-tvAlrDq#=S)+Qtkv(-bXt-aE7H#h^Se<Y@
zxGPDSYRJzK4!i3GeHN<2@t>nL&;Zwf<<5mqP&vEZo-YDAFGg3cCa2?e$Xp6pu6){f
zL*LU&tfMx8Ia*K`4moV4#O+@2f?lro8(<s!D}E)b1Mc6|KVwJ1B;rxq4oR68r3Sj4
zh8xA5=ov15|Gc4@KEkbFjohAOO>fyqiQHe(ZlDF+s2kI73+L-l^P>xU_7n)2!hK$E
zZ%05LCIlHBH3ovt?^ht4>}Ge|@xOA-=LkQ2n<YYZVwrGN*}A>4${JhcMZ8N?KDFBT
zm_*Y)mZ~i&844R@?lbMmsIJM5c}H%<Tq6MZq7cFtNnsz7{T*QKV{VKrQ<!QIW(WS*
zcT2!VY>IQQV2mwkfw9W>x5RU-fB(peHUggI;Sjq!$cMoi8R5l5;?5@kw;aA;)JDFL
zG%2PdeGjpTW0ecQiDrRQyvSWrN}I*(dC0pb_%ih7d81^#MRQ+!sc(-bFI)XO-JjsQ
zj?ldzY1OI}KIs#){=iS|`h=Xm@BB$qpX4*bbVeF%puvYb%1rTOV7qXj#(ELlE4K^u
zDI*E$Lw0r*PXk-B3y`LFR@QTuJnSjK|2D?bU`Vd+6`e$N!hrbu?NM8|k+|(tV9IDm
zy#vKD=_0%uv=eMGmm9Y+^J1V(N^k^P=6w~#%`|};9BB>O47c*->&qsXj*{+?oSeym
z(`hdLso1Gdlt|_$7(N^<`4ZgQ<J|D+2ggZEtF&hco~?iUO0xLH&&QSbm{GCVBzfnX
zka{<ADRF(;+YcI_{TmqNy;etTaj1=RADEiApIS^Je_JbI)!CK^@y^ywd^geV;Z3Pb
zezJ1MxKhOqephjGX6=Ml2IIWrt2cNouC7E!NPUXXsT<;p%x9=lk@=nKMcdZDUOZrD
zNNkd{nK-z7*8vr7jR1B^)dpNYOL!BLB+zK+AtCo!?nY4adQ!p+-%+w(jsGh>=Sw;J
zpnpyWAS|mAKQXk4*o807nRP|-`^?Jw{!O`Y5YJIW|GXu2S~harg5vA6@%^(oYV=|f
z6S!pYIAL2MkMZJYtvjBy98kKRtvI{SX|&jt(Ggg>6wJyjrhB5Ng=@HL)MJCD3x}M1
z9rBRlp}cWA!!IwRmec^g`?>rclWJ}ko~-Q@LV(j=%ih~DhZg%`YW!DzRvj}wj3K(o
z_SaIB6%BxMBe9d)B^70on<xCfL7`|{PjM|{CFrf!(V?I_<aJ~}i{NO#Z~~_Z>5aMl
zba{x+>e+{g(Df?;D`|yY@~UH~Pca+)muF^O)30VUKCxg9G}(CD^E}d68M11P%1R_v
z9xmF^Io<{h)km~_Re{vJw>6^Za-@iLbucE2%c78u*^>TEu@E+l|2rKRDEYFCp--l?
zoch5(<VOiO)pq1|;61wtTPxQ?qehnnCgr)`+J#l}Y=p~B2tRxt%2Z*U&vK$gYcdDa
zn)4cY+01O~mMS0uCi&N{fye~_3>atvV5a{d3ITEeslL6l&2s?}(U)Ri5fM>AQBeUf
zj8Ny_CLnemj8N_$1i?T@`zMM1M?wF;%%S0YhkYBpMzm@>TjV49>Mq`oAH4q`bI1++
zQ7s6tyL2$fUaKz6=m>!kATAvO`sgQB#oeF?wb4(sEY3Qw%CZ)Wa`smOW`xlj+KWiX
zxgD%DLo@(Yz4rpQ=~6KxAjjiTX0tw%B!9~C%R~X_xZ8^@rFdx_+Jxcfc<BD=SjKzJ
zh9Cx$v=~L-`R7)-7T~~*zpexVif9_~zH!}?o3wnPSURXu*XX8Onh3le9Vw9+-D@ZB
zUsg(rQQMor4D!Vke-&W2U<5oMOrKG`EBNW^xsf&?$kDn}P%xcoFSDmAAgLZoQj!=u
zP*D*n!fog15ah>yuP=qgO!0oIu^?+jJ>kb@E)h<UvC?p+6z<KviyVj&Q{mRMbPEpe
zRby%H+<IYjWJU>{%I&(#qQ)e6EyshsMK0NPQMrHa=3oD2JacN?{RP2^M4)#nR4(&W
zTsD@|O<XxMSV9B@@8Ix4tI{!PWjOzg#q?vkfj6+GK3gpIiMiLD>7yp0I&T7tU9~#L
zkOtJ8tSUB`?F}!*K$&c&XUcwG(@?=RH@SC3f`R5EHGTFy9v9ZVoT!mfV?n{lU%n_s
z2#kER0w$zZs*G4j<S$-Pq^zK!XXC5u({x<$__*1x;p~02xG3R$z%{8bTGb2ZrsZ>#
zuYI$|9w13Mb!Z`A>2_}h(()QePY>Pak(Ow+V!5>cc67}wAa!g66E=|%(GfQPau<+-
zK!<k1ihIx8Lus8X;pj>=7&wS8ZK30Ojq>7H=ABJGfGsd)&m~K;@)jQKhYI56*wL@r
zvlK|W#3bf;Ua6&Gw&p6%IQS*pnm}ocpOJI%ci@gn+&MhBh8nNH1VZ%Q&0ORY<}1nm
z@sfAFGMX0i<r3j)l%P~4G(Z8NH2B>sE_t+rE$7)w<mNVBleHl_lEpl5>ps$&6(hEP
zeplV0wLP+!$14+<%C+m=?Wezp^0q{rqo#Qtehd48QF)t-Vy9qJ*!ibAOBbeE!a1s-
z?Pp$O5w_ttqIb*V?M-}&R^y@kR}T!1f*{f=BPe6Nb=(A^Wk9kS`g7=Y_I@F4NBVFS
ze!n}VlM-K+2W6yS)Y1oW1}`zr_@BQFqT)SHW(y#efQp96pkyVwUp8Ve=69k85{~;u
zpunAt8=rW#X_dfv3~CHoXtD{NwJF`J>om^|HKsFmM|`y@#42x}!szn*hx#G4kw`+c
zlKY5*{kMk*&7bG`v*gO%<8w{<{oPvO4x=u|x8r<(m-<?x4>h4R=0@_v4{sgoEwd|2
zI$xyGtcU|FTx?Z#e$m=<P(@{VWaop%?&xzf0&ens9MVz7`Pw=X9Pf~fFWkq!c~nhR
zo8q=VF!i<+6I|dFy?Eya@?;y5Huwt}eE%7zOMCvjlI#|neOJm&(W|o{-K6n&LEZU8
zEHrhXoz<JJf;#*;UaYvnu1KBt6Hj`$URV$F2jI65E<X8!Y;FqaCA>yWuBe1OK8av`
z^ZOk%%cDV`^5~$s{fp3EwxKx(mV+zu8|2brEB|5#unyf59+YBt*S``Psh9rZ`?h6c
zlq*Zn*Jw3NB%Y}Pn?+Der;;#oiauGStn+)QK(zN6dPIvD<QOPVc|!qRI5OjL@^wDI
zjsDVK=%)4&Z(%CM@Y}&1MmyQDqM4aTsvlYXfSRTnwJ~HlnvGz>e*Z(aJa}Dl_a2FA
zO2|Xhd<jb->SU3`e++v7DDM0{QH7K;)dzn-b`9<YQOWf0e|-Okn5X|UM482-gT-_#
ztj#JXI3L{%DT_@tTooq%(##jM5bY=Ny=_V7FG18RDn?-o1g`y?a~Fte`di9q?zbU6
zsM-o%+@0UWF054{GQFc2!a{m-Mp$$xoOI8x6ZzR#zqG1+?Y3>G7d%JD{39K4wKzSR
zmut~@Xyau4r^Ssc;_juwBO?4Aepqr^@cPW>y(?{%R0IG@R}S;S>@G`D4+H!=2cP$z
zTz8VGtLF)wqL2TezBLFt7L+vk;0-Y~iGOL3S+*!|<=hM)@0n$)*)V-NYLdem75JKF
z;`tEg8&@4~LNADjiRH+~T`(nRB=?usyE97=Yfg)>#uUfz_*miQIZ3(LWBol;Ceeiw
zprUDox}!m05NUUt$;@yZ>3+n|U{D4eKus{5C-|7jM<th)YtmlC9((wdjq{rnE;6CL
zmBpbRMMgq{D)qFA6%RO($JK8Wa8u3zDWvT>lm{_u--ljaqTZEnD$2T-VTLVy=AOO?
zXo=Eyt<ve~T#AqB5DYF(loq%e_dxJvs9^>)Mc5khwkf9Q$$?yF6BGuGi$W=|If218
zEKzL`mqdnO7ge;}SDEKe<yWq(2b?w<0iwuuV-QW$q02zjXMUbqJ9KMhLSB+rhdqX-
zFD6K>=YtnxM`?jw8%OnF6pK4a5xt2<;39LFttHB~%47j^wN{@p|8nb8*615gq8Ld#
z*_X*I=?~J-aU2}Fg=ZGJH>vc6lKlnFaGOOEEiQ`^>I$j$6D^|Tmv+O&j6+xEUuSTQ
zzF6@Wpj|<=%f%~Qf{z^zMTfJZ#pPKV^Xs?RUGWLVS-!PY3@ki7qz>OtY}UdKIg}W@
zx7VTMmVKx9PnWUC`@J^Q-LUbx!IdlB#f@clH@gvCOiP~>mWni6ML@?vLcrB8v^vK&
z9b*hW_V%V8&Hg|sh=~mPX~V_Fv@j<X^&?%HjPcb|LiIUG74uL_$*FA}{9Yj&+p%N1
zL?y;F=~=(6c!nO;&Yv_48w@9{eG)H%yR_H?lVuO(3uURbZpMy>5<MESl}X%z3Ex<&
z`k{17A%qpB&R<P$iy-1d8kYnB*wzI8E90bf3iJAn&A=A;Dd@xgxywDRa%zod)SRp6
zlVpM0`T)Qg?N91*AaP_v0UvMm0~xK7u$Q|tDo6exBc_hTal3y8ZvaG#<Klj8`kKEf
zk*i^L#tFymZp&A20G+`C_4dts_snc*@Zj61H>CSJD^Z?D3VH(x-v-0yH-<l)Yufo6
zJ6+z%^5UqG*_w?trX1|TzJEZiQ1p9nx3sOTJ>7V^J}el-t0Meg!dl*1*W_iS8<Kr?
z%czR%ut|U<KOwhA+sM!Sr=q=i9+kP5?7c_oC%!H-6Pm|;kJ`QO^&l3Uk7k35Xnosy
zdklt>bQ*!;lw>|#B(<66^RO1t(eE!NcO~#kQ{yU+r5Yr5yzDTy?-Q80q@_8_Cy$%G
zifF>V`8WerFI#a#!Zt4EFTl-PcWqdaJHVS=GC3$pwbPf%MyZSFPp+RTka|SdskDE(
zLAJeIp5)bt8)o8M-`nV5gjDh}R%(0$F`>bw5!iMxJD%;h>=SSq@KWce;#Ay?a6FeT
zY)oF)qB@Tk`z?C4K9YqdwiGpbA9J|T-&3LBdY5HBQaPf!!aJCAOZP6%7&J@R?8CKk
zQ+Ofo7f<Q}^pdFIXhLti6SU1{98?PDEpw8vLah{au3_YSHMfgn>6*%&YI??0wQy+v
z+=RQ&JOx*Kf_+xa_*Iua`&TM_oXNB<)@Qv4gSTk=Tq3iL*gmJ{&*t3ZmuA#QEoY{a
zWjsf&RjLGCry}dZHy?TI7slGWV*Q#AR_Tc~jy!WF3<+7WB0r1nrQJU8qzx3a-+5-G
z@z^st<lt-j?jO-|yjvUTRPz>05^uHW=+Ah)5ah@Qj-*1AwtxKN`sm+-JwKz2YrsBp
zF49QTbxUE_)7kjD5B+)H*mC)Dcq%4;qteUn#TN-aMC0Fi({6d?(Z9M@o%zIS{e*1%
z&`#W0%*p9sq8hH>jifk;y_5WLDhJelxZ=T-ZHs><D8xSp8MD{#Sesf|%ejlU*eK!*
z8w58L*jyXfJ+z|9DEOUru&H|4NcAj|sRx9xkZ0h3uC>UQIkE4da;Ik5bC|DDlwQ=X
zQ7;{)BqaIg56L^9meedn6G6US_H48Up4-;QU8bf&qVp?fCR0O>eJEh>^_x<I60Ib@
zB&|gUhY;PY&eS@hL{0-aKbwS@II1Sk4k`FHXMWNLWN*=2B;T%P$&LaGk}S(2&Vf=Z
zo+<aFp!;|pgNu;WUMalg`asM=Te39vTPe>nLQ7q=?BrORq^Z_RVo&*f5phx7BbVgV
z=f8#JuUvNEXs=U`RLvMYnoE#kWekPv#0N5_acLso7qzzoIcWMMn~4l{DHfU&=JUjj
zuSRjxCb;lJSX0lb8+p?Ocb}EkIe~r^z<4r-DYXO(5+qrX=5RdkQPGq>34@FJ)s=u;
z#5oPq%3Vg6;8ogp2-_Ns?lQI6wfL_ST@}=5Kwa&F!u#&U5FrkJDehVKv#vNn(LB$Y
zeVOi?b1Tl$@543-SMNOiWf$@9WyXPLbc?5&g0H?<8dHLmo_Q?52bd%`uss_d-Or29
zQsIwM&W;^22v~bjlkn?Oa`~k!B<nE~+)(z^pq0aS`FO$X^}0THzkj^%jgo)w6!Pf7
zWGN&>QQOd6v~;Cgo+G>d%d*;D59dpB^!}XT*WC9MY|$Ou!e9>cz5Wd|G-x7%3RqO*
z-CU^GSmbZX)?eYes*Sx{ZRV7ITfXs8r=N3_uwmb?(Nca-NZ{`{a&|n{!sJ@ui^vbY
z`3p2_QEZ;_VJ~;rMp$cw*!H`lgStfNj!}8Hsw5Qd!-~X--4SBsD6*BnU4!rUi9Obd
z;U5PBQvR(2BHrTTxB8o_?Syt+5Dv!%2BOf-ZP_WGY(2)`bD5KHO9+Osf`TI^4myz4
z-32TSW&(q-vA78_F=(;S0OW=es{9&G>mWzNl-H}58o&dgT0H={I*4eT9Qi!NH4&<p
QT|zt>jX!>gfq{eeUruNXf&c&j

literal 0
HcmV?d00001

diff --git a/examples/src/main/resources/etc/settings.mapdb b/examples/src/main/resources/etc/settings.mapdb
index 1416a7c9c0c21e43f2b1c0197db38205fe6d56c2..0e1c1b416daf9cf5b17d55c8db695907426117fe 100644
GIT binary patch
delta 286
zcmWm8(MrN_6vy#xe|2-K{NKdts$Gh{fVW-s213wF^aAq#CurRnf6z<al@PRXFj@rB
zd<LIjw24BLIrG}z4t(L9bM+BI=mHH+o%4@{Rt#@mJ$kpMSFEh3Ci+}m>n+nM?#7df
zjlbE0ao?%<#iQJHW#5%LG7v*0R7MqKA`4ZKjU04@j?qcv%3AM^S=DbvQbb;fpRxLM
zwcBm-_b^P8P5zu_`yg58*;laKCjURH-(|K9(k$G+jBXnIGV)CxU#K@ZeywxguqPmC
r8nbNCCD|vi2rL4Nz#^~+ECP$bBCrT70*k;Rum~)Ywa?Bhmc#Y|@c(qw

delta 252
zcmWm7PYc0t9LMqfHf%P3ei!B<Zf1{Q<#{Miz{P1#fc>m2H(GL1Qz8ck>1)Y_$0A1*
z$<=4yde^tU-+FnT$2>GC8RgSYN`~8;Y28(;$*PRQh+V@DbHc5hmm9r9#N0t<k=!ib
z6oDxil97T^D2*~mMH<Q?9T_Nx@~9A-qBt6cd*R3R6t5_A$L39ac6&WP-^cyEn|D>-
ziq|SX*YpUOBq<t;@IO0Rd@1`R0)kAC2{J(@$OM@n6J&x+kO?wDCddStMDg4|T*RvV
E2f15Xp#T5?

diff --git a/examples/src/main/resources/etc/settings2.mapdb b/examples/src/main/resources/etc/settings2.mapdb
index 3625607d4a31620136313501fc0ab23bb56a8603..37de6dc7be38e14ab28cec9871746f13fe9af4b6 100644
GIT binary patch
delta 286
zcmWm8K}y3=5XSK&uWiz#+P9I|m06a0fo{9<27=%vyg+%+LaICEfi7)Uf?&eXVxS<#
zGkAhvQYsXiHnnTN4E$kcRzD$xF3{bP(|P~Ws^O<+_uiH1RV(w=ME_J5df#-ayZ53J
zV>7)qZibDZdeld*9J^9S24bj&>ZpNCWT7Uqk%L<303F7zZ2Q;DYOWMX5qmX$%(~CZ
z-L5F-QIw@c`I_bXF#Rd>?{KkA|9+S2MZOKQJlfA5FME6t2PRKW)LcHjb$MXe6Oc5G
qS+*FF91~as7J)@z5m*Ekfkj{uSOgY<MPLzF1QyBm$8eg+hx32&v2@k|

delta 252
zcmWm7y$XV06vlC1wKV(iUCNfIt&b}Rx{sh6Xle2W$~PftD@2?EgD4srB2E%6buTqE
z6%Doac;F8Q&VirfILtwda=vo;N$K#;ZrQN4TDmH8KVmn3z`FikF3Qc(DPr~{yGm~@
z*Akv37?P2KRFpwkq#+&Ukb&~3fQqOTTf&@8{iAT>hRUl-*zNGP5xhUI@ALln9KxZ-
zd+}D|N!^HmNs^+o2>-#k#n-Y+!XwB8nIIEnf=rMJGC?ND1eqWcWP(hPNtns_bQPQa
EAGthQpa1{>

diff --git a/examples/src/main/resources/etc/tls.properties b/examples/src/main/resources/etc/tls.properties
index ddcad559..37d4d9b5 100644
--- a/examples/src/main/resources/etc/tls.properties
+++ b/examples/src/main/resources/etc/tls.properties
@@ -1,6 +1,6 @@
 server.keyStorePassword=password
-server.keyStoreResource=etc/consumer-keystore.p12
+server.keyStoreResource=etc/server-keystore.p12
 client.keyStorePassword=password
-client.keyStoreResource=etc/provider-keystore.p12
+client.keyStoreResource=etc/client-keystore.p12
 trustStorePassword=password
 trustStoreResource=etc/truststore.p12
\ No newline at end of file
diff --git a/examples/src/main/resources/etc/truststore.p12 b/examples/src/main/resources/etc/truststore.p12
index c205d31c1c5fd6068375801a1d71d20245ab049f..80d7234ab4e1c20386686017fd5f455a56941141 100644
GIT binary patch
delta 1213
zcmV;u1Va1g688x}FoFd00s#Xsf&{Dv2`Yw2hW8Bt2LYgh1f2we1eq{`1eGv?1d#>_
zDuzgg_YDCD2B3ljf-r&vegXjiFoFbkkw7aHXw^)#Uh=&0<<@PLZN`jI0W@(Mk$)tA
z1yQ;K|470Cf?mxo!l)R{fPw@7&_^UMy;}206Mq0k6?%F#V^WLMFVMQu4q+SLWGN<T
zf~DIA=s@wIu6P$9AN4q>$AR2yCqAY3p%$7Q^yU7o>*yn(cQVAzX+*vpd%h&Wq<H?C
zw)9SN=<B4qBEOvmg5*weHq{VhqgU{MxvIas;R?wJ^t^47$Gnz~JA$bc^L-2fhi|?b
z*}XvUMy#Oh&(cf2%oiB#Q;_!C44{o_PGHVwilr8s|CX)be`}vyZe%4udWFYyCo8J?
z<W^f77?75vIk;DQzbT0Gi6Ia}x6>275{`5o#zC4a4`U_b!1A9tnB_2i9;1kVfkI>0
z*2-aYzBF|g>nG8DQoZ=!R=1?x-l&%i4Gw6emRx7_%9A=7)#8yJ;g-FC$u^*Xh4RQd
zaXAgV8o`rZF}2KPitt~V8-O$9J~G*!1d=oNfAvs)>3%9~^RtW#XT~S?qiK#&xyA+f
zFzG9bBWJ1Hm8hBSBc!MX-!eph83hx6rCV@I#Y7++*BA#CwX9*gQRz$6-aUV-2c$!!
znU}g>EX;y+0se#)aSG}m(c&tllZgL<g3GYqhJ@Vpb`?MIN=k5>LpR7&Kwm>mw<dU|
zOofYKF7B_V{TV&(%i%;`H-nH<GjIprLnIc;eJ_J<U<Z%QN>gk^Wq&k(WpF}vAAbLZ
z9$(Q!MNL5WWXh$sIac$I>5p*ELInH6Q2(91xHyQ?zth9Oo^`#DtSzJl=iZv|7;F!a
zwd^IsbjBJ+7)w$T`GbgblkFFKjsU%&51icVmQsln8qryNH^gDjkQSUuMC(v?5Whav
zO+ZeKqcXRnt;fg_p&+e)7<1Y(o~ZZ2k~3~8UN+M(ZbhsSw=|x%(D*F2m=fQ1m^PFS
z!ZGfZ4U>qigN|bQBQ8UB`RKl=KO_xC9<Ov<!m{g;zx~NY++@k+;6*0j3BMnhBPx)Y
z9^ISbbVIpNsz)nfvm{o4(id6AysTWOaP0ihuH0HVEAd_{4OVG?XfmXXe5o@utnmVH
zn-A{5Gn^M+_Gq%9Oe|w|@j>A~hTeE+|3+4cxLHy6pL*@~j_{)7tvs~d=q5ZV@+XH!
zP0JNwIrsJ2c@SRs^1;48iAZd&{$sNrY@r@&d(w7&wI4h?Ok0Am*?f1J`q^by>j)y<
zV*#SX%Iq)qDND+K?-!wQ!gdjhd!bEMkU$hvmJdSb#|S<+7A60w8AzWAlB8N-fED$1
zw7*smpv=fHFn-%F6&1rB>?yIi*_eDZ#v-QJ``*@wo5jQkdit`4==Nic=_8>CHDmuw
z#M%sHlEz&dV+CYPi*SkhhJmCTt(=HQRFwW;*jawzQFbO=B+-T`fy3i|i)h;^IY$aX
zk=syvhD~eV-ziELFg`FLFbM_)D-Ht!8U+9Z6cAz>{=7Zd>o$*x4vRVvrGQ(|;{+7y
bhf#s*E+yJg<=zgSgPWed;9*n(0|ADh;WJ1z

delta 2358
zcmV-63CZ^N3Fi_(FoFqV0s#Xsf(aZ32`Yw2hW8Bt2LYgh2@M2-2?;QQ2?a2M2>}KP
zDuzgg_YDCD2B3ln@-Tu3?g9Y-FoFo@kw7aHy-6*&p59{73muJr$OAodr?NmLk$)tA
zxgwleRo6&da@Uda2B+w_fPx5cFJy}>_Mok)!a@EOE1h(Icu55JbR1ddkzHGufIk=4
zOAl9DmUQ}ApdDsbR!Mn?ZCzAwiDa{r#tLkV>W?!mkyEJ?2;UFIjxgVJ4eMts*Y!!R
z)VyhN6MD`Ka>x>D!%-@fgGJTiM;A7KI;Kp<Dnqa_8_yDr3XVBNSf^Kco;8O10)k-L
zN!toqglr(0HTs1P3c#x53PmrM8yhZXM=D7g&#i17QV+&q3%q*YT!Qpm+jt)?JAgwd
z7*0QLQTq{D{IRGrM(bm&RYbwgg(!GrJ{+dou!YYVSN*0n@<SG;SeyegZ=*JUX!Y$b
zXx<Pkm0*d+*5=<{HvTAV%ruf($&7tOBr4l-PrX@Qx6gK_bWyWksn6B)YH!Q#Znn+N
zq<=4sF>C{D&A*MOpLwONZt3&E=3;w7MQ7thACItK^X#fl#Wf&izo#7+W`5_?6IcdG
z6`ROJ;jm1kq&!UqTO2;|&|c<$dyylz+F^a>s^|7JNXRI5dAhM^mnS<}88QylhnXI_
z5jw<CB~tFlAF5j)Pye^=Rtiomgo{^2CR63<>Al~24htdSco&Udf1GY^na~ZP;NFcS
z$hk}EygsTIgqeZ^ew6x6w+jJ31g}i_^~#74Mg}s++8CV(i?Z6^+<qT_m<bM;IF{!C
zyzJ)~*~z}?d<A{9jTv#ws^?9W<9acVxhDouaK($A6kG-Jeuwh7eCQo!pphC#tgJ~a
zNPPZ}(n`PjY}?bZ-a`z^S?i=-f2Aps!HV{P02tCCKo-0B1iw=Q9Mt7EdxSjpa$Y5H
zJVIdNZj$0qhaZLoj-Ts)pk%ee$q5JMb@JCr(d}InA*|n)XXqS~M-dMsWqW;A3bJTn
zmx*3ADG<`#@Ei&IGPA=dH_Sl<{YHd@5Je$_h`)8sD}HrHVR`CeY{eYLReCiYXLCF#
z2rfnCy3gas)5*xTk41WA<rZGyH<aU&;0?KP5xu31r&s!vIF_t`i?=EUApqAUI;e`>
zCc^I_hjrjU5J%Cf$G0)gQs#>O{pzbBgYHd+Tz%R7b9r7wVSmnF9)s(AJJE5S3&7i<
zl&TK|ARaC}fyr%1C6l!q#5IG&+aBi<3hQelE;98&N97oZC+zzF>gz9g%0!YE{ozPZ
zJ8g2)!Ls+pFTbjPaRzQ5ku3msAMD4T1mf?oX~Y55#JkD9Ks6PjBO4CiH<ZvMr@PRx
zA7PW?@EoFYqX7Q%=8K;$G4dNn?(if$Z+q6Ij#mz*lq-U6A<vj|D{GHu_ncjO-zln>
z7poaB)kT1S|1*jxBc)b?!=>eurVMsUV*UVp1X2b#SZ^bLs{05_?uppi(xqGG{+8<m
zX14<2uKXdT%6+d$DE@ws|0sL^8C*)uaJ{1EVs|UGDcGiJ44)puxmy0mke-Qy#TlOJ
zr*2nJ0#hy%U}<DzgKlLG+8J7<fvI6U5ZhA-{Vy<kdvBKXM}$V%!f#C4nSlTPIPfFB
z^NPL|CtBKnC05pkLIt5y#uvnsn;9`#7srz;4xcRZW8a`p0cl^r#0d_=iWHSE5EWE;
zTyX3iSa)gSm1;d<mMd=oX{aOZTGt;g=)SK)_Z504Jmi}4^`kKJekheCfoHnhPm^!i
zyMf>Bqb$kUpl7lYz1m^z^B^rU7|cwX^!o}nh&fh&@eL55t&6MFl{Vo$Rvd)lNw(<t
zWS8qGFt)ke=DZ46m|>mW9lv}2-G6fK&`zxa(Xuu+Bbgf|2miY<s!r&Qzyz%?n@{{C
zwtFw`v_w-xD{%;O4NFso6BX?Ux*=WTdUeY;GxZ0X`cu~W44jG@xZg~GBG8qs#mJoA
zv#j}l@aGN_5(bL;+5?<KbxB`d{oUmtYwkUA26zE72Dd|cuPZ#?{3AojXmKuwse$vM
z)Ypysm0slECM@tG`MF{=DGeUhvEPFu>bT3+#OuHo{9iUSW0gLxAxlpT`?^Q%T>GJ5
zO<BB~nviouwDiLFI`baTh@5<Yw(VpVs)t~IRpDPDDII31Qf}FHP&DrLE>LI~+8XKD
zg^&T;Jd0D_xEWKbLjoFX)KyDT=X-WBp-Xa%i5CAp#~ZW{1l{G~_qW8)`3^;cs!+0d
zde#qvF+{NB06^>?vU~TkKr?r3Ym(;}Gl(2gp||=Lb(J?#eNY}taWDREH}e$lQruvF
zA)wg4@Y)vJF}>T~CB^I6W*<1#R|-L4{g>2OMhkDbsMu6n&vai+ASlp!evUC~G;itj
z65N=FD65C?1ldf*0eJ)9)Roi-kkyBHBhZxoJZb<I$|wG>IR1w$D(Y4J;VN?WN&4{#
z9uKpR9#xEqK^ohIGtFYSnVK&*V8jc5%z8KM_n{WA&W%kuo3eCfgDQ@%xu8Neu@IZ^
z8k~dd#DPC3dz#m;Y9pY;;pI!FK9$1pY$>=DB$`GY#V1IRBpyMmW;+UKzkOU6c(1lv
zTjqOU{iW_3Yqi(?z{p}AD8PE?vb*LRa-aymYX}X|wkwfW@}ZmyEj!;kewNUGr*RLO
zDz;5dz|yplwgGNojGb4QVKP9nZ%+o(W5)j6>=Vld=_EdZU$Vg2&X4Kh5hsVYHr<DG
zpp;{$E>3lL1h8DyT<Px0<ZFoBl^T*Cb`v223(l5P8)4=@lyr+mLMfO{h^enSr_~~s
zaa=k<UB<cNwdq`?2h<$Jr<8Vosm+7ke*RSd6T(M&1SCMV_U9GB=o=JADVGy8?nFC&
zoPR4U2lwXA(}L)ujQIzYoq(|KaJuc8Jz8ZENHV|zx8M54Vt}=U#TxDKk5$qhi2DkX
z5eo*RiC6#s7c?}vc)84iHX4Ym-}WKG8P6q4JTl&WP@w97GE77ZCY&%;^#==*s>B4h
zIG&^G(A`pDqF{U{EHFMWAutIB1uG5%0vZJX1QZ7F0`gb;>OXLDf2fuGz_+=R_SXay
cf&ajshd1B}r%Sug?7M=n&-{Cj0s{etpdO@jZ2$lO

diff --git a/examples/src/main/resources/example-getting-started/compose.yaml b/examples/src/main/resources/example-getting-started/compose.yaml
index 663e2ea7..21c13b9c 100644
--- a/examples/src/main/resources/example-getting-started/compose.yaml
+++ b/examples/src/main/resources/example-getting-started/compose.yaml
@@ -1,31 +1,27 @@
 version: '3'
 services:
 
-  ids-core:
+  tc-core:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/consumer-keystore.p12
-      - ../etc/provider-keystore.p12:/root/etc/provider-keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/server-keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/client-keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ../etc/tls.properties:/root/etc/tls.properties
       - ./example-idscp2-localloop.xml:/root/deploy/example-idscp2-localloop.xml
     ports:
       - "8080:8080"
-    environment:
-      TC_DAPS_URL: "https://daps-dev.aisec.fraunhofer.de/v4"
     networks:
       example-internal:
         aliases:
-          - consumer-core
-          - provider-core
+          - tc-core-server
+          - tc-core-client
 
 networks:
   example-internal:
diff --git a/examples/src/main/resources/example-getting-started/example-idscp2-localloop.xml b/examples/src/main/resources/example-getting-started/example-idscp2-localloop.xml
index 2878400f..0a4cfb6f 100644
--- a/examples/src/main/resources/example-getting-started/example-idscp2-localloop.xml
+++ b/examples/src/main/resources/example-getting-started/example-idscp2-localloop.xml
@@ -52,7 +52,7 @@
                 <simple>Message at $simple{date:now:yyyy-MM-dd HH:mm:ss}</simple>
             </setBody>
             <log message="Sending message body &quot;${body}&quot;..."/>
-            <to uri="idscp2client://consumer-core:9292/?sslContextParameters=#clientSslContext" />
+            <to uri="idscp2client://tc-core-server:9292/?sslContextParameters=#clientSslContext" />
         </route>
 
         <route id="receiveTime">
diff --git a/examples/src/main/resources/example-ids-multipart-uc/compose.yaml b/examples/src/main/resources/example-ids-multipart-uc/compose.yaml
index 07cd23cb..89be3845 100644
--- a/examples/src/main/resources/example-ids-multipart-uc/compose.yaml
+++ b/examples/src/main/resources/example-ids-multipart-uc/compose.yaml
@@ -1,18 +1,16 @@
 version: '3'
 services:
 
-  consumer-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-uc-server.xml:/root/deploy/example-multipart-uc-server.xml
       - ./make-contract.xml:/root/deploy/make-contract.xml
@@ -23,18 +21,16 @@ services:
     profiles:
       - server
 
-  provider-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-uc-client.xml:/root/deploy/example-multipart-uc-client.xml
     ports:
diff --git a/examples/src/main/resources/example-ids-multipart-uc/example-multipart-uc-client.xml b/examples/src/main/resources/example-ids-multipart-uc/example-multipart-uc-client.xml
index 68334d6b..50eefb7e 100644
--- a/examples/src/main/resources/example-ids-multipart-uc/example-multipart-uc-client.xml
+++ b/examples/src/main/resources/example-ids-multipart-uc/example-multipart-uc-client.xml
@@ -32,7 +32,7 @@
             </setProperty>
             <process ref="contractRequestCreationProcessor" />
             <process ref="idsMultiPartOutputProcessor" />
-            <to uri="https://consumer-core:28282/usageControl?sslContextParameters=#rootClientSslContext" />
+            <to uri="https://tc-core-server:28282/usageControl?sslContextParameters=#rootClientSslContext" />
             <process ref="idsMultiPartInputProcessor" />
             <process ref="idsMessageTypeExtractionProcessor" />
             <choice>
@@ -41,7 +41,7 @@
                     <log message="### Handle ContractResponseMessage ###" />
                     <process ref="contractResponseProcessor" />
                     <process ref="idsMultiPartOutputProcessor" />
-                    <to uri="https://consumer-core:28282/usageControl?sslContextParameters=#rootClientSslContext" />
+                    <to uri="https://tc-core-server:28282/usageControl?sslContextParameters=#rootClientSslContext" />
                     <process ref="idsMultiPartInputProcessor" />
                     <process ref="idsMessageTypeExtractionProcessor" />
                     <choice>
@@ -76,7 +76,7 @@
             </setProperty>
             <process ref="artifactRequestCreationProcessor" />
             <process ref="idsMultiPartOutputProcessor" />
-            <to uri="https://consumer-core:28282/usageControl?sslContextParameters=#rootClientSslContext" />
+            <to uri="https://tc-core-server:28282/usageControl?sslContextParameters=#rootClientSslContext" />
             <process ref="idsMultiPartInputProcessor" />
             <process ref="idsMessageTypeExtractionProcessor" />
             <choice>
diff --git a/examples/src/main/resources/example-ids-multipart-uc/make-contract.xml b/examples/src/main/resources/example-ids-multipart-uc/make-contract.xml
index 59f5a839..d71feb56 100644
--- a/examples/src/main/resources/example-ids-multipart-uc/make-contract.xml
+++ b/examples/src/main/resources/example-ids-multipart-uc/make-contract.xml
@@ -9,7 +9,7 @@
 
     <camel:sslContextParameters id="serverSslContext" certAlias="1">
         <camel:keyManagers keyPassword="password">
-            <camel:keyStore resource="etc/provider-keystore.p12" password="password"/>
+            <camel:keyStore resource="etc/client-keystore.p12" password="password"/>
         </camel:keyManagers>
         <camel:trustManagers>
             <camel:keyStore resource="etc/truststore.p12" password="password"/>
diff --git a/examples/src/main/resources/example-ids-multipart/compose.yaml b/examples/src/main/resources/example-ids-multipart/compose.yaml
index 4f069f17..14ac63cf 100644
--- a/examples/src/main/resources/example-ids-multipart/compose.yaml
+++ b/examples/src/main/resources/example-ids-multipart/compose.yaml
@@ -1,18 +1,16 @@
 version: '3'
 services:
 
-  consumer-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-server.xml:/root/deploy/example-multipart-server.xml
     ports:
@@ -22,18 +20,16 @@ services:
     profiles:
       - server
 
-  provider-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-client.xml:/root/deploy/example-multipart-client.xml
     ports:
diff --git a/examples/src/main/resources/example-ids-multipart/example-multipart-client.xml b/examples/src/main/resources/example-ids-multipart/example-multipart-client.xml
index 5b68ef68..f6d1df02 100644
--- a/examples/src/main/resources/example-ids-multipart/example-multipart-client.xml
+++ b/examples/src/main/resources/example-ids-multipart/example-multipart-client.xml
@@ -28,7 +28,7 @@
             <from uri="timer://tenSecondsTimer?fixedRate=true&amp;period=10000"/>
             <process ref="descriptionRequestCreationProcessor"/>
             <process ref="idsMultiPartOutputProcessor"/>
-            <to uri="https://consumer-core:28282/selfInformation?sslContextParameters=#rootClientSslContext"/>
+            <to uri="https://tc-core-server:28282/selfInformation?sslContextParameters=#rootClientSslContext"/>
             <process ref="idsMultiPartInputProcessor"/>
             <log message="Server self-description:\n${body}"/>
         </route>
diff --git a/examples/src/main/resources/example-idscp2-uc/compose.yaml b/examples/src/main/resources/example-idscp2-uc/compose.yaml
index c8fd13b9..9bf09e80 100644
--- a/examples/src/main/resources/example-idscp2-uc/compose.yaml
+++ b/examples/src/main/resources/example-idscp2-uc/compose.yaml
@@ -1,48 +1,40 @@
 version: '3'
 services:
 
-  provider-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-server.xml:/root/deploy/example-idscp2-server.xml
       - ./make-contract.xml:/root/deploy/make-contract.xml
     ports:
       - "8080:8080"
-    environment:
-      TC_DAPS_URL: "https://daps-dev.aisec.fraunhofer.de/v4"
     networks:
       - ids-wide
     profiles:
       - server
 
-  consumer-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-client.xml:/root/deploy/example-idscp2-client.xml
     ports:
       - "8081:8080"
-    environment:
-      TC_DAPS_URL: "https://daps-dev.aisec.fraunhofer.de/v4"
     networks:
       - ids-wide
       - provider-internal
diff --git a/examples/src/main/resources/example-idscp2-uc/example-idscp2-client.xml b/examples/src/main/resources/example-idscp2-uc/example-idscp2-client.xml
index 9d8c7d5f..9c2932fa 100644
--- a/examples/src/main/resources/example-idscp2-uc/example-idscp2-client.xml
+++ b/examples/src/main/resources/example-idscp2-uc/example-idscp2-client.xml
@@ -27,14 +27,14 @@
                 <constant>https://example.com/some_artifact</constant>
             </setProperty>
             <process ref="contractRequestCreationProcessor" />
-            <to uri="idscp2client://provider-core:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
+            <to uri="idscp2client://tc-core-server:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
             <process ref="idsMessageTypeExtractionProcessor"/>
             <choice>
                 <when>
                     <simple>${exchangeProperty.ids-type} == 'ContractResponseMessage'</simple>
                     <log message="### Handle ContractResponseMessage ###"/>
                     <process ref="contractResponseProcessor"/>
-                    <to uri="idscp2client://provider-core:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
+                    <to uri="idscp2client://tc-core-server:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
                     <process ref="idsMessageTypeExtractionProcessor"/>
                     <choice>
                         <when>
@@ -63,7 +63,7 @@
                 <constant>https://example.com/some_artifact</constant>
             </setProperty>
             <process ref="artifactRequestCreationProcessor" />
-            <to uri="idscp2client://provider-core:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
+            <to uri="idscp2client://tc-core-server:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
             <process ref="idsMessageTypeExtractionProcessor"/>
             <choice>
                 <when>
diff --git a/examples/src/main/resources/example-idscp2-uc/make-contract.xml b/examples/src/main/resources/example-idscp2-uc/make-contract.xml
index 59f5a839..e96a52b3 100644
--- a/examples/src/main/resources/example-idscp2-uc/make-contract.xml
+++ b/examples/src/main/resources/example-idscp2-uc/make-contract.xml
@@ -9,7 +9,7 @@
 
     <camel:sslContextParameters id="serverSslContext" certAlias="1">
         <camel:keyManagers keyPassword="password">
-            <camel:keyStore resource="etc/provider-keystore.p12" password="password"/>
+            <camel:keyStore resource="etc/keystore.p12" password="password"/>
         </camel:keyManagers>
         <camel:trustManagers>
             <camel:keyStore resource="etc/truststore.p12" password="password"/>
diff --git a/examples/src/main/resources/example-idscp2/compose-broadcast.yaml b/examples/src/main/resources/example-idscp2/compose-broadcast.yaml
index e76197af..e53136a1 100644
--- a/examples/src/main/resources/example-idscp2/compose-broadcast.yaml
+++ b/examples/src/main/resources/example-idscp2/compose-broadcast.yaml
@@ -1,18 +1,18 @@
 version: '3'
 services:
 
-  # The core platform, mounts docker control socket and route definition into the image
-  provider-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/provider-keystore.p12
+      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
-      - ./example-idscp2-server-broadcast.xml:/root/deploy/example-idscp2-server.xml
+      - ./example-idscp2-server-broadcast.xml:/root/deploy/example-idscp2-server-broadcast.xml
     ports:
       - "8080:8080"
     networks:
@@ -20,18 +20,18 @@ services:
     profiles:
       - server
 
-  # The core platform, mounts docker control socket and route definition into the image
-  consumer-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/consumer-keystore.p12
+      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
-      - ./example-idscp2-client-broadcast.xml:/root/deploy/example-idscp2-client.xml
+      - ./example-idscp2-client-broadcast.xml:/root/deploy/example-idscp2-client-broadcast.xml
     ports:
       - "8081:8080"
     networks:
diff --git a/examples/src/main/resources/example-idscp2/compose.yaml b/examples/src/main/resources/example-idscp2/compose.yaml
index ca4567a8..4027c02c 100644
--- a/examples/src/main/resources/example-idscp2/compose.yaml
+++ b/examples/src/main/resources/example-idscp2/compose.yaml
@@ -1,18 +1,16 @@
 version: '3'
 services:
 
-  consumer-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-server.xml:/root/deploy/example-idscp2-server.xml
     ports:
@@ -22,18 +20,16 @@ services:
     profiles:
       - server
 
-  provider-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-client.xml:/root/deploy/example-idscp2-client.xml
     ports:
diff --git a/examples/src/main/resources/example-idscp2/example-idscp2-client-broadcast.xml b/examples/src/main/resources/example-idscp2/example-idscp2-client-broadcast.xml
index e8f4c39d..90e2b142 100644
--- a/examples/src/main/resources/example-idscp2/example-idscp2-client-broadcast.xml
+++ b/examples/src/main/resources/example-idscp2/example-idscp2-client-broadcast.xml
@@ -9,7 +9,7 @@
 
     <camel:sslContextParameters id="clientSslContext" certAlias="1">
         <camel:keyManagers keyPassword="password">
-            <camel:keyStore resource="etc/consumer-keystore.p12" password="password"/>
+            <camel:keyStore resource="etc/keystore.p12" password="password"/>
         </camel:keyManagers>
         <camel:trustManagers>
             <camel:keyStore resource="etc/truststore.p12" password="password"/>
@@ -18,7 +18,7 @@
 
     <camelContext xmlns="http://camel.apache.org/schema/spring">
         <route id="idscp2ReceiverClient">
-            <from uri="idscp2client://provider-core:29292?sslContextParameters=#clientSslContext"/>
+            <from uri="idscp2client://tc-core-server:29292?sslContextParameters=#clientSslContext"/>
             <log message="Client received: ${body} (Header: ${headers[ids-header]})"/>
             <!-- Prevents the client consumer from sending the message back to the server -->
             <removeHeader name="ids-header"/>
diff --git a/examples/src/main/resources/example-idscp2/example-idscp2-client.xml b/examples/src/main/resources/example-idscp2/example-idscp2-client.xml
index 61eb7726..7ad76ebf 100644
--- a/examples/src/main/resources/example-idscp2/example-idscp2-client.xml
+++ b/examples/src/main/resources/example-idscp2/example-idscp2-client.xml
@@ -48,7 +48,7 @@
                 <simple>ping</simple>
             </setHeader>
             <log message="Client sends: ${body} (Header: ${headers[ids-header]})"/>
-            <to uri="idscp2client://consumer-core:29292?awaitResponse=true&amp;idscp2Configuration=#idscp2Config&amp;secureChannelConfigurationBuilder=#tlsConfig"/>
+            <to uri="idscp2client://tc-core-server:29292?awaitResponse=true&amp;idscp2Configuration=#idscp2Config&amp;secureChannelConfigurationBuilder=#tlsConfig"/>
             <log message="Client received: ${body} (Header: ${headers[ids-header]})"/>
             <!-- Prevents the client consumer from sending the message back to the server -->
             <removeHeader name="ids-header"/>
diff --git a/examples/src/main/resources/example-idscp2/example-idscp2-server-broadcast.xml b/examples/src/main/resources/example-idscp2/example-idscp2-server-broadcast.xml
index 82bf6c11..30b6715e 100644
--- a/examples/src/main/resources/example-idscp2/example-idscp2-server-broadcast.xml
+++ b/examples/src/main/resources/example-idscp2/example-idscp2-server-broadcast.xml
@@ -9,7 +9,7 @@
 
     <camel:sslContextParameters id="serverSslContext" certAlias="1">
         <camel:keyManagers keyPassword="password">
-            <camel:keyStore resource="etc/provider-keystore.p12" password="password"/>
+            <camel:keyStore resource="etc/keystore.p12" password="password"/>
         </camel:keyManagers>
         <camel:trustManagers>
             <camel:keyStore resource="etc/truststore.p12" password="password"/>
diff --git a/examples/src/main/resources/route-examples/demo-route.md b/examples/src/main/resources/route-examples/demo-route.md
deleted file mode 100644
index 99322c5f..00000000
--- a/examples/src/main/resources/route-examples/demo-route.md
+++ /dev/null
@@ -1,7 +0,0 @@
-The UC demo requires a running connector that matches the UC config given in the XML route. The `jmalloc/echo-server` may be exchanged with something more appropriate if desired.
-
-The following steps are required:
-
-- First, start UC demo container via `docker run -d -p 8080:8080 --name test jmalloc/echo-server`.
-- The IP address in `<to>`-statement must be adapted for the new container. Display current IP address via `docker inspect --format='{{.NetworkSettings.IPAddress}}' test`.
-- If the UC demo fails, check whether the repo digest needs to be adapted in XML (last part of DockerHub URI). Show recent digest with `docker inspect --format='{{.RepoDigests}}' jmalloc/echo-server`
\ No newline at end of file
diff --git a/examples/src/main/resources/route-examples/demo-route.xml b/examples/src/main/resources/route-examples/demo-route.xml
deleted file mode 100644
index f74a35ff..00000000
--- a/examples/src/main/resources/route-examples/demo-route.xml
+++ /dev/null
@@ -1,162 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	   xmlns:camel="http://camel.apache.org/schema/spring"
-	   xsi:schemaLocation="http://www.springframework.org/schema/beans
-          http://www.springframework.org/schema/beans/spring-beans.xsd
-          http://camel.apache.org/schema/spring
-          http://camel.apache.org/schema/spring/camel-spring.xsd">
-
-	<camel:sslContextParameters id="sslContext" certAlias="1">
-		<camel:keyManagers keyPassword="password">
-			<camel:keyStore resource="etc/idscp2/aisecconnector1-keystore.p12" password="password"/>
-		</camel:keyManagers>
-		<camel:trustManagers>
-			<camel:keyStore resource="etc/idscp2/client-truststore_new.p12" password="password"/>
-		</camel:trustManagers>
-	</camel:sslContextParameters>
-
-	<!-- Routes -->
-	<camelContext xmlns="http://camel.apache.org/schema/spring">
-		<route id="server">
-			<from uri="idscp2server://0.0.0.0:29292?sslContextParameters=#sslContext&amp;useIdsMessages=true"/>
-			<process ref="idsMessageTypeExtractionProcessor"/>
-			<log message="### SERVER RECEIVER: Detected Message type: ${exchangeProperty.ids-type}"/>
-			<choice>
-				<!-- Message Flow to cover according to
-				https://gitlab.cc-asp.fraunhofer.de/fraunhofer-aisec/industrial-data-space-connector/-/issues/20
-				Consumer -> Provider: Consumer requests contract agreement with ContractRequestMessage
-				Consumer <- Provider: Provider answers with ContractResponseMessage
-				Consumer -> Provider: Consumer sends ContractAgreementMessage
-				Consumer -> Provider: Consumer requests ressource with ArtifactRequestMessage
-				Consumer <- Provider: Provider responds with ArtifactResponseMessage -->
-
-				<!-- ContractRequestMessage -->
-				<when>
-					<simple>${exchangeProperty.ids-type} == 'ContractRequestMessage'</simple>
-					<log message="### Handle ContractRequestMessage ###"/>
-					<setProperty name="containerUri">
-						<constant>https://hub.docker.com/layers/jmalloc/echo-server/latest/images/sha256-c461e7e54d947a8777413aaf9c624b4ad1f1bac5d8272475da859ae82c1abd7d#8080</constant>
-					</setProperty>
-					<process ref="contractRequestProcessor"/>
-				</when>
-				<!-- ContractAgreementMessage -->
-				<when>
-					<simple>${exchangeProperty.ids-type} == 'ContractAgreementMessage'</simple>
-					<log message="### Handle ContractAgreementMessage ###"/>
-					<!-- Only processing of incoming request must be performed, no reply -->
-					<process ref="contractAgreementReceiverProcessor"/>
-					<removeHeader name="ids-header" />
-					<setBody><simple>${null}</simple></setBody>
-				</when>
-				<!-- ArtifactRequestMessage -->
-				<when>
-					<simple>${exchangeProperty.ids-type} == 'ArtifactRequestMessage'</simple>
-					<log message="### Handle ArtifactRequestMessage ###"/>
-					<process ref="artifactRequestProcessor" />
-				</when>
-				<!-- all other messages -->
-				<otherwise>
-					<log message="### Server received (otherwise branch):\n${body}\n### Header: ###\n${headers[ids-header]}"/>
-					<removeHeader name="ids-header" />
-					<setBody><simple>${null}</simple></setBody>
-				</otherwise>
-			</choice>
-		</route>
-
-		<!-- Initialise route by switching true-false -->
-		<route>
-			<from uri="timer://foo?fixedRate=true&amp;period=30000" />
-			<when>
-				<simple>true</simple>
-				<setBody><simple>${null}</simple></setBody>
-				<log message="##### STARTING IDSCP2 CONTRACT-GIVEN MESSAGE FLOW #####"/>
-				<setProperty name="artifactUri">
-					<constant>https://example.com/some_artifact</constant>
-				</setProperty>
-				<process ref="contractRequestCreationProcessor" />
-				<to uri="idscp2client://localhost:29292?connectionShareId=pingPongConnection&amp;sslContextParameters=#sslContext&amp;useIdsMessages=true"/>
-				<delay>
-					<constant>5000</constant>
-				</delay>
-			</when>
-
-			<when>
-				<simple>false</simple>
-				<setBody><simple>${null}</simple></setBody>
-				<log message="##### STARTING IDSCP2 CONTRACT-DENIED MESSAGE FLOW #####"/>
-				<setProperty name="artifactUri">
-					<constant>https://example.com/unavailable_artifact</constant>
-				</setProperty>
-				<process ref="contractRequestCreationProcessor" />
-				<to uri="idscp2client://localhost:29292?connectionShareId=pingPongConnection&amp;sslContextParameters=#sslContext&amp;useIdsMessages=true"/>
-				<delay>
-					<constant>5000</constant>
-				</delay>
-			</when>
-
-			<when>
-				<simple>true</simple>
-				<setBody><simple>${null}</simple></setBody>
-				<log message="##### STARTING IDSCP2 ARTIFACT-GIVEN MESSAGE FLOW #####"/>
-				<setProperty name="artifactUri">
-					<constant>https://example.com/some_artifact</constant>
-				</setProperty>
-				<process ref="artifactRequestCreationProcessor" />
-				<to uri="idscp2client://localhost:29292?connectionShareId=pingPongConnection&amp;sslContextParameters=#sslContext&amp;useIdsMessages=true"/>
-				<delay>
-					<constant>5000</constant>
-				</delay>
-			</when>
-
-			<when>
-				<simple>false</simple>
-				<setBody><simple>${null}</simple></setBody>
-				<log message="##### STARTING IDSCP2 ARTIFACT-DENIED MESSAGE FLOW #####"/>
-				<setProperty name="artifactUri">
-					<constant>https://example.com/unavailable_artifact</constant>
-				</setProperty>
-				<process ref="artifactRequestCreationProcessor" />
-				<to uri="idscp2client://localhost:29292?connectionShareId=pingPongConnection&amp;sslContextParameters=#sslContext&amp;useIdsMessages=true"/>
-				<delay>
-					<constant>5000</constant>
-				</delay>
-			</when>
-		</route>
-
-		<route id="clientReceiver">
-			<from uri="idscp2client://localhost:29292?connectionShareId=pingPongConnection&amp;sslContextParameters=#sslContext&amp;useIdsMessages=true"/>
-			<process ref="idsMessageTypeExtractionProcessor"/>
-			<log message="### CLIENT RECEIVER: Detected Message type: ${exchangeProperty.ids-type}"/>
-			<choice>
-				<!-- Message Flow to cover according to
-				https://gitlab.cc-asp.fraunhofer.de/fraunhofer-aisec/industrial-data-space-connector/-/issues/20
-				Consumer <- Provider: Provider answers with ContractResponseMessage
-				Consumer <- Provider: Provider responds with ArtifactResponseMessage -->
-
-				<!-- ContractResponseMessage -->
-				<when>
-					<simple>${exchangeProperty.ids-type} == 'ContractResponseMessage'</simple>
-					<log message="### Handle ContractResponseMessage ###"/>
-					<process ref="contractResponseProcessor"/>
-				</when>
-				<!-- ArtifactResponseMessage -->
-				<when>
-					<simple>${exchangeProperty.ids-type} == 'ArtifactResponseMessage'</simple>
-					<log message="### Handle ArtifactResponseMessage ###"/>
-					<to uri="http://172.17.0.2:8080"/>
-					<log message="Response body\n\n${body}"/>
-					<!-- End of message exchange reached -->
-					<removeHeader name="ids-header" />
-					<setBody><simple>${null}</simple></setBody>
-				</when>
-				<!-- all other messages -->
-				<otherwise>
-					<log message="### Client received (otherwise branch):\n${body}\n### Header: ###\n${headers[ids-header]}"/>
-					<removeHeader name="ids-header" />
-					<setBody><simple>${null}</simple></setBody>
-				</otherwise>
-			</choice>
-		</route>
-	</camelContext>
-</beans>
diff --git a/examples/src/main/resources/route-examples/example-idscp2-client.xml b/examples/src/main/resources/route-examples/example-idscp2-client.xml
deleted file mode 100644
index ebaa816e..00000000
--- a/examples/src/main/resources/route-examples/example-idscp2-client.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:camel="http://camel.apache.org/schema/spring"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
-          http://www.springframework.org/schema/beans/spring-beans.xsd
-          http://camel.apache.org/schema/spring
-          http://camel.apache.org/schema/spring/camel-spring.xsd">
-
-    <camel:sslContextParameters id="clientSslContext" certAlias="1">
-        <camel:keyManagers keyPassword="password">
-            <camel:keyStore resource="etc/idscp2/aisecconnector1-keystore.p12" password="password"/>
-        </camel:keyManagers>
-        <camel:trustManagers>
-            <camel:keyStore resource="etc/idscp2/client-truststore_new.p12" password="password"/>
-        </camel:trustManagers>
-    </camel:sslContextParameters>
-
-    <camelContext xmlns="http://camel.apache.org/schema/spring">
-        <route id="idscp2SenderClient">
-            <from uri="timer://tenSecondsTimer?fixedRate=true&amp;period=10000"/>
-            <setBody>
-                <simple>PING</simple>
-            </setBody>
-            <setHeader name="ids-header">
-                <simple>ping</simple>
-            </setHeader>
-            <log message="Client sends: ${body} (Header: ${headers[ids-header]})"/>
-            <to uri="idscp2client://localhost:29292?connectionShareId=pingPongConnection&amp;sslContextParameters=#clientSslContext"/>
-        </route>
-
-        <route id="idscp2ReceiverClient">
-            <from uri="idscp2client://localhost:29292?connectionShareId=pingPongConnection&amp;sslContextParameters=#clientSslContext"/>
-            <log message="Client received: ${body} (Header: ${headers[ids-header]})"/>
-            <!-- Prevents the client consumer from sending the message back to the server -->
-            <removeHeader name="ids-header"/>
-        </route>
-
-    </camelContext>
-
-</beans>
\ No newline at end of file
diff --git a/examples/src/main/resources/route-examples/ids-multipart-echo-route.xml b/examples/src/main/resources/route-examples/ids-multipart-echo-route.xml
deleted file mode 100644
index 22c1ebd6..00000000
--- a/examples/src/main/resources/route-examples/ids-multipart-echo-route.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans
-          http://www.springframework.org/schema/beans/spring-beans.xsd
-          http://camel.apache.org/schema/spring
-          http://camel.apache.org/schema/spring/camel-spring.xsd">
-
-    <!-- Routes -->
-    <camelContext xmlns="http://camel.apache.org/schema/spring">
-        <restConfiguration component="jetty" host="0.0.0.0" port="1080" bindingMode="off" />
-
-        <rest>
-            <post path="/echo">
-                <to uri="direct:echo" />
-            </post>
-        </rest>
-
-        <route id="echoRoute">
-
-            <from uri="direct:echo"/>
-
-            <process ref="idsMultiPartInputProcessor" />
-
-            <log message="Test message header:\n${headers.idsMultipartHeader}" />
-            <log message="Test message content type:\n${header[Content-Type]}" />
-            <!-- Required for test logging, otherwise stream is "empty" after log component -->
-            <convertBodyTo type="java.lang.String"/>
-            <log message="Test message payload:\n${body}" />
-
-            <process ref="idsMultiPartOutputProcessor" />
-
-            <log message="Test message multipart body:\n${body}" />
-
-            <!-- Send it to some web server -->
-            <!--<to uri="http://localhost:8000" />-->
-
-        </route>
-
-    </camelContext>
-
-</beans>
diff --git a/examples/src/main/resources/route-examples/ids-multipart-route.xml b/examples/src/main/resources/route-examples/ids-multipart-route.xml
deleted file mode 100644
index 7543d73f..00000000
--- a/examples/src/main/resources/route-examples/ids-multipart-route.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-	   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	   xsi:schemaLocation="http://www.springframework.org/schema/beans
-          http://www.springframework.org/schema/beans/spring-beans.xsd
-          http://camel.apache.org/schema/spring
-          http://camel.apache.org/schema/spring/camel-spring.xsd">
-
-	<!-- Routes -->
-	<camelContext xmlns="http://camel.apache.org/schema/spring">
-		<route id="multipartDemo">
-
-			<!--  Just do something every 4 seconds -->
-			<from uri="timer://foo?fixedRate=true&amp;period=4000" />
-
-			<!--  Timer creates an empty body, so we set some dummy data here -->
-			<setBody>
-				<simple>Test Message</simple>
-			</setBody>
-
-			<process ref="idsMultiPartOutputProcessor" />
-
-			<!-- Required for test logging, otherwise stream is "empty" after log component -->
-			<convertBodyTo type="java.lang.String"/>
-			<log message="Test message multipart body:\n${body}" />
-
-			<process ref="idsMultiPartInputProcessor" />
-
-			<log message="Test message header:\n${headers.idsMultipartHeader}" />
-			<log message="Test message content type:\n${header[Content-Type]}" />
-			<log message="Test message payload:\n${body}" />
-			
-			<!-- Send it to some web server -->
-			<!--<to uri="http://localhost:8000" />-->
-
-		</route>
-
-	</camelContext>
-
-</beans>
diff --git a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt b/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt
index 5fdf6a4a..9dc72073 100644
--- a/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt
+++ b/ids-webconsole/src/main/kotlin/de/fhg/aisec/ids/webconsole/api/CertApi.kt
@@ -279,8 +279,10 @@ class CertApi(@Autowired private val settings: Settings) {
                         // if it was signed with an already accepted root certificate.
                         acceptedCerts += cert
                     } else {
-                        LOG.warn("Rejected EST CA cert:\n$cert\nExpected hash $permittedHash instead of $certHash " +
-                            "or valid signature by an earlier CA certificate from the list with the right hash.")
+                        LOG.warn(
+                            "Rejected EST CA cert:\n$cert\nExpected hash $permittedHash instead of $certHash " +
+                                "or valid signature by an earlier CA certificate from the list with the right hash."
+                        )
                     }
                 }
             } else {
@@ -375,7 +377,7 @@ class CertApi(@Autowired private val settings: Settings) {
                         val certificateChain = mutableListOf(it)
                         var lastCertificate = it
                         // The last certificate (root) is self-signed
-                        while(!lastCertificate.verify(lastCertificate)) {
+                        while (!lastCertificate.verify(lastCertificate)) {
                             // Find CA certificate signing last element of chain
                             caCerts.firstOrNull { ca -> lastCertificate.verify(ca) }?.let { nextCa ->
                                 certificateChain += nextCa