diff options
762 files changed, 14568 insertions, 2721 deletions
diff --git a/.cisettings.xml b/.cisettings.xml new file mode 100644 index 00000000..8556c6a8 --- /dev/null +++ b/.cisettings.xml @@ -0,0 +1,37 @@ +<settings xmlns="http://maven.apache.org/SETTINGS/1.1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.1.0 http://maven.apache.org/xsd/settings-1.1.0.xsd"> + <servers> + <server> + <id>gitlab</id> + <configuration> + <httpHeaders> + <property> + <name>Job-Token</name> + <value>${env.CI_JOB_TOKEN}</value> + </property> + </httpHeaders> + </configuration> + </server> + <server> + <id>gitlab-localbuild</id> + <configuration> + <httpHeaders> + <property> + <name>Private-Token</name> + <value>${env.PRIVATE_TOKEN}</value> + </property> + </httpHeaders> + </configuration> + </server> + <server> + <id>egizMaven</id> + <username>${env.EGIZ_MAVEN_USER}</username> + <password>${env.EGIZ_MAVEN_PASSWORD}</password> + <configuration> + <knownHostsProvider implementation="org.apache.maven.wagon.providers.ssh.knownhost.NullKnownHostProvider"> + <hostKeyChecking>no</hostKeyChecking> + </knownHostsProvider> + </configuration> + </server> + </servers> +</settings> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 00000000..f6dfac69 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,111 @@ +#image: maven:latest +image: maven:3.6.3-jdk-11 + +variables: + LC_ALL: "en_US.UTF-8" + LANG: "en_US.UTF-8" + LANGUAGE: "en_US" + LIB_NAME: "eaaf-components" + MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true --settings ${CI_PROJECT_DIR}/.cisettings.xml" + MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${CI_PROJECT_DIR}/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true" + GIT_SUBMODULE_STRATEGY: recursive + GIT_DEPTH: "2" + SECURE_LOG_LEVEL: "debug" + JACOCO_CSV_LOCATION: 'build_reporting/target/site/jacoco-aggregate-ut/jacoco.csv' + +include: + - template: Dependency-Scanning.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + - template: Secret-Detection.gitlab-ci.yml + +default: + tags: + - docker + +stages: + - assemble + - test + - package + - release + +cache: + paths: + - ".m2/repository" + +assemble: + stage: assemble + except: + - tags + tags: + - docker + script: | + mvn $MAVEN_CLI_OPTS compile test + artifacts: + when: always + reports: + junit: "**/target/surefire-reports/TEST-*.xml" + paths: + - build_reporting/target/site/jacoco-aggregate-ut/jacoco.xml + - build_reporting/target/site/jacoco-aggregate-ut/jacoco.csv + +coverage: + stage: test + image: haynes/jacoco2cobertura:1.0.4 + tags: + - docker + script: + - mkdir -p target/site + # convert report from jacoco to cobertura + - 'python /opt/cover2cover.py build_reporting/target/site/jacoco-aggregate-ut/jacoco.xml eaaf_core_api/src/main/java eaaf_core_utils/src/main/java eaaf_core/src/main/java eaaf_modules/eaaf_module_auth_sl20/src/main/java eaaf_modules/eaaf_module_moa-sig/src/main/java eaaf_modules/eaaf_module_pvp2_core/src/main/java eaaf_modules/eaaf_module_pvp2_idp/src/main/java eaaf_modules/eaaf_module_pvp2_sp/src/main/java > target/site/cobertura.xml' + # read the <source></source> tag and prepend the path to every filename attribute + #- 'python /opt/source2filename.py target/site/cobertura.xml' + - awk -F"," '{ instructions += $4 + $5; covered += $5 } END { print covered, "/", instructions, " instructions covered"; print 100*covered/instructions, "% covered" }' $JACOCO_CSV_LOCATION + needs: + - job: assemble + dependencies: + - assemble + artifacts: + reports: + cobertura: target/site/cobertura.xml + + +publishToGitlab: + stage: package + tags: + - docker + except: + - tags + - /^feature/.*$/i + before_script: + - mkdir -p ~/.ssh + - ssh-keyscan apps.egiz.gv.at >> ~/.ssh/known_hosts + - chmod 644 ~/.ssh/known_hosts + script: | + export VERSION=$(mvn -B help:evaluate -Dexpression=project.version -B | grep -v "\[INFO\]" | grep -Po "\d+\.\d+\.\d+((-\w*)+)?") + echo "Publishing version $VERSION for $LIB_NAME to public EGIZ maven" + mvn $MAVEN_CLI_OPTS deploy -s .cisettings.xml -P jenkinsDeploy -DskipTests + echo "VERSION=$VERSION" >> variables.env + artifacts: + when: always + reports: + dotenv: variables.env + +release: + stage: release + image: registry.gitlab.com/gitlab-org/release-cli:latest + tags: + - docker + needs: + - job: publishToGitlab + artifacts: true + when: manual + only: + - master + script: | + echo "Releasing version $VERSION of $LIB_NAME" + echo "Publishing version $VERSION to public EGIZ maven" + mvn $MAVEN_CLI_OPTS deploy -s .cisettings.xml + release: + name: "$VERSION" + tag_name: "v$VERSION" + description: "$(cat README.md)" diff --git a/build_infos.txt b/build_infos.txt index 584f3250..126ff9c4 100644 --- a/build_infos.txt +++ b/build_infos.txt @@ -1,3 +1,5 @@ Infos for version update mvn versions:set -DnewVersion=4.0.2-snapshot ... update parent project version by using - mvn versions:commit ... delete backups of parent pom
\ No newline at end of file + mvn versions:commit ... delete backups of parent pom + + mvn -P jenkinsDeploy deploy ... for apps.egiz deployment
\ No newline at end of file diff --git a/build_reporting/pom.xml b/build_reporting/pom.xml new file mode 100644 index 00000000..649e650a --- /dev/null +++ b/build_reporting/pom.xml @@ -0,0 +1,82 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.gv.egiz</groupId> + <artifactId>eaaf</artifactId> + <version>1.2.1-SNAPSHOT</version> + </parent> + <artifactId>build_reporting</artifactId> + <packaging>pom</packaging> + <name>Reporting Module</name> + + <dependencies> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_api</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_auth_sl20</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_moa-sig</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_idp</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_sp</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-springboot-utils</artifactId> + </dependency> + </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.jacoco</groupId> + <artifactId>jacoco-maven-plugin</artifactId> + <version>${jacoco-maven-plugin.version}</version> + <executions> + <!-- aggregated unit test coverage report --> + <execution> + <id>aggregate-reports-ut</id> + <phase>test</phase> + <goals> + <goal>report-aggregate</goal> + </goals> + <configuration> + <title>Maven Multimodule Coverage Demo: Coverage of Unit Tests</title> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-aggregate-ut</outputDirectory> + <dataFileExcludes> + <!-- exclude coverage data of integration tests --> + <dataFileExclude>**/target/jacoco-it.exec</dataFileExclude> + </dataFileExcludes> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + +</project>
\ No newline at end of file diff --git a/eaaf-springboot-utils/checks/spotbugs-exclude.xml b/eaaf-springboot-utils/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..7bb320ee --- /dev/null +++ b/eaaf-springboot-utils/checks/spotbugs-exclude.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <!-- Paths and URLs only loaded from configuration --> + <Class name="at.gv.egiz.eaaf.utils.springboot.ajp.TomcatAjpConfiguration" /> + <Method name="servletContainer" /> + <OR> + <Bug pattern="PATH_TRAVERSAL_IN" /> + </OR> + </Match> +</FindBugsFilter> diff --git a/eaaf-springboot-utils/pom.xml b/eaaf-springboot-utils/pom.xml new file mode 100644 index 00000000..a9d05417 --- /dev/null +++ b/eaaf-springboot-utils/pom.xml @@ -0,0 +1,130 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>at.gv.egiz</groupId> + <artifactId>eaaf</artifactId> + <version>1.2.1-SNAPSHOT</version> + </parent> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-springboot-utils</artifactId> + <name>EAAF SpringBoot Utils</name> + <description>Common utils for SpringBoot applications</description> + + <licenses> + <license> + <name>European Union Public License, version 1.2 (EUPL-1.2)</name> + <url>https://opensource.org/licenses/EUPL-1.2</url> + <distribution>repo</distribution> + </license> + </licenses> + + <developers> + <developer> + <name>Thomas Lenz</name> + <email>thomas.lenz@egiz.gv.at</email> + <organization>eGovernment Innovation Center (EGIZ)</organization> + <organizationUrl>https://www.egiz.gv.at</organizationUrl> + </developer> + </developers> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + + <dependencies> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-web</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-actuator</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-configuration-processor</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-access</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-to-slf4j</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + </dependency> + + <!-- Test dependencies --> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.powermock</groupId> + <artifactId>powermock-module-junit4</artifactId> + <scope>test</scope> + <exclusions> + <exclusion> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.powermock</groupId> + <artifactId>powermock-api-mockito2</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + + <build> + <finalName>eaaf-springboot-utils</finalName> + + <resources> + <resource> + <directory>src/main/resources</directory> + </resource> + </resources> + + <plugins> + <plugin> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + <version>${spotbugs-maven-plugin.version}</version> + <configuration> + <failOnError>true</failOnError> + <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> + </configuration> + </plugin> + + </plugins> + </build> + +</project>
\ No newline at end of file diff --git a/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/actuator/HsmFacadeProviderHealthCheck.java b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/actuator/HsmFacadeProviderHealthCheck.java new file mode 100644 index 00000000..3b2e3fe7 --- /dev/null +++ b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/actuator/HsmFacadeProviderHealthCheck.java @@ -0,0 +1,100 @@ +package at.gv.egiz.eaaf.utils.springboot.actuator; + +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Executors; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.HealthIndicator; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory.HsmFacadeStatus; +import lombok.extern.slf4j.Slf4j; + +/** + * Implements a Spring-Actuator HealthCheck for HSM-Facade from A-SIT+. + * + * @author tlenz + * + */ +@Slf4j +@Service("HsmFacadeProvider") +public class HsmFacadeProviderHealthCheck implements HealthIndicator { + + private static final String CONFIG_PROP_HEALTHCHECK_DEADLINE = "security.hsmfacade.healthcheck.deadline"; + private static final int DEFAULT_HEALTHCHECK_DEADLINE = 10; + + @Autowired(required = false) EaafKeyStoreFactory factory; + @Autowired(required = false) IConfiguration basicConfig; + + @Override + public Health health() { + if (factory != null && factory.isHsmFacadeInitialized()) { + int deadline = getIntegerFromConfig(CONFIG_PROP_HEALTHCHECK_DEADLINE, DEFAULT_HEALTHCHECK_DEADLINE); + CompletableFuture<Health> asynchTestOperation = new CompletableFuture<>(); + Executors.newCachedThreadPool().submit(() -> runHsmTest(asynchTestOperation)); + try { + return asynchTestOperation.get(deadline, TimeUnit.SECONDS); + + } catch (InterruptedException | ExecutionException | TimeoutException e) { + log.warn("Receive no respose from Health-Check after {} seconds.", deadline, e); + return Health.outOfService().withException(e).build(); + + } + + + } else { + log.trace("No {} or HSM-Facade is not initialized. Skipping healthCheck ...", + EaafKeyStoreFactory.class.getName()); + + } + + return Health.unknown().build(); + + } + + private void runHsmTest(CompletableFuture<Health> completableFuture) { + try { + HsmFacadeStatus status = factory.checkHsmFacadeStatus(); + log.trace("Current HSM-Facade status: {}", status); + if (HsmFacadeStatus.UP.equals(status)) { + completableFuture.complete(Health.up().build()); + + } else if (HsmFacadeStatus.DOWN.equals(status)) { + completableFuture.complete(Health.down().build()); + + } + + } catch (Exception e) { + log.warn("HSM-Facaden Health-Check has an error", e); + completableFuture.complete(Health.down(e).build()); + + } + + } + + private int getIntegerFromConfig(String key, int defaultValue) { + if (basicConfig == null) { + log.info("Using default-value: {} for Config. Property: {}", defaultValue, key); + return defaultValue; + + } else { + String value = basicConfig.getBasicConfiguration(key, String.valueOf(defaultValue)); + try { + return Integer.parseInt(value); + + } catch (NumberFormatException e) { + log.warn("Config. Property: {} with value: {} is NO valid Integer", key, value, e); + log.info("Using default-value: {} for Config. Property: {}", defaultValue, key); + return defaultValue; + + } + } + } + +} diff --git a/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/TomcatAjpConfiguration.java b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/TomcatAjpConfiguration.java new file mode 100644 index 00000000..c665edb3 --- /dev/null +++ b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/TomcatAjpConfiguration.java @@ -0,0 +1,145 @@ +package at.gv.egiz.eaaf.utils.springboot.ajp; + +import java.io.File; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.util.Map; + +import org.apache.catalina.connector.Connector; +import org.apache.commons.lang3.StringUtils; +import org.apache.coyote.AbstractProtocol; +import org.apache.coyote.ProtocolHandler; +import org.apache.coyote.ajp.AbstractAjpProtocol; +import org.apache.tomcat.util.net.NioChannel; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.PropertySource; + +import at.gv.egiz.eaaf.utils.springboot.ajp.logging.LoggingProperties; +import at.gv.egiz.eaaf.utils.springboot.ajp.logging.MdcEnhancerFilter; +import ch.qos.logback.access.tomcat.LogbackValve; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Configuration +@EnableConfigurationProperties(value = {LoggingProperties.class, TomcatProperties.class}) +@PropertySource("classpath:tomcat.properties") +@PropertySource(value = "classpath:tomcat-${spring.profiles.active}.properties", ignoreResourceNotFound = true) +public class TomcatAjpConfiguration { + private static final String PROTOCOL = "AJP/1.3"; + + @Autowired + private LoggingProperties loggingProperties; + + @Autowired + private TomcatProperties tomcatProperties; + + @Value("${tomcat.workingdir:./work}") + String tomcatWorkDirectory; + + /** + * Set MDC variables for embedded Tomcat access-logging. + * + * @param filter {@link MdcEnhancerFilter} that injects MDS variables + * @return + */ + @Bean + public FilterRegistrationBean<MdcEnhancerFilter> enhacedMdcFilter(@Autowired MdcEnhancerFilter filter) { + FilterRegistrationBean<MdcEnhancerFilter> registration = new FilterRegistrationBean<>(filter); + registration.setEnabled(loggingProperties.getMdc().isEnabled()); + return registration; + + } + + /** + * Adds AJP Connector to embedded Tomcat. + * + * @return + */ + @Bean + public TomcatServletWebServerFactory servletContainer() { + final TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(); + + //set working directory + final File workDirFile = new File(tomcatWorkDirectory); + checkBasekDirectory(workDirFile); + tomcat.setBaseDirectory(workDirFile); + log.info("Set embedded Tomcat workingDirectory to: {}", + workDirFile.getAbsolutePath()); + + //set logger configuration + if (loggingProperties.getAccessLog().isEnabled()) { + LogbackValve valve = new LogbackValve(); + valve.setFilename(loggingProperties.getAccessLog().getFilename()); + tomcat.addEngineValves(valve); + } + + final TomcatProperties.Ajp ajp = tomcatProperties.getAjp(); + if (ajp != null && ajp.isEnabled()) { + final Connector ajpConnector = new Connector(PROTOCOL); + ajpConnector.setPort(ajp.getPort()); + ajpConnector.setSecure(ajp.isSecure()); + ajpConnector.setAllowTrace(ajp.isAllowTrace()); + ajpConnector.setScheme(ajp.getScheme()); + setNetworkAddress(ajpConnector.getProtocolHandler(), + ajp.getNetworkAddress()); + + if (ajp.getAdditionalAttributes() != null) { + for (final Map.Entry<String, String> entry : + ajp.getAdditionalAttributes().entrySet()) { + log.debug("Set Tomcat AJP property: {} with value: {}", + entry.getKey(), entry.getValue()); + ajpConnector.setAttribute(entry.getKey(), entry.getValue()); + } + } + log.debug("AJP connector requires secret: {}", + ((AbstractAjpProtocol<?>) ajpConnector.getProtocolHandler()).getSecretRequired()); + + tomcat.addAdditionalTomcatConnectors(ajpConnector); + } + + return tomcat; + } + + private void setNetworkAddress(ProtocolHandler protocolHandler, String address) { + log.trace("Set network address: {} to ProtocolHandler: {}", address, protocolHandler.getClass().getName()); + if (StringUtils.isNotEmpty(address) + && protocolHandler instanceof AbstractProtocol<?>) { + try { + ((AbstractProtocol<NioChannel>) protocolHandler).setAddress(InetAddress.getByName(address)); + log.info("Bind connector: {} to address: {}", PROTOCOL, address); + + } catch (UnknownHostException e) { + log.error("Can NOT set network address: {} to connector: {}", address, PROTOCOL); + + } + + } else { + log.debug("Bind connector: {} to default address", PROTOCOL); + + } + } + + private void checkBasekDirectory(File workDirFile) { + if (!workDirFile.exists()) { + log.debug("Embedded Tomcat workingDirectory: {} not exist. Create it ... ", + workDirFile.getAbsolutePath()); + if (workDirFile.mkdirs()) { + log.info("Embedded Tomcat workingDirectory created"); + + } + } + + if (!workDirFile.isDirectory()) { + log.error("Path to embedded Tomcat workingDirectory: {} is NOT directory", + workDirFile.getAbsolutePath()); + + } + } + +} diff --git a/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/TomcatProperties.java b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/TomcatProperties.java new file mode 100644 index 00000000..acddafa0 --- /dev/null +++ b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/TomcatProperties.java @@ -0,0 +1,72 @@ +package at.gv.egiz.eaaf.utils.springboot.ajp; + +import java.util.Map; + +import org.springframework.boot.context.properties.ConfigurationProperties; + +import lombok.Getter; +import lombok.Setter; + +/** + * Embedded tomcat configuration properties. + */ +@ConfigurationProperties(prefix = "tomcat", ignoreInvalidFields = true) +@Getter +@Setter +public class TomcatProperties { + + /** + * AJP connector properties. + */ + private Ajp ajp; + + /** + * AJP connector properties. + */ + @Getter + @Setter + public static class Ajp { + + /** + * Should the AJP port be enabled. + */ + private boolean enabled; + + /** + * AJP protocol. + */ + private String protocol = "AJP/1.3"; + + /** + * AJP port. + */ + private int port = 8009; + + /** + * Secure connection flag. + */ + private boolean secure; + + /** + * Flag, to disable or enable the TRACE HTTP method. + */ + private boolean allowTrace; + + /** + * Scheme that will be assigned to requests received through this connector. + */ + private String scheme = "http"; + + /** + * Network address to bind this connector. + */ + private String networkAddress = null; + + /** + * Additional AJP Connector Attributes e.g. packetSize. + */ + private Map<String, String> additionalAttributes; + + } + +} diff --git a/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/logging/LoggingProperties.java b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/logging/LoggingProperties.java new file mode 100644 index 00000000..b3d5d846 --- /dev/null +++ b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/logging/LoggingProperties.java @@ -0,0 +1,94 @@ +package at.gv.egiz.eaaf.utils.springboot.ajp.logging; + +import java.util.Collections; +import java.util.List; + +import org.springframework.boot.context.properties.ConfigurationProperties; + +import lombok.Getter; +import lombok.Setter; + +/** + * Logger configuration for embedded Tomcat. + * + * @author BRZ development team + * @author tlenz + * + */ +@ConfigurationProperties(prefix = "logging") +@Getter +@Setter +public class LoggingProperties { + /** + * Whether to log in JSON format. + */ + private boolean json = true; + /** + * Whether to log in plain text. + */ + private boolean text = false; + /** + * Default Logback Pattern. + */ + private String pattern = "### unused property ###"; + /** + * Logback Mapped Diagnostic Context. + */ + private Mdc mdc = new Mdc(); + + /** + * Logback Mapped Diagnostic Context. + */ + + @Getter + @Setter + public static class Mdc { + /** + * Whether to use Logback's MDC. + */ + private boolean enabled = false; + /** + * List of HTTP Headers to make available in Logback's MDC. + */ + private List<String> headers = Collections.emptyList(); + private String headerPrefix = ""; + private String headerPostfix = ""; + /** + * List of HTTP Cookies to make available in Logback's MDC. + */ + private List<String> cookies = Collections.emptyList(); + private String cookiePrefix = ""; + private String cookiePostfix = ""; + /** + * List of HTTP Session Attributes to make available in Logback's MDC. + */ + private List<String> sessionAttributes = Collections.emptyList(); + private String sessionAttributePrefix = ""; + private String sessionAttributePostfix = ""; + /** + * Value to use if a configured MDC entry would be null. + */ + private String nullValue = null; + } + + /** + * Tomcat AccessLog. + */ + private AccessLog accessLog = new AccessLog(); + + /** + * Tomcat AccessLog. + */ + @Getter + @Setter + public static class AccessLog { + /** + * Enable AccessLog. + */ + private boolean enabled = false; + /** + * Logback access log filename. + */ + private String filename = "logback-access.xml"; + } +} diff --git a/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/logging/MdcEnhancerFilter.java b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/logging/MdcEnhancerFilter.java new file mode 100644 index 00000000..d63c47c9 --- /dev/null +++ b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/ajp/logging/MdcEnhancerFilter.java @@ -0,0 +1,99 @@ +package at.gv.egiz.eaaf.utils.springboot.ajp.logging; + +import java.io.IOException; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.MDC; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@EnableConfigurationProperties(LoggingProperties.class) +public class MdcEnhancerFilter implements Filter { + + /** + * Logging properties. + */ + @Autowired + private LoggingProperties loggingProperties; + + /** + * {@inheritDoc} + */ + @Override + public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, + final FilterChain filterChain) throws IOException, ServletException { + final HttpServletRequest request = (HttpServletRequest) servletRequest; + + String key; + String value; + for (final String header : loggingProperties.getMdc().getHeaders()) { + key = loggingProperties.getMdc().getHeaderPrefix() + header + loggingProperties.getMdc() + .getHeaderPostfix(); + value = request.getHeader(header); + if (!StringUtils.isEmpty(value)) { + MDC.put(key, value); + } else if (loggingProperties.getMdc().getNullValue() != null) { + MDC.put(key, loggingProperties.getMdc().getNullValue()); + } + } + + for (final String cookie : loggingProperties.getMdc().getCookies()) { + key = loggingProperties.getMdc().getCookiePrefix() + cookie + loggingProperties.getMdc() + .getCookiePostfix(); + value = getCookie(cookie, request.getCookies()); + if (!StringUtils.isEmpty(value)) { + MDC.put(key, value); + } else if (loggingProperties.getMdc().getNullValue() != null) { + MDC.put(key, loggingProperties.getMdc().getNullValue()); + } + } + + Object object; + for (final String attribute : loggingProperties.getMdc().getSessionAttributes()) { + key = loggingProperties.getMdc().getSessionAttributePrefix() + attribute + loggingProperties.getMdc() + .getSessionAttributePostfix(); + object = request.getSession(true).getAttribute(attribute); + if (object != null) { + MDC.put(key, object.toString()); + } else if (loggingProperties.getMdc().getNullValue() != null) { + MDC.put(key, loggingProperties.getMdc().getNullValue()); + } + } + + try { + filterChain.doFilter(servletRequest, servletResponse); + } finally { + for (final String header : loggingProperties.getMdc().getHeaders()) { + MDC.remove(header); + } + for (final String cookie : loggingProperties.getMdc().getCookies()) { + MDC.remove(cookie); + } + for (final String attribute : loggingProperties.getMdc().getSessionAttributes()) { + MDC.remove(attribute); + } + } + } + + private static String getCookie(final String cookie, final Cookie[] cookies) { + if (cookies == null || StringUtils.isEmpty(cookie)) { + return null; + } + for (final Cookie c : cookies) { + if (c.getName().equals(cookie)) { + return c.getValue(); + } + } + return null; + } +}
\ No newline at end of file diff --git a/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/utils/VersionHolder.java b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/utils/VersionHolder.java new file mode 100644 index 00000000..9d996853 --- /dev/null +++ b/eaaf-springboot-utils/src/main/java/at/gv/egiz/eaaf/utils/springboot/utils/VersionHolder.java @@ -0,0 +1,42 @@ +package at.gv.egiz.eaaf.utils.springboot.utils; + +import java.util.Optional; + +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.ApplicationContext; +import org.springframework.stereotype.Service; + +/** + * SpringBoot based implementation of an application-version holder. + * + * @author tlenz + * + */ +@Service +public class VersionHolder { + + private final String version; + + /** + * Holder that extracts the current version of the SpringBoot application. + * + * @param context Spring ApplicationContext + */ + public VersionHolder(ApplicationContext context) { + version = context.getBeansWithAnnotation(SpringBootApplication.class).entrySet().stream() + .findFirst() + .flatMap(es -> Optional.ofNullable(es.getValue().getClass().getPackage().getImplementationVersion())) + .orElse("unknown"); + + } + + /** + * Get version of this application. + * + * @return version + */ + public String getVersion() { + return version; + + } +} diff --git a/eaaf-springboot-utils/src/main/resources/tomcat.properties b/eaaf-springboot-utils/src/main/resources/tomcat.properties new file mode 100644 index 00000000..38ab5a64 --- /dev/null +++ b/eaaf-springboot-utils/src/main/resources/tomcat.properties @@ -0,0 +1,15 @@ +tomcat.ajp.enabled=true +#tomcat.ajp.port=41009 +#tomcat.ajp.additionalAttributes.secretrequired=true +#tomcat.ajp.additionalAttributes.secret= + +server.tomcat.accesslog.buffered=false +server.tomcat.accesslog.prefix=tomcat-access_log +server.tomcat.accesslog.directory=logs/ +server.tomcat.accesslog.enabled=true +server.tomcat.accesslog.file-date-format=.yyyy-MM-dd +server.tomcat.accesslog.pattern=common +server.tomcat.accesslog.rename-on-rotate=false +server.tomcat.accesslog.request-attributes-enabled=true +server.tomcat.accesslog.rotate=true +server.tomcat.accesslog.suffix=.log
\ No newline at end of file diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/SimpleSpringBootStarterTest.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/SimpleSpringBootStarterTest.java new file mode 100644 index 00000000..e0c478af --- /dev/null +++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/SimpleSpringBootStarterTest.java @@ -0,0 +1,73 @@ +package at.gv.egiz.eaaf.utils.springboot.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.io.IOException; + +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.impl.client.HttpClientBuilder; +import org.apache.http.impl.client.HttpClients; +import org.junit.Assert; +import org.junit.Test; +import org.springframework.boot.ExitCodeGenerator; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; +import org.springframework.context.ConfigurableApplicationContext; + +import at.gv.egiz.eaaf.utils.springboot.test.dummy.DummySpringBootApp; +import at.gv.egiz.eaaf.utils.springboot.utils.VersionHolder; + +public class SimpleSpringBootStarterTest { + + @Test + public void Test() throws ClientProtocolException, IOException { + + DummySpringBootApp.main(new String[] { + "--spring.config.location=classpath:/config/jUnit_application.properties"}); + + ConfigurableApplicationContext ctx = DummySpringBootApp.getCtx(); + Assert.assertNotNull("SpringBootContext", ctx); + + // check if AJP Connector config was set + TomcatServletWebServerFactory ajp = ctx.getBean(TomcatServletWebServerFactory.class); + Assert.assertNotNull("No AJP connector", ajp); + + // check simple http calls + testSimpleHttpCall(); + + // check version holder + checkVersionHolder(ctx); + + + SpringApplication.exit(ctx, new ExitCodeGenerator() { + @Override + public int getExitCode() { + // TODO Auto-generated method stub + return 0; + } + }); + } + + private void testSimpleHttpCall() throws ClientProtocolException, IOException { + // check if authentication works on actuator end-point + final HttpClientBuilder builder = HttpClients.custom(); + final CloseableHttpClient client = builder.build(); + assertNotNull("httpClient", client); + + final HttpUriRequest httpGet1 = new HttpGet("http://localhost:8080/junit"); + final CloseableHttpResponse httpResp1 = client.execute(httpGet1); + assertEquals("http statusCode", 200, httpResp1.getStatusLine().getStatusCode()); + + } + + private void checkVersionHolder(ConfigurableApplicationContext ctx) { + VersionHolder versionHolder = ctx.getBean(VersionHolder.class); + assertEquals("can not extract version", "unknown", versionHolder.getVersion()); + + } +} diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest.java new file mode 100644 index 00000000..9d3c0d02 --- /dev/null +++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest.java @@ -0,0 +1,41 @@ +package at.gv.egiz.eaaf.utils.springboot.test.actuator; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.Status; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.utils.springboot.actuator.HsmFacadeProviderHealthCheck; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_spring_actuator.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class HsmFacadeProviderHealthCheckNoKeyStoreFactoryTest { + + @Mock + private EaafKeyStoreFactory keyStoreFactory; + + @InjectMocks + @Autowired + private HsmFacadeProviderHealthCheck check; + + @Test + public void noEaafKeyStoreFactoryBean() { + //get current status + Health status = check.health(); + + //validate result + Assert.assertEquals("wrong statusCode", Status.UNKNOWN.getCode(), status.getStatus().getCode()); + + } + +} diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckTest.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckTest.java new file mode 100644 index 00000000..d6bdf26a --- /dev/null +++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/actuator/HsmFacadeProviderHealthCheckTest.java @@ -0,0 +1,96 @@ +package at.gv.egiz.eaaf.utils.springboot.test.actuator; + +import static org.mockito.Mockito.when; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.Status; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory.HsmFacadeStatus; +import at.gv.egiz.eaaf.utils.springboot.actuator.HsmFacadeProviderHealthCheck; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_spring_actuator.xml") +public class HsmFacadeProviderHealthCheckTest { + + @Mock + private EaafKeyStoreFactory keyStoreFactory = Mockito.mock(EaafKeyStoreFactory.class); + + @InjectMocks + @Autowired + private HsmFacadeProviderHealthCheck check; + + @Before + public void initMocks() { + MockitoAnnotations.initMocks(this); + + } + + @Test + public void hsmFacadeStatusUnknown() { + //set-up test result + when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(false); + + //get current status + Health status = check.health(); + + //validate result + Assert.assertEquals("wrong statusCode", Status.UNKNOWN.getCode(), status.getStatus().getCode()); + + } + + @Test + public void statusUp() throws Exception { + //set-up test result + when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(true); + when(keyStoreFactory.checkHsmFacadeStatus()).thenReturn(HsmFacadeStatus.UP); + + //get current status + Health status = check.health(); + + //validate result + Assert.assertEquals("wrong statusCode", Status.UP.getCode(), status.getStatus().getCode()); + + } + + @Test + public void statusDown() throws Exception { + //set-up test result + when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(true); + when(keyStoreFactory.checkHsmFacadeStatus()).thenReturn(HsmFacadeStatus.DOWN); + + //get current status + Health status = check.health(); + + //validate result + Assert.assertEquals("wrong statusCode", Status.DOWN.getCode(), status.getStatus().getCode()); + + } + + @Test + public void statusUnknown() throws Exception { + //set-up test result + when(keyStoreFactory.isHsmFacadeInitialized()).thenReturn(true); + when(keyStoreFactory.checkHsmFacadeStatus()).thenReturn(HsmFacadeStatus.UNKNOWN); + + //get current status + Health status = check.health(); + + //validate result + Assert.assertEquals("wrong statusCode", Status.OUT_OF_SERVICE.getCode(), status.getStatus().getCode()); + + } + + +} diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/DummyController.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/DummyController.java new file mode 100644 index 00000000..65dcf5c1 --- /dev/null +++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/DummyController.java @@ -0,0 +1,23 @@ +package at.gv.egiz.eaaf.utils.springboot.test.dummy; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + + +@Controller +public class DummyController { + + @RequestMapping(value = {"/junit"}, + method = { RequestMethod.POST, RequestMethod.GET }) + public void performGenericAuthenticationProcess(HttpServletRequest req, HttpServletResponse resp) + throws IOException { + resp.setStatus(200); + + } +} diff --git a/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/DummySpringBootApp.java b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/DummySpringBootApp.java new file mode 100644 index 00000000..bc742371 --- /dev/null +++ b/eaaf-springboot-utils/src/test/java/at/gv/egiz/eaaf/utils/springboot/test/dummy/DummySpringBootApp.java @@ -0,0 +1,26 @@ +package at.gv.egiz.eaaf.utils.springboot.test.dummy; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.context.annotation.ComponentScan; + +import lombok.Getter; + +@ComponentScan(basePackages = {"at.gv.egiz.eaaf.utils.springboot"}) +@EnableAutoConfiguration +@SpringBootApplication +public class DummySpringBootApp { + + @Getter + private static ConfigurableApplicationContext ctx; + + public static void main(String[] args) { + + final SpringApplication springApp = new SpringApplication(DummySpringBootApp.class); + ctx = springApp.run(args); + + } + +} diff --git a/eaaf-springboot-utils/src/test/resources/config/config1.properties b/eaaf-springboot-utils/src/test/resources/config/config1.properties new file mode 100644 index 00000000..ca134cf4 --- /dev/null +++ b/eaaf-springboot-utils/src/test/resources/config/config1.properties @@ -0,0 +1,15 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/config/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2 + +core.pendingrequestid.maxlifetime=180 +core.pendingrequestid.digist.type=passphrase +core.pendingrequestid.digist.secret=pendingReqIdSecret +core.pendingrequestid.digist.keystore.name= +core.pendingrequestid.digist.key.alias=
\ No newline at end of file diff --git a/eaaf-springboot-utils/src/test/resources/config/hsm_facade_trust_root.crt b/eaaf-springboot-utils/src/test/resources/config/hsm_facade_trust_root.crt new file mode 100644 index 00000000..01be3821 --- /dev/null +++ b/eaaf-springboot-utils/src/test/resources/config/hsm_facade_trust_root.crt @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBdDCCARqgAwIBAgIEXkz1yjAKBggqhkjOPQQDAjARMQ8wDQYDVQQDDAZlY3Jv +b3QwHhcNMjAwMjE5MDg0NjAyWhcNMjEwMjE4MDg0NjAyWjARMQ8wDQYDVQQDDAZl +Y3Jvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8yvpVIWbPj4E7Lr87hwQR +T9DZf9WY5LMV7gF6NKpnJ5JkEql/s7fqBVbrh8aSNo6gmfmSk4VYGhPJ+DCMzzQj +o2AwXjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFOXafzYpIOlu6BgNU+Ee +JWuJobgWMB0GA1UdDgQWBBTl2n82KSDpbugYDVPhHiVriaG4FjALBgNVHQ8EBAMC +AQYwCgYIKoZIzj0EAwIDSAAwRQIgRt/51PKL/bATuLCdib95Ika+h845Jo0G+Sbn +bzNwJAcCIQCVD1cxEBuUkKaiaLbTiNVsEjvQb6ti0TFbbQUH66jCGA== +-----END CERTIFICATE----- diff --git a/eaaf-springboot-utils/src/test/resources/config/jUnit_application.properties b/eaaf-springboot-utils/src/test/resources/config/jUnit_application.properties new file mode 100644 index 00000000..dd7a77c1 --- /dev/null +++ b/eaaf-springboot-utils/src/test/resources/config/jUnit_application.properties @@ -0,0 +1,19 @@ +## embbeded Tomcat +tomcat.workingdir=./target/work +tomcat.ajp.enabled=true +tomcat.ajp.port=8009 +tomcat.ajp.networkAddress=127.0.0.1 +tomcat.ajp.additionalAttributes.secretrequired=true +tomcat.ajp.additionalAttributes.secret=junit + +############################################################################# +## Embedded Tomcat Logging +logging.accesslog.enabled=true +logging.mdc.enabled=true +logging.mdc.headers[0]=header1 +logging.mdc.headers[1]=header2 +logging.mdc.cookies[0]=cookie1 +logging.mdc.cookies[1]=cookie2 +logging.mdc.sessionAttributes[0]=attr1 +logging.mdc.sessionAttributes[1]=attr2 +logging.mdc.nullvalue=null
\ No newline at end of file diff --git a/eaaf-springboot-utils/src/test/resources/spring/test_spring_actuator.xml b/eaaf-springboot-utils/src/test/resources/spring/test_spring_actuator.xml new file mode 100644 index 00000000..f41efac9 --- /dev/null +++ b/eaaf-springboot-utils/src/test/resources/spring/test_spring_actuator.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" + default-lazy-init="true"> + + <bean id="dummyAuthConfigMap" + class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap" > + <constructor-arg value="/config/config1.properties" /> + </bean> + + <!-- bean id="eaafKeyStoreFactory" + class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" /--> + + <bean id="eaafUtilsMessageSource" + class="at.gv.egiz.eaaf.core.impl.logging.EaafUtilsMessageSource" /> + + <bean id="HsmFacadeProvider" + class="at.gv.egiz.eaaf.utils.springboot.actuator.HsmFacadeProviderHealthCheck"/> + +</beans>
\ No newline at end of file diff --git a/eaaf_core/checks/spotbugs-exclude.xml b/eaaf_core/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..70f27b81 --- /dev/null +++ b/eaaf_core/checks/spotbugs-exclude.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <!-- only redirects to internal addresses --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask"/> + <Method name="performRedirectToItself" /> + <Bug pattern="UNVALIDATED_REDIRECT" /> + </Match> + <Match> + <!-- only redirects to internal addresses --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"/> + <Method name="forwardToErrorHandler" /> + <Bug pattern="UNVALIDATED_REDIRECT" /> + </Match> + <Match> + <!-- the ErrorToken is only single-used as same as a CSRF token --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/> + <Method name="errorHandling" /> + <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> + </Match> + <Match> + <!-- the ErrorToken is only single-used as same as a CSRF token --> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/> + <Method name="errorRedirect" /> + <Bug pattern="SPRING_CSRF_UNRESTRICTED_REQUEST_MAPPING" /> + </Match> + <Match> + <!-- Only used to evaluate expressions from pre-compiled process-flows --> + <OR> + <Class name="at.gv.egiz.eaaf.core.impl.idp.process.springweb.SpringWebExpressionEvaluator"/> + <Class name="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator"/> + </OR> + <Bug pattern="SPEL_INJECTION" /> + </Match> + <Match> + <!-- URL will be only generated from configuration path--> + <Class name="at.gv.egiz.eaaf.core.impl.idp.conf.AbstractConfigurationImpl"/> + <Bug pattern="PATH_TRAVERSAL_IN" /> + </Match> + <Match> + <!-- Logging of request parameters is allowed for this classes --> + <OR> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.tasks.AbstractLocaleAuthServletTask"/> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController"/> + <Class name="at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController"/> + </OR> + <Bug pattern="CRLF_INJECTION_LOGS" /> + </Match> +</FindBugsFilter> diff --git a/eaaf_core/pom.xml b/eaaf_core/pom.xml index fba6e018..15628054 100644 --- a/eaaf_core/pom.xml +++ b/eaaf_core/pom.xml @@ -1,104 +1,107 @@ <?xml version="1.0" encoding="UTF-8"?> -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> - <groupId>at.gv.egiz</groupId> - <artifactId>eaaf</artifactId> - <version>1.1.3-SNAPSHOT</version> + <groupId>at.gv.egiz</groupId> + <artifactId>eaaf</artifactId> + <version>1.2.1-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf-core</artifactId> <name>EAAF core components</name> <description>Core components for identity managment implementations</description> - + <dependencies> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf_core_api</artifactId> - </dependency> - <dependency> - <groupId>at.gv.egiz.eaaf</groupId> - <artifactId>eaaf_core_utils</artifactId> - </dependency> - - <dependency> - <groupId>at.gv.egiz.components</groupId> - <artifactId>eventlog-api</artifactId> - </dependency> - <dependency> - <groupId>at.gv.egiz.components</groupId> - <artifactId>egiz-spring-api</artifactId> - </dependency> - <dependency> - <groupId>javax.annotation</groupId> - <artifactId>javax.annotation-api</artifactId> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-webmvc</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-api</artifactId> - </dependency> - <!-- dependency> - <groupId>org.slf4j</groupId> - <artifactId>slf4j-log4j12</artifactId> - </dependency--> - <dependency> - <groupId>commons-codec</groupId> - <artifactId>commons-codec</artifactId> - </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-lang3</artifactId> - </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-collections4</artifactId> - </dependency> - <dependency> - <groupId>org.apache.commons</groupId> - <artifactId>commons-text</artifactId> - </dependency> - <dependency> - <groupId>commons-fileupload</groupId> - <artifactId>commons-fileupload</artifactId> - </dependency> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> - </dependency> - <dependency> - <groupId>org.apache.velocity</groupId> - <artifactId>velocity</artifactId> - </dependency> - <dependency> - <groupId>jaxen</groupId> - <artifactId>jaxen</artifactId> - </dependency> - <dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </dependency> - <dependency> - <groupId>xalan</groupId> - <artifactId>xalan</artifactId> - </dependency> - + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_api</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + </dependency> + + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>eventlog-api</artifactId> + </dependency> + <dependency> + <groupId>at.gv.egiz.components</groupId> + <artifactId>egiz-spring-api</artifactId> + </dependency> + <dependency> + <groupId>javax.annotation</groupId> + <artifactId>javax.annotation-api</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + </dependency> + <!-- dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> + </dependency --> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-collections4</artifactId> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-text</artifactId> + </dependency> + <dependency> + <groupId>commons-fileupload</groupId> + <artifactId>commons-fileupload</artifactId> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>javax.servlet-api</artifactId> + </dependency> + <dependency> + <groupId>org.apache.velocity</groupId> + <artifactId>velocity</artifactId> + </dependency> + <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + </dependency> + <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + </dependency> + <dependency> + <groupId>jaxen</groupId> + <artifactId>jaxen</artifactId> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + </dependency> + <!-- For testing --> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-test</artifactId> - <scope>test</scope> - </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_utils</artifactId> @@ -106,58 +109,22 @@ <type>test-jar</type> </dependency> </dependencies> - - <build> + + <build> <finalName>eaaf_core</finalName> - + <plugins> <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.7.0</version> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + <version>${spotbugs-maven-plugin.version}</version> <configuration> - <source>1.8</source> - <target>1.8</target> + <failOnError>true</failOnError> + <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> </configuration> - <executions> - <execution> - <goals> - <goal>compile</goal> - <goal>testCompile</goal> - </goals> - </execution> - </executions> </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <version>3.1.0</version> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - - <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> - + </plugins> </build> - + </project> diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java index b3e0c88f..08c48435 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/api/utils/IJsonMapper.java @@ -3,8 +3,6 @@ package at.gv.egiz.eaaf.core.api.utils; import java.io.IOException; import java.io.InputStream; -import com.google.gson.JsonParseException; - import at.gv.egiz.eaaf.core.exceptions.EaafJsonMapperException; public interface IJsonMapper { diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGuiFormBuilderConfiguration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGuiFormBuilderConfiguration.java index b0718f85..f8e64c1a 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGuiFormBuilderConfiguration.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/gui/AbstractGuiFormBuilderConfiguration.java @@ -31,6 +31,7 @@ import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.gui.GroupDefinition; import at.gv.egiz.eaaf.core.api.gui.GroupDefinition.Type; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import lombok.Setter; /** * Abstract Configuration implementation for GUI Builders. @@ -63,6 +64,9 @@ public abstract class AbstractGuiFormBuilderConfiguration implements IGuiBuilder private String authUrl = null; private String viewName = null; private String formSubmitEndpoint = null; + + @Setter + private boolean writeAsynch = true; private final Map<String, Object> params = new HashMap<>(); @@ -137,6 +141,13 @@ public abstract class AbstractGuiFormBuilderConfiguration implements IGuiBuilder } + + @Override + public final boolean isWriteAsynch() { + return this.writeAsynch; + + } + /** * Define the parameters, which should be evaluated in the template. <br> * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java index 677e3c46..4fe22feb 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/AuthenticationData.java @@ -26,16 +26,18 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Map; import java.util.TimeZone; +import java.util.regex.Pattern; + +import javax.annotation.Nullable; import org.apache.commons.collections4.map.HashedMap; import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; +import lombok.extern.slf4j.Slf4j; /** * Service-Provider specific authentication data. @@ -43,12 +45,12 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; * @author tlenz * */ +@Slf4j public class AuthenticationData implements IAuthData, Serializable { - private static final Logger log = LoggerFactory.getLogger(AuthenticationData.class); - private static final long serialVersionUID = -1042697056735596866L; public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + public static final String IDENTITY_LINK_DATE_REGEX = "([0-9]{4})-([0-9]{2})-([0-9]{2})"; public static final String ISSUE_INSTANT_DATE_FORMAT = "yyyy-MM-dd'T'HH:mm:ss'Z'"; private boolean isBaseIdTransferRestrication = true; @@ -66,7 +68,7 @@ public class AuthenticationData implements IAuthData, Serializable { private String familyName; private String givenName; - private Date dateOfBirth; + private String dateOfBirth; private String encSourceId; private String encSourceIdType; @@ -135,7 +137,6 @@ public class AuthenticationData implements IAuthData, Serializable { } @Override - @Deprecated public String getBpk() { return bpk; } @@ -145,28 +146,41 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param bpk The bPK to set */ - @Deprecated public void setBpk(final String bpk) { this.bpk = bpk; } @Override - public Date getDateOfBirth() { - return getDateCopyOrNull(this.dateOfBirth); + public String getDateOfBirth() { + return this.dateOfBirth; } @Override - public String getFormatedDateOfBirth() { - final DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - if (getDateOfBirth() != null) { - return pvpDateFormat.format(getDateOfBirth()); - } else { - return "2999-12-31"; - } - + public String getDateOfBirthFormated(String pattern) { + if (StringUtils.isNotEmpty(getDateOfBirth())) { + try { + final DateFormat dateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + Date parsedDate = dateFormat.parse(getDateOfBirth()); + final String dateString = dateFormat.format(parsedDate); + if (getDateOfBirth().equals(dateString)) { + final DateFormat destDateFormat = new SimpleDateFormat(pattern); + return destDateFormat.format(parsedDate); + + } else { + log.info("DateOfBirth has an unusal format. Can not be converted to: {}", pattern); + + } + + } catch (ParseException | IllegalArgumentException e) { + log.error("Can not parse DateOfBirth.", e); + + } + } + return null; + } - + @Override public String getFamilyName() { return this.familyName; @@ -220,26 +234,16 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param dateOfBirth The dateOfBirth to set */ - public void setDateOfBirth(final Date dateOfBirth) { - this.dateOfBirth = getDateCopyOrNull(dateOfBirth); - } - - /** - * Set the date of birth. - * - * @param dateOfBirth date of birth String as "yyyy-MM-dd" - */ - public void setDateOfBirth(final String dateOfBirth) { - try { - if (StringUtils.isNotEmpty(dateOfBirth)) { - final DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); - this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); - + public void setDateOfBirth(@Nullable final String dateOfBirth) { + if (dateOfBirth != null) { + if (Pattern.matches(IDENTITY_LINK_DATE_REGEX, dateOfBirth)) { + this.dateOfBirth = dateOfBirth; + + } else { + log.error("DateOfBirth: {} does NOT match to pattern: {}", + dateOfBirth, IDENTITY_LINK_DATE_REGEX); + } - - } catch (final ParseException e) { - log.warn("Parse dateOfBirht from IdentityLink FAILED", e); - } } @@ -282,7 +286,6 @@ public class AuthenticationData implements IAuthData, Serializable { } @Override - @Deprecated public String getBpkType() { return bpkType; } @@ -292,10 +295,9 @@ public class AuthenticationData implements IAuthData, Serializable { * * @param bpkType bPK type */ - @Deprecated public void setBpkType(final String bpkType) { this.bpkType = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(bpkType); - + } @Override diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java index d2365e4a..89977308 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java @@ -25,6 +25,7 @@ import java.util.ArrayList; import java.util.Enumeration; import java.util.List; +import javax.annotation.PostConstruct; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -34,6 +35,7 @@ import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; @@ -66,6 +68,9 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa public static final int SLOTIMEOUT = 30 * 1000; // 30 sec + @Autowired + private ApplicationContext ctx; + @Autowired(required = true) protected IConfiguration authConfig; @Autowired(required = true) @@ -76,31 +81,35 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa protected IRevisionLogger revisionsLogger; @Autowired(required = false) protected ISsoManager ssoManager; - @Autowired + ModuleRegistration moduleRegistration; - /* - * (non-Javadoc) + @PostConstruct + private void initializer() { + moduleRegistration = ctx.getBean(ModuleRegistration.class); + + } + + /** + * Add a request parameter to whitelist. All parameters that are part of the + * white list are added into {@link ExecutionContext} * - * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager# - * addParameterNameToWhiteList(java.lang .String) + * @param httpReqParam http parameter name, but never null */ - @Override - public final void addParameterNameToWhiteList(final String httpReqParam) { + public static final void addParameterNameToWhiteList(final String httpReqParam) { if (StringUtils.isNotEmpty(httpReqParam)) { reqParameterWhiteListeForModules.add(httpReqParam); } } - /* - * (non-Javadoc) + /** + * Add a request header to whitelist. All parameters that are part of the white + * list are added into {@link ExecutionContext} * - * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager# - * addHeaderNameToWhiteList(java.lang. String) + * @param httpReqParam http header name, but never null */ - @Override - public final void addHeaderNameToWhiteList(final String httpReqParam) { + public static final void addHeaderNameToWhiteList(final String httpReqParam) { if (StringUtils.isNotEmpty(httpReqParam)) { reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); } @@ -348,7 +357,7 @@ public abstract class AbstractAuthenticationManager implements IAuthenticationMa if (processDefinitionId == null) { log.warn("No suitable process found for PendingReqId " + pendingReq.getPendingRequestId()); - throw new EaafException("process.02", new Object[] { pendingReq.getPendingRequestId() }); + throw new EaafException("process.02", null); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java index 0834aa7c..db13bf71 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/RequestStorage.java @@ -69,10 +69,21 @@ public class RequestStorage implements IRequestStorage { // search invalid pending-request for errorHandling IRequest invalidPendingRequest = null; - try { + try { if (StringUtils.isNotEmpty(e.getInvalidInternalPendingReqId())) { + log.debug("Searching for expired pendingRequest with Id: {} ... ", e.getInvalidInternalPendingReqId()); invalidPendingRequest = transactionStorage.get(e.getInvalidInternalPendingReqId(), IRequest.class); + + // If pendingReq. was found, set transactionID and sessionID to Logger + TransactionIdUtils.setAllLoggingVariables(invalidPendingRequest); + + log.debug("{} expired pendingReq. Set it into Exception ...", + invalidPendingRequest != null ? "Find" : "Find NO "); + + } else { + log.debug("Get no internal pendingRequestId. Expired pendingRequest can not be set"); + } } catch (final EaafException e1) { @@ -213,7 +224,7 @@ public class RequestStorage implements IRequestStorage { throws EaafException { final IRequest pendingRequest = transactionStorage.get(internalPendingReqId, IRequest.class); if (pendingRequest == null) { - log.info("No PendingRequst found with pendingRequestID " + internalPendingReqId); + log.debug("No PendingRequst found with pendingRequestID " + internalPendingReqId); return null; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java index c2f85fef..142dcf28 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/AbstractAuthenticationDataBuilder.java @@ -22,9 +22,9 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.builder; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.util.ArrayList; import java.util.Collection; -import java.util.Map.Entry; +import java.util.HashSet; +import java.util.Set; import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; @@ -54,6 +54,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.XPathException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; @@ -72,9 +73,13 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati public static final String CONFIG_PROP_ENABLE_IDL_ATTRIBUTE_ESCAPEING = "configuration.bugfix.enable.idl.escaping"; - protected Collection<String> includedToGenericAuthData = null; + private static final String GENERIC_ATTR_CONTAINER = "processAuthParam;"; + @Autowired protected IConfigurationWithSP basicConfig; + + //protected ThreadLocal<Set<String>> includedToGenericAuthData = null; + @Override public IAuthData buildAuthenticationData(final IRequest pendingReq) @@ -137,7 +142,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ protected abstract void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq) throws EaafException; - + /** * Add generic E-ID information into already existing AuthData. * @@ -169,7 +174,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati // includedToGenericAuthData = // authProcessData.getGenericSessionDataStorage().keySet(); // else - includedToGenericAuthData = new ArrayList<>(); + initializeThreadLocalVariable(authProcessData, new HashSet<>()); // #################################################### // set general authData info's @@ -204,24 +209,51 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati setCitizenCountryCode(internalAuthData, authProcessData); // set generic authProcessData to authdata - for (final Entry<String, Object> el : authProcessData.getGenericSessionDataStorage() - .entrySet()) { - if (el.getKey().startsWith(GENERIC_AUTHDATA_IDENTIFIER)) { - log.trace("Find generic authProcessData {}. Map it directly to authData", el.getKey()); - try { - internalAuthData.setGenericData(el.getKey(), el.getValue()); - - } catch (final EaafStorageException e) { - log.warn("Can NOT set authData with key: {}", el.getKey(), null, e); + authProcessData.getGenericSessionDataStream() + .filter(el -> el.getKey().startsWith(GENERIC_AUTHDATA_IDENTIFIER)) + .forEach(el -> { + log.trace("Find generic authProcessData {}. Map it directly to authData", el.getKey()); + try { + internalAuthData.setGenericData(el.getKey(), el.getValue()); - } + } catch (final EaafStorageException e) { + log.warn("Can NOT set authData with key: {}", el.getKey(), null, e); - } + } + }); + } + /** + * Initialize Thread-Local holder for generic attributes set in authenticated session. + * + * @param authProcessData Current authentication data holder + * @param data {@link Collection} of generic attribute-names + * @throws EaafAuthenticationException In case of an error + */ + protected void initializeThreadLocalVariable(@NonNull final IAuthProcessDataContainer authProcessData, + Set<String> data) + throws EaafAuthenticationException { + try { + authProcessData.setGenericDataToSession(GENERIC_ATTR_CONTAINER, data); + + } catch (EaafStorageException e) { + throw new EaafAuthenticationException("builder.11", new Object[] { e.getMessage() }, e); + } - + } - + + /** + * Initialize Thread-Local holder for generic attributes set in authenticated session. + * + * @param set {@link Collection} of generic attribute-names + */ + @SuppressWarnings("unchecked") + protected Set<String> getThreadLocalVariable(@NonNull final IAuthProcessDataContainer authProcessData) { + return authProcessData.getGenericDataFromSession(GENERIC_ATTR_CONTAINER, Set.class); + + } + /** * Parse citzen country-code into AuthData. * @@ -232,7 +264,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ private void setCitizenCountryCode(final AuthenticationData authData, final IAuthProcessDataContainer authProcessData) throws EaafAuthenticationException { - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME); final String pvpCccAttr = authProcessData .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); if (StringUtils.isNotEmpty(pvpCccAttr)) { @@ -265,7 +297,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ private void setQaaLevel(@NonNull final AuthenticationData authData, @NonNull final IAuthProcessDataContainer authProcessData) { - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME); String currentLoA = null; if (StringUtils.isNotEmpty(authProcessData.getQaaLevel())) { currentLoA = authProcessData.getQaaLevel(); @@ -331,9 +363,10 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati if (authProcessData.getGenericSessionDataStorage() != null && !authProcessData.getGenericSessionDataStorage().isEmpty()) { - includedToGenericAuthData = authProcessData.getGenericSessionDataStorage().keySet(); + initializeThreadLocalVariable(authProcessData, + authProcessData.getGenericSessionDataStorage().keySet()); } else { - includedToGenericAuthData = new ArrayList<>(); + initializeThreadLocalVariable(authProcessData, new HashSet<>()); } // #################################################### @@ -348,7 +381,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati IIdentityLink idlFromPvpAttr = null; final IIdentityLink identityLink = authProcessData.getIdentityLink(); if (identityLink != null) { - parseBasicUserInfosFromIdl(authData, identityLink, includedToGenericAuthData); + parseBasicUserInfosFromIdl(authData, identityLink, getThreadLocalVariable(authProcessData)); } else { // identityLink is not direct in MOASession @@ -362,7 +395,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati try { idlStream = new ByteArrayInputStream(Base64Utils.decodeFromString(pvpAttrIdl)); idlFromPvpAttr = new SimpleIdentityLinkAssertionParser(idlStream).parseIdentityLink(); - parseBasicUserInfosFromIdl(authData, idlFromPvpAttr, includedToGenericAuthData); + parseBasicUserInfosFromIdl(authData, idlFromPvpAttr, getThreadLocalVariable(authProcessData)); // set identitylink into AuthProcessData authProcessData.setIdentityLink(idlFromPvpAttr); @@ -375,7 +408,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati } finally { try { - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.EID_IDENTITY_LINK_NAME); if (idlStream != null) { idlStream.close(); } @@ -403,11 +436,11 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME, String.class)); // remove corresponding keys from genericSessionData if exists - includedToGenericAuthData.remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.BIRTHDATE_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); - includedToGenericAuthData.remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.GIVEN_NAME_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.BIRTHDATE_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.EID_SOURCE_PIN_NAME); + getThreadLocalVariable(authProcessData).remove(PvpAttributeDefinitions.EID_SOURCE_PIN_TYPE_NAME); } } @@ -625,7 +658,7 @@ public abstract class AbstractAuthenticationDataBuilder implements IAuthenticati */ @Deprecated private void parseBasicUserInfosFromIdl(final AuthenticationData authData, - final IIdentityLink identityLink, final Collection<String> includedGenericSessionData) { + final IIdentityLink identityLink, final Set<String> includedGenericSessionData) { authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java index 8eef4a8e..368652be 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthProcessDataWrapper.java @@ -22,9 +22,11 @@ package at.gv.egiz.eaaf.core.impl.idp.auth.data; import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; -import java.util.HashMap; import java.util.Map; +import java.util.Map.Entry; import java.util.TimeZone; +import java.util.stream.Collectors; +import java.util.stream.Stream; import javax.annotation.Nullable; @@ -264,16 +266,20 @@ public class AuthProcessDataWrapper * getGenericSessionDataStorage() */ @Override - public Map<String, Object> getGenericSessionDataStorage() { - final Map<String, Object> result = new HashMap<>(); - for (final Map.Entry<String, Object> el : authProcessData.entrySet()) { - if (el.getKey().startsWith(GENERIC_PREFIX)) { - result.put(el.getKey().substring(GENERIC_PREFIX.length()), el.getValue()); - } - - } - - return result; + public Map<String, Object> getGenericSessionDataStorage() { + return authProcessData.entrySet().stream() + .filter(el -> el.getKey().startsWith(GENERIC_PREFIX)) + .collect( + Collectors.toMap( + el -> el.getKey().substring(GENERIC_PREFIX.length()), + value -> value.getValue())); + + } + + @Override + public Stream<Entry<String, Object>> getGenericSessionDataStream() { + return getGenericSessionDataStorage().entrySet().stream(); + } /* diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/EidAuthProcessDataWrapper.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/EidAuthProcessDataWrapper.java new file mode 100644 index 00000000..48a2206b --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/EidAuthProcessDataWrapper.java @@ -0,0 +1,34 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.data; + +import java.util.Map; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IEidAuthProcessData; + +/** + * Authentication session-data that adds ID Austria specific information. + * + * @author tlenz + * + */ +public class EidAuthProcessDataWrapper extends AuthProcessDataWrapper implements IEidAuthProcessData { + + private static final String VALUE_INTERNAL_TEST_IDENTITY_PROCESS = "direct_is_testidentity"; + + public EidAuthProcessDataWrapper(Map<String, Object> authProcessData) { + super(authProcessData); + + } + + @Override + public boolean isTestIdentity() { + return wrapStoredObject(VALUE_INTERNAL_TEST_IDENTITY_PROCESS, false, Boolean.class); + + } + + @Override + public void setTestIdentity(boolean flag) { + authProcessData.put(VALUE_INTERNAL_TEST_IDENTITY_PROCESS, flag); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java index ee1037a1..8327b544 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/IdentityLink.java @@ -23,15 +23,20 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.Serializable; import java.security.PublicKey; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; import javax.xml.transform.TransformerException; -import org.w3c.dom.Element; - import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; +import org.w3c.dom.Element; + +import lombok.extern.slf4j.Slf4j; + /** * Data contained in an identity link issued by BMI, relevant to the MOA ID * component. <br> @@ -41,10 +46,13 @@ import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; * @author Paul Ivancsics * @version $Id$ */ +@Slf4j public class IdentityLink implements Serializable, IIdentityLink { private static final long serialVersionUID = 1L; + public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX"; + /** * <code>"identificationValue"</code> is the translation of * <code>"Stammzahl"</code>. @@ -372,6 +380,23 @@ public class IdentityLink implements Serializable, IIdentityLink { return issueInstant; } + @Override + public Date getIssueInstantDate() { + final SimpleDateFormat f = new SimpleDateFormat(PATTERN_ISSUE_INSTANT); + try { + if (issueInstant != null) { + return f.parse(issueInstant); + + } + + } catch (final ParseException e) { + log.error("Can NOT parse Date from String: {}", issueInstant, null, e); + + } + + return null; + } + /* * (non-Javadoc) * diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java index 3d093a9f..5b5d0aa8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/AbstractAuthServletTask.java @@ -45,6 +45,7 @@ import org.springframework.core.io.ResourceLoader; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.EaafEventCodes; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; @@ -155,6 +156,36 @@ public abstract class AbstractAuthServletTask extends AbstractTask { } /** + * Stopping the current authentication process by User decision. + * + * @param executionContext Current execution context + * @param request Http request + * @param response Http response + * @throws TaskExecutionException In case of an error during process-stopping + */ + protected void stopProcessFromUserDecision(final ExecutionContext executionContext, + final HttpServletRequest request, final HttpServletResponse response) + throws TaskExecutionException { + try { + revisionsLogger.logEvent(pendingReq, EaafEventCodes.PROCESS_STOPPED_BY_USER); + pendingReq.setAbortedByUser(true); + pendingReq.setAuthenticated(false); + performRedirectToProtocolFinialization(executionContext, pendingReq, request, response); + + log.trace("Set process-cancelation flag"); + executionContext.setCanceleProcessFlag(); + + } catch (final EaafException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (final Exception e) { + log.warn("Stopping auth.process FAILED", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + /** * Parses the request input stream for parameters, assuming parameters are * encoded UTF-8 (no standard exists how browsers should encode them). * @@ -268,4 +299,21 @@ public abstract class AbstractAuthServletTask extends AbstractTask { return url + "&" + param; } } + + /** + * Get a {@link Boolean} parameter from http request. + * + * @param httpReq http Request object + * @param paramName http Parameter name + * @return <code>true</code> if the parameter exists and the <code>Boolean.parseBoolean(value)</code> + * evaluates to <code>true</code>, otherwise <code>false</code> + */ + protected boolean evaluteBooleanReqParam(final HttpServletRequest httpReq, final String paramName) { + final String value = httpReq.getParameter(paramName); + if (value != null) { + return Boolean.parseBoolean(value); + } else { + return false; + } + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java index c4f1b505..c1593cb1 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/modules/ModuleRegistration.java @@ -100,7 +100,7 @@ public class ModuleRegistration { */ private void initSpringModules() { log.debug("Discovering Spring modules."); - final Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class); + final Map<String, AuthModule> modules = ctx.getBeansOfType(AuthModule.class); for (final AuthModule module : modules.values()) { registerModuleProcessDefinitions(module); priorizedModules.add(module); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/DefaultErrorService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/DefaultErrorService.java new file mode 100644 index 00000000..e41905a6 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/DefaultErrorService.java @@ -0,0 +1,111 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.services; + +import java.text.MessageFormat; +import java.util.HashSet; + +import javax.annotation.PostConstruct; +import javax.servlet.http.HttpServletRequest; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import lombok.Builder; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class DefaultErrorService implements IErrorService { + private static final String TECH_LOG_MSG = "errorCode={0} Message={1}"; + private static final String CONFIG_PROP_LOGGER_ON_INFO_LEVEL = "core.logging.level.info.errorcodes"; + + @Autowired IConfiguration basicConfig; + @Autowired IStatusMessenger statusMessager; + + private final HashSet<String> logOnInfoLevel = new HashSet<>(); + + @Override + public String getExternalCodeFromInternal(String internalCode) { + return statusMessager.mapInternalErrorToExternalError(internalCode); + + } + + @Override + public IHandleData createHandleData(Throwable throwable, boolean supportRedirctToSp) throws EaafException { + String internalErrorId = extractInternalErrorCode(throwable); + + return HandleData.builder() + .throwable(throwable) + .internalErrorCode(internalErrorId) + .actionType(ActionType.NO_TICKET) + .logLevel(logOnInfoLevel.contains(internalErrorId) ? LogLevel.INFO : LogLevel.WARN) + .build(); + + } + + @Override + public void displayErrorData(ModifyableGuiBuilderConfiguration c, IHandleData errorData, + HttpServletRequest httpReq) throws EaafException { + log.trace("Do nothing because Tickets are not supported by: {}", DefaultErrorService.class.getName()); + + } + + private String extractInternalErrorCode(Throwable throwable) { + Throwable originalException; + if (throwable instanceof TaskExecutionException + && ((TaskExecutionException) throwable).getOriginalException() != null) { + originalException = ((TaskExecutionException) throwable).getOriginalException(); + + } else { + originalException = throwable; + + } + + if (!(originalException instanceof EaafException)) { + return IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC; + + } else { + return ((EaafException) originalException).getErrorId(); + + } + } + + @PostConstruct + private void initialize() throws EaafException { + log.info("initErrorTicketService"); + + logOnInfoLevel.addAll(KeyValueUtils.getListOfCsvValues( + basicConfig.getBasicConfiguration(CONFIG_PROP_LOGGER_ON_INFO_LEVEL))); + log.info("Set errorCodes={} to LogLevel:INFO", String.join(",", logOnInfoLevel)); + + } + + @Builder + static class HandleData implements IHandleData { + + @Getter + private String errorIdTokenForRedirect; + + @Getter + private final Throwable throwable; + + @Getter + private String internalErrorCode; + + @Getter + private ActionType actionType; + + @Getter + private LogLevel logLevel; + + public String getPreFormatedErrorMessage() { + return MessageFormat.format(TECH_LOG_MSG, internalErrorCode, throwable.getMessage()); + + } + + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/IErrorService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/IErrorService.java new file mode 100644 index 00000000..b6bc1056 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/IErrorService.java @@ -0,0 +1,164 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.services; + +import javax.annotation.Nonnull; +import javax.servlet.http.HttpServletRequest; + +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +public interface IErrorService { + + /** + * Describes the kind of action that should be taken. + */ + enum ActionType { + TICKET("ticket"), NO_TICKET("no_ticket"), ERRORPAGE("errorpage"); + + private final String name; + + ActionType(final String text) { + this.name = text; + } + + + /** + * Get flow type for error-handling from String representation. + * + * @param s Config parameter + * @return Error-handling flow + */ + public static ActionType fromString(final String s) { + try { + return ActionType.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return null; + + } + } + + @Override + public String toString() { + return name; + } + } + + /** + * Defines the LogLevel for this types of errors. + */ + enum LogLevel { + ERROR("error"), WARN("warn"), INFO("info"), DEBUG("debug"); + + private final String level; + + LogLevel(final String logLevel) { + this.level = logLevel; + + } + + + /** + * Get the log-level from String representation. + * + * @param s Config parameter + * @return Log-Level from configuration or ERROR as backup + */ + public static LogLevel fromString(final String s) { + try { + return LogLevel.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return LogLevel.ERROR; + + } + } + + @Override + public String toString() { + return level; + } + + } + + String PARAM_GUI_TICKET = "supportTicket"; + String PARAM_GUI_REDIRECT = "redirectLink"; + + /** + * Maps internal error codes to external ones. + * @param internalCode internal error code + * @return external error code + */ + @Nonnull + String getExternalCodeFromInternal(@Nonnull String internalCode); + + /** + * Creates error handling data. + * + * @param throwable Error that should be handled + * @param supportRedirctToSp <code>true</code> if the current process-state supports redirect + * to Service-Provider, otherwise <code>false</code> + * @return Information how the error should be handled + * @throws EaafException In case of an internal error + */ + @Nonnull + IHandleData createHandleData(@Nonnull Throwable throwable, boolean supportRedirctToSp) throws EaafException; + + /** + * Displays the error using suitable errordata. + * + * @param c guibuilder + * @param errorData Data to handle + * @param httpReq Current HTTP request + * @throws EaafException In case of an internal error + */ + void displayErrorData(@Nonnull ModifyableGuiBuilderConfiguration c, @Nonnull IErrorService.IHandleData errorData, + @Nonnull HttpServletRequest httpReq) throws EaafException; + + /** + * Contains all the Model data for Error Handling. + */ + interface IHandleData { + + /** + * Get a new pendingReqId that can be used to store the error for SP forwarding. + * + * @return errorToken as pendingRequest + */ + String getErrorIdTokenForRedirect(); + + /** + * Describes the kind of action that should be taken. + * + * @return The appropriate action + */ + ActionType getActionType(); + + /** + * Get internal errorCode describing the problem. + * + * @return internal error Code. + */ + String getInternalErrorCode(); + + /** + * Get the original throwable of the error. + * + * @return causing throwable + */ + Throwable getThrowable(); + + /** + * Get the log-level for this internal errorId. + * + * @return Level to Log the error + */ + LogLevel getLogLevel(); + + /** + * Get pre-formated text for log message. + * + * @return log message + */ + String getPreFormatedErrorMessage(); + } +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java index 5f84d118..ca2c92b1 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/services/ProtocolAuthenticationService.java @@ -15,16 +15,13 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.gv.egiz.eaaf.core.impl.idp.auth.services; import java.io.IOException; -import java.io.PrintWriter; -import java.io.StringWriter; -import java.util.Arrays; -import java.util.List; +import javax.annotation.PostConstruct; import javax.naming.ConfigurationException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -32,6 +29,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; import org.apache.commons.text.StringEscapeUtils; +import org.owasp.encoder.Encode; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -39,12 +37,14 @@ import org.springframework.context.ApplicationContext; import org.springframework.lang.NonNull; import org.springframework.lang.Nullable; import org.springframework.stereotype.Service; +import org.springframework.util.SerializationUtils; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfigurationFactory; import at.gv.egiz.eaaf.core.api.gui.IGuiFormBuilder; @@ -60,6 +60,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService import at.gv.egiz.eaaf.core.api.idp.slo.SloInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; @@ -72,6 +73,9 @@ import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; import at.gv.egiz.eaaf.core.impl.http.HttpUtils; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.ActionType; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.IHandleData; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.LogLevel; import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; @@ -80,9 +84,6 @@ import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; public class ProtocolAuthenticationService implements IProtocolAuthenticationService { private static final Logger log = LoggerFactory.getLogger(ProtocolAuthenticationService.class); - private static final List<String> ERROR_LOGGER_ON_INFO_LEVEL = - Arrays.asList(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP); - @Autowired(required = true) private ApplicationContext applicationContext; @Autowired(required = true) @@ -98,13 +99,21 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Autowired(required = true) IPendingRequestIdGenerationStrategy pendingReqIdGenerationStrategy; + @Autowired(required = true) + private IErrorService errorTicketService; + @Autowired(required = false) private ISsoManager ssoManager; + @Autowired private IStatisticLogger statisticLogger; + @Autowired private IRevisionLogger revisionsLogger; + @Autowired(required = true) + protected ITransactionStorage transactionStorage; + private IGuiFormBuilder guiBuilder; /* @@ -130,8 +139,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer final ISpConfiguration oaParam = pendingReq.getServiceProviderConfiguration(); if (oaParam == null) { - throw new EaafAuthenticationException( - IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG, + throw new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOSPCONFIG, new Object[] { pendingReq.getSpEntityId() }); } @@ -142,8 +150,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer finalizeAuthentication(req, resp, pendingReq); // transaction is finished, log transaction finished event - revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, - pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq + .getUniqueTransactionIdentifier()); } @@ -170,7 +178,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer @Override public void finalizeAuthentication(final HttpServletRequest req, final HttpServletResponse resp, final IRequest pendingReq) throws EaafException, IOException { - log.debug("Finalize PendingRequest with ID " + pendingReq.getPendingRequestId()); + log.debug("Finalize PendingRequest with ID={} ", pendingReq.getPendingRequestId()); try { // check if pending-request has 'abortedByUser' flag set @@ -178,15 +186,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer // send authentication aborted error to Service Provider buildProtocolSpecificErrorResponse( new EaafAuthenticationException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_USERSTOP, - new Object[] {}), - req, resp, pendingReq); - - // do not remove the full active SSO-Session - // in case of only one Service-Provider authentication request is aborted - if (!pendingReq.needSingleSignOnFunctionality()) { - requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); - - } + new Object[] {}), req, + resp, pendingReq); // check if pending-request are authenticated } else if (pendingReq.isAuthenticated() && !pendingReq.isNeedUserConsent()) { @@ -194,11 +195,12 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } else { // suspect state: pending-request is not aborted but also are not authenticated - log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", - pendingReq.isAuthenticated(), pendingReq.isNeedUserConsent()); + log.warn("PendingRequest flag for 'authenticated':{} and 'needConsent':{}", pendingReq + .isAuthenticated(), + pendingReq.isNeedUserConsent()); if (pendingReq.isNeedUserConsent()) { - log.error( - "PendingRequest NEEDS user-consent. Can NOT fininalize authentication --> Abort authentication process!"); + log.error("PendingRequest NEEDS user-consent. " + + "Can NOT fininalize authentication --> Abort authentication process!"); } else { log.error("PendingRequest is NOT authenticated --> Abort authentication process!"); @@ -210,66 +212,106 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } } catch (final Exception e) { - log.error("Finalize authentication protocol FAILED.", e); + log.info("Finalize authentication protocol FAILED. Reason: {}", e.getMessage()); buildProtocolSpecificErrorResponse(e, req, resp, pendingReq); + } finally { + // remove pending-request + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq + .getUniqueTransactionIdentifier()); } - // remove pending-request - requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); - revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, - pendingReq.getUniqueTransactionIdentifier()); - } @Override - public void buildProtocolSpecificErrorResponse(final Throwable throwable, - final HttpServletRequest req, final HttpServletResponse resp, final IRequest protocolRequest) - throws EaafException, IOException { + public void buildProtocolSpecificErrorResponse(final Throwable throwable, final HttpServletRequest req, + final HttpServletResponse resp, final IRequest protocolRequest) throws EaafException, IOException { try { + + final IErrorService.IHandleData errorData = errorTicketService.createHandleData(throwable, true); - final Class<?> clazz = Class.forName(protocolRequest.requestedModule()); - - if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { - log.error( - "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - throw new Exception( - "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + // log Error to technical log + logExceptionToTechnicalLog(errorData); - } - - final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + // log Error Message + statisticLogger.logErrorOperation(throwable, protocolRequest); + + // write revision log entries + revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR, + protocolRequest.getUniqueTransactionIdentifier()); + + if (ActionType.TICKET.equals(errorData.getActionType()) + || ActionType.ERRORPAGE.equals(errorData.getActionType())) { + + if (errorData.getErrorIdTokenForRedirect() != null) { + // Put pending request + final ExceptionContainer exceptionContainer = new ExceptionContainer(protocolRequest, throwable); + final byte[] serialized = SerializationUtils.serialize(exceptionContainer); + log.debug("Put error into cache to support SP forwarding ... "); + String internalErrorToken = pendingReqIdGenerationStrategy.getPendingRequestIdWithOutChecks( + errorData.getErrorIdTokenForRedirect()); + log.trace("errorIdToken: {}", internalErrorToken); + transactionStorage.put(internalErrorToken, serialized, -1); + + } else { + log.debug("No errorTokenId. Forwarding to SP will not be available"); + + } - if (handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest)) { + // render GUI + displayException(req, resp, errorData); - // log Error to technical log - logExceptionToTechnicalLog(throwable); + } else { + final IModulInfo handlingModule = extractShibbolethHandling(protocolRequest, applicationContext); + if (handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest)) { + log.debug("Error-response to SP successfully written"); - // log Error Message - statisticLogger.logErrorOperation(throwable, protocolRequest); + } else { + log.info("Error-response to SP FAILED. Writing error message into GUI ... "); + displayException(req, resp, errorData); - // write revision log entries - revisionsLogger.logEvent(protocolRequest, EventConstants.TRANSACTION_ERROR, - protocolRequest.getUniqueTransactionIdentifier()); + } + } - return; + } catch (final Throwable e) { + // if building error response results in error, we try with with + // handleErrorNoRedirect + log.error("ErrorHandling has an internel error. Show process-error in GUI ... ", e); + handleErrorNoRedirect(throwable, req, resp, false); - } else { - handleErrorNoRedirect(throwable, req, resp, true); + } + } - } + /** + * Retrieves shibboleth module info. + * + * @param protocolRequest current request + * @param applicationContext spring context + * @return IModulInfo + * @throws ClassNotFoundException If no shibboleth handling implementation found + */ + public static IModulInfo extractShibbolethHandling(IRequest protocolRequest, + ApplicationContext applicationContext) + throws ClassNotFoundException { + final Class<?> clazz = Class.forName(protocolRequest.requestedModule()); - } catch (final Throwable e) { - handleErrorNoRedirect(throwable, req, resp, true); + if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { + log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + throw new ClassCastException( + "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); } + return (IModulInfo) applicationContext.getBean(clazz); } @Override public void handleErrorNoRedirect(final Throwable throwable, final HttpServletRequest req, - final HttpServletResponse resp, final boolean writeExceptionToStatisticLog) - throws IOException, EaafException { + final HttpServletResponse resp, final boolean writeExceptionToStatisticLog) throws EaafException, + IOException { + + final IErrorService.IHandleData errorData = errorTicketService.createHandleData(throwable, false); // log Exception into statistic database if (writeExceptionToStatisticLog) { @@ -277,61 +319,61 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } // write errror to console - logExceptionToTechnicalLog(throwable); + logExceptionToTechnicalLog(errorData); + + // render GUI + displayException(req, resp, errorData); + + } + + private void logExceptionToTechnicalLog(IHandleData errorData) { + // In case of a TaskExecutionException, which is only a container for + // process-errors, + // extract internal exception + + // Log exception + if (!(errorData.getThrowable() instanceof EaafException) + || LogLevel.ERROR.equals(errorData.getLogLevel())) { + log.error(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); + + } else if (LogLevel.WARN.equals(errorData.getLogLevel())) { + log.warn(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); + + } else if (LogLevel.INFO.equals(errorData.getLogLevel())) { + log.info(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); + + } else if (LogLevel.DEBUG.equals(errorData.getLogLevel())) { + log.debug(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); - // return error to Web browser - if (throwable instanceof EaafException || throwable instanceof ProcessExecutionException) { - internalMoaidExceptionHandler(req, resp, (Exception) throwable, false); } else { - // write generic message for general exceptions - final String msg = - statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null); - writeHtmlErrorResponse(req, resp, msg, "9199", null, (Exception) throwable); + log.warn("Get unsupported LogLevelType: {}. Use {} as default", + errorData.getLogLevel(), LogLevel.ERROR); + log.error(errorData.getPreFormatedErrorMessage(), errorData.getThrowable()); } - } @Override public void forwardToErrorHandler(Pair<IRequest, Throwable> errorToHandle, String errorKey, final HttpServletRequest req, final HttpServletResponse resp) throws GuiBuildException { - IGuiBuilderConfiguration parentHopGuiConfig = - evaluateRequiredErrorHandlingMethod(errorToHandle.getFirst(), errorKey); + final IGuiBuilderConfiguration parentHopGuiConfig = evaluateRequiredErrorHandlingMethod(errorToHandle + .getFirst(), + errorKey); if (parentHopGuiConfig != null) { log.trace("iFrame to parent hop requested. Building GUI step for error handling ... "); guiBuilder.build(req, resp, parentHopGuiConfig, "iFrame-to-parent"); - - } else { + + } else { // build up redirect URL final String redirectUrl = generateErrorRedirectUrl(req, errorKey); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectUrl); - log.debug("REDIRECT TO: " + redirectUrl); - + log.debug("REDIRECT TO: {}", redirectUrl); + } } - - private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { - if (first != null && first.isProcessInIframe()) { - return guiConfigFactory.getDefaultIFrameParentHopGui(first, - "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, - errorId); - - } - return null; - } - - private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { - String redirectUrl = null; - redirectUrl = ServletUtils.getBaseUrl(req); - redirectUrl += "/" + ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" - + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey; - return redirectUrl; - - } - public void setGuiBuilder(final IGuiFormBuilder guiBuilder) { this.guiBuilder = guiBuilder; } @@ -339,15 +381,14 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer /** * Finalize the requested protocol operation. * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @param moaSession MOASession object, which is used to generate the - * protocol specific authentication information + * @param req HttpServletRequest + * @param resp HttpServletResponse + * @param pendingReq Authentication request which is actually in process * @throws Exception In case of an error */ protected void internalFinalizeAuthenticationProcess(final HttpServletRequest req, - final HttpServletResponse resp, final IRequest pendingReq) throws Exception { + final HttpServletResponse resp, + final IRequest pendingReq) throws Exception { String newSsoSessionId = null; @@ -369,8 +410,8 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer final IAuthData authData = authDataBuilder.buildAuthenticationData(pendingReq); // execute the protocol-specific action - final SloInformationInterface sloInformation = - executeProtocolSpecificAction(req, resp, pendingReq, authData); + final SloInformationInterface sloInformation = executeProtocolSpecificAction(req, resp, pendingReq, + authData); // Store OA specific SSO session information if an SSO cookie is set if (StringUtils.isNotEmpty(newSsoSessionId)) { @@ -390,21 +431,24 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } // Advanced statistic logging - statisticLogger.logSuccessOperation(pendingReq, authData, - StringUtils.isNotEmpty(newSsoSessionId)); + statisticLogger.logSuccessOperation(pendingReq, authData, StringUtils.isNotEmpty(newSsoSessionId)); + + } + + @PostConstruct + private void initializer() { + log.trace("Initializing {} ...", ProtocolAuthenticationService.class.getName()); } /** * Executes the requested protocol action. * - * @param httpReq HttpServletRequest - * @param httpResp HttpServletResponse - * @param protocolRequest Authentication request which is actually in process - * @param authData Service-provider specific authentication data - * + * @param httpReq HttpServletRequest + * @param httpResp HttpServletResponse + * @param pendingReq Authentication request which is actually in process + * @param authData Service-provider specific authentication data * @return Return Single LogOut information or null if protocol supports no SSO - * * @throws Exception in case of an error */ private SloInformationInterface executeProtocolSpecificAction(final HttpServletRequest httpReq, @@ -416,7 +460,7 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer if (clazz == null || !IAction.class.isAssignableFrom(clazz)) { log.error( "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); - throw new Exception( + throw new ClassCastException( "Requested protocol-action processing Class is NULL or does not implement the IAction interface."); } @@ -427,153 +471,130 @@ public class ProtocolAuthenticationService implements IProtocolAuthenticationSer } catch (final ClassNotFoundException e) { log.error( "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); - throw new Exception( - "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface."); + throw new ClassNotFoundException( + "Requested Auth. protocol processing Class is NULL or does not implement the IAction interface.", + e); } } - /** - * Write a Exception to the MOA-ID-Auth internal technical log. - * - * @param loggedException Exception to log - */ - protected void logExceptionToTechnicalLog(final Throwable loggedException) { - if (!(loggedException instanceof EaafException - || loggedException instanceof ProcessExecutionException)) { - log.error("Receive an internal error: Message=" + loggedException.getMessage(), - loggedException); - - } else { - if (loggedException instanceof EaafAuthenticationException && ERROR_LOGGER_ON_INFO_LEVEL - .contains(((EaafAuthenticationException) loggedException).getErrorId())) { - if (log.isDebugEnabled() || log.isTraceEnabled()) { - log.info(loggedException.getMessage(), loggedException); - - } else { - log.info(loggedException.getMessage()); - - } - - } else { - if (log.isDebugEnabled() || log.isTraceEnabled()) { - log.warn(loggedException.getMessage(), loggedException); - - } else { - log.warn(loggedException.getMessage()); - - } - } - } - } + // private void writeHtmlErrorResponse(@NonNull final HttpServletRequest + // httpReq, + // @NonNull final HttpServletResponse httpResp, @NonNull final String msg, + // @NonNull final String errorCode, + // @Nullable final Object[] params, String externalErrorCode) throws + // EaafException { + // this.writeHtmlErrorResponse(httpReq, httpResp, msg, errorCode, params, + // externalErrorCode, null, null); + // } private void writeHtmlErrorResponse(@NonNull final HttpServletRequest httpReq, - @NonNull final HttpServletResponse httpResp, @NonNull final String msg, - @NonNull final String errorCode, @Nullable final Object[] params, - @NonNull final Exception error) throws IOException, EaafException { + @NonNull final HttpServletResponse httpResp, @NonNull final String msg, @NonNull final String errorCode, + @Nullable final Object[] params, String externalErrorCode, IErrorService.IHandleData errorData) + throws EaafException { try { - final IGuiBuilderConfiguration config = - guiConfigFactory.getDefaultErrorGui(HttpUtils.extractAuthUrlFromRequest(httpReq)); + final IGuiBuilderConfiguration config = guiConfigFactory + .getDefaultErrorGui(HttpUtils.extractAuthUrlFromRequest(httpReq)); + String[] errorCodeParams = null; if (params == null) { errorCodeParams = new String[] {}; + } else { errorCodeParams = new String[params.length]; for (int i = 0; i < params.length; i++) { if (params[i] != null) { - errorCodeParams[i] = params[i].toString(); + /* replace all single-quotes by two single-quotes for escaping purposes to mitigate + * Thymeleaf error in: + * th:text="${#messages.msgWithParams('__${msg.errorCode}__', '__${msg.errorParams}__')}" + */ + errorCodeParams[i] = params[i].toString().replaceAll("'", "''"); + } else { errorCodeParams[i] = "null"; + } - } } // add errorcode and errormessage if (config instanceof ModifyableGuiBuilderConfiguration) { - ((ModifyableGuiBuilderConfiguration) config).putCustomParameter( - AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg); - ((ModifyableGuiBuilderConfiguration) config).putCustomParameter( - AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, errorCode); - ((ModifyableGuiBuilderConfiguration) config).putCustomParameterWithOutEscaption( - AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODEPARAMS, - ArrayUtils.toString(errorCodeParams)); - - // add stacktrace if debug is enabled - if (log.isTraceEnabled()) { - ((ModifyableGuiBuilderConfiguration) config).putCustomParameter( - AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORSTACKTRACE, - getStacktraceFromException(error)); - - } + final ModifyableGuiBuilderConfiguration c = (ModifyableGuiBuilderConfiguration) config; + c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERROMSG, msg); + c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, PARAM_GUI_ERRORCODE, + errorCode); + // TODO: should we keep the internal errorcode secret? + c.putCustomParameter(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, + PARAM_GUI_EXTERNAL_ERRORCODE, + externalErrorCode); + c.putCustomParameterWithOutEscaption(AbstractGuiFormBuilderConfiguration.PARAM_GROUP_MSG, + PARAM_GUI_ERRORCODEPARAMS, ArrayUtils.toString(errorCodeParams)); + errorTicketService.displayErrorData(c, errorData, httpReq); } else { - log.info( - "Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable "); + log.info("Can not ADD error message, because 'GUIBuilderConfiguration' is not modifieable "); } guiBuilder.build(httpReq, httpResp, config, "Error-Message"); } catch (final GuiBuildException e) { log.warn("Can not build error-message GUI.", e); - throw new EaafException("9199", null, e); + throw new EaafException("internal.99", new Object[] {e.getMessage()}, e); } } - private String getStacktraceFromException(final Exception ex) { - final StringWriter errors = new StringWriter(); - ex.printStackTrace(new PrintWriter(errors)); - return errors.toString(); + private void displayException(final HttpServletRequest req, final HttpServletResponse resp, + final IErrorService.IHandleData errorData) throws IOException, EaafException { + final Throwable e = errorData.getThrowable(); + final String internalErrorCode = errorData.getInternalErrorCode(); - } - - private void internalMoaidExceptionHandler(final HttpServletRequest req, - final HttpServletResponse resp, final Exception e, final boolean writeExceptionToStatisicLog) - throws IOException, EaafException { + // send error response if (e instanceof ProtocolNotActiveException) { - resp.getWriter().write(e.getMessage()); + resp.getWriter().write(Encode.forHtml(e.getMessage())); resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); resp.sendError(HttpServletResponse.SC_FORBIDDEN, StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(e.getMessage()))); - } else if (e instanceof AuthnRequestValidatorException) { - final AuthnRequestValidatorException ex = (AuthnRequestValidatorException) e; - // log Error Message - if (writeExceptionToStatisicLog) { - statisticLogger.logErrorOperation(ex, ex.getErrorRequest()); - } - + } else if (e instanceof AuthnRequestValidatorException || e instanceof InvalidProtocolRequestException + || e instanceof ProcessExecutionException || e instanceof ConfigurationException) { // write error message - // writeBadRequestErrorResponse(req, resp, (EAAFException) e); - writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), - null, e); - - } else if (e instanceof InvalidProtocolRequestException) { - // send error response - // writeBadRequestErrorResponse(req, resp, (EAAFException) e); - writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), - null, e); - - } else if (e instanceof ConfigurationException) { - // send HTML formated error message - writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), - null, e); + writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, null, + statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData); } else if (e instanceof EaafException) { // send HTML formated error message - writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), - ((EaafException) e).getParams(), e); + writeHtmlErrorResponse(req, resp, e.getMessage(), internalErrorCode, ((EaafException) e).getParams(), + statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData); - } else if (e instanceof ProcessExecutionException) { - // send HTML formated error message - writeHtmlErrorResponse(req, resp, e.getMessage(), statusMessager.getResponseErrorCode(e), - null, e); + } else { + // write generic message for general exceptions + final String msg = statusMessager.getMessage(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null); + writeHtmlErrorResponse(req, resp, msg, internalErrorCode, null, + statusMessager.mapInternalErrorToExternalError(internalErrorCode), errorData); } + } + + private IGuiBuilderConfiguration evaluateRequiredErrorHandlingMethod(IRequest first, String errorId) { + if (first != null && first.isProcessInIframe()) { + return guiConfigFactory + .getDefaultIFrameParentHopGui(first, ProtocolFinalizationController.ENDPOINT_ERRORHANDLING, + errorId); + + } + return null; + } + + private String generateErrorRedirectUrl(final HttpServletRequest req, String errorKey) { + String redirectUrl = null; + redirectUrl = ServletUtils.getBaseUrl(req); + redirectUrl += ProtocolFinalizationController.ENDPOINT_ERRORHANDLING + "?" + + EaafConstants.PARAM_HTTP_ERROR_CODE + "=" + errorKey; + return redirectUrl; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/AttributeBuilderRegistration.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/AttributeBuilderRegistration.java new file mode 100644 index 00000000..b554ad05 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/AttributeBuilderRegistration.java @@ -0,0 +1,88 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder; + +import java.util.HashMap; +import java.util.Iterator; +import java.util.ServiceLoader; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class AttributeBuilderRegistration { + + private static HashMap<String, IAttributeBuilder> builders; + + private static ServiceLoader<IAttributeBuilder> attributBuilderLoader = + ServiceLoader.load(IAttributeBuilder.class); + + private static void addBuilder(final IAttributeBuilder builder) { + builders.put(builder.getName(), builder); + } + + static { + builders = new HashMap<>(); + + log.info("Loading protocol attribut-builder modules:"); + if (attributBuilderLoader != null) { + final Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator(); + while (moduleLoaderInterator.hasNext()) { + try { + final IAttributeBuilder modul = moduleLoaderInterator.next(); + log.info("Loading attribut-builder Modul Information: " + modul.getName()); + addBuilder(modul); + + } catch (final Throwable e) { + log.error("Check configuration! " + "Some attribute-builder modul" + + " is not a valid IAttributeBuilder", e); + } + } + } + + log.info("Loading attribute-builder modules done"); + + } + + /** + * Get a specific attribute builder. + * + * @param name Attribute-builder friendly name + * + * @return Attribute-builder with this name or null if builder does not exists + */ + public static IAttributeBuilder getAttributeBuilder(final String name) { + return builders.get(name); + + } + + /** + * Check if a specific attribute-builder is available. + * + * @param name Attribute-builder friendly name + * @return <code>true</code> if the builder is registered, otherwise <code>false</code> + */ + public static boolean containsBuilder(final String name) { + return builders.containsKey(name); + + } + + /** + * Get all registered attribute-builder. + * + * @return {@link Iterator} of all available builders + */ + public static Iterator<IAttributeBuilder> getAllRegistratedBuilder() { + return builders.values().iterator(); + + } + + /** + * Get the number of currently register attribute builders. + * + * @return number of attribute builders + */ + public static int getNumberOfRegisteredBuilders() { + return builders.size(); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java index 19500cb3..a82a1a55 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BirthdateAttributeBuilder.java @@ -19,8 +19,7 @@ package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; -import java.text.DateFormat; -import java.text.SimpleDateFormat; +import org.apache.commons.lang3.StringUtils; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; @@ -41,11 +40,8 @@ public class BirthdateAttributeBuilder implements IPvpAttributeBuilder { public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, final IAttributeGenerator<ATT> g) throws AttributeBuilderException { - if (authData.getDateOfBirth() != null) { - final DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); - final String dateString = pvpDateFormat.format(authData.getDateOfBirth()); - - return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); + if (StringUtils.isNotEmpty(authData.getDateOfBirth())) { + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, authData.getDateOfBirth()); } else { throw new UnavailableAttributeException(BIRTHDATE_NAME); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java index e18cc1a8..5cbfec01 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/BpkAttributeBuilder.java @@ -19,27 +19,23 @@ package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; -import javax.annotation.Nonnull; - import org.apache.commons.lang3.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.util.Assert; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; @PvpMetadata public class BpkAttributeBuilder implements IPvpAttributeBuilder { private static final Logger log = LoggerFactory.getLogger(BpkAttributeBuilder.class); - public static final String DELIMITER_BPKTYPE_BPK = ":"; - + @Override public String getName() { return BPK_NAME; @@ -60,12 +56,13 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder { } protected String getBpkForSP(final IAuthData authData) throws UnavailableAttributeException { - final String bpk = attrMaxSize(authData.getBpk()); - final String type = removeBpkTypePrefix(authData.getBpkType()); - - if (StringUtils.isEmpty(bpk)) { + if (StringUtils.isEmpty(authData.getBpk()) || StringUtils.isEmpty(authData.getBpkType())) { throw new UnavailableAttributeException(BPK_NAME); + } + + final String bpk = attrMaxSize(authData.getBpk()); + final String type = BpkBuilder.removeBpkTypePrefix(authData.getBpkType()); return type + DELIMITER_BPKTYPE_BPK + bpk; @@ -78,23 +75,5 @@ public class BpkAttributeBuilder implements IPvpAttributeBuilder { return attr; } - - @Nonnull - protected String removeBpkTypePrefix(@Nonnull final String type) { - Assert.isTrue(type != null, "bPKType is 'NULL'"); - if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { - return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); - - } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { - return type.substring(EaafConstants.URN_PREFIX_CDID.length()); - - } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { - return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); - - } else { - return type; - - } - - } + } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidCcsUrl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidCcsUrl.java index 27b78059..03c16aef 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidCcsUrl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidCcsUrl.java @@ -31,7 +31,8 @@ public class EidCcsUrl implements IPvpAttributeBuilder { } } else { - log.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in MOA-ID context"); + log.info(EID_CCS_URL_FRIENDLY_NAME + " is only available in E-ID context"); + } throw new UnavailableAttributeException(EID_CCS_URL_NAME); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java index ee51564e..8345dcf8 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIdentityStatusLevelAttributeBuiler.java @@ -1,8 +1,5 @@ package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.IEidAuthData; @@ -10,11 +7,11 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import lombok.extern.slf4j.Slf4j; +@Slf4j @PvpMetadata public class EidIdentityStatusLevelAttributeBuiler implements IPvpAttributeBuilder { - private static final Logger log = - LoggerFactory.getLogger(EidIdentityStatusLevelAttributeBuiler.class); @Override public String getName() { @@ -28,12 +25,15 @@ public class EidIdentityStatusLevelAttributeBuiler implements IPvpAttributeBuild if (authData instanceof IEidAuthData) { if (((IEidAuthData) authData).getEidStatus() == null) { throw new UnavailableAttributeException(getName()); + } return g.buildStringAttribute(getFriendlyName(), getName(), ((IEidAuthData) authData).getEidStatus().getUri()); + } else { log.info(getFriendlyName() + " is only available in EAAF context"); + } throw new UnavailableAttributeException(getName()); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIssuingNationAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIssuingNationAttributeBuilder.java index fd85871c..90e8c285 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIssuingNationAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidIssuingNationAttributeBuilder.java @@ -41,7 +41,7 @@ public class EidIssuingNationAttributeBuilder implements IPvpAttributeBuilder { final String countryCode = authData.getCiticenCountryCode(); if (StringUtils.isNotEmpty(countryCode)) { return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, EID_ISSUING_NATION_NAME, - countryCode); + countryCode.toUpperCase()); } else { return null; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java index 48d7a3a3..ba993b0c 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSectorForIdAttributeBuilder.java @@ -27,7 +27,7 @@ import at.gv.egiz.eaaf.core.api.idp.IPvpAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; -import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; @PvpMetadata public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { @@ -48,7 +48,7 @@ public class EidSectorForIdAttributeBuilder implements IPvpAttributeBuilder { return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, EID_SECTOR_FOR_IDENTIFIER_NAME, - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(bpktype)); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(bpktype)); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSignerCertificate.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSignerCertificate.java index 6f857779..daed8455 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSignerCertificate.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/EidSignerCertificate.java @@ -53,16 +53,17 @@ public class EidSignerCertificate implements IPvpAttributeBuilder { EID_SIGNER_CERTIFICATE_NAME, Base64Utils.encodeToString(signerCertificate)); } else { - log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in MOA-ID context"); + log.debug("{} is not available", EID_SIGNER_CERTIFICATE_FRIENDLY_NAME); + } } catch (final Exception e) { - log.info("Signer certificate BASE64 encoding error"); + log.info("{} BASE64 encoding error", EID_SIGNER_CERTIFICATE_FRIENDLY_NAME); } } else { - log.info(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME + " is only available in AuthHandler context"); + log.info("{} is only available in AuthHandler context", EID_SIGNER_CERTIFICATE_FRIENDLY_NAME); } throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java new file mode 100644 index 00000000..08911ac7 --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/PiiTransactionIdAttributeBuilder.java @@ -0,0 +1,37 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +public class PiiTransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return EID_PII_TRANSACTION_ID_NAME; + + } + + @Override + public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + String piiTransactionId = authData.getGenericData(EID_PII_TRANSACTION_ID_NAME, String.class); + log.trace("{} piiTransactionId: {} as attribute", + piiTransactionId != null ? "Set" : "Notset", log.isTraceEnabled() ? piiTransactionId : "********"); + return g.buildStringAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME, + piiTransactionId); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_PII_TRANSACTION_ID_FRIENDLY_NAME, EID_PII_TRANSACTION_ID_NAME); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpMandateModeAttributeBuilder.java index 44ff4e50..3240cfca 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpUsesMandates.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpMandateModeAttributeBuilder.java @@ -26,11 +26,11 @@ import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; -public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { +public class SpMandateModeAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { @Override public String getName() { - return SP_USESMANDATES_NAME; + return SP_USED_MANDATE_TYPE_NAME; } @Override @@ -44,7 +44,7 @@ public class SpUsesMandates implements IAttributeBuilder, ExtendedPvpAttributeDe @Override public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { - return g.buildEmptyAttribute(SP_USESMANDATES_FRIENDLY_NAME, SP_USESMANDATES_NAME); + return g.buildEmptyAttribute(SP_USED_MANDATE_TYPE_FRIENDLY_NAME, SP_USED_MANDATE_TYPE_NAME); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpMandateProfilesAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpMandateProfilesAttributeBuilder.java new file mode 100644 index 00000000..e0d00f7d --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/SpMandateProfilesAttributeBuilder.java @@ -0,0 +1,51 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; + +public class SpMandateProfilesAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return SP_USED_MANDATE_PROFILES_NAME; + } + + @Override + public <ATT> ATT build(final ISpConfiguration oaParam, final IAuthData authData, + final IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + // this attribute can not generated yet + return null; + + } + + @Override + public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(SP_USED_MANDATE_PROFILES_FRIENDLY_NAME, SP_USED_MANDATE_PROFILES_NAME); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java new file mode 100644 index 00000000..17b830dc --- /dev/null +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/builder/attributes/TransactionIdAttributeBuilder.java @@ -0,0 +1,33 @@ +package at.gv.egiz.eaaf.core.impl.idp.builder.attributes; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +public class TransactionIdAttributeBuilder implements IAttributeBuilder, ExtendedPvpAttributeDefinitions { + + @Override + public String getName() { + return EID_TRANSACTION_ID_NAME; + + } + + @Override + public <ATT> ATT build(ISpConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { + return g.buildStringAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME, + TransactionIdUtils.getTransactionId()); + + } + + @Override + public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { + return g.buildEmptyAttribute(EID_TRANSACTION_ID_FRIENDLY_NAME, EID_TRANSACTION_ID_NAME); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java index fc62af45..b05d8df0 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractController.java @@ -26,11 +26,11 @@ import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; +import org.springframework.util.SerializationUtils; import org.springframework.web.bind.annotation.ExceptionHandler; import at.gv.egiz.components.eventlog.api.EventConstants; @@ -42,12 +42,12 @@ import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; import at.gv.egiz.eaaf.core.api.idp.auth.services.IProtocolAuthenticationService; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.core.impl.utils.Random; /** * Basic application controller that implements core error-handling. @@ -69,10 +69,13 @@ public abstract class AbstractController { protected ITransactionStorage transactionStorage; @Autowired(required = true) protected IStatusMessenger statusMessager; - + @Autowired protected IRevisionLogger revisionsLogger; + @Autowired + protected IPendingRequestIdGenerationStrategy reqIdGenerationStrategy; + /** * EAAF framework exception handler. * @@ -92,11 +95,11 @@ public abstract class AbstractController { protAuthService.handleErrorNoRedirect(e, req, resp, true); } catch (final EaafException e1) { + log.warn("ErrorHandling failed with error: ", e.getMessage(), e); log.warn("Can NOT handle an 'EAAFException'. Forwarding to generic error ... ", e); ioExceptionHandler(resp, e); } - } /** @@ -106,20 +109,23 @@ public abstract class AbstractController { * This handler wrote an internal server error into http response * </p> * - * @param resp http response - * @param exception exception + * @param req http request + * @param resp http response + * @param e Catched exception * @throws IOException In case of an internal error. */ @ExceptionHandler({ Exception.class }) - public void genericExceptionHandler(final HttpServletResponse resp, final Exception exception) - throws IOException { - log.error("Internel Server Error.", exception); - resp.setContentType(EaafConstants.CONTENTTYPE_HTML_UTF8); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Internal Server Error!" - + "(Errorcode=9199" + " | Description=" - + StringEscapeUtils.escapeHtml4(StringEscapeUtils.escapeEcmaScript(exception.getMessage())) - + ")"); + public void genericExceptionHandler(final HttpServletRequest req, final HttpServletResponse resp, + final Exception e) throws IOException { + try { + protAuthService.handleErrorNoRedirect(e, req, resp, true); + + } catch (final EaafException e1) { + log.warn("ErrorHandling failed with error: ", e.getMessage(), e); + log.error("Can NOT handle a generic 'Exception'. Forwarding to generic error ... ", e); + ioExceptionHandler(resp, e); + } } /** @@ -150,8 +156,6 @@ public abstract class AbstractController { try { final String errorKey = storeErrorAndGetErrorToken(errorToHandle); protAuthService.forwardToErrorHandler(errorToHandle, errorKey, req, resp); - - return; } catch (final Exception e) { log.warn("Default error-handling FAILED. Exception can not be stored ....", e); @@ -169,18 +173,30 @@ public abstract class AbstractController { } // put exception into transaction store for redirect - final String errorKey = Random.nextLongRandom(); + final String errorToken = reqIdGenerationStrategy.generateExternalPendingRequestId(); + final String errorKey = reqIdGenerationStrategy.getPendingRequestIdWithOutChecks(errorToken); + if (errorToHandle.getFirst() != null) { revisionsLogger.logEvent(errorToHandle.getFirst(), EventConstants.TRANSACTION_ERROR); - transactionStorage.put(errorKey, new ExceptionContainer(errorToHandle.getFirst(), errorToHandle - .getSecond()), -1); + + log.trace("Serializing {} ... ", ExceptionContainer.class.getName()); + final byte[] serializedError = SerializationUtils.serialize( + new ExceptionContainer(errorToHandle.getFirst(), errorToHandle.getSecond())); + + log.debug("Put 'ExceptionContainer' into cache with id: {}... ", errorKey); + transactionStorage.put(errorKey, serializedError, -1); } else { - transactionStorage.put(errorKey, new ExceptionContainer(null, errorToHandle.getSecond()), -1); + log.trace("Serializing {} ... ", ExceptionContainer.class.getName()); + final byte[] serializedError = SerializationUtils.serialize( + new ExceptionContainer(null, errorToHandle.getSecond())); + + log.trace("Put 'ExceptionContainer' into cache with id: {}... ",errorKey); + transactionStorage.put(errorKey, serializedError, -1); } - return errorKey; + return errorToken; } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java index 098bca4c..ea481bdb 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/AbstractProcessEngineSignalController.java @@ -36,6 +36,7 @@ import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; /** @@ -78,13 +79,16 @@ public abstract class AbstractProcessEngineSignalController extends AbstractCont // process instance is mandatory if (pendingReq.getProcessInstanceId() == null) { throw new EaafIllegalStateException( - new Object[] { "MOA session does not provide process instance id." }); + new Object[] { "PendingRequest does not provide process-instance id." }); } // wake up next task processEngine.signal(pendingReq); + } catch (PendingReqIdValidationException e) { + handleError(null, e, req, resp, e.getInvalidPendingReq()); + } catch (final Exception ex) { handleError(null, ex, req, resp, pendingReq); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 17da63f5..a22cbe9d 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -15,7 +15,7 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.gv.egiz.eaaf.core.impl.idp.controller; @@ -29,6 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; +import org.springframework.util.SerializationUtils; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -38,22 +39,107 @@ import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; /** * Protocol finialization end-point. * * @author tlenz - * */ @Controller public class ProtocolFinalizationController extends AbstractController { private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class); - public static final String ENDPOINT_FINALIZEPROTOCOL = "finalizeAuthProtocol"; - public static final String ENDPOINT_ERRORHANDLING = "errorHandling"; + public static final String ENDPOINT_FINALIZEPROTOCOL = + EaafConstants.ENDPOINT_PREFIX_SECURED + "/finalizeAuthProtocol"; + public static final String ENDPOINT_ERRORHANDLING = + EaafConstants.ENDPOINT_PREFIX_SECURED + "/errorHandling"; + public static final String ENDPOINT_ERROR_REDIRECT = + EaafConstants.ENDPOINT_PREFIX_SECURED + "/errorRedirect"; @Autowired(required = true) IRequestStorage requestStorage; + @Autowired + IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + + + /** + * Handles incoming requests for redirects to IDP. + * @param req http request + * @param resp http response + * @throws EaafException In case of an internal error + * @throws IOException In case of a servlet error + */ + @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST}) + public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) + throws EaafException, IOException { + + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + if (errorToken != null) { + IRequest pendingReq = null; + try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + log.debug("Searching exception with internal error-token: {}", errorId); + + // load stored exception from database + final byte[] containerSerialized = transactionStorage.get(errorId, byte[].class); + if (containerSerialized != null) { + // remove exception if it was found + transactionStorage.remove(errorId); + log.trace("Find exception with internal error-token: {}", errorId); + + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, + // Arrays.asList( + // ExceptionContainer.class.getName() + // )); + final Object containerObj = SerializationUtils.deserialize(containerSerialized); + + if (containerObj instanceof ExceptionContainer) { + final ExceptionContainer container = (ExceptionContainer) containerObj; + final Throwable throwable = container.getExceptionThrown(); + pendingReq = container.getPendingRequest(); + + if (pendingReq != null) { + IModulInfo handlingModule = ProtocolAuthenticationService + .extractShibbolethHandling(pendingReq, applicationContext); + if (!handlingModule.generateErrorMessage(throwable, req, resp, pendingReq)) { + protAuthService.handleErrorNoRedirect(new EaafException("process.90", null), req, resp, false); + + } + } + } + } else { + log.info("Find no exception with internal error-token: {}", errorId); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, null), + req, resp, false); + + } + + } catch (Throwable e) { + log.error(e.getMessage(), e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + + } finally { + // remove pending-request + if (pendingReq != null) { + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + + } + } + + } else { + log.debug("Request contains NO ErrorId"); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, + resp, false); + + } + } /** * End-Point to handle errors. @@ -63,42 +149,62 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ - @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = { RequestMethod.GET, RequestMethod.POST }) + @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET, RequestMethod.POST}) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { // receive an authentication error - final String errorid = - StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); - if (errorid != null) { + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + if (errorToken != null) { IRequest pendingReq = null; try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + log.debug("Searching exception with internal error-token: {}", errorId); + // load stored exception from database - final ExceptionContainer container = - transactionStorage.get(errorid, ExceptionContainer.class); - if (container != null) { + final byte[] containerSerialized = transactionStorage.get(errorId, byte[].class); + if (containerSerialized != null) { // remove exception if it was found - transactionStorage.remove(errorid); + transactionStorage.remove(errorId); + log.trace("Find exception with internal error-token: {}", errorId); + + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, + // Arrays.asList( + // ExceptionContainer.class.getName() + // )); + final Object containerObj = SerializationUtils.deserialize(containerSerialized); + + if (containerObj instanceof ExceptionContainer) { + final ExceptionContainer container = (ExceptionContainer) containerObj; + final Throwable throwable = container.getExceptionThrown(); + pendingReq = container.getPendingRequest(); - final Throwable throwable = container.getExceptionThrown(); - pendingReq = container.getPendingRequest(); + if (pendingReq != null) { + //set MDC variables + TransactionIdUtils.setAllLoggingVariables(pendingReq); - if (pendingReq != null) { - // build protocol-specific error message if possible - protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); + // build protocol-specific error message if possible + protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); - // remove active user-session - transactionStorage.remove(pendingReq.getPendingRequestId()); + // remove active user-session + transactionStorage.remove(pendingReq.getPendingRequestId()); - return; + } else { + protAuthService.handleErrorNoRedirect(throwable, req, resp, true); + + } } else { - protAuthService.handleErrorNoRedirect(throwable, req, resp, true); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null), req, + resp, false); } + } else { - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), - req, resp, false); + log.info("Find no exception with internal error-token: {}", errorId); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), + req, resp, false); } @@ -110,18 +216,20 @@ public class ProtocolFinalizationController extends AbstractController { // remove pending-request if (pendingReq != null) { requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); - revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, - pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); } + //remove all Logger variables + TransactionIdUtils.removeAllLoggingVariables(); + } } else { log.debug("Request contains NO ErrorId"); - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, - resp, false); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, + resp, false); } @@ -135,7 +243,7 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ - @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = { RequestMethod.GET }) + @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = {RequestMethod.GET}) public void finalizeAuthProtocol(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { @@ -145,14 +253,19 @@ public class ProtocolFinalizationController extends AbstractController { final IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); if (pendingReq == null) { - log.error("No PendingRequest with ID " + pendingRequestID + " found.!"); + log.info("PendingReqId was valid but no PendingRequest with ID: {}. Looks already used", + pendingRequestID); protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, - new Object[] { pendingRequestID, }), - req, resp, false); + new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[]{pendingRequestID,}), req, + resp, false); } else { + //set MDC variables + TransactionIdUtils.setAllLoggingVariables(pendingReq); + + //perform protocol finalization steps protAuthService.finalizeAuthentication(req, resp, pendingReq); + } } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/AbstractLocaleAuthServletTask.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/AbstractLocaleAuthServletTask.java index dcd5a1d1..007c3e1d 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/AbstractLocaleAuthServletTask.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/AbstractLocaleAuthServletTask.java @@ -11,9 +11,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.data.EaafEventCodes; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -53,29 +51,6 @@ public abstract class AbstractLocaleAuthServletTask extends AbstractAuthServletT } - protected void stopProcessFromUserDecision(final ExecutionContext executionContext, - final HttpServletRequest request, final HttpServletResponse response) - throws TaskExecutionException { - try { - revisionsLogger.logEvent(pendingReq, EaafEventCodes.PROCESS_STOPPED_BY_USER); - pendingReq.setAbortedByUser(true); - pendingReq.setAuthenticated(false); - performRedirectToProtocolFinialization(executionContext, pendingReq, request, response); - - log.trace("Set process-cancelation flag"); - executionContext.setCanceleProcessFlag(); - - } catch (final EaafException e) { - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } catch (final Exception e) { - log.warn("Stopping auth.process FAILED", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - - } - - } - protected boolean parseFlagFromHttpRequest(final HttpServletRequest httpReq, final String httpParamName, final boolean defaultValue) { final String flag = httpReq.getParameter(httpParamName); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java index 328a25c5..7a664915 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/tasks/RestartAuthProzessManagement.java @@ -19,8 +19,6 @@ package at.gv.egiz.eaaf.core.impl.idp.controller.tasks; -import java.util.Set; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -32,6 +30,7 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; @@ -73,12 +72,9 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { } else { // create a new execution context and copy all elements to new context final ExecutionContext newec = new ExecutionContextImpl(); - final Set<String> entries = executionContext.keySet(); - for (final String key : entries) { - newec.put(key, executionContext.get(key)); - - } - + executionContext.keySet().stream().forEach( + key -> newec.put(key, executionContext.get(key))); + log.debug("Select new auth.-process and restart restart process-engine ... "); // select and create new process instance @@ -87,7 +83,7 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { if (processDefinitionId == null) { log.warn("No suitable authentication process found for SessionID " + pendingReq.getPendingRequestId()); - throw new EaafException("process.02", new Object[] { pendingReq.getPendingRequestId() }); + throw new EaafException("process.02", null); } final String processInstanceId = @@ -112,10 +108,18 @@ public class RestartAuthProzessManagement extends AbstractAuthServletTask { processEngine.start(pendingReq); } - - } catch (final EaafException e) { - throw new TaskExecutionException(pendingReq, e.getMessage(), e); - + + } catch (final ProcessExecutionException e) { + //check if Task in already selected process failed or if process selection failed + if (e.getCause() != null && e.getCause() instanceof TaskExecutionException) { + log.info("New process was started, but one Task in process failed. Reason: {}", e.getMessage()); + throw (TaskExecutionException)e.getCause(); + + } else { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } catch (final Exception e) { log.warn("RestartAuthProzessManagement has an internal error", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java index 14537d44..edca0fba 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessDefinitionParser.java @@ -101,6 +101,7 @@ public class ProcessDefinitionParser { // Standard implementation of XMLInputFactory seems not to be thread-safe final XMLInputFactory inputFactory = XMLInputFactory.newInstance(); + inputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false); reader = inputFactory.createXMLEventReader(processDefinitionInputStream); final List<StartElement> transitionElements = new ArrayList<>(); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java index 9274ea81..6e83a201 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/ProcessEngineImpl.java @@ -21,15 +21,13 @@ package at.gv.egiz.eaaf.core.impl.idp.process; import java.io.InputStream; import java.io.Serializable; +import java.text.MessageFormat; import java.util.HashMap; import java.util.Map; -import java.util.Map.Entry; import java.util.concurrent.ConcurrentHashMap; import org.apache.commons.collections4.IterableUtils; import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; @@ -51,14 +49,17 @@ import at.gv.egiz.eaaf.core.impl.idp.process.model.ProcessNode; import at.gv.egiz.eaaf.core.impl.idp.process.model.StartEvent; import at.gv.egiz.eaaf.core.impl.idp.process.model.TaskInfo; import at.gv.egiz.eaaf.core.impl.idp.process.model.Transition; +import lombok.extern.slf4j.Slf4j; /** * Process engine implementation allowing starting and continuing processes as * well as providing means for cleanup actions. */ +@Slf4j public class ProcessEngineImpl implements ProcessEngine { - private final Logger log = LoggerFactory.getLogger(getClass()); + private static final String ERROR_PROCESS_OBJECT_NOT_EXIST = + "Process instance: {0} does not exist for pendingReq: {0}"; @Autowired ProcessInstanceStoreDao piStoreDao; @@ -156,15 +157,16 @@ public class ProcessEngineImpl implements ProcessEngine { if (StringUtils.isEmpty(pendingReq.getProcessInstanceId())) { log.error("Pending-request with id:" + pendingReq.getPendingRequestId() + " includes NO 'ProcessInstanceId'"); - throw new ProcessExecutionException("Pending-request with id:" - + pendingReq.getPendingRequestId() + " includes NO 'ProcessInstanceId'"); + throw new ProcessExecutionException(MessageFormat.format(ERROR_PROCESS_OBJECT_NOT_EXIST, + pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId())); + } final ProcessInstance pi = loadProcessInstance(pendingReq.getProcessInstanceId()); if (pi == null) { - throw new ProcessExecutionException( - "Process instance '" + pendingReq.getProcessInstanceId() + "' does not exist."); + throw new ProcessExecutionException(MessageFormat.format(ERROR_PROCESS_OBJECT_NOT_EXIST, + pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId())); } @@ -449,11 +451,9 @@ public class ProcessEngineImpl implements ProcessEngine { final ExecutionContext executionContext = new ExecutionContextImpl(piStore.getProcessInstanceId()); - - final Map<String, Serializable> executionContextData = piStore.getExecutionContextData(); - for (final Entry<String, Serializable> el : executionContextData.entrySet()) { - executionContext.put(el.getKey(), el.getValue()); - } + + piStore.getExecutionContextData().entrySet().stream().forEach( + el -> executionContext.put(el.getKey(), el.getValue())); final ProcessInstance pi = new ProcessInstance( processDefinitions.get(piStore.getProcessDefinitionId()), executionContext); diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDaoImpl.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDaoImpl.java index cca8872f..611572c0 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDaoImpl.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/process/dao/ProcessInstanceStoreDaoImpl.java @@ -72,7 +72,7 @@ public class ProcessInstanceStoreDaoImpl implements ProcessInstanceStoreDao { log.debug("Found process instance store for instance '{}'.", processInstanceId); } else { - log.debug("Unable to find process instance store for instance '{}'.", processInstanceId); + log.info("Unable to find process instance store for instance '{}'.", processInstanceId); } diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java index 01b063aa..4b8a7a04 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/utils/DomUtils.java @@ -33,6 +33,7 @@ import java.util.Map.Entry; import java.util.Set; import java.util.Vector; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -111,10 +112,10 @@ public class DomUtils { private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY = "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation"; - private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = + public static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = "http://xml.org/sax/features/external-general-entities"; - private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = + public static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities"; public static final String DISALLOW_DOCTYPE_FEATURE = @@ -785,6 +786,7 @@ public class DomUtils { throws TransformerException, IOException { final TransformerFactory transformerFactory = TransformerFactory.newInstance(); + transformerFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); final Transformer transformer = transformerFactory.newTransformer(); final ByteArrayOutputStream bos = new ByteArrayOutputStream(16384); @@ -1211,6 +1213,7 @@ public class DomUtils { // StringWriter stringWriter = new StringWriter(); final Result result = new StreamResult(out); final TransformerFactory factory = TransformerFactory.newInstance(); + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); final Transformer transformer = factory.newTransformer(); transformer.transform(source, result); return out.toByteArray(); diff --git a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 30f1cb57..e581a4d7 100644 --- a/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder +++ b/eaaf_core/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -12,4 +12,10 @@ at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityLinkBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidEidTokenBuilder at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidSignerCertificate at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidIdentityStatusLevelAttributeBuiler -at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl
\ No newline at end of file +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EidCcsUrl +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.SpFriendlyNameAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.SpUniqueIdAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.SpMandateProfilesAttributeBuilder +at.gv.egiz.eaaf.core.impl.idp.builder.attributes.SpMandateModeAttributeBuilder diff --git a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties index 064554b9..c5cb1bb1 100644 --- a/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties +++ b/eaaf_core/src/main/resources/messages/eaaf_core_messages.properties @@ -4,4 +4,16 @@ builder.08=Authentication process could NOT completed. Reason: {0} builder.30=Decrypted bPK target: {0} does not match to required target: {1} builder.31=Encrypted bPK has a suspect format and consists of #{0} elements builder.32=bPK-target format must be full URI +builder.33=bPK caluclation not possible. Reason: {0} + + +process.01=Can not execute authentication process +process.02=Find no applicable authentication process for current state or user-selection. +process.03=Can not resume the authentication process. Reason: {0} +process.04=Can not execute authentication process. Problem with an internal state + +process.90=Forward to service-provider not possible, because it's not supported. + +process.98=Not supported internal state. Reason: {0} +process.99=Validation of RequestId: {0} FAILED. Reason: {1}
\ No newline at end of file diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java index 33bd1010..19054634 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/AuthenticationDataBuilderTest.java @@ -307,7 +307,7 @@ public class AuthenticationDataBuilderTest { throw new Exception("GivenName wrong"); } - if (!authData.getFormatedDateOfBirth().equals("1973-06-04")) { + if (!authData.getDateOfBirth().equals("1973-06-04")) { throw new Exception("DateOfBirth wrong"); } diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BirthdayAttrBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BirthdayAttrBuilderTest.java index 21cf71a9..f155b3b4 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BirthdayAttrBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BirthdayAttrBuilderTest.java @@ -29,7 +29,7 @@ public class BirthdayAttrBuilderTest extends AbstractAttributeBuilderTest { final DateFormat format = new SimpleDateFormat(PvpAttributeDefinitions.BIRTHDATE_FORMAT_PATTERN); Assert.assertEquals("Birthday does NOT match", authData.getDateOfBirth(), - format.parse(value)); + value); } catch (final Exception e) { Assert.assertTrue("Attr. builder has an exception", e == null); diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java index 1ad75abc..0619d4d6 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/BpkAttributeBuilderTest.java @@ -9,6 +9,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BpkAttributeBuilder; @RunWith(SpringJUnit4ClassRunner.class) @@ -16,6 +17,21 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BpkAttributeBuilder; public class BpkAttributeBuilderTest extends AbstractAttributeBuilderTest { private final IAttributeBuilder attrBuilde = new BpkAttributeBuilder(); + + @Test + public void organwalterBpkTest() throws Exception { + spConfigMap.put("target", "urn:publicid:gv.at:cdid+ZP-MH"); + + final IAuthData authData = buildAuthData(); + ((AuthenticationData) authData).setBpkType("urn:publicid:gv.at:cdid+OW"); + + final String value = attrBuilde.build(spConfig, authData, gen); + + Assert.assertEquals("Wrong bPK", + "OW:" + authData.getBpk(), + value); + + } @Test public void performTestBpk() throws Exception { diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java new file mode 100644 index 00000000..82ac0abf --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/PiiTransactionIdAttributeBuilderTest.java @@ -0,0 +1,64 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import java.util.UUID; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PiiTransactionIdAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +/** + * Attribute builder to generate an attribute that holds the unique TransactionId for this process. + * <br> + * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code> + * + * @author tlenz + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class PiiTransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new PiiTransactionIdAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.piiTransactionId", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void noPiiTransactionId() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withPiiTransactionId() throws AttributeBuilderException, Exception { + String piiTransId = UUID.randomUUID().toString(); + IAuthData authData = buildAuthData(); + ((AuthenticationData)authData).setGenericData("urn:eidgvat:attributes.piiTransactionId", piiTransId); + + String value = attrBuilder.build(spConfig, authData, gen); + Assert.assertEquals("piiTransactionId", piiTransId, value); + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/SpMandateModeAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/SpMandateModeAttributeBuilderTest.java new file mode 100644 index 00000000..dae37a5c --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/SpMandateModeAttributeBuilderTest.java @@ -0,0 +1,64 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThrows; + +import java.util.NoSuchElementException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.SpMandateModeAttributeBuilder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class SpMandateModeAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new SpMandateModeAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.ServiceProviderMandateType", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void checkyAttribute() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void mandateModeEnumValid() { + SpMandateModes mode = SpMandateModes.fromString("forceLegal"); + assertEquals("wrong mode", SpMandateModes.LEGAL_FORCE, mode); + assertEquals("wrong mode toString", "forceLegal", mode.getMode()); + assertEquals("wrong mode getMode", "forceLegal", mode.toString()); + + } + + @Test + public void mandateModeEnumInvalid() { + assertThrows(NoSuchElementException.class, + () -> SpMandateModes.fromString(RandomStringUtils.randomAlphanumeric(5))); + + } + + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/SpMandateProfilesAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/SpMandateProfilesAttributeBuilderTest.java new file mode 100644 index 00000000..77459975 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/SpMandateProfilesAttributeBuilderTest.java @@ -0,0 +1,40 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.SpMandateProfilesAttributeBuilder; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class SpMandateProfilesAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new SpMandateProfilesAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.ServiceProviderMandateProfiles", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void checkyAttribute() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java new file mode 100644 index 00000000..d82bdf5c --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/attributes/TransactionIdAttributeBuilderTest.java @@ -0,0 +1,60 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.TransactionIdAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; + +/** + * Attribute builder to generate an attribute that holds the unique TransactionId for this process. + * <br> + * The attribute-value is read from {@link TransactionIdUtils} with method <code>getTransactionId()</code> + * + * @author tlenz + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_eaaf_core.xml") +public class TransactionIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new TransactionIdAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.transactionId", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void noTransactionId() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withTransactionId() throws AttributeBuilderException, Exception { + TransactionIdUtils.setTransactionId(); + String transId = TransactionIdUtils.getTransactionId(); + Assert.assertNull("Inputdata is null", transId); + + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertEquals("TransactionId", transId, value); + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/controller/ProtocolFinalizationControllerTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/controller/ProtocolFinalizationControllerTest.java new file mode 100644 index 00000000..4341d141 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/controller/ProtocolFinalizationControllerTest.java @@ -0,0 +1,359 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.controller; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.SerializationUtils; + +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.gui.GroupDefinition; +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.gui.AbstractGuiFormBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.auth.dummy.DummyDefaultErrorService; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.ActionType; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService.LogLevel; +import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiFormBuilder; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({"/SpringTest-context_eaaf_core.xml", "/SpringTest-context_eaaf_auth.xml"}) +public class ProtocolFinalizationControllerTest { + + @Autowired IConfiguration config; + @Autowired ProtocolFinalizationController controller; + @Autowired DummyGuiBuilderConfigurationFactory guiConfigFactory; + @Autowired DummyGuiFormBuilder guiBuilder; + @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + @Autowired ITransactionStorage storage; + @Autowired DummyDefaultErrorService errorService; + + /** + * jUnit test initializer. + */ + @Before + public void initialize() { + errorService.setErrorIdTokenForRedirect(null); + errorService.setLogLevel(LogLevel.WARN); + errorService.setTicketType(ActionType.NO_TICKET); + + } + + @Test + public void performErrorRedirectNoToken() throws EaafException, IOException { + + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addHeader("Accept", "application/json"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + guiConfigFactory.setErrorGuiConfig( + new DummyGuiBuilderConfig("https://localhost/authhandler", "jUnitView", "/junitSubmit")); + + // perform test + controller.errorRedirect(httpReq, httpResp); + + //validate state + assertNotNull("No gui builder request", guiBuilder.getConfig()); + assertFalse("No GUI form infos", guiBuilder.getConfig().getViewParameters().isEmpty()); + assertTrue("No GUI form infos", guiBuilder.getConfig().getViewParameters().containsKey("msg")); + Map<String, Object> params = ((Map<String, Object>) guiBuilder.getConfig().getViewParameters().get("msg")); + assertFalse("No GUI form infos", params.isEmpty()); + assertEquals("wrong intErrorCode", "auth.26", params.get("errorCode")); + assertTrue("wrong extErrorCode", ((String) params.get("extErrorCode")).contains("auth.26")); + + assertFalse("GUI sp redirect", guiBuilder.getConfig().getViewParameters() + .containsKey(DummyDefaultErrorService.JUNIT_EL_SPREDIRECT)); + + } + + @Test + public void performErrorRedirect() throws EaafException, IOException { + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addHeader("Accept", "application/json"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + guiConfigFactory.setErrorGuiConfig( + new DummyGuiBuilderConfig("https://localhost/authhandler", "jUnitView", "/junitSubmit")); + + String token = requestIdValidationStragegy.generateExternalPendingRequestId(); + httpReq.setParameter(EaafConstants.PARAM_HTTP_ERROR_CODE, token); + + TestRequestImpl protocolRequest = new TestRequestImpl(); + Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10)); + + protocolRequest.setSpConfig(new DummySpConfiguration(spConfig, config)); + Throwable throwable = new EaafException("internal.00"); + final ExceptionContainer exceptionContainer = new ExceptionContainer(protocolRequest, throwable); + final byte[] serialized = SerializationUtils.serialize(exceptionContainer); + storage.put(token, serialized, -1); + + // perform test + controller.errorRedirect(httpReq, httpResp); + + //validate state + assertNull("Exception not removed from cache", storage.get( + requestIdValidationStragegy.getPendingRequestIdWithOutChecks(token))); + + assertNotNull("No gui builder request", guiBuilder.getConfig()); + assertFalse("No GUI form infos", guiBuilder.getConfig().getViewParameters().isEmpty()); + assertTrue("No GUI form infos", guiBuilder.getConfig().getViewParameters().containsKey("msg")); + Map<String, Object> params = ((Map<String, Object>) guiBuilder.getConfig().getViewParameters().get("msg")); + assertFalse("No GUI form infos", params.isEmpty()); + assertEquals("wrong intErrorCode", "internal.00", params.get("errorCode")); + assertTrue("wrong extErrorCode", ((String) params.get("extErrorCode")).contains("internal.00")); + + assertFalse("GUI sp redirect", guiBuilder.getConfig().getViewParameters() + .containsKey(DummyDefaultErrorService.JUNIT_EL_SPREDIRECT)); + + } + + @Test + public void performErrorHandlingNoToken() throws EaafException, IOException { + + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addHeader("Accept", "application/json"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + guiConfigFactory.setErrorGuiConfig( + new DummyGuiBuilderConfig("https://localhost/authhandler", "jUnitView", "/junitSubmit")); + + // perform test + controller.errorHandling(httpReq, httpResp); + + //validate state + assertNotNull("No gui builder request", guiBuilder.getConfig()); + assertFalse("No GUI form infos", guiBuilder.getConfig().getViewParameters().isEmpty()); + assertTrue("No GUI form infos", guiBuilder.getConfig().getViewParameters().containsKey("msg")); + Map<String, Object> params = ((Map<String, Object>) guiBuilder.getConfig().getViewParameters().get("msg")); + assertFalse("No GUI form infos", params.isEmpty()); + assertEquals("wrong intErrorCode", "auth.26", params.get("errorCode")); + assertTrue("wrong extErrorCode", ((String) params.get("extErrorCode")).contains("auth.26")); + + assertFalse("GUI sp redirect", guiBuilder.getConfig().getViewParameters() + .containsKey(DummyDefaultErrorService.JUNIT_EL_SPREDIRECT)); + + } + + @Test + public void performErrorHandlingWithToken() throws EaafException, IOException { + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addHeader("Accept", "application/json"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + guiConfigFactory.setErrorGuiConfig( + new DummyGuiBuilderConfig("https://localhost/authhandler", "jUnitView", "/junitSubmit")); + + String token = requestIdValidationStragegy.generateExternalPendingRequestId(); + httpReq.setParameter(EaafConstants.PARAM_HTTP_ERROR_CODE, token); + + TestRequestImpl protocolRequest = new TestRequestImpl(); + Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10)); + + protocolRequest.setSpConfig(new DummySpConfiguration(spConfig, config)); + Throwable throwable = new EaafException("internal.00"); + final ExceptionContainer exceptionContainer = new ExceptionContainer(protocolRequest, throwable); + final byte[] serialized = SerializationUtils.serialize(exceptionContainer); + storage.put(token, serialized, -1); + + // perform test + controller.errorHandling(httpReq, httpResp); + + //validate state + + assertNull("Exception not removed from cache", storage.get( + requestIdValidationStragegy.getPendingRequestIdWithOutChecks(token))); + + assertNotNull("No gui builder request", guiBuilder.getConfig()); + assertFalse("No GUI form infos", guiBuilder.getConfig().getViewParameters().isEmpty()); + assertTrue("No GUI form infos", guiBuilder.getConfig().getViewParameters().containsKey("msg")); + Map<String, Object> params = ((Map<String, Object>) guiBuilder.getConfig().getViewParameters().get("msg")); + assertFalse("No GUI form infos", params.isEmpty()); + assertEquals("wrong intErrorCode", "internal.00", params.get("errorCode")); + assertTrue("wrong extErrorCode", ((String) params.get("extErrorCode")).contains("internal.00")); + + + assertFalse("GUI sp redirect", guiBuilder.getConfig().getViewParameters() + .containsKey(DummyDefaultErrorService.JUNIT_EL_SPREDIRECT)); + } + + @Test + public void performErrorHandlingWithTokenAndRedirect() throws EaafException, IOException { + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addHeader("Accept", "application/json"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + guiConfigFactory.setErrorGuiConfig( + new DummyGuiBuilderConfig("https://localhost/authhandler", "jUnitView", "/junitSubmit")); + + String token = requestIdValidationStragegy.generateExternalPendingRequestId(); + httpReq.setParameter(EaafConstants.PARAM_HTTP_ERROR_CODE, token); + + TestRequestImpl protocolRequest = new TestRequestImpl(); + Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10)); + + protocolRequest.setSpConfig(new DummySpConfiguration(spConfig, config)); + protocolRequest.setTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + Throwable throwable = new EaafException("internal.00"); + final ExceptionContainer exceptionContainer = new ExceptionContainer(protocolRequest, throwable); + final byte[] serialized = SerializationUtils.serialize(exceptionContainer); + storage.put(token, serialized, -1); + + String secondErrorTicket = requestIdValidationStragegy.generateExternalPendingRequestId(); + errorService.setErrorIdTokenForRedirect(secondErrorTicket); + errorService.setTicketType(ActionType.TICKET); + + + // perform test + controller.errorHandling(httpReq, httpResp); + + //validate state + assertNull("Exception not removed from cache", storage.get( + requestIdValidationStragegy.getPendingRequestIdWithOutChecks(token))); + + assertNotNull("No gui builder request", guiBuilder.getConfig()); + assertFalse("No GUI form infos", guiBuilder.getConfig().getViewParameters().isEmpty()); + assertTrue("No GUI form infos", guiBuilder.getConfig().getViewParameters().containsKey("msg")); + Map<String, Object> params = ((Map<String, Object>) guiBuilder.getConfig().getViewParameters().get("msg")); + assertFalse("No GUI form infos", params.isEmpty()); + assertEquals("wrong intErrorCode", "internal.00", params.get("errorCode")); + assertTrue("wrong extErrorCode", ((String) params.get("extErrorCode")).contains("internal.00")); + + byte[] secondErrorSerialized = storage.get( + requestIdValidationStragegy.getPendingRequestIdWithOutChecks(secondErrorTicket), byte[].class); + assertNotNull("Exception not removed from cache", secondErrorSerialized); + ExceptionContainer secondError = (ExceptionContainer) SerializationUtils.deserialize(secondErrorSerialized); + assertEquals("wrong pengingReq", protocolRequest.getUniqueTransactionIdentifier(), + secondError.getPendingRequest().getUniqueTransactionIdentifier()); + assertEquals("wrong exception", throwable.getMessage(), secondError.getExceptionThrown().getMessage()); + + assertTrue("GUI sp redirect", guiBuilder.getConfig().getViewParameters() + .containsKey(DummyDefaultErrorService.JUNIT_EL_SPREDIRECT)); + + } + + @Test + public void performErrorHandlingWithoutTokenAndRedirect() throws EaafException, IOException { + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addHeader("Accept", "application/json"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + guiConfigFactory.setErrorGuiConfig( + new DummyGuiBuilderConfig("https://localhost/authhandler", "jUnitView", "/junitSubmit")); + + String token = requestIdValidationStragegy.generateExternalPendingRequestId(); + httpReq.setParameter(EaafConstants.PARAM_HTTP_ERROR_CODE, token); + + TestRequestImpl protocolRequest = new TestRequestImpl(); + Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10)); + + protocolRequest.setSpConfig(new DummySpConfiguration(spConfig, config)); + protocolRequest.setTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + Throwable throwable = new EaafException("internal.00"); + final ExceptionContainer exceptionContainer = new ExceptionContainer(protocolRequest, throwable); + final byte[] serialized = SerializationUtils.serialize(exceptionContainer); + storage.put(token, serialized, -1); + + String secondErrorTicket = requestIdValidationStragegy.generateExternalPendingRequestId(); + errorService.setErrorIdTokenForRedirect(secondErrorTicket); + errorService.setTicketType(ActionType.ERRORPAGE); + + // perform test + controller.errorHandling(httpReq, httpResp); + + //validate state + assertNull("Exception not removed from cache", storage.get( + requestIdValidationStragegy.getPendingRequestIdWithOutChecks(token))); + + assertNotNull("No gui builder request", guiBuilder.getConfig()); + assertFalse("No GUI form infos", guiBuilder.getConfig().getViewParameters().isEmpty()); + assertTrue("No GUI form infos", guiBuilder.getConfig().getViewParameters().containsKey("msg")); + Map<String, Object> params = ((Map<String, Object>) guiBuilder.getConfig().getViewParameters().get("msg")); + assertFalse("No GUI form infos", params.isEmpty()); + assertEquals("wrong intErrorCode", "internal.00", params.get("errorCode")); + assertTrue("wrong extErrorCode", ((String) params.get("extErrorCode")).contains("internal.00")); + + byte[] secondErrorSerialized = storage.get( + requestIdValidationStragegy.getPendingRequestIdWithOutChecks(secondErrorTicket), byte[].class); + assertNotNull("Exception not removed from cache", secondErrorSerialized); + ExceptionContainer secondError = (ExceptionContainer) SerializationUtils.deserialize(secondErrorSerialized); + assertEquals("wrong pengingReq", protocolRequest.getUniqueTransactionIdentifier(), + secondError.getPendingRequest().getUniqueTransactionIdentifier()); + assertEquals("wrong exception", throwable.getMessage(), secondError.getExceptionThrown().getMessage()); + + assertTrue("GUI sp redirect", guiBuilder.getConfig().getViewParameters() + .containsKey(DummyDefaultErrorService.JUNIT_EL_SPREDIRECT)); + + } + + + private class DummyGuiBuilderConfig extends AbstractGuiFormBuilderConfiguration + implements ModifyableGuiBuilderConfiguration { + + /** + * DummyGuiBuilderConfiguration. + * + * @param authUrl AuthUrl + * @param viewName viewName + * @param formSubmitEndpoint submit endpoint + */ + DummyGuiBuilderConfig(String authUrl, String viewName, String formSubmitEndpoint) { + super(authUrl, viewName, formSubmitEndpoint); + + } + + @Override + public String getDefaultContentType() { + return null; + + } + + @Override + protected void putSpecificViewParameters() { + + + } + + @Override + protected GroupDefinition getFromGroup() { + return null; + + } + + @Override + public void putCustomParameterWithOutEscaption(GroupDefinition group, String key, Object value) { + setViewParameter(group, key, value); + + } + + @Override + public void putCustomParameter(GroupDefinition group, String key, String value) { + setViewParameter(group, key, value); + + } + }; + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthenticationDataTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthenticationDataTest.java new file mode 100644 index 00000000..9d99b158 --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/data/AuthenticationDataTest.java @@ -0,0 +1,85 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.data; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; + +@RunWith(BlockJUnit4ClassRunner.class) +public class AuthenticationDataTest { + + @Test + public void formatedDateButNotSet() { + AuthenticationData authData = new AuthenticationData(); + assertNull("formatedDateOfBirth", authData.getDateOfBirthFormated("dd/MM/yyy")); + + } + + @Test + public void formatedDateButInvalidPattern() { + AuthenticationData authData = new AuthenticationData(); + authData.setDateOfBirth("1940-01-01"); + assertNull("formatedDateOfBirth", authData.getDateOfBirthFormated("aa-bb-cccc")); + + } + + @Test + public void validDateStatic() { + AuthenticationData authData = new AuthenticationData(); + + String date = "1940-01-01"; + authData.setDateOfBirth(date); + + assertNotNull("birthday", authData.getDateOfBirth()); + assertEquals("birthday attribute", date, + authData.getDateOfBirth()); + assertEquals("birthday attribute", "01/01/1940", + authData.getDateOfBirthFormated("dd/MM/yyy")); + + } + + + @Test + public void validButNotUsal() { + AuthenticationData authData = new AuthenticationData(); + authData.setDateOfBirth("1970-00-00"); + + assertNotNull("birthday", authData.getDateOfBirth()); + assertEquals("birthday attribute", "1970-00-00", + authData.getDateOfBirth()); + assertNull("formatedDateOfBirth", authData.getDateOfBirthFormated("dd/MM/yyy")); + + } + + @Test + public void invalidDate() { + AuthenticationData authData = new AuthenticationData(); + authData.setDateOfBirth("1970/00/00"); + + assertNull("birthday", authData.getDateOfBirth()); + assertNull("formatedDateOfBirth", authData.getDateOfBirthFormated("dd/MM/yyy")); + + } + + + @Test + public void validDateRandom() { + AuthenticationData authData = new AuthenticationData(); + + String date = RandomStringUtils.randomNumeric(4) + "-" + RandomStringUtils.randomNumeric(2) + + "-" + RandomStringUtils.randomNumeric(2); + authData.setDateOfBirth(date); + + assertNotNull("birthday", authData.getDateOfBirth()); + assertEquals("birthday attribute", date, + authData.getDateOfBirth()); + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/dummy/DummyDefaultErrorService.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/dummy/DummyDefaultErrorService.java new file mode 100644 index 00000000..347f9b5c --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/dummy/DummyDefaultErrorService.java @@ -0,0 +1,115 @@ +package at.gv.egiz.eaaf.core.impl.idp.auth.dummy; + +import java.text.MessageFormat; + +import javax.servlet.http.HttpServletRequest; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; +import at.gv.egiz.eaaf.core.api.gui.ModifyableGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.IErrorService; +import lombok.Builder; +import lombok.Getter; +import lombok.Setter; + +public class DummyDefaultErrorService implements IErrorService { + private static final String TECH_LOG_MSG = "errorCode={0} Message={1}"; + + public static final String JUNIT_EL_SPREDIRECT = "spRedirect"; + + @Autowired IConfiguration basicConfig; + @Autowired IStatusMessenger statusMessager; + + @Setter + private ActionType ticketType = ActionType.NO_TICKET; + + @Setter + private LogLevel logLevel = LogLevel.WARN; + + @Setter + private String errorIdTokenForRedirect; + + @Override + public String getExternalCodeFromInternal(String internalCode) { + return statusMessager.mapInternalErrorToExternalError(internalCode); + + } + + @Override + public IHandleData createHandleData(Throwable throwable, boolean supportRedirctToSp) throws EaafException { + String internalErrorId = extractInternalErrorCode(throwable); + + return HandleData.builder() + .throwable(throwable) + .internalErrorCode(internalErrorId) + .actionType(ticketType) + .logLevel(logLevel) + .errorIdTokenForRedirect(errorIdTokenForRedirect) + .allowSpRedirct(supportRedirctToSp) + .build(); + + } + + @Override + public void displayErrorData(ModifyableGuiBuilderConfiguration c, IHandleData errorData, + HttpServletRequest httpReq) throws EaafException { + if (((HandleData)errorData).isAllowSpRedirct()) { + c.putCustomParameter(null, JUNIT_EL_SPREDIRECT, "toSpWithToken:" + errorData.getErrorIdTokenForRedirect()); + + } + + + } + + private String extractInternalErrorCode(Throwable throwable) { + Throwable originalException; + if (throwable instanceof TaskExecutionException + && ((TaskExecutionException) throwable).getOriginalException() != null) { + originalException = ((TaskExecutionException) throwable).getOriginalException(); + + } else { + originalException = throwable; + + } + + if (!(originalException instanceof EaafException)) { + return IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC; + + } else { + return ((EaafException) originalException).getErrorId(); + + } + } + + @Builder + static class HandleData implements IHandleData { + + @Getter + private boolean allowSpRedirct; + + @Getter + private String errorIdTokenForRedirect; + + @Getter + private final Throwable throwable; + + @Getter + private String internalErrorCode; + + @Getter + private ActionType actionType; + + @Getter + private LogLevel logLevel; + + public String getPreFormatedErrorMessage() { + return MessageFormat.format(TECH_LOG_MSG, internalErrorCode, throwable.getMessage()); + + } + + } +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/gui/DummyGuiFormBuilder.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/gui/DummyGuiFormBuilder.java new file mode 100644 index 00000000..5e12e7bc --- /dev/null +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/gui/DummyGuiFormBuilder.java @@ -0,0 +1,44 @@ +package at.gv.egiz.eaaf.core.impl.idp.module.gui; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGuiFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; +import lombok.Getter; + +@Getter +public class DummyGuiFormBuilder implements IGuiFormBuilder { + + private String loggerName; + + private IGuiBuilderConfiguration config; + + private String contentType; + + @Override + public void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGuiBuilderConfiguration config, + String loggerName) throws GuiBuildException { + this.loggerName = loggerName; + this.config = config; + + } + + @Override + public void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGuiBuilderConfiguration config, + String contentType, String loggerName) throws GuiBuildException { + this.loggerName = loggerName; + this.config = config; + this.contentType = contentType; + + } + + @Override + public String evaluateResponseContentType(HttpServletRequest httpReq, IGuiBuilderConfiguration config, + String loggerName) throws GuiBuildException { + return null; + + } + +} diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/gui/DummyVelocityGuiFormBuilder.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/gui/DummyVelocityGuiFormBuilder.java index e2cdd1ee..8fe9e2eb 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/gui/DummyVelocityGuiFormBuilder.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/gui/DummyVelocityGuiFormBuilder.java @@ -2,6 +2,11 @@ package at.gv.egiz.eaaf.core.impl.idp.module.gui; import java.io.InputStream; +import javax.servlet.http.HttpServletRequest; + +import org.springframework.http.MediaType; + +import at.gv.egiz.eaaf.core.api.gui.IGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; import at.gv.egiz.eaaf.core.impl.gui.AbstractVelocityGuiFormBuilderImpl; @@ -30,6 +35,13 @@ public class DummyVelocityGuiFormBuilder extends AbstractVelocityGuiFormBuilderI this.internalTemplate = internalTemplate; } + @Override + public String evaluateResponseContentType(HttpServletRequest httpReq, IGuiBuilderConfiguration config, + String loggerName) throws GuiBuildException { + return MediaType.TEXT_XML_VALUE; + + } + diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummySpConfiguration.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummySpConfiguration.java index 87e91609..ed113683 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummySpConfiguration.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/module/test/DummySpConfiguration.java @@ -1,7 +1,12 @@ package at.gv.egiz.eaaf.core.impl.idp.module.test; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; import java.util.Map; +import org.apache.commons.lang3.StringUtils; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.idp.conf.SpConfigurationImpl; @@ -19,5 +24,12 @@ public class DummySpConfiguration extends SpConfigurationImpl { return getConfigurationValue("target"); } + + @Override + public List<String> getRequiredLoA() { + String loa = getConfigurationValue("loa"); + return StringUtils.isNotEmpty(loa) ? Arrays.asList(loa) : Collections.emptyList(); + + } } diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java index 4aa32360..01fc6bb8 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java +++ b/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/process/spring/test/SpringExpressionEvaluatorTest.java @@ -59,8 +59,17 @@ public class SpringExpressionEvaluatorTest { @Test public void testEvaluateExpressionWithCtx() { - ctx.put("myProperty", false); + ctx.put("myProperty", false); + ctx.put("stringProperty", "aabbccddee"); + + //check basic boolean flags assertFalse(expressionEvaluator.evaluate(ctx, "ctx['myProperty']")); + + //check String flags + assertTrue(expressionEvaluator.evaluate(ctx, "'aabbccddee'.equals(ctx['stringProperty'])")); + assertFalse(expressionEvaluator.evaluate(ctx, "'aabbccddee'.equals(ctx['notExist'])")); + assertFalse(expressionEvaluator.evaluate(ctx, "'aabbccddee'.equals(ctx['myProperty'])")); + } @Test diff --git a/eaaf_core/src/test/resources/SpringTest-context_eaaf_auth.xml b/eaaf_core/src/test/resources/SpringTest-context_eaaf_auth.xml new file mode 100644 index 00000000..0cb8fa24 --- /dev/null +++ b/eaaf_core/src/test/resources/SpringTest-context_eaaf_auth.xml @@ -0,0 +1,69 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <import resource="classpath:/spring/eaaf_utils.beans.xml"/> + + <bean id="protocolAuthService" + class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService"> + <property name="guiBuilder" ref="dummyGuiFormBuilder" /> + + </bean> + + <bean id="protocolFinalizationController" + class="at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController" /> + + <bean id="dummyErrorService" + class="at.gv.egiz.eaaf.core.impl.idp.auth.dummy.DummyDefaultErrorService" /> + + <!-- Dummy services for testing --> + <bean id="dummyGuiBuilderConfigFactory" + class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory"/> + + <bean id="dummyGuiFormBuilder" + class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiFormBuilder"/> + + <bean id="dummyAuthManager" + class="at.gv.egiz.eaaf.core.impl.idp.auth.DummyAuthManager" /> + + <bean id="dummyRevisionLogger" + class="at.gv.egiz.eaaf.core.impl.logging.DummyRevisionsLogger" /> + + <bean id="dummyStatisticLogger" + class="at.gv.egiz.eaaf.core.impl.logging.DummyStatisticLogger" /> + + <bean id="DummyTransactionStorage" + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage" /> + + <bean id="DummyStatusMessager" + class="at.gv.egiz.eaaf.core.impl.logging.DummyStatusMessager" /> + + <bean id="springElAwareExpressionEvaluator" + class="at.gv.egiz.eaaf.core.impl.idp.process.spring.SpringExpressionEvaluator" /> + + <bean id="processEngine" + class="at.gv.egiz.eaaf.core.impl.idp.process.ProcessEngineImpl"> + <property name="transitionConditionExpressionEvaluator" + ref="springElAwareExpressionEvaluator" /> + </bean> + + <bean id="moduleRegistration" + class="at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration" /> + + <bean id="ProcessInstanceStoreage" + class="at.gv.egiz.eaaf.core.impl.idp.process.dao.ProcessInstanceStoreDaoImpl" /> + + <bean id="RequestStorage" + class="at.gv.egiz.eaaf.core.impl.idp.auth.RequestStorage" /> + + <bean id="simplePendingRequestIdGenerationStrategy" + class="at.gv.egiz.eaaf.core.impl.utils.SimplePendingRequestIdGenerationStrategy" /> + +</beans> diff --git a/eaaf_core_api/pom.xml b/eaaf_core_api/pom.xml index 62001ab7..448165f4 100644 --- a/eaaf_core_api/pom.xml +++ b/eaaf_core_api/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_api</artifactId> @@ -53,11 +53,6 @@ <artifactId>javax.servlet-api</artifactId> <scope>provided</scope> </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> </dependencies> <build> @@ -68,55 +63,6 @@ <directory>src/main/resources</directory> </resource> </resources> - - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.7.0</version> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - <executions> - <execution> - <goals> - <goal>compile</goal> - <goal>testCompile</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <version>3.1.0</version> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - - <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> - - </plugins> </build> </project> diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java index 2262e68a..93ce5695 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IRequestStorage.java @@ -19,6 +19,8 @@ package at.gv.egiz.eaaf.core.api; +import javax.annotation.Nullable; + import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; @@ -52,7 +54,7 @@ public interface IRequestStorage { * * @param pendingReqId Id of the pending request */ - void removePendingRequest(String pendingReqId); + void removePendingRequest(@Nullable String pendingReqId); /** * change the pendingRequestId of a pending-request. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessenger.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessenger.java index bbaf86d3..daf2f6ff 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessenger.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/IStatusMessenger.java @@ -59,11 +59,12 @@ public interface IStatusMessenger { String getMessageWithoutDefault(String messageId, Object[] parameters); /** - * Get external errorCode from from Exception. + * Get internal errorCode from from Exception. * * @param throwable Reason of error * @return external error code */ + @Nonnull String getResponseErrorCode(Throwable throwable); /** @@ -72,6 +73,7 @@ public interface IStatusMessenger { * @param intErrorCode internal error code * @return external error code */ + @Nonnull String mapInternalErrorToExternalError(String intErrorCode); } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java index 57375e01..82749b81 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/EaafConstants.java @@ -27,6 +27,22 @@ public class EaafConstants { public static final String CONTENTTYPE_HTML_UTF8 = "text/html; charset=UTF-8"; + // common http end-point prefixes + /** + * Public end-points without any access restriction. + */ + public static final String ENDPOINT_PREFIX_PUBLIC = "/public"; + + /** + * Public end-points with access restriction, like AccessToken, PendingRequestIds, ... + */ + public static final String ENDPOINT_PREFIX_SECURED = "/public/secure"; + + /** + * Non public end-points that allow restriction on network level. + */ + public static final String ENDPOINT_PREFIX_RESTRICTED = "/restricted"; + // http request parameters for process management public static final String PARAM_HTTP_TARGET_PENDINGREQUESTID = "pendingid"; public static final String PARAM_HTTP_ERROR_CODE = "errorid"; @@ -43,36 +59,60 @@ public class EaafConstants { // Austrian specific prefixes for pseudonyms of users public static final String URN_PART_BASEID = "baseid"; public static final String URN_PART_CDID = "cdid+"; + public static final String URN_PART_ECDID = "ecdid+"; public static final String URN_PART_WBPK = "wbpk+"; + public static final String URN_PART_EWBPK = "ewbpk+"; public static final String URN_PART_EIDAS = "eidasid+"; public static final String URN_PREFIX = "urn:publicid:gv.at"; public static final String URN_PREFIX_WITH_COLON = URN_PREFIX + ":"; public static final String URN_PREFIX_BASEID = URN_PREFIX_WITH_COLON + URN_PART_BASEID; public static final String URN_PREFIX_CDID = URN_PREFIX_WITH_COLON + URN_PART_CDID; + public static final String URN_PREFIX_ECDID = URN_PREFIX_WITH_COLON + URN_PART_ECDID; public static final String URN_PREFIX_BPK = URN_PREFIX_CDID + "bpk"; public static final String URN_PREFIX_WBPK = URN_PREFIX_WITH_COLON + URN_PART_WBPK; + public static final String URN_PREFIX_EWBPK = URN_PREFIX_WITH_COLON + URN_PART_EWBPK; public static final String URN_PREFIX_EIDAS = URN_PREFIX_WITH_COLON + URN_PART_EIDAS; public static final String URN_PREFIX_OW_BPK = URN_PREFIX_CDID + "OW"; + /** + * encrypted bPK target identifier pattern with {0} as bPK target without prefix and {1} as VKZ/SourceId. + */ + public static final String URN_ECDID_TARGET_PATTERN = URN_PREFIX_ECDID + "{1}+{0}"; + + /** + * encrypted wbPK target identifier pattern with {0} as bPK target without prefix and {1} as VKZ/SourceId. + */ + public static final String URN_EWBPK_TARGET_PATTERN = URN_PREFIX_EWBPK + "{1}+{0}"; + public static final String URN_PREFIX_WBPK_TARGET_WITH_X = EaafConstants.URN_PREFIX_WBPK + "X"; private static final String WBPK_TARGET_FN = "FN"; private static final String WBPK_TARGET_ZVR = "ZVR"; private static final String WBPK_TARGET_ERSB = "ERSB"; - - private static final String URN_PREFIX_WBPK_TARGET_XFN_TARGET = + + private static final String WBPK_CALC_TARGET_ZVR = "VR"; + private static final String WBPK_CALC_TARGET_ERSB = "ERJ"; + + + private static final String URN_PREFIX_WBPK_TARGET_XFN_TARGET = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_FN; - private static final String URN_PREFIX_WBPK_TARGET_XZVR_TARGET = + private static final String URN_PREFIX_WBPK_TARGET_XZVR_TARGET = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ZVR; - private static final String URN_PREFIX_WBPK_TARGET_XERSB_TARGET = + private static final String URN_PREFIX_WBPK_TARGET_XERSB_TARGET = EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + WBPK_TARGET_ERSB; - + private static final String URN_PREFIX_WBPK_TARGET_FN_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_FN; private static final String URN_PREFIX_WBPK_TARGET_ZVR_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ZVR; private static final String URN_PREFIX_WBPK_TARGET_ERSB_TARGET = EaafConstants.URN_PREFIX_WBPK + WBPK_TARGET_ERSB; + + private static final String URN_PREFIX_WBPK_CALC_TARGET_ZVR_TARGET = + EaafConstants.URN_PREFIX_WBPK + WBPK_CALC_TARGET_ZVR; + private static final String URN_PREFIX_WBPK_CALC_TARGET_ERSB_TARGET = + EaafConstants.URN_PREFIX_WBPK + WBPK_CALC_TARGET_ERSB; - public static final Map<String, String> URN_WBPK_TARGET_X_TO_NONE_MAPPER; + public static final Map<String, String> URN_WBPK_TARGET_X_TO_NONE_MAPPER; + static { final Map<String, String> intMap = new LinkedHashMap<>(); intMap.put(URN_PREFIX_WBPK_TARGET_XFN_TARGET, URN_PREFIX_WBPK_TARGET_FN_TARGET); @@ -81,8 +121,19 @@ public class EaafConstants { URN_WBPK_TARGET_X_TO_NONE_MAPPER = Collections.unmodifiableMap(intMap); } + + public static final Map<String, String> URN_WBPK_TARGET_X_TO_CALC_TARGET_MAPPER; + + static { + final Map<String, String> intMap = new LinkedHashMap<>(); + intMap.put(URN_PREFIX_WBPK_TARGET_XFN_TARGET, URN_PREFIX_WBPK_TARGET_FN_TARGET); + intMap.put(URN_PREFIX_WBPK_TARGET_XZVR_TARGET, URN_PREFIX_WBPK_CALC_TARGET_ZVR_TARGET); + intMap.put(URN_PREFIX_WBPK_TARGET_XERSB_TARGET, URN_PREFIX_WBPK_CALC_TARGET_ERSB_TARGET); + URN_WBPK_TARGET_X_TO_CALC_TARGET_MAPPER = Collections.unmodifiableMap(intMap); + + } - + // Authentication process data_constants public static final String UNIQUESESSIONIDENTIFIER = "eaaf_uniqueSessionIdentifier"; public static final String AUTH_DATA_CREATED = "eaaf_authdata_created"; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java index 727c360c..5d7fcc07 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/ExtendedPvpAttributeDefinitions.java @@ -19,8 +19,14 @@ package at.gv.egiz.eaaf.core.api.data; +import java.util.NoSuchElementException; +import java.util.stream.Stream; + public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions { + String EIDAS_CONNECTOR_UNIQUEID_NAME = "urn:eidgvat:attributes.eidas.uniqueId"; + String EIDAS_CONNECTOR_UNIQUEID_FRIENDLY_NAME = "EidasNode-UniqueId"; + String SP_UNIQUEID_NAME = "urn:eidgvat:attributes.ServiceProviderUniqueId"; String SP_UNIQUEID_FRIENDLY_NAME = "ServiceProvider-UniqueId"; @@ -30,9 +36,62 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions String SP_COUNTRYCODE_NAME = "urn:eidgvat:attributes.ServiceProviderCountryCode"; String SP_COUNTRYCODE_FRIENDLY_NAME = "ServiceProvider-CountryCode"; - String SP_USESMANDATES_NAME = "urn:eidgvat:attributes.ServiceProviderMandateProfiles"; - String SP_USESMANDATES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles"; + String SP_USED_MANDATE_PROFILES_NAME = "urn:eidgvat:attributes.ServiceProviderMandateProfiles"; + String SP_USED_MANDATE_PROFILES_FRIENDLY_NAME = "ServiceProvider-MandateProfiles"; + + String SP_USED_MANDATE_TYPE_NAME = "urn:eidgvat:attributes.ServiceProviderMandateType"; + String SP_USED_MANDATE_TYPE_FRIENDLY_NAME = "ServiceProvider-MandateType"; + + enum SpMandateModes { + NONE("none"), + NATURAL("natural"), + NATURAL_FORCE("forceNatural"), + LEGAL("legal"), + LEGAL_FORCE("forceLegal"), + BOTH("all"), + BOTH_FORCE("forceAll"); + + private final String mandateMode; + + SpMandateModes(final String mandateMode) { + this.mandateMode = mandateMode; + } + + /** + * Get Service-Provider mandate-mode from String representation. + * + * @param s mandate-mode String parameter + * @return mandate mode, or {@link NoSuchElementException} if mode is unknown + */ + public static SpMandateModes fromString(final String mode) { + return Stream.of(SpMandateModes.values()) + .filter(el -> el.getMode().equals(mode)) + .findFirst() + .get(); + + } + + /** + * Get the URI based status identifier of an E-ID. + * + * @return Current mandate mode + */ + public String getMode() { + return this.mandateMode; + } + + @Override + public String toString() { + return getMode(); + + } + + } + + String EID_BINDING_PUBLIC_KEY_NAME = "urn:eidgvat:attributes.binding.pubkey"; + String EID_BINDING_PUBLIC_KEY_FRIENDLY_NAME = "Binding-PublicKey"; + /* Attributes for E-ID */ String EID_ENCRYPTED_SOURCEID_NAME = "urn:eidgvat:attributes.vsz.value"; String EID_ENCRYPTED_SOURCEID_FRIENDLY_NAME = "vSZ"; @@ -43,9 +102,15 @@ public interface ExtendedPvpAttributeDefinitions extends PvpAttributeDefinitions String EID_EIDBIND_NAME = "urn:eidgvat:attributes.eidbind"; String EID_EIDBIND_FRIENDLY_NAME = "eidBind"; - String EID_CONSENT_SIGNED_NAME = "urn:eidgvat:attributes.consent.signed"; - String EID_CONSENT_SIGNED_FRIENDLY_NAME = "userConsent"; + String EID_AUTHBLOCK_SIGNED_NAME = "urn:eidgvat:attributes.authblock.signed"; + String EID_AUTHBLOCK_SIGNED_FRIENDLY_NAME = "userAuthBlock"; + String EID_TRANSACTION_ID_NAME = "urn:eidgvat:attributes.transactionId"; + String EID_TRANSACTION_ID_FRIENDLY_NAME = "transactionId"; + + String EID_PII_TRANSACTION_ID_NAME = "urn:eidgvat:attributes.piiTransactionId"; + String EID_PII_TRANSACTION_ID_FRIENDLY_NAME = "piiTransactionId"; + String EID_MIS_MANDATE_NAME = "urn:eidgvat:attributes.mis.mandate"; String EID_MIS_MANDATE_FRIENDLY_NAME = "mandate"; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java index 793715f1..de227ccb 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/data/PvpAttributeDefinitions.java @@ -63,6 +63,7 @@ public interface PvpAttributeDefinitions { String BPK_FRIENDLY_NAME = "BPK"; int BPK_MAX_LENGTH = 1024; String BPK_R_PROFILE21_HEADER = "X-PVP-BPK"; + String DELIMITER_BPKTYPE_BPK = ":"; String BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.28"; String BPK_LIST_NAME = URN_OID_PREFIX + BPK_LIST_OID; @@ -146,13 +147,40 @@ public interface PvpAttributeDefinitions { /** * Get the URI based status identifier of an E-ID. * - * @return + * @return status identifier */ public String getUri() { return this.uri; } } + + String EID_IDA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.107"; + String EID_IDA_LEVEL_NAME = URN_OID_PREFIX + EID_IDA_LEVEL_OID; + String EID_IDA_LEVEL_FRIENDLY_NAME = "EID-IDA-LEVEL"; + + enum EidIdaLevelValues { + BASIC("urn:eidgvat:eid.status.basic"), + FULL("urn:eidgvat:eid.status.full"), + EIDAS("urn:eidgvat:eid.status.eidas"); + + private final String urn; + + EidIdaLevelValues(final String urn) { + this.urn = urn; + } + + /** + * Get the URN based identifier of the ID Austria level. + * + * @return level identifier + */ + public String getUrn() { + return this.urn; + } + } + + String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32"; String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION"; @@ -339,4 +367,6 @@ public interface PvpAttributeDefinitions { String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID; String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE"; + + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiBuilderConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiBuilderConfiguration.java index 55197b52..28e0278c 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiBuilderConfiguration.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiBuilderConfiguration.java @@ -51,4 +51,16 @@ public interface IGuiBuilderConfiguration { * @return ContentType, or null if default ContentType should be used. */ String getDefaultContentType(); + + + /** + * Indicate GUI-Builder to render the GUI asynchronous if it's support by builder implementation. + * + * <p><b>Default:</b> <code>true</code></p> + * + * @return <code>true</code> to indicate that asynchronous rendering is perverted + */ + boolean isWriteAsynch(); + + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiFormBuilder.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiFormBuilder.java index d376d17b..09c4a8b3 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiFormBuilder.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/gui/IGuiFormBuilder.java @@ -35,10 +35,7 @@ public interface IGuiFormBuilder { /** * Parse a GUI template, with parameters into a http servlet-response and use * the default http-response content-type. <br> - * <br> - * The parser use the <code>VelocityEngine</code> as internal template - * evaluator. - * + * * @param httpReq http-request object * @param httpResp http-response object * @param config Configuration object @@ -51,10 +48,7 @@ public interface IGuiFormBuilder { /** * Parse a GUI template, with parameters into a http servlet-response. <br> - * <br> - * The parser use the <code>VelocityEngine</code> as internal template - * evaluator. - * + * * @param httpReq http-request object * @param httpResp http-response object * @param config Configuration object @@ -66,4 +60,16 @@ public interface IGuiFormBuilder { void build(HttpServletRequest httpReq, HttpServletResponse httpResp, IGuiBuilderConfiguration config, String contentType, String loggerName) throws GuiBuildException; + /** + * Analyze GUI template and HTTP request to evaluate ContentType of HTTP response generated by this builder. + * + * @param httpReq http-request object + * @param config Configuration object + * @param loggerName String, which should be used from logger + * @return ContentType of HTTP response + * @throws GuiBuildException in case of an error + */ + String evaluateResponseContentType(HttpServletRequest httpReq, IGuiBuilderConfiguration config, + String loggerName) throws GuiBuildException; + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java index 62aa8852..f76e8d76 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/IAuthData.java @@ -30,7 +30,7 @@ import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; * */ public interface IAuthData { - + /** * BaseId transfer policy. * @@ -75,19 +75,24 @@ public interface IAuthData { String getGivenName(); /** - * Date of birth of the user. + * Date of birth of the user as "yyyy-MM-dd". + * + * <p><b>Attention:</b> <i>MM</i> and <i>dd</i> can also be <i>00</i> in case of an unknown date </p> * * @return date of birth or null no data of birth is available */ - Date getDateOfBirth(); - + String getDateOfBirth(); + /** - * String formated date of birth of the user with pattern yyyy-MM-dd. - * - * - * @return date of birth or '2999-12-31' if no data of birth is available + * Get date of birth with a specific date pattern. + * + * <p><b>Attention:</b> If birthday has un unusal form like <i>MM</i> and <i>dd</i> are <i>00</i> + * a transformation CAN NOT be possible </p> + * + * @param pattern Date pattern, like "yyyy-MM-dd" e.g. + * @return Formatted birthday or <code>null</code> if date can not be transformed */ - String getFormatedDateOfBirth(); + String getDateOfBirthFormated(String pattern); /** * Get the encrypted SourceId (vSZ) from new E-ID scheme. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISpConfiguration.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISpConfiguration.java index 5a16f655..dd4041fc 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISpConfiguration.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/ISpConfiguration.java @@ -22,6 +22,7 @@ package at.gv.egiz.eaaf.core.api.idp; import java.io.Serializable; import java.util.List; import java.util.Map; +import java.util.Set; public interface ISpConfiguration extends Serializable { @@ -121,7 +122,7 @@ public interface ISpConfiguration extends Serializable { * * @return */ - List<String> getTargetsWithNoBaseIdInternalProcessingRestriction(); + Set<String> getTargetsWithNoBaseIdInternalProcessingRestriction(); /** * Get the {@link List} of identifier's that indicates no baseID transfer @@ -131,7 +132,7 @@ public interface ISpConfiguration extends Serializable { * * @return */ - List<String> getTargetsWithNoBaseIdTransferRestriction(); + Set<String> getTargetsWithNoBaseIdTransferRestriction(); /** * Get the List eIDAS LoA that are required by this service provider. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java index 3dba4e78..c72c5b6f 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/IAuthenticationManager.java @@ -23,7 +23,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.api.idp.slo.ISloInformationContainer; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -35,22 +34,6 @@ public interface IAuthenticationManager { int EVENT_AUTHENTICATION_PROCESS_ERROR = 4002; /** - * Add a request parameter to whitelist. All parameters that are part of the - * white list are added into {@link ExecutionContext} - * - * @param httpReqParam http parameter name, but never null - */ - void addParameterNameToWhiteList(String httpReqParam); - - /** - * Add a request header to whitelist. All parameters that are part of the white - * list are added into {@link ExecutionContext} - * - * @param httpReqParam http header name, but never null - */ - void addHeaderNameToWhiteList(String httpReqParam); - - /** * Starts an authentication process for a specific pending request. * * @param httpReq http servlet request diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java index 274f3f7f..cb9adbc8 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IAuthProcessDataContainer.java @@ -21,6 +21,8 @@ package at.gv.egiz.eaaf.core.api.idp.auth.data; import java.util.Date; import java.util.Map; +import java.util.Map.Entry; +import java.util.stream.Stream; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; @@ -167,8 +169,21 @@ public interface IAuthProcessDataContainer { */ Date getSessionCreated(); + /** + * Get all generic data from session. + * + * @return {@link Map} of generic data in key/value format + */ Map<String, Object> getGenericSessionDataStorage(); + + /** + * Get all generic data from session as {@link Stream} of {@link Entry} elements. + * + * @return {@link Stream} of generic data + */ + Stream<Entry<String, Object>> getGenericSessionDataStream(); + /** * Returns a generic session-data object with is stored with a specific * identifier. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IEidAuthProcessData.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IEidAuthProcessData.java new file mode 100644 index 00000000..36298824 --- /dev/null +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IEidAuthProcessData.java @@ -0,0 +1,25 @@ +package at.gv.egiz.eaaf.core.api.idp.auth.data; + +/** + * Authentication session-data that adds ID Austria specific information. + * + * @author tlenz + * + */ +public interface IEidAuthProcessData extends IAuthProcessDataContainer { + + /** + * Flag that indicates if user is a test-identity. + * + * @return <code>true</code> if user is a test-identity, otherwise <code>false</code> + */ + boolean isTestIdentity(); + + + /** + * Set test-identity flag for this user. + * + * @param flag <code>true</code> if user is a test-identity + */ + void setTestIdentity(boolean flag); +} diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java index 74c82181..a2288a5b 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/data/IIdentityLink.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.core.api.idp.auth.data; import java.io.IOException; import java.security.PublicKey; +import java.util.Date; import javax.xml.transform.TransformerException; @@ -28,7 +29,7 @@ import org.w3c.dom.Element; /** * Deprecated IdentityLink interface. - * + * * @author tlenz * */ @@ -188,6 +189,13 @@ public interface IIdentityLink { String getIssueInstant(); /** + * Returns the issuing time of the identity link SAML assertion. + * + * @return The issuing time of the identity link SAML assertion. + */ + Date getIssueInstantDate(); + + /** * Sets the issuing time of the identity link SAML assertion. * * @param issueInstant The issueInstant to set. diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java index d1d68c2d..8def4e32 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/api/idp/auth/services/IProtocolAuthenticationService.java @@ -21,6 +21,7 @@ package at.gv.egiz.eaaf.core.api.idp.auth.services; import java.io.IOException; +import javax.annotation.Nonnull; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -34,8 +35,12 @@ public interface IProtocolAuthenticationService { String PARAM_GUI_ERROMSG = "errorMsg"; String PARAM_GUI_ERRORCODE = "errorCode"; + String PARAM_GUI_EXTERNAL_ERRORCODE = "extErrorCode"; String PARAM_GUI_ERRORCODEPARAMS = "errorParams"; String PARAM_GUI_ERRORSTACKTRACE = "stacktrace"; + String PARAM_GUI_TICKET = "supportTicket"; + String PARAM_GUI_REDIRECT = "redirectLink"; + /** * Initialize an authentication process for this protocol request. @@ -46,8 +51,8 @@ public interface IProtocolAuthenticationService { * @throws IOException In case of a communication error * @throws EaafException In case of an application error */ - void performAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) - throws IOException, EaafException; + void performAuthentication(@Nonnull HttpServletRequest httpReq, @Nonnull HttpServletResponse httpResp, + @Nonnull IRequest pendingReq) throws IOException, EaafException; /** * Finalize the requested protocol operation. @@ -59,8 +64,8 @@ public interface IProtocolAuthenticationService { * {@link HttpServletResponse} * @throws EaafException If an internal error occur */ - void finalizeAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) - throws EaafException, IOException; + void finalizeAuthentication(@Nonnull HttpServletRequest httpReq, @Nonnull HttpServletResponse httpResp, + @Nonnull IRequest pendingReq) throws EaafException, IOException; /** * Build protocol-specific error message. @@ -73,8 +78,8 @@ public interface IProtocolAuthenticationService { * {@link HttpServletResponse} * @throws EaafException If an internal error occur */ - void buildProtocolSpecificErrorResponse(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, - IRequest pendingReq) throws IOException, EaafException; + void buildProtocolSpecificErrorResponse(@Nonnull Throwable throwable, @Nonnull HttpServletRequest req, + @Nonnull HttpServletResponse resp, @Nonnull IRequest pendingReq) throws IOException, EaafException; /** * Handles all exceptions with no pending request. Therefore, the error is @@ -91,21 +96,21 @@ public interface IProtocolAuthenticationService { * {@link HttpServletResponse} * @throws EaafException If an internal error occure */ - void handleErrorNoRedirect(Throwable throwable, HttpServletRequest req, HttpServletResponse resp, - boolean writeExceptionToStatisticLog) throws IOException, EaafException; + void handleErrorNoRedirect(@Nonnull Throwable throwable, @Nonnull HttpServletRequest req, + @Nonnull HttpServletResponse resp, boolean writeExceptionToStatisticLog) throws IOException, EaafException; /** * Forward the process to error-handler in case of an error. - * + * * @param errorToHandle Error to handle * @param errorKey ErrorId for error-handler * @param req HTTP response * @param resp HTTP response * @throws GuiBuildException In case of an GUI generation error */ - void forwardToErrorHandler(Pair<IRequest, Throwable> errorToHandle, String errorKey, - HttpServletRequest req, HttpServletResponse resp) throws GuiBuildException; - - - + void forwardToErrorHandler(@Nonnull Pair<IRequest, Throwable> errorToHandle, @Nonnull String errorKey, + @Nonnull HttpServletRequest req, @Nonnull HttpServletResponse resp) throws GuiBuildException; + + + } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafException.java index 351c6bbe..e1719abc 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/EaafException.java @@ -27,8 +27,7 @@ import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; public class EaafException extends Exception { - private static final long serialVersionUID = 1L; - + private static final long serialVersionUID = -4527097018108560426L; private String errorId = null; private Object[] params = null; diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java index ddc051b0..e7c968b5 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/PendingReqIdValidationException.java @@ -15,10 +15,10 @@ public class PendingReqIdValidationException extends EaafException { * Pending-Request Id validation error. * * @param internalPendingReqId Internal Pending-Request Id - * @param reason error-message + * @param errorId Detailed Id of the error */ - public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String reason) { - super("process.99", new Object[] { internalPendingReqId, reason }); + public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String errorId) { + super(errorId, new Object[] { internalPendingReqId}); this.invalidInternalPendingReqId = internalPendingReqId; } @@ -27,12 +27,12 @@ public class PendingReqIdValidationException extends EaafException { * Pending-Request Id validation error. * * @param internalPendingReqId Internal Pending-Request Id - * @param reason error-message + * @param errorId Detailed Id of the error * @param e error */ - public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String reason, + public PendingReqIdValidationException(final String internalPendingReqId, @Nonnull final String errorId, final Throwable e) { - super("process.99", new Object[] { internalPendingReqId, reason }, e); + super(errorId, new Object[] { internalPendingReqId, errorId }, e); this.invalidInternalPendingReqId = internalPendingReqId; } diff --git a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java index b20efe3d..3343a089 100644 --- a/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java +++ b/eaaf_core_api/src/main/java/at/gv/egiz/eaaf/core/exceptions/XPathException.java @@ -19,9 +19,6 @@ package at.gv.egiz.eaaf.core.exceptions; -import java.io.PrintStream; -import java.io.PrintWriter; - /** * An exception occurred evaluating an XPath. * @@ -56,32 +53,4 @@ public class XPathException extends RuntimeException { return wrapped; } - /** - * Print error message. - * - * @see java.lang.Throwable#printStackTrace(java.io.PrintStream) - */ - @Override - public void printStackTrace(final PrintStream s) { - super.printStackTrace(s); - if (getWrapped() != null) { - s.print("Caused by: "); - getWrapped().printStackTrace(s); - } - } - - /** - * Print error message. - * - * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter) - */ - @Override - public void printStackTrace(final PrintWriter s) { - super.printStackTrace(s); - if (getWrapped() != null) { - s.print("Caused by: "); - getWrapped().printStackTrace(s); - } - } - } diff --git a/eaaf_core_utils/checks/spotbugs-exclude.xml b/eaaf_core_utils/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..c1271f91 --- /dev/null +++ b/eaaf_core_utils/checks/spotbugs-exclude.xml @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <!-- bPK requires SHA1 from specification --> + <Class name="at.gv.egiz.eaaf.core.impl.builder.BpkBuilder" /> + <OR> + <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" /> + </OR> + </Match> + <Match> + <Class name="at.gv.egiz.eaaf.core.impl.utils.EaafSerializationUtils" /> + <OR> + <Bug pattern="OBJECT_DESERIALIZATION" /> + </OR> + </Match> + <Match> + <!-- Paths and URLs only loaded from configuration --> + <Class name="at.gv.egiz.eaaf.core.impl.utils.FileUtils" /> + <OR> + <Bug pattern="URLCONNECTION_SSRF_FD" /> + <Bug pattern="PATH_TRAVERSAL_IN" /> + </OR> + </Match> + <Match> + <!-- Paths and URLs only loaded from configuration --> + <Class name="at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils" /> + <OR> + <Bug pattern="URLCONNECTION_SSRF_FD" /> + <Bug pattern="PATH_TRAVERSAL_IN" /> + </OR> + </Match> +</FindBugsFilter>
\ No newline at end of file diff --git a/eaaf_core_utils/pom.xml b/eaaf_core_utils/pom.xml index ca735940..6ca82d9c 100644 --- a/eaaf_core_utils/pom.xml +++ b/eaaf_core_utils/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_utils</artifactId> @@ -39,22 +39,23 @@ <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_api</artifactId> - </dependency> + </dependency> <dependency> <groupId>at.asitplus.hsmfacade</groupId> <artifactId>provider</artifactId> - </dependency> + <scope>provided</scope> + </dependency> <dependency> <groupId>io.grpc</groupId> <artifactId>grpc-core</artifactId> - </dependency> - + <scope>provided</scope> + </dependency> <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-webmvc</artifactId> + <groupId>org.bouncycastle</groupId> + <artifactId>bctls-jdk15to18</artifactId> </dependency> - + <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> @@ -80,7 +81,11 @@ <artifactId>joda-time</artifactId> </dependency> - + <dependency> + <groupId>org.bitbucket.b_c</groupId> + <artifactId>jose4j</artifactId> + <scope>provided</scope> + </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> @@ -93,11 +98,6 @@ </dependency> <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> @@ -111,13 +111,44 @@ <groupId>com.squareup.okhttp3</groupId> <artifactId>mockwebserver</artifactId> <scope>test</scope> + <exclusions> + <exclusion> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>com.squareup.okhttp3</groupId> <artifactId>okhttp-tls</artifactId> <scope>test</scope> + <exclusions> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bctls-jdk15on</artifactId> + </exclusion> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcpkix-jdk15on</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.3</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.junit.vintage</groupId> + <artifactId>junit-vintage-engine</artifactId> + <version>${junit-jupiter-api.version}</version> + </dependency> + <dependency> + <groupId>org.junit.jupiter</groupId> + <artifactId>junit-jupiter-migrationsupport</artifactId> + <version>${junit-jupiter-api.version}</version> </dependency> - </dependencies> <build> @@ -131,49 +162,13 @@ <plugins> <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.7.0</version> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - <executions> - <execution> - <goals> - <goal>compile</goal> - <goal>testCompile</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <version>3.1.0</version> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - - <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + <version>${spotbugs-maven-plugin.version}</version> <configuration> - <threadCount>1</threadCount> + <failOnError>true</failOnError> + <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> </plugin> </plugins> diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/exception/EaafKeyUsageException.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/exception/EaafKeyUsageException.java new file mode 100644 index 00000000..8b4e68a4 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/exception/EaafKeyUsageException.java @@ -0,0 +1,21 @@ +package at.gv.egiz.eaaf.core.exception; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; + +public class EaafKeyUsageException extends EaafException { + + private static final long serialVersionUID = -2641273589744430903L; + + public static final String ERROR_CODE_01 = "internal.key.01"; + + public EaafKeyUsageException(String errorCode, String... params) { + super(errorCode, new Object[] {params}); + + } + + public EaafKeyUsageException(String errorCode, Throwable e, String... params) { + super(errorCode, new Object[] {params}, e); + + } + +} diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/builder/BpkBuilder.java index fed4af32..903aa300 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilder.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/builder/BpkBuilder.java @@ -16,7 +16,7 @@ * works that you distribute must include a readable copy of the "NOTICE" text file. */ -package at.gv.egiz.eaaf.core.impl.idp.auth.builder; +package at.gv.egiz.eaaf.core.impl.builder; import java.security.InvalidKeyException; import java.security.MessageDigest; @@ -27,13 +27,15 @@ import java.text.SimpleDateFormat; import java.util.Date; import java.util.Map.Entry; -import javax.annotation.Nullable; +import javax.annotation.Nonnull; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import org.apache.commons.lang3.StringUtils; +import org.springframework.lang.Nullable; +import org.springframework.util.Assert; import org.springframework.util.Base64Utils; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -51,9 +53,12 @@ import lombok.extern.slf4j.Slf4j; */ @Slf4j public class BpkBuilder { + + private static final String ERROR_CODE_33 = "builder.33"; private static final String ERROR_MSG_WRONG_TARGET_FORMAT = "bPK-target format must be full URI"; + /** * Calculates an area specific unique person-identifier from a baseID. * @@ -86,22 +91,22 @@ public class BpkBuilder { public static Pair<String, String> generateAreaSpecificPersonIdentifier(final String baseID, final String baseIdType, final String targetIdentifier) throws EaafBuilderException { if (StringUtils.isEmpty(baseID)) { - throw new EaafBuilderException("builder.00", new Object[] { "baseID is empty or null" }, + throw new EaafBuilderException(ERROR_CODE_33, new Object[] { "baseID is empty or null" }, "BaseId is empty or null"); } if (StringUtils.isEmpty(baseIdType)) { - throw new EaafBuilderException("builder.00", + throw new EaafBuilderException(ERROR_CODE_33, new Object[] { "the type of baseID is empty or null" }, "Type of baseId is empty or null"); } if (StringUtils.isEmpty(targetIdentifier)) { - throw new EaafBuilderException("builder.00", + throw new EaafBuilderException(ERROR_CODE_33, new Object[] { "SP specific target identifier is empty or null" }, "SP specific target identifier is empty or null"); } - if (baseIdType.equals(EaafConstants.URN_PREFIX_BASEID)) { + if (baseIdType.startsWith(EaafConstants.URN_PREFIX_BASEID)) { log.trace("Find baseID. Starting unique identifier caluclation for this target"); if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_CDID)) { @@ -111,9 +116,10 @@ public class BpkBuilder { } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { log.trace("Calculate wbPK identifier for target: " + targetIdentifier); + String commonBpkTarget = normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier); return Pair.newInstance(calculatebPKwbPK( - baseID + "+" + normalizeBpkTargetIdentifierToCalculationFormat(targetIdentifier)), - normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier)); + baseID + "+" + normalizeBpkTargetIdentifierToBpkCalculationFormat(commonBpkTarget)), + commonBpkTarget); } else if (targetIdentifier.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { log.trace("Calculate eIDAS identifier for target: " + targetIdentifier); @@ -128,7 +134,7 @@ public class BpkBuilder { return buildEidasIdentifer(baseID, baseIdType, cititzenCountryCode, eidasOutboundCountry); } else { - throw new EaafBuilderException("builder.00", + throw new EaafBuilderException(ERROR_CODE_33, new Object[] { "Target identifier: " + targetIdentifier + " is NOT allowed or unknown" }, "Target identifier: " + targetIdentifier + " is NOT allowed or unknown"); } @@ -143,7 +149,7 @@ public class BpkBuilder { } else { log.warn("Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required!"); - throw new EaafBuilderException("builder.00", + throw new EaafBuilderException(ERROR_CODE_33, new Object[] { "Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier + " is required" }, "Get unique identifier for target: " + baseIdType + " but target: " + targetIdentifier @@ -174,7 +180,8 @@ public class BpkBuilder { } - target = normalizeBpkTargetIdentifierToCalculationFormat(target); + target = normalizeBpkTargetIdentifierToBpkCalculationFormat( + normalizeBpkTargetIdentifierToCommonFormat(target)); final String input = "V1::" + target + "::" + bpk + "::" + sdf.format(new Date()); @@ -269,7 +276,7 @@ public class BpkBuilder { } /** - * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, ZVR, and ERSB. + * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK non-X format like, FN, ZVR, and ERSB. * * <p>If the target is not of this types the target will be returned as it is</p> * @@ -277,7 +284,7 @@ public class BpkBuilder { * @return FN, ZVR, ERSB, or targetIdentfier if no normalization is required */ @Nullable - public static String normalizeBpkTargetIdentifierToCalculationFormat(@Nullable String targetIdentifier) { + public static String normalizeBpkTargetIdentifierToNonXFormat(@Nullable String targetIdentifier) { if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_NONE_MAPPER.entrySet()) { if (targetIdentifier.startsWith(mapper.getKey())) { @@ -293,6 +300,54 @@ public class BpkBuilder { } /** + * Normalize wbPK target identifier for XFN, XZVR, and XERSB to bPK calculation format like, FN, VR, and ERJ. + * + * <p>If the target is not of this types the target will be returned as it is</p> + * + * @param targetIdentifier bPK input target + * @return FN, VR, ERJ, or targetIdentfier if no normalization is required + */ + @Nullable + public static String normalizeBpkTargetIdentifierToBpkCalculationFormat(@Nullable String targetIdentifier) { + if (targetIdentifier != null && targetIdentifier.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + for (Entry<String, String> mapper : EaafConstants.URN_WBPK_TARGET_X_TO_CALC_TARGET_MAPPER.entrySet()) { + if (targetIdentifier.startsWith(mapper.getKey())) { + String wbpkTarget = mapper.getValue() + targetIdentifier.substring(mapper.getKey().length()); + log.trace("Find new wbPK target: {}. Replace it by: {}", targetIdentifier, wbpkTarget); + return wbpkTarget; + + } + } + } + + return targetIdentifier; + } + + /** + * Remove prefixes from bPK target identifier and get only the SP specific part. + * + * @param type full qualified bPK target with 'urn:publicid:gv.at:' prefix + * @return SP specific part, or full type if reduction is not supported + */ + @Nonnull + public static String removeBpkTypePrefix(@Nonnull final String type) { + Assert.isTrue(type != null, "bPKType is 'NULL'"); + if (type.startsWith(EaafConstants.URN_PREFIX_WBPK)) { + return type.substring(EaafConstants.URN_PREFIX_WBPK.length()); + + } else if (type.startsWith(EaafConstants.URN_PREFIX_CDID)) { + return type.substring(EaafConstants.URN_PREFIX_CDID.length()); + + } else if (type.startsWith(EaafConstants.URN_PREFIX_EIDAS)) { + return type.substring(EaafConstants.URN_PREFIX_EIDAS.length()); + + } else { + return type; + + } + } + + /** * Builds the eIDAS from the given parameters. * * @param baseId baseID of the citizen @@ -347,7 +402,7 @@ public class BpkBuilder { return hashBase64; } catch (final Exception ex) { - throw new EaafBuilderException("builder.00", new Object[] { "bPK/wbPK", ex.toString() }, + throw new EaafBuilderException(ERROR_CODE_33, new Object[] {ex.toString() }, ex.getMessage(), ex); } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java index e60c326c..623e9d2c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreFactory.java @@ -2,37 +2,46 @@ package at.gv.egiz.eaaf.core.impl.credential; import java.io.IOException; import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.lang.reflect.Constructor; +import java.lang.reflect.Method; import java.security.Key; import java.security.KeyStore; +import java.security.KeyStore.LoadStoreParameter; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Provider; import java.security.Security; +import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.annotation.PostConstruct; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; -import at.asitplus.hsmfacade.provider.HsmFacadeProvider; -import at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; - -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.Resource; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -43,6 +52,7 @@ public class EaafKeyStoreFactory { public static final String CONFIG_PROP_HSM_FACADE_SSLTRUST = "security.hsmfacade.trustedsslcert"; public static final String CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME = "security.hsmfacade.username"; public static final String CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD = "security.hsmfacade.password"; + public static final String CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE = "security.hsmfacade.grpc.deadline"; public static final String ERRORCODE_00 = "internal.keystore.00"; public static final String ERRORCODE_01 = "internal.keystore.01"; @@ -52,10 +62,26 @@ public class EaafKeyStoreFactory { public static final String ERRORCODE_05 = "internal.keystore.05"; public static final String ERRORCODE_06 = "internal.keystore.06"; public static final String ERRORCODE_07 = "internal.keystore.07"; - + public static final String ERRORCODE_10 = "internal.keystore.10"; + public static final String ERRORCODE_11 = "internal.keystore.11"; + + public static final String ERRORCODE_KEY_00 = "internal.key.00"; + + private static final String HSM_FACADE_PROVIDER_CLASS = "at.asitplus.hsmfacade.provider.HsmFacadeProvider"; + private static final String HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS + = "at.asitplus.hsmfacade.provider.RemoteKeyStoreLoadParameter"; + private static final String HSM_FACADE_PROVIDER_METHOD_CONSTRUCT = "getInstance"; + private static final String HSM_FACADE_PROVIDER_METHOD_INIT = "init"; + private static final String HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED = "isInitialized"; + private static final String HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK = "healthcheck"; + private static final String HSM_FACADE_PROVIDER_INIT_ERROR_MSG + = "Has HSM-Facade class supported '{}' method: {}"; private static final String HSM_FACADE_PROVIDER = "HsmFacade"; private static final String HSM_FACADE_KEYSTORE_TYPE = "RemoteKeyStore"; - + private static final String HSM_FACADE_DEFAULT_DEADLINE = "30"; + + public enum HsmFacadeStatus { UP, DOWN, UNKNOWN } + @Autowired private IConfiguration basicConfig; @Autowired @@ -64,6 +90,43 @@ public class EaafKeyStoreFactory { private boolean isHsmFacadeInitialized = false; /** + * Get a new symmetric key based on a {@link SymmetricKeyConfiguration} object. + * + * @param config Symmetric key configuration + * @return {@link Pair} of a new {@link SecretKey} instance and an optional {@link Provider}. + * The {@link SecretKey} is {@link Nonnull}. If the {@link Provider} is not <code>null</code> + * this {@link SecretKey} requires a specific {@link Provider} for {@link Key} operations. + * @throws EaafException In case of a KeyStore initialization error + */ + @Nonnull + public Pair<SecretKey, Provider> buildNewSymmetricKey(SymmetricKeyConfiguration config) throws EaafException { + log.trace("Starting symmetric-key generation based on configuration object ... "); + if (SymmetricKeyType.PASSPHRASE.equals(config.getKeyType())) { + return generatePassPhraseBasedSymmetricKey(config); + + } else if (SymmetricKeyType.HSMFACADE.equals(config.getKeyType())) { + if (isHsmFacadeInitialized) { + return getSymmetricKeyFromHsmFacade(config); + + } else { + log.error("HSMFacade can NOT be used for symmetric Key: {} because {} is not initialized", + config.getFriendlyName()); + throw new EaafConfigurationException(ERRORCODE_00, + new Object[] { config.getFriendlyName() }); + + } + + } else { + log.warn("Symmetric KeyType: {} is unrecognized", config.getKeyType()); + throw new EaafConfigurationException(ERRORCODE_01, + new Object[] { config.getFriendlyName() }); + + } + + + } + + /** * Get a new KeyStore based on a KeyStore configuration-object. * * @param config KeyStore configuration @@ -113,45 +176,168 @@ public class EaafKeyStoreFactory { return isHsmFacadeInitialized; } + + /** + * Get the current status for HSM-Facade interaction. + * + * @return {@link HsmFacadeStatus} to indicate the current status. + */ + public HsmFacadeStatus checkHsmFacadeStatus() { + if (isHsmFacadeInitialized()) { + final Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER); + if (alreadyLoadedProvider != null) { + try { + final Method healthCheck = + alreadyLoadedProvider.getClass().getMethod(HSM_FACADE_PROVIDER_METHOD_HEALTHCHECK, new Class[]{}); + boolean currentHealthStatus = (boolean) healthCheck.invoke(alreadyLoadedProvider); + HsmFacadeStatus status = currentHealthStatus ? HsmFacadeStatus.UP : HsmFacadeStatus.DOWN; + log.trace("Current HSM-Facade status is: {}", status); + return status; + + } catch (final Exception e) { + log.info("Can not determine state of alreay loaded HSM Facade: {} because HealthCheck not support", + alreadyLoadedProvider.getVersion()); + log.debug("Full HSM-Facade health-check exception", e); + return HsmFacadeStatus.UNKNOWN; + + } + + } else { + log.warn("HSM-Facade is marked as 'initialized', but not load as Security-Provider"); + return HsmFacadeStatus.DOWN; + } + + } else { + log.trace("HSM-Facade is not initialized. Set status do 'unknown'"); + return HsmFacadeStatus.UNKNOWN; + + } + } + @PostConstruct private void initialize() throws EaafException { + final Class<?> hsmProviderClazz = getHsmProviderClass(); + if (hsmProviderClazz != null) { + final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST); + final Provider alreadyLoadedProvider = Security.getProvider(HSM_FACADE_PROVIDER); + if (alreadyLoadedProvider != null + && alreadyLoadedProvider.getClass().isAssignableFrom(hsmProviderClazz)) { + log.info("Find already initialized Java SecurityProvider: {}", alreadyLoadedProvider.getName()); + //mark it as initialized if the state can not be determined + boolean isAlreadyInitialized = true; + try { + final Method initializeCheck = + alreadyLoadedProvider.getClass().getMethod(HSM_FACADE_PROVIDER_METHOD_ISINITIALIZED, new Class[]{}); + isAlreadyInitialized = (boolean) initializeCheck.invoke(alreadyLoadedProvider); + + } catch (final Exception e) { + log.warn("Can not determine state of alreay loaded HSM Facade. Mark it as 'initialized'"); + log.debug("HSM Facade check error: {}", e.getMessage()); + + } + isHsmFacadeInitialized = isAlreadyInitialized; + + if (isHsmFacadeInitialized) { + log.info("HSM Facade is already initialized. {} can provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); + + } else { + log.info("HSM Facade is already loaded but not initialized. {} can NOT provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); + + } + + } else if (StringUtils.isNotEmpty(hsmFacadeHost)) { + log.debug("Find host for HSMFacade. Starting crypto provider initialization ... "); + initializeHsmFacadeSecurityProvider(hsmProviderClazz, hsmFacadeHost); - final String hsmFacadeHost = basicConfig.getBasicConfiguration(CONFIG_PROP_HSM_FACADE_HOST); - if (StringUtils.isNotEmpty(hsmFacadeHost)) { - log.debug("Find host for HSMFacade. Starting crypto provider initialization ... "); - try { - final int port = Integer.parseUnsignedInt( - getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT)); - final String clientUsername = - getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); - final String clientPassword = - getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); - - final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); - provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port); - //Security.addProvider(provider); - Security.insertProviderAt(provider, 0); - isHsmFacadeInitialized = true; - log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", + } else { + log.info("HSM Facade is on ClassPath but not configurated. {} can only provide software keystores", EaafKeyStoreFactory.class.getSimpleName()); - } catch (final EaafException e) { - throw e; - - } catch (final Exception e) { - log.error("HSM Facade initialization FAILED with an generic error.", e); - throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); } } else { - log.info("HSM Facade is not configurated. {} can only provide software keystores", + log.info("HSM Facade is not on ClassPath. {} can only provide software keystores", EaafKeyStoreFactory.class.getSimpleName()); } } + private void initializeHsmFacadeSecurityProvider(Class<?> hsmProviderClazz, String hsmFacadeHost) + throws EaafException { + try { + final int port = Integer.parseUnsignedInt( + getConfigurationParameter(CONFIG_PROP_HSM_FACADE_PORT)); + final String clientUsername = + getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME); + final String clientPassword = + getConfigurationParameter(CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD); + final long grpcDeadline = getConfigurationParameterLong(CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + HSM_FACADE_DEFAULT_DEADLINE); + + + //initialize HSM-Facade by using JAVA Reflection, because in that case HSM-Facade + //has not be in ClassPath on every project + final Method constructor = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, new Class[]{}); + final Method initMethod = hsmProviderClazz.getMethod(HSM_FACADE_PROVIDER_METHOD_INIT, + X509Certificate.class, String.class, String.class, String.class, int.class, long.class); + if (initMethod != null && constructor != null) { + final Object rawProvider = constructor.invoke(hsmProviderClazz); + initMethod.invoke( + rawProvider, getHsmFacadeTrustSslCertificate(), + clientUsername, clientPassword, hsmFacadeHost, port, grpcDeadline); + + if (rawProvider instanceof Provider) { + Security.addProvider((Provider) rawProvider); + + isHsmFacadeInitialized = true; + log.info("HSM Facade is initialized. {} can provide KeyStores based on remote HSM", + EaafKeyStoreFactory.class.getSimpleName()); + + } else { + log.warn("Is HSM-Facade class type of 'java.security.Provider': {}", + rawProvider instanceof Provider); + throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); + + } + + } else { + log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, + HSM_FACADE_PROVIDER_METHOD_CONSTRUCT, constructor != null); + log.warn(HSM_FACADE_PROVIDER_INIT_ERROR_MSG, + HSM_FACADE_PROVIDER_METHOD_INIT, initMethod != null); + throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}); + + } + + //final HsmFacadeProvider provider = HsmFacadeProvider.Companion.getInstance(); + //provider.init(getHsmFacadeTrustSslCertificate(), clientUsername, clientPassword, hsmFacadeHost, port); + + } catch (final EaafException e) { + throw e; + + } catch (final Exception e) { + log.error("HSM Facade initialization FAILED with an generic error.", e); + throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); + + } + + } + + private Class<?> getHsmProviderClass() { + try { + return Class.forName(HSM_FACADE_PROVIDER_CLASS); + + } catch (final ClassNotFoundException e1) { + log.debug("No HSM-Facade implemenation in ClassPath. HSM-Facade will not be available"); + return null; + + } + } + @Nonnull private Pair<KeyStore, Provider> getKeyStoreFromFileSystem(KeyStoreConfiguration config) throws EaafConfigurationException, EaafFactoryException { @@ -162,28 +348,41 @@ public class EaafKeyStoreFactory { final String keyStorePassword = checkConfigurationParameter(config.getSoftKeyStorePassword(), ERRORCODE_06, config.getFriendlyName(), "Software-KeyStore missing Password for KeyStore"); - final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig - .getConfigurationRootDirectory()); - final Resource ressource = resourceLoader.getResource(absKeyStorePath); + Resource ressource; + if (config.isSkipMakeAbsolutPaths()) { + log.debug("Use filepath from config: {}", keyStorePath); + ressource = resourceLoader.getResource(keyStorePath); + + } else { + final String absKeyStorePath = FileUtils.makeAbsoluteUrl(keyStorePath, basicConfig + .getConfigurationRootDirectory()); + log.debug("Use filepath from config: {}", absKeyStorePath); + + ressource = resourceLoader.getResource(absKeyStorePath); + + } + if (!ressource.exists()) { - throw new EaafConfigurationException(ERRORCODE_05, + throw new EaafConfigurationException(ERRORCODE_06, new Object[] { config.getFriendlyName(), - "File not found at: " + absKeyStorePath }); + "RessourceLoader does NOT find File at: " + ressource.getURI() }); } final InputStream is = ressource.getInputStream(); - final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword); + final KeyStore keyStore = KeyStoreUtils.loadKeyStore(is, keyStorePassword, config.getKeyStoreType()); is.close(); - if (keyStore == null) { - throw new EaafFactoryException(ERRORCODE_06, - new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); - - } return Pair.newInstance(keyStore, null); - } catch (KeyStoreException | IOException e) { + } catch (final EaafException e) { + throw e; + + } catch (final IOException e) { + throw new EaafFactoryException(ERRORCODE_06, + new Object[] { config.getFriendlyName(), "KeyStore not valid or password wrong" }); + + } catch (final Exception e) { log.error("Software KeyStore initialization FAILED with an generic error.", e); throw new EaafConfigurationException(ERRORCODE_03, new Object[] { e.getMessage() }, e); @@ -193,24 +392,102 @@ public class EaafKeyStoreFactory { @Nonnull private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(KeyStoreConfiguration config) throws EaafFactoryException, EaafConfigurationException { - final String keyStoreName = checkConfigurationParameter(config.getKeyStoreName(), - ERRORCODE_06, config.getFriendlyName(), "KeyStoreName missing for HSM Facade"); + return getKeyStoreFromHsmFacade(config.getKeyStoreName(), config.getFriendlyName()); + + } + + @Nonnull + private Pair<KeyStore, Provider> getKeyStoreFromHsmFacade(String keyStoreName, String friendlyName) + throws EaafFactoryException, EaafConfigurationException { + final String validatedKeyStoreName = checkConfigurationParameter(keyStoreName, + ERRORCODE_06, friendlyName, "KeyStoreName missing for HSM Fac)ade"); try { final KeyStore keyStore = KeyStore.getInstance(HSM_FACADE_KEYSTORE_TYPE, HSM_FACADE_PROVIDER); - keyStore.load(new RemoteKeyStoreLoadParameter(keyStoreName)); + keyStore.load(getHsmFacadeKeyStoreParameter(validatedKeyStoreName)); return Pair.newInstance(keyStore, keyStore.getProvider()); } catch (NoSuchAlgorithmException | CertificateException | IOException | KeyStoreException - | NoSuchProviderException e) { + | NoSuchProviderException | EaafException e) { log.error("Can not initialize KeyStore: {} with reason: {}", - config.getFriendlyName(), e.getMessage()); + friendlyName, e.getMessage()); throw new EaafFactoryException(ERRORCODE_06, - new Object[] { config.getFriendlyName(), e.getMessage() }, e); + new Object[] {friendlyName, e.getMessage() }, e); } } + private KeyStore.LoadStoreParameter getHsmFacadeKeyStoreParameter(String keyStoreName) throws EaafException { + try { + final Class<?> clazz = Class.forName(HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS); + final Constructor<?> constructor = clazz.getConstructor(String.class); + final Object keyStoreParams = constructor.newInstance(keyStoreName); + return (LoadStoreParameter) keyStoreParams; + + } catch (final Exception e) { + log.error("Can NOT build class: {} for HSM-Facade provider", HSM_FACADE_KEYSTORELOADPARAMETERS_CLASS, e); + throw new EaafException(ERRORCODE_10, new Object[] {HSM_FACADE_PROVIDER_CLASS}, e); + + } + + } + + @Nonnull + private Pair<SecretKey, Provider> generatePassPhraseBasedSymmetricKey(SymmetricKeyConfiguration config) + throws EaafConfigurationException { + checkConfigurationParameter(config.getSoftKeyPassphrase(), + ERRORCODE_KEY_00, config.getFriendlyName(), "passphrase missing"); + checkConfigurationParameter(config.getSoftKeySalt(), + ERRORCODE_KEY_00, config.getFriendlyName(), "salt missing"); + + try { + final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA256"); + final KeySpec spec = new PBEKeySpec( + config.getSoftKeyPassphrase().toCharArray(), + config.getSoftKeySalt().getBytes("UTF-8"), + 10000, 128); + return Pair.newInstance(keyFactory.generateSecret(spec), null); + + } catch (NoSuchAlgorithmException | InvalidKeySpecException | UnsupportedEncodingException e) { + log.error("Passphrase based symmetric-key generation FAILED", e); + throw new EaafConfigurationException(ERRORCODE_KEY_00, + new Object[] { config.getFriendlyName(), e.getMessage() }, + e); + + } + } + + @Nonnull + private Pair<SecretKey, Provider> getSymmetricKeyFromHsmFacade(SymmetricKeyConfiguration config) + throws EaafFactoryException, EaafConfigurationException, EaafKeyAccessException { + final Pair<KeyStore, Provider> keyStore = getKeyStoreFromHsmFacade( + config.getKeyStoreName(), config.getFriendlyName()); + + checkConfigurationParameter(config.getKeyAlias(), + ERRORCODE_KEY_00, config.getFriendlyName(), "keyAlias missing"); + + try { + final SecretKey secretKey = (SecretKey) keyStore.getFirst().getKey(config.getKeyAlias(), null); + if (secretKey == null) { + throw new EaafKeyAccessException(EaafKeyAccessException.ERROR_CODE_09, + config.getFriendlyName(), config.getKeyAlias(), "No SecretKey with Alias "); + + } + + return Pair.newInstance(secretKey, keyStore.getSecond()); + + } catch (UnrecoverableKeyException | KeyStoreException | NoSuchAlgorithmException e) { + throw new EaafKeyAccessException(EaafKeyAccessException.ERROR_CODE_09, e, + config.getFriendlyName(), config.getKeyAlias(), e.getMessage()); + + } catch (final ClassCastException e) { + throw new EaafKeyAccessException(EaafKeyAccessException.ERROR_CODE_09, + config.getFriendlyName(), config.getKeyAlias(), "Wrong SecretKey type "); + + } + + } + private X509Certificate getHsmFacadeTrustSslCertificate() throws EaafConfigurationException { try { final String certFilePath = getConfigurationParameter(CONFIG_PROP_HSM_FACADE_SSLTRUST); @@ -241,6 +518,19 @@ public class EaafKeyStoreFactory { } @Nonnull + private Long getConfigurationParameterLong(@Nonnull String configParamKey, String defaultValue) + throws EaafConfigurationException { + try { + return Long.valueOf(basicConfig.getBasicConfiguration(configParamKey, defaultValue)); + + } catch (NumberFormatException e) { + throw new EaafConfigurationException(ERRORCODE_05, new Object[] { configParamKey, e.getMessage()}); + + } + + } + + @Nonnull private String getConfigurationParameter(@Nonnull String configParamKey) throws EaafConfigurationException { return checkConfigurationParameter( diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java index b4b44724..12541222 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/EaafKeyStoreUtils.java @@ -24,13 +24,13 @@ import lombok.extern.slf4j.Slf4j; public class EaafKeyStoreUtils { private static final String ERROR_MSG_REASON = "Maybe 'Alias' is not valid"; private static final String ERROR_MSG_1 = "Can NOT access key: {} in KeyStore: {}. Reason: {}"; - private static final String ERROR_MSG_2 = "Key: {} will be NOT available"; + private static final String ERROR_MSG_2 = "Key: {} will be NOT available"; /** * Read all certificates from a {@link KeyStore}. * * @param keyStore KeyStore with certificates - * @return {@link List} of {@link X509Certificate}, but never null + * @return Unmodifiable {@link List} of {@link X509Certificate}, but never null * @throws KeyStoreException In case of an error during KeyStore operations */ @Nonnull @@ -45,6 +45,7 @@ public class EaafKeyStoreUtils { final Certificate cert = keyStore.getCertificate(el); if (cert != null && cert instanceof X509Certificate) { result.add((X509Certificate) cert); + } else { log.info("Can not process entry: {}. Reason: {}", el, cert != null ? cert.getType() : "cert is null"); } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java index 970efd22..c1a1d917 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/KeyStoreConfiguration.java @@ -4,10 +4,9 @@ import java.util.Map; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; - import org.apache.commons.lang3.StringUtils; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -53,6 +52,12 @@ public class KeyStoreConfiguration { */ private String softKeyStorePassword; + + /** + * Use filePaths as it is and does not make it absolut. + */ + private boolean skipMakeAbsolutPaths = false; + /** * Build a {@link KeyStoreConfiguration} from a configuration map. <br> * <p> diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java new file mode 100644 index 00000000..9477789c --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/credential/SymmetricKeyConfiguration.java @@ -0,0 +1,221 @@ +package at.gv.egiz.eaaf.core.impl.credential; + +import java.util.Map; + +import javax.annotation.Nonnull; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +@Setter +public class SymmetricKeyConfiguration { + + public static final String PROP_CONFIG_KEY_TYPE = + "key.type"; + + public static final String PROP_CONFIG_HSMFACADE_NAME = + "keystore.name"; + public static final String PROP_CONFIG_HSM_KEY_ALIAS = + "key.alias"; + + public static final String PROP_CONFIG_SOFTWARE_KEY_PASSPHRASE = + "key.passphrase"; + public static final String PROP_CONFIG_SOFTWARE_KEY_SALT = + "key.salt"; + + /** + * FriendlyName for this KeyStore. Mainly used for logging. + */ + private String friendlyName; + + /** + * General type of the KeyStore that should be generated. + */ + private SymmetricKeyType keyType; + + /** + * Name of the KeyStore in HSM Facade. + */ + private String keyStoreName; + + /** + * Alias of the Key in HSM Facade keystore. + */ + private String keyAlias; + + /** + * Software key passphrase. + */ + private String softKeyPassphrase; + + /** + * Software key salt. + */ + private String softKeySalt; + + /** + * Build a {@link SymmetricKeyConfiguration} from a configuration map. <br> + * <p> + * The configuration parameters defined in this class are used to load the + * configuration. + * </p> + * + * @param config Configuration + * @param friendlyName FriendlyName for this KeyStore + * @return Configuration object for {@link EaafKeyStoreFactory} + * @throws EaafConfigurationException In case of a configuration error. + */ + public static SymmetricKeyConfiguration buildFromConfigurationMap(Map<String, String> config, + String friendlyName) throws EaafConfigurationException { + + final SymmetricKeyConfiguration internalConfig = new SymmetricKeyConfiguration(); + internalConfig.setFriendlyName(friendlyName); + + final SymmetricKeyType internalKeyStoreType = SymmetricKeyType.fromString( + getConfigurationParameter(config, PROP_CONFIG_KEY_TYPE)); + if (internalKeyStoreType != null) { + internalConfig.setKeyType(internalKeyStoreType); + + } else { + log.error("Symmetric Key-configuration: {} sets an unknown Keytype: {}", + friendlyName, getConfigurationParameter(config, PROP_CONFIG_KEY_TYPE)); + throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01, + new Object[] { friendlyName }); + + } + + if (internalKeyStoreType.equals(SymmetricKeyType.HSMFACADE)) { + log.trace("Set-up HSM-Facade Symmentric-Key ... "); + internalConfig.setKeyStoreName(getConfigurationParameter(config, PROP_CONFIG_HSMFACADE_NAME)); + internalConfig.setKeyAlias(getConfigurationParameter(config, PROP_CONFIG_HSM_KEY_ALIAS)); + + } else { + log.trace("Set-up software passphrase based symmetric key ... "); + internalConfig.setSoftKeyPassphrase(getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEY_PASSPHRASE)); + internalConfig.setSoftKeySalt(getConfigurationParameter(config, PROP_CONFIG_SOFTWARE_KEY_SALT)); + + } + + return internalConfig; + } + + /** + * Set the Type of the symmetric key based on String identifier. + * + * @param keyType String based KeyStore type + * @throws EaafConfigurationException In case of an unknown KeyStore type + */ + public void setKeyType(@Nonnull String keyType) throws EaafConfigurationException { + final SymmetricKeyType internalKeyStoreType = SymmetricKeyType.fromString(keyType); + if (internalKeyStoreType != null) { + setKeyType(internalKeyStoreType); + + } else { + log.error("KeyStore: {} sets an unknown KeyStore type: {}", + friendlyName, keyType); + throw new EaafConfigurationException(EaafKeyStoreFactory.ERRORCODE_01, + new Object[] { friendlyName }); + + } + + } + + /** + * Set the Type of the symmetric Key based on String identifier. + * + * @param type of tke symmetric key + */ + public void setKeyType(@Nonnull SymmetricKeyType type) { + this.keyType = type; + + } + + /** + * Validate the internal state of this configuration object. + * + * @throws EaafConfigurationException In case of a configuration error + */ + public void validate() throws EaafConfigurationException { + if (SymmetricKeyType.HSMFACADE.equals(keyType)) { + log.trace("Validate HSM-Facade symmetric key ... "); + checkConfigurationValue(keyStoreName, EaafKeyStoreFactory.ERRORCODE_07, + friendlyName, "Missing 'KeyStoreName' for HSM-Facade"); + checkConfigurationValue(keyAlias, EaafKeyStoreFactory.ERRORCODE_07, + friendlyName, "Missing 'KeyAlias' for HSM-Facade"); + + } else { + log.trace("Validate passphrase based symmetric key ... "); + checkConfigurationValue(softKeyPassphrase, EaafKeyStoreFactory.ERRORCODE_07, + friendlyName, "Missing 'passphrase' for symmetric-key generation"); + checkConfigurationValue(softKeySalt, EaafKeyStoreFactory.ERRORCODE_07, + friendlyName, "Missing 'salt' for symmetric-key generation"); + + } + } + + public enum SymmetricKeyType { + PASSPHRASE("passphrase"), HSMFACADE("hsmfacade"); + + private final String keyType; + + SymmetricKeyType(final String keyStoreType) { + this.keyType = keyStoreType; + } + + /** + * Get Type of this Key. + * + * @return + */ + public String getKeyType() { + return this.keyType; + } + + /** + * Get KeyType from String representation. + * + * @param s Config parameter + * @return + */ + public static SymmetricKeyType fromString(final String s) { + try { + return SymmetricKeyType.valueOf(s.toUpperCase()); + + } catch (IllegalArgumentException | NullPointerException e) { + return null; + } + } + + @Override + public String toString() { + return getKeyType(); + + } + } + + @Nonnull + private static String getConfigurationParameter(@Nonnull Map<String, String> config, + @Nonnull String configParamKey) + throws EaafConfigurationException { + final String configValue = config.get(configParamKey); + checkConfigurationValue(configValue, EaafKeyStoreFactory.ERRORCODE_04, configParamKey); + return configValue; + + } + + private static void checkConfigurationValue(String configValue, String errorCode, String... params) + throws EaafConfigurationException { + if (StringUtils.isEmpty(configValue)) { + throw new EaafConfigurationException(errorCode, + params); + + } + + } +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafHttpRequestRetryHandler.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafHttpRequestRetryHandler.java new file mode 100644 index 00000000..3aa908e8 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafHttpRequestRetryHandler.java @@ -0,0 +1,33 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import java.net.UnknownHostException; +import java.util.Arrays; + +import javax.net.ssl.SSLException; + +import org.apache.http.client.HttpRequestRetryHandler; +import org.apache.http.impl.client.DefaultHttpRequestRetryHandler; + +public class EaafHttpRequestRetryHandler extends DefaultHttpRequestRetryHandler implements + HttpRequestRetryHandler { + + /** + * Create the request retry handler using the following list of non-retriable. + * IOException classes: <br> + * <ul> + * <li>UnknownHostException</li> + * <li>SSLException</li> + * </ul> + * + * @param retryCount how many times to retry; 0 means no retries + * @param requestSentRetryEnabled true if it's OK to retry non-idempotent + * requests that have been sent + */ + public EaafHttpRequestRetryHandler(final int retryCount, final boolean requestSentRetryEnabled) { + super(retryCount, requestSentRetryEnabled, Arrays.asList( + UnknownHostException.class, + SSLException.class)); + + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslContextBuilder.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslContextBuilder.java new file mode 100644 index 00000000..1cd739de --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslContextBuilder.java @@ -0,0 +1,433 @@ +package at.gv.egiz.eaaf.core.impl.http; + +import java.net.Socket; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.Provider; +import java.security.SecureRandom; +import java.security.Security; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Set; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509ExtendedKeyManager; +import javax.net.ssl.X509TrustManager; + +import org.apache.http.ssl.PrivateKeyDetails; +import org.apache.http.ssl.PrivateKeyStrategy; +import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.TrustStrategy; +import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider; + +/** + * Fork of {@link SSLContextBuilder} that uses JSSE provider to get TrustManager. + * + * <p>This implementation fix an incompatibility between {@link BouncyCastleJsseProvider} and JAVA JDK >= v9</p> + * + * @author tlenz + * + */ +public class EaafSslContextBuilder { + + static final String TLS = "TLS"; + + private String protocol; + private final Set<KeyManager> keyManagers; + private String keyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm(); + private String keyStoreType = KeyStore.getDefaultType(); + private final Set<TrustManager> trustManagers; + private String trustManagerFactoryAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); + private SecureRandom secureRandom; + private Provider provider; + + public static EaafSslContextBuilder create() { + return new EaafSslContextBuilder(); + } + + /** + * Get a new SSLContext builder object. + */ + public EaafSslContextBuilder() { + super(); + this.keyManagers = new LinkedHashSet<>(); + this.trustManagers = new LinkedHashSet<>(); + } + + /** + * Sets the SSLContext protocol algorithm name. + * + * @param protocol the SSLContext protocol algorithm name of the requested + * protocol. See the SSLContext section in the <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext">Java + * Cryptography Architecture Standard Algorithm Name + * Documentation</a> for more information. + * @return this builder + * @see <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext">Java + * Cryptography Architecture Standard Algorithm Name Documentation</a> + * @deprecated Use {@link #setProtocol(String)}. + */ + @Deprecated + public EaafSslContextBuilder useProtocol(final String protocol) { + this.protocol = protocol; + return this; + } + + /** + * Sets the SSLContext protocol algorithm name. + * + * @param protocol the SSLContext protocol algorithm name of the requested + * protocol. See the SSLContext section in the <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext">Java + * Cryptography Architecture Standard Algorithm Name + * Documentation</a> for more information. + * @return this builder + * @see <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext">Java + * Cryptography Architecture Standard Algorithm Name Documentation</a> + * @since 4.4.7 + */ + public EaafSslContextBuilder setProtocol(final String protocol) { + this.protocol = protocol; + return this; + } + + public EaafSslContextBuilder setSecureRandom(final SecureRandom secureRandom) { + this.secureRandom = secureRandom; + return this; + } + + public EaafSslContextBuilder setProvider(final Provider provider) { + this.provider = provider; + return this; + } + + public EaafSslContextBuilder setProvider(final String name) { + this.provider = Security.getProvider(name); + return this; + } + + /** + * Sets the key store type. + * + * @param keyStoreType the SSLkey store type. See the KeyStore section in the + * <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore">Java + * Cryptography Architecture Standard Algorithm Name + * Documentation</a> for more information. + * @return this builder + * @see <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore">Java + * Cryptography Architecture Standard Algorithm Name Documentation</a> + * @since 4.4.7 + */ + public EaafSslContextBuilder setKeyStoreType(final String keyStoreType) { + this.keyStoreType = keyStoreType; + return this; + } + + /** + * Sets the key manager factory algorithm name. + * + * @param keyManagerFactoryAlgorithm the key manager factory algorithm name of + * the requested protocol. See the + * KeyManagerFactory section in the <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyManagerFactory">Java + * Cryptography Architecture Standard + * Algorithm Name Documentation</a> for more + * information. + * @return this builder + * @see <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyManagerFactory">Java + * Cryptography Architecture Standard Algorithm Name Documentation</a> + * @since 4.4.7 + */ + public EaafSslContextBuilder setKeyManagerFactoryAlgorithm(final String keyManagerFactoryAlgorithm) { + this.keyManagerFactoryAlgorithm = keyManagerFactoryAlgorithm; + return this; + } + + /** + * Sets the trust manager factory algorithm name. + * + * @param trustManagerFactoryAlgorithm the trust manager algorithm name of the + * requested protocol. See the + * TrustManagerFactory section in the + * <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#TrustManagerFactory">Java + * Cryptography Architecture Standard + * Algorithm Name Documentation</a> for more + * information. + * @return this builder + * @see <a href= + * "https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#TrustManagerFactory">Java + * Cryptography Architecture Standard Algorithm Name Documentation</a> + * @since 4.4.7 + */ + public EaafSslContextBuilder setTrustManagerFactoryAlgorithm(final String trustManagerFactoryAlgorithm) { + this.trustManagerFactoryAlgorithm = trustManagerFactoryAlgorithm; + return this; + } + + /** + * Load custom truststore. + * + * @param truststore {@link KeyStore} if trusted certificates + * @param trustStrategy Trust validation strategy + * @return {@link EaafSslContextBuilder} + * @throws NoSuchAlgorithmException In case of an invalid TrustManager algorithm + * @throws KeyStoreException In case of an invalid KeyStore + */ + public EaafSslContextBuilder loadTrustMaterial( + final KeyStore truststore, + final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException { + + final String alg = trustManagerFactoryAlgorithm == null + ? TrustManagerFactory.getDefaultAlgorithm() + : trustManagerFactoryAlgorithm; + + final TrustManagerFactory tmfactory = provider != null + ? TrustManagerFactory.getInstance(alg, provider) + : TrustManagerFactory.getInstance(alg); + tmfactory.init(truststore); + final TrustManager[] tms = tmfactory.getTrustManagers(); + if (tms != null) { + if (trustStrategy != null) { + for (int i = 0; i < tms.length; i++) { + final TrustManager tm = tms[i]; + if (tm instanceof X509TrustManager) { + tms[i] = new TrustManagerDelegate((X509TrustManager) tm, trustStrategy); + } + } + } + Collections.addAll(this.trustManagers, tms); + } + return this; + } + + public EaafSslContextBuilder loadTrustMaterial( + final TrustStrategy trustStrategy) throws NoSuchAlgorithmException, KeyStoreException { + return loadTrustMaterial(null, trustStrategy); + } + + + /** + * Load SSL client-authentication key-material into SSL context. + * + * @param keystore {@link KeyStore} for SSL client-authentication + * @param keyPassword Password for this keystore + * @param aliasStrategy Stategy to select keys by alias + * @return {@link EaafSslContextBuilder} + * @throws NoSuchAlgorithmException In case of an invalid KeyManagerFactory algorithm + * @throws KeyStoreException In case of an invalid KeyStore + * @throws UnrecoverableKeyException In case of a invalid Key in this KeyStore + */ + public EaafSslContextBuilder loadKeyMaterial( + final KeyStore keystore, + final char[] keyPassword, + final PrivateKeyStrategy aliasStrategy) + throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException { + final KeyManagerFactory kmfactory = KeyManagerFactory + .getInstance(keyManagerFactoryAlgorithm == null ? KeyManagerFactory.getDefaultAlgorithm() + : keyManagerFactoryAlgorithm); + kmfactory.init(keystore, keyPassword); + final KeyManager[] kms = kmfactory.getKeyManagers(); + if (kms != null) { + if (aliasStrategy != null) { + for (int i = 0; i < kms.length; i++) { + final KeyManager km = kms[i]; + if (km instanceof X509ExtendedKeyManager) { + kms[i] = new KeyManagerDelegate((X509ExtendedKeyManager) km, aliasStrategy); + } + } + } + Collections.addAll(keyManagers, kms); + } + return this; + } + + public EaafSslContextBuilder loadKeyMaterial( + final KeyStore keystore, + final char[] keyPassword) throws NoSuchAlgorithmException, KeyStoreException, + UnrecoverableKeyException { + return loadKeyMaterial(keystore, keyPassword, null); + } + + protected void initSslContext( + final SSLContext sslContext, + final Collection<KeyManager> keyManagers, + final Collection<TrustManager> trustManagers, + final SecureRandom secureRandom) throws KeyManagementException { + sslContext.init( + !keyManagers.isEmpty() ? keyManagers.toArray(new KeyManager[keyManagers.size()]) : null, + !trustManagers.isEmpty() ? trustManagers.toArray(new TrustManager[trustManagers.size()]) : null, + secureRandom); + } + + /** + * Build a {@link SSLContext} from this builder. + * + * @return new {@link SSLContext} + * @throws NoSuchAlgorithmException In case of an unknown SSL protocol + * @throws KeyManagementException In case of a key-access error + */ + public SSLContext build() throws NoSuchAlgorithmException, KeyManagementException { + final SSLContext sslContext; + final String protocolStr = this.protocol != null ? this.protocol : TLS; + if (this.provider != null) { + sslContext = SSLContext.getInstance(protocolStr, this.provider); + } else { + sslContext = SSLContext.getInstance(protocolStr); + } + initSslContext(sslContext, keyManagers, trustManagers, secureRandom); + return sslContext; + } + + static class TrustManagerDelegate implements X509TrustManager { + + private final X509TrustManager trustManager; + private final TrustStrategy trustStrategy; + + TrustManagerDelegate(final X509TrustManager trustManager, final TrustStrategy trustStrategy) { + super(); + this.trustManager = trustManager; + this.trustStrategy = trustStrategy; + } + + @Override + public void checkClientTrusted( + final X509Certificate[] chain, final String authType) throws CertificateException { + this.trustManager.checkClientTrusted(chain, authType); + } + + @Override + public void checkServerTrusted( + final X509Certificate[] chain, final String authType) throws CertificateException { + if (!this.trustStrategy.isTrusted(chain, authType)) { + this.trustManager.checkServerTrusted(chain, authType); + } + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return this.trustManager.getAcceptedIssuers(); + } + + } + + static class KeyManagerDelegate extends X509ExtendedKeyManager { + + private final X509ExtendedKeyManager keyManager; + private final PrivateKeyStrategy aliasStrategy; + + KeyManagerDelegate(final X509ExtendedKeyManager keyManager, final PrivateKeyStrategy aliasStrategy) { + super(); + this.keyManager = keyManager; + this.aliasStrategy = aliasStrategy; + } + + @Override + public String[] getClientAliases( + final String keyType, final Principal[] issuers) { + return this.keyManager.getClientAliases(keyType, issuers); + } + + public Map<String, PrivateKeyDetails> getClientAliasMap( + final String[] keyTypes, final Principal[] issuers) { + final Map<String, PrivateKeyDetails> validAliases = new HashMap<>(); + for (final String keyType : keyTypes) { + final String[] aliases = this.keyManager.getClientAliases(keyType, issuers); + if (aliases != null) { + for (final String alias : aliases) { + validAliases.put(alias, + new PrivateKeyDetails(keyType, this.keyManager.getCertificateChain(alias))); + } + } + } + return validAliases; + } + + public Map<String, PrivateKeyDetails> getServerAliasMap( + final String keyType, final Principal[] issuers) { + final Map<String, PrivateKeyDetails> validAliases = new HashMap<>(); + final String[] aliases = this.keyManager.getServerAliases(keyType, issuers); + if (aliases != null) { + for (final String alias : aliases) { + validAliases.put(alias, + new PrivateKeyDetails(keyType, this.keyManager.getCertificateChain(alias))); + } + } + return validAliases; + } + + @Override + public String chooseClientAlias( + final String[] keyTypes, final Principal[] issuers, final Socket socket) { + final Map<String, PrivateKeyDetails> validAliases = getClientAliasMap(keyTypes, issuers); + return this.aliasStrategy.chooseAlias(validAliases, socket); + } + + @Override + public String[] getServerAliases( + final String keyType, final Principal[] issuers) { + return this.keyManager.getServerAliases(keyType, issuers); + } + + @Override + public String chooseServerAlias( + final String keyType, final Principal[] issuers, final Socket socket) { + final Map<String, PrivateKeyDetails> validAliases = getServerAliasMap(keyType, issuers); + return this.aliasStrategy.chooseAlias(validAliases, socket); + } + + @Override + public X509Certificate[] getCertificateChain(final String alias) { + return this.keyManager.getCertificateChain(alias); + } + + @Override + public PrivateKey getPrivateKey(final String alias) { + return this.keyManager.getPrivateKey(alias); + } + + @Override + public String chooseEngineClientAlias( + final String[] keyTypes, final Principal[] issuers, final SSLEngine sslEngine) { + final Map<String, PrivateKeyDetails> validAliases = getClientAliasMap(keyTypes, issuers); + return this.aliasStrategy.chooseAlias(validAliases, null); + } + + @Override + public String chooseEngineServerAlias( + final String keyType, final Principal[] issuers, final SSLEngine sslEngine) { + final Map<String, PrivateKeyDetails> validAliases = getServerAliasMap(keyType, issuers); + return this.aliasStrategy.chooseAlias(validAliases, null); + } + + } + + @Override + public String toString() { + return "[provider=" + provider + ", protocol=" + protocol + ", keyStoreType=" + keyStoreType + + ", keyManagerFactoryAlgorithm=" + keyManagerFactoryAlgorithm + ", keyManagers=" + keyManagers + + ", trustManagerFactoryAlgorithm=" + trustManagerFactoryAlgorithm + ", trustManagers=" + + trustManagers + + ", secureRandom=" + secureRandom + "]"; + } +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java index 1e1e2137..d2377d69 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/EaafSslKeySelectionStrategy.java @@ -33,18 +33,23 @@ public class EaafSslKeySelectionStrategy implements PrivateKeyStrategy { @Override public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) { log.trace("Selection SSL client-auth key for alias: {}", keyAlias); + if (aliases.keySet().isEmpty()) { + log.debug("No Key with Alias: {} in empty KeyStore", keyAlias); + return null; + + } + final PrivateKeyDetails selected = aliases.get(keyAlias); if (selected != null) { log.trace("Select SL client-auth key with type:", selected.getType()); return keyAlias; - } else { + } else { log.warn("KeyStore contains NO key with alias: {}. Using first key from keystore", keyAlias); log.info("Available aliases: {}", StringUtils.join(aliases.keySet(), ", ")); return aliases.keySet().iterator().next(); - + } - } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java index 582ad545..9239d0c5 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientConfiguration.java @@ -5,11 +5,12 @@ import java.util.UUID; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; - import org.apache.commons.lang3.StringUtils; +import org.apache.http.client.ServiceUnavailableRetryStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import lombok.Getter; import lombok.Setter; import lombok.extern.slf4j.Slf4j; @@ -56,7 +57,17 @@ public class HttpClientConfiguration { @Setter private boolean followHttpRedirects = true; + + @Setter + private int httpErrorRetryCount = 3; + + @Setter + private boolean httpErrorRetryPost = false; + @Setter + private ServiceUnavailableRetryStrategy serviceUnavailStrategy = null; + + /** * Get a new HTTP-client configuration object. * @@ -117,7 +128,9 @@ public class HttpClientConfiguration { } - if (StringUtils.isEmpty(this.sslKeyPassword)) { + if (StringUtils.isEmpty(this.sslKeyPassword) + && (KeyStoreType.JKS.equals(keyStoreConfig.getKeyStoreType()) + || KeyStoreType.PKCS12.equals(keyStoreConfig.getKeyStoreType()))) { throw new EaafConfigurationException(ERROR_02, new Object[] { this.friendlyName, this.keyStoreConfig.getFriendlyName()}); @@ -187,5 +200,4 @@ public class HttpClientConfiguration { } } - } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java index 00d5891a..07522b56 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpClientFactory.java @@ -1,8 +1,11 @@ package at.gv.egiz.eaaf.core.impl.http; import java.security.KeyStore; +import java.security.Provider; import java.util.HashMap; import java.util.Map; +import java.util.Map.Entry; +import java.util.concurrent.TimeUnit; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; @@ -22,6 +25,7 @@ import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.config.Registry; import org.apache.http.config.RegistryBuilder; import org.apache.http.config.SocketConfig; +import org.apache.http.conn.HttpClientConnectionManager; import org.apache.http.conn.socket.ConnectionSocketFactory; import org.apache.http.conn.socket.LayeredConnectionSocketFactory; import org.apache.http.conn.socket.PlainConnectionSocketFactory; @@ -32,16 +36,19 @@ import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.DefaultRedirectStrategy; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.conn.BasicHttpClientConnectionManager; import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; import org.apache.http.protocol.HttpContext; import org.apache.http.ssl.SSLContexts; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.scheduling.annotation.Scheduled; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -64,6 +71,10 @@ public class HttpClientFactory implements IHttpClientFactory { "client.http.connection.timeout.connection"; public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "client.http.connection.timeout.request"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT = + "client.http.connection.retry.count"; + public static final String PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST = + "client.http.connection.retry.post"; public static final String PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL = "client.http.ssl.hostnameverifier.trustall"; @@ -89,9 +100,16 @@ public class HttpClientFactory implements IHttpClientFactory { public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_REQUEST = "30"; public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL = "500"; public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE = "100"; + public static final String DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT = "3"; + public static final String DEFAUTL_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST = String.valueOf(false); + public static final int DEFAULT_CLEANUP_RUNNER_TIME = 30000; + public static final int DEFAULT_CLEANUP_IDLE_TIME = 60; + + private String defaultConfigurationId = null; - private final Map<String, HttpClientBuilder> availableBuilders = new HashMap<>(); + private final Map<String, Pair<HttpClientBuilder, HttpClientConnectionManager>> + availableBuilders = new HashMap<>(); /* * (non-Javadoc) @@ -106,7 +124,7 @@ public class HttpClientFactory implements IHttpClientFactory { @Override public CloseableHttpClient getHttpClient(final boolean followRedirects) { - return availableBuilders.get(defaultConfigurationId).setRedirectStrategy( + return availableBuilders.get(defaultConfigurationId).getFirst().setRedirectStrategy( buildRedirectStrategy(followRedirects)).build(); } @@ -116,27 +134,31 @@ public class HttpClientFactory implements IHttpClientFactory { log.trace("Build http client for: {}", config.getFriendlyName()); HttpClientBuilder builder = null; if (availableBuilders.containsKey(config.getUuid())) { - builder = availableBuilders.get(config.getUuid()); + builder = availableBuilders.get(config.getUuid()).getFirst(); } else { log.debug("Initialize new http-client builder for: {}", config.getFriendlyName()); - //validate configuration object + // validate configuration object config.validate(); builder = HttpClients.custom(); + + // inject request configuration builder.setDefaultRequestConfig(buildDefaultRequestConfig()); + injectInternalRetryHandler(builder, config); - //inject basic authentication infos + // inject basic authentication infos injectBasicAuthenticationIfRequired(builder, config); - //inject authentication if required + // inject authentication if required final LayeredConnectionSocketFactory sslConnectionFactory = getSslContext(config); // set pool connection if required - injectDefaultConnectionPoolIfRequired(builder, sslConnectionFactory); + HttpClientConnectionManager connectionManager + = injectConnectionManager(builder, sslConnectionFactory); - availableBuilders.put(config.getUuid(), builder); + availableBuilders.put(config.getUuid(), Pair.newInstance(builder, connectionManager)); } @@ -145,6 +167,47 @@ public class HttpClientFactory implements IHttpClientFactory { } + /** + * Worker that closes expired connections or connections that in idle + * for more than DEFAULT_CLEANUP_IDLE_TIME seconds. + * + */ + @Scheduled(fixedDelay = DEFAULT_CLEANUP_RUNNER_TIME) + private void httpConnectionPoolCleaner() { + log.trace("Starting http connection-pool eviction policy ... "); + for (final Entry<String, Pair<HttpClientBuilder, HttpClientConnectionManager>> el + : availableBuilders.entrySet()) { + log.trace("Checking connections of http-client: {}", el.getKey()); + el.getValue().getSecond().closeExpiredConnections(); + el.getValue().getSecond().closeIdleConnections(DEFAULT_CLEANUP_IDLE_TIME, TimeUnit.SECONDS); + + } + + } + + private void injectInternalRetryHandler(HttpClientBuilder builder, HttpClientConfiguration config) { + if (config.getHttpErrorRetryCount() > 0) { + log.info("Set HTTP error-retry to {} for http-client: {}", + config.getHttpErrorRetryCount(), config.getFriendlyName()); + builder.setRetryHandler(new EaafHttpRequestRetryHandler( + config.getHttpErrorRetryCount(), + config.isHttpErrorRetryPost())); + + if (config.getServiceUnavailStrategy() != null) { + log.debug("HttpClient configuration: {} set custom ServiceUnavailableRetryStrategy: {}", + config.getFriendlyName(), config.getServiceUnavailStrategy().getClass().getName()); + builder.setServiceUnavailableRetryStrategy(config.getServiceUnavailStrategy()); + + } + + } else { + log.info("Disable HTTP error-retry for http-client: {}", config.getFriendlyName()); + builder.disableAutomaticRetries(); + + } + + } + @PostConstruct private void initalize() throws EaafException { final HttpClientConfiguration defaultHttpClientConfig = buildDefaultHttpClientConfiguration(); @@ -155,8 +218,9 @@ public class HttpClientFactory implements IHttpClientFactory { // set default request configuration defaultHttpClientBuilder.setDefaultRequestConfig(buildDefaultRequestConfig()); + injectInternalRetryHandler(defaultHttpClientBuilder, defaultHttpClientConfig); - //inject http basic authentication + // inject http basic authentication injectBasicAuthenticationIfRequired(defaultHttpClientBuilder, defaultHttpClientConfig); // inject authentication if required @@ -164,11 +228,13 @@ public class HttpClientFactory implements IHttpClientFactory { getSslContext(defaultHttpClientConfig); // set pool connection if required - injectDefaultConnectionPoolIfRequired(defaultHttpClientBuilder, sslConnectionFactory); + HttpClientConnectionManager connectionManager + = injectConnectionManager(defaultHttpClientBuilder, sslConnectionFactory); - //set default http client builder + // set default http client builder defaultConfigurationId = defaultHttpClientConfig.getUuid(); - availableBuilders.put(defaultConfigurationId, defaultHttpClientBuilder); + availableBuilders.put(defaultConfigurationId, + Pair.newInstance(defaultHttpClientBuilder, connectionManager)); } @@ -203,6 +269,13 @@ public class HttpClientFactory implements IHttpClientFactory { config.setDisableHostnameValidation(basicConfig.getBasicConfigurationBoolean( PROP_CONFIG_CLIENT_HTTP_SSL_HOSTNAMEVERIFIER_TRUSTALL, false)); + config.setHttpErrorRetryCount(Integer.parseInt(basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT, + DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_COUNT))); + config.setHttpErrorRetryPost(Boolean.parseBoolean(basicConfig.getBasicConfiguration( + PROP_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST, + DEFAUTL_CONFIG_CLIENT_HTTP_CONNECTION_RETRY_POST))); + // validate configuration object config.validate(); @@ -237,8 +310,8 @@ public class HttpClientFactory implements IHttpClientFactory { SSLContext sslContext = null; if (httpClientConfig.getAuthMode().equals(HttpClientConfiguration.ClientAuthMode.SSL)) { log.debug("Open keyStore with type: {}", httpClientConfig.getKeyStoreConfig().getKeyStoreType()); - final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig.getKeyStoreConfig()) - .getFirst(); + final Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(httpClientConfig + .getKeyStoreConfig()); log.trace("Injecting SSL client-authentication into http client ... "); sslContext = HttpUtils.buildSslContextWithSslClientAuthentication(keyStore, @@ -248,7 +321,7 @@ public class HttpClientFactory implements IHttpClientFactory { } else { log.trace("Initializing default SSL Context ... "); sslContext = SSLContexts.createDefault(); - + } // set hostname verifier @@ -266,48 +339,37 @@ public class HttpClientFactory implements IHttpClientFactory { } - private void injectDefaultConnectionPoolIfRequired( + @Nonnull + private HttpClientConnectionManager injectConnectionManager( HttpClientBuilder builder, final LayeredConnectionSocketFactory sslConnectionFactory) { if (basicConfig.getBasicConfigurationBoolean(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_USE, true)) { - PoolingHttpClientConnectionManager pool; - - // set socketFactoryRegistry if SSLConnectionFactory is Set - if (sslConnectionFactory != null) { - final Registry<ConnectionSocketFactory> socketFactoryRegistry = - RegistryBuilder.<ConnectionSocketFactory>create() - .register("http", PlainConnectionSocketFactory.getSocketFactory()) - .register("https", sslConnectionFactory).build(); - log.trace("Inject SSLSocketFactory into pooled connection"); - pool = new PoolingHttpClientConnectionManager(socketFactoryRegistry); - - } else { - pool = new PoolingHttpClientConnectionManager(); - - } - - pool.setDefaultMaxPerRoute(Integer.parseInt( + PoolingHttpClientConnectionManager connectionPool + = new PoolingHttpClientConnectionManager(getDefaultRegistry(sslConnectionFactory)); + connectionPool.setDefaultMaxPerRoute(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXPERROUTE))); - pool.setMaxTotal(Integer.parseInt( + connectionPool.setMaxTotal(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_POOL_MAXTOTAL))); - - pool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt( + connectionPool.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) * 1000).build()); + builder.setConnectionManager(connectionPool); + log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", + connectionPool.getMaxTotal(), connectionPool.getDefaultMaxPerRoute()); + return connectionPool; + + } else { + log.debug("Building http-client without Connection-Pool ... "); + final BasicHttpClientConnectionManager basicPool = new BasicHttpClientConnectionManager( + getDefaultRegistry(sslConnectionFactory)); + builder.setConnectionManager(basicPool); + return basicPool; - builder.setConnectionManager(pool); - log.debug("Initalize http-client pool with, maxTotal: {} maxPerRoute: {}", pool.getMaxTotal(), - pool.getDefaultMaxPerRoute()); - - } else if (sslConnectionFactory != null) { - log.trace("Inject SSLSocketFactory without connection pool"); - builder.setSSLSocketFactory(sslConnectionFactory); - } - + } private RequestConfig buildDefaultRequestConfig() { @@ -323,7 +385,7 @@ public class HttpClientFactory implements IHttpClientFactory { .setSocketTimeout(Integer.parseInt( basicConfig.getBasicConfiguration(PROP_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET, DEFAULT_CONFIG_CLIENT_HTTP_CONNECTION_TIMEOUT_SOCKET)) - * 1000) + * 1000) .build(); return requestConfig; @@ -350,5 +412,25 @@ public class HttpClientFactory implements IHttpClientFactory { return redirectStrategy; } + + private static Registry<ConnectionSocketFactory> getDefaultRegistry( + final LayeredConnectionSocketFactory sslConnectionFactory) { + final RegistryBuilder<ConnectionSocketFactory> builder = + RegistryBuilder.<ConnectionSocketFactory>create() + .register("http", PlainConnectionSocketFactory.getSocketFactory()); + + if (sslConnectionFactory != null) { + log.trace("Inject own SSLSocketFactory into pooled connection"); + builder.register("https", sslConnectionFactory); + + } else { + log.trace("Inject default SSLSocketFactory into pooled connection"); + builder.register("https", SSLConnectionSocketFactory.getSocketFactory()); + + } + + return builder.build(); + + } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java index 2d514912..dd6f69ee 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/HttpUtils.java @@ -18,10 +18,14 @@ package at.gv.egiz.eaaf.core.impl.http; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.Provider; import java.security.UnrecoverableKeyException; import javax.annotation.Nonnull; @@ -29,22 +33,67 @@ import javax.annotation.Nullable; import javax.net.ssl.SSLContext; import javax.servlet.http.HttpServletRequest; -import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; - import org.apache.commons.lang3.StringUtils; +import org.apache.http.HttpRequest; +import org.apache.http.HttpResponse; +import org.apache.http.StatusLine; +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.ResponseHandler; import org.apache.http.conn.ssl.TrustAllStrategy; -import org.apache.http.ssl.SSLContextBuilder; -import org.apache.http.ssl.SSLContexts; +import org.apache.http.entity.ContentType; import org.apache.http.ssl.TrustStrategy; +import org.apache.http.util.EntityUtils; +import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; +import lombok.NonNull; import lombok.extern.slf4j.Slf4j; @Slf4j public class HttpUtils { private static final String ERROR_03 = "internal.httpclient.03"; + + /** + * Simple Http response-handler that only give http status-code as result. + * + * @return Status-Code of http response + */ + public static ResponseHandler<StatusLine> simpleStatusCodeResponseHandler() { + return new ResponseHandler<StatusLine>() { + @Override + public StatusLine handleResponse(HttpResponse response) throws ClientProtocolException, IOException { + EntityUtils.consumeQuietly(response.getEntity()); + return response.getStatusLine(); + } + }; + } + + /** + * Http response-handler that gives a pair of http status-code, + * a copy of the full http-body as {@link InputStream} and the response {@link ContentType}. + * + * @return {@link Triple} of http response {@link StatusLine}, http body as {@link InputStream}, + * and {@link ContentType} + */ + public static ResponseHandler<Triple<StatusLine, ByteArrayInputStream, ContentType>> + bodyStatusCodeResponseHandler() { + return new ResponseHandler<Triple<StatusLine, ByteArrayInputStream, ContentType>>() { + @Override + public Triple<StatusLine, ByteArrayInputStream, ContentType> handleResponse(HttpResponse response) + throws ClientProtocolException, IOException { + byte[] bodyBytes = EntityUtils.toByteArray(response.getEntity()); + return Triple.newInstance(response.getStatusLine(), new ByteArrayInputStream(bodyBytes), + ContentType.getOrDefault(response.getEntity())); + + } + }; + } + /** * Helper method to retrieve server URL including context path. * @@ -124,7 +173,7 @@ public class HttpUtils { * @param url URL * @param paramname Name of the parameter. * @param paramvalue Value of the parameter. - * @return + * @return Url with parameter */ public static String addUrlParameter(final String url, final String paramname, final String paramvalue) { @@ -137,6 +186,23 @@ public class HttpUtils { } /** + * Inject HTTP header into http request. + * + * <p>The header is only set if HeaderValue is not null</p> + * + * @param req Http request object + * @param headerName HeaderName + * @param headerValue HeaderValue + */ + public static void addHeaderIfNotEmpty(@NonNull HttpRequest req, @NonNull String headerName, + @Nullable String headerValue) { + if (StringUtils.isNotEmpty(headerValue)) { + req.addHeader(headerName, headerValue); + + } + } + + /** * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client * authentication. * @@ -155,40 +221,114 @@ public class HttpUtils { * @throws EaafFactoryException In case of a {@link SSLContext} * initialization error */ - public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final KeyStore keyStore, + public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final Pair<KeyStore, Provider> keyStore, @Nullable String keyAlias, @Nullable String keyPasswordString, boolean trustAllServerCertificates, @Nonnull String friendlyName) throws EaafConfigurationException, EaafFactoryException { try { - log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); - final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() - : keyPasswordString.toCharArray(); - - SSLContextBuilder sslContextBuilder = SSLContexts.custom(); - if (StringUtils.isNotEmpty(keyAlias)) { - sslContextBuilder = sslContextBuilder - .loadKeyMaterial(keyStore, keyPassword, new EaafSslKeySelectionStrategy(keyAlias)); - - } else { - sslContextBuilder = sslContextBuilder - .loadKeyMaterial(keyStore, keyPassword); - - } - - if (trustAllServerCertificates) { - log.warn("Http-client:{} trusts ALL TLS server-certificates!"); - final TrustStrategy trustStrategy = new TrustAllStrategy(); - sslContextBuilder = sslContextBuilder.loadTrustMaterial(trustStrategy); + EaafSslContextBuilder sslContextBuilder = EaafSslContextBuilder.create(); + + injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName); + + injectTrustStore(sslContextBuilder, null, trustAllServerCertificates, friendlyName); + + return sslContextBuilder.build(); - } + } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException + | KeyStoreException e) { + throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e); + } + } + + /** + * Initialize a {@link SSLContext} with a {@link KeyStore} that uses X509 Client + * authentication and a custom TrustStore as {@link KeyStore}. + * + * @param keyStore KeyStore with private keys that should be + * used + * @param keyAlias Alias of the key that should be used. If + * the alias is null, than the first key that + * is found will be selected. + * @param keyPasswordString Password of the Key in this keystore + * @param trustStore TrustStore with trusted SSL certificates + * @param trustAllServerCertificates Deactivate SSL server-certificate + * validation + * @param friendlyName FriendlyName of the http client for logging + * purposes + * @return {@link SSLContext} with X509 client authentication + * @throws EaafConfigurationException In case of a configuration error + * @throws EaafFactoryException In case of a {@link SSLContext} + * initialization error + */ + public static SSLContext buildSslContextWithSslClientAuthentication(@Nonnull final Pair<KeyStore, Provider> keyStore, + @Nullable String keyAlias, @Nullable String keyPasswordString, + @Nullable final Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates, + @Nonnull String friendlyName) + throws EaafConfigurationException, EaafFactoryException { + try { + EaafSslContextBuilder sslContextBuilder = EaafSslContextBuilder.create(); + + injectKeyStore(sslContextBuilder, keyStore, keyAlias, keyPasswordString, friendlyName); + + injectTrustStore(sslContextBuilder, trustStore, trustAllServerCertificates, friendlyName); + return sslContextBuilder.build(); } catch (NoSuchAlgorithmException | KeyManagementException | UnrecoverableKeyException | KeyStoreException e) { throw new EaafFactoryException(ERROR_03, new Object[] { friendlyName, e.getMessage() }, e); + } + } + + private static void injectTrustStore(EaafSslContextBuilder sslContextBuilder, + Pair<KeyStore, Provider> trustStore, boolean trustAllServerCertificates, String friendlyName) + throws NoSuchAlgorithmException, KeyStoreException { + + TrustStrategy trustStrategy = null; + if (trustAllServerCertificates) { + log.warn("Http-client:{} trusts ALL TLS server-certificates!", friendlyName); + trustStrategy = new TrustAllStrategy(); + } + + KeyStore trustStoreImpl = null; + if (trustStore != null) { + log.info("Http-client: {} uses custom TrustStore.", friendlyName); + trustStoreImpl = trustStore.getFirst(); + + } + + sslContextBuilder.loadTrustMaterial(trustStoreImpl, trustStrategy); + } + private static void injectKeyStore(EaafSslContextBuilder sslContextBuilder, Pair<KeyStore, Provider> keyStore, + String keyAlias, String keyPasswordString, String friendlyName) + throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { + + Provider provider; + if (keyStore.getSecond() != null) { + provider = new BouncyCastleJsseProvider(keyStore.getSecond()); + log.debug("KeyStore: {} provide special security-provider. Inject: {} into SSLContext", + friendlyName, provider.getName()); + sslContextBuilder.setProvider(provider); + + } + + log.trace("Open SSL Client-Auth keystore with password: {}", keyPasswordString); + final char[] keyPassword = keyPasswordString == null ? StringUtils.EMPTY.toCharArray() + : keyPasswordString.toCharArray(); + + if (StringUtils.isNotEmpty(keyAlias)) { + sslContextBuilder + .loadKeyMaterial(keyStore.getFirst(), keyPassword, new EaafSslKeySelectionStrategy(keyAlias)); + + } else { + sslContextBuilder.loadKeyMaterial(keyStore.getFirst(), keyPassword); + + } + + } } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java index 7ec58d46..4e8374e1 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/IHttpClientFactory.java @@ -2,10 +2,10 @@ package at.gv.egiz.eaaf.core.impl.http; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafException; - import org.apache.http.impl.client.CloseableHttpClient; +import at.gv.egiz.eaaf.core.exceptions.EaafException; + public interface IHttpClientFactory { /** diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/pvp/PvpRProfileHttpHeaders.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/pvp/PvpRProfileHttpHeaders.java new file mode 100644 index 00000000..cd6d7404 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/http/pvp/PvpRProfileHttpHeaders.java @@ -0,0 +1,86 @@ +package at.gv.egiz.eaaf.core.impl.http.pvp; + +/** + * PVP2 R-Profile HTTP-Header definitions. + * + * @author tlenz + * + */ +public class PvpRProfileHttpHeaders { + + //PVP 1.x headers + public static final String PVP_1X_VALUE_VERSION_PREFIX = "1."; + + public static final String PVP_1X_PREFIX = "X-"; + public static final String PVP_1X_VERSION_NAME = "Version"; + public static final String PVP_1X_USERID_NAME = "AUTHENTICATE-UserID"; + public static final String PVP_1X_GID_NAME = "AUTHENTICATE-GVGID"; + public static final String PVP_1X_PARTICIPANT_ID_NAME = "AUTHENTICATE-PARTICIPANTID"; + public static final String PVP_1X_GV_OU_ID_NAME = "AUTHENTICATE-GVOUID"; + public static final String PVP_1X_OU_NAME = "AUTHENTICATE-OU"; + public static final String PVP_1X_FUNCTION_NAME = "AUTHENTICATE-GVFUNCTION"; + public static final String PVP_1X_SECCLASS_NAME = "AUTHENTICATE-gvSecClass"; + public static final String PVP_1X_CN_NAME = "AUTHENTICATE-cn"; + public static final String PVP_1X_COST_CENTER_ID_NAME = "ACCOUNTING-CostCenterId"; + public static final String PVP_1X_INVOICE_RECPT_ID_NAME = "ACCOUNTING-InvoiceRecptId"; + public static final String PVP_1X_ROLES_NAME = "AUTHORIZE-ROLES"; + public static final String PVP_1X_GV_OU_OKZ_NAME = "AUTHENTICATE-GVOUOKZ"; + public static final String PVP_1X_VERSION = PVP_1X_PREFIX + PVP_1X_VERSION_NAME; + public static final String PVP_1X_USERID = PVP_1X_PREFIX + PVP_1X_USERID_NAME; + public static final String PVP_1X_GID = PVP_1X_PREFIX + PVP_1X_GID_NAME; + public static final String PVP_1X_PARTICIPANT_ID = PVP_1X_PREFIX + PVP_1X_PARTICIPANT_ID_NAME; + public static final String PVP_1X_GV_OU_ID = PVP_1X_PREFIX + PVP_1X_GV_OU_ID_NAME; + public static final String PVP_1X_OU = PVP_1X_PREFIX + PVP_1X_OU_NAME; + public static final String PVP_1X_FUNCTION = PVP_1X_PREFIX + PVP_1X_FUNCTION_NAME; + public static final String PVP_1X_SECCLASS = PVP_1X_PREFIX + PVP_1X_SECCLASS_NAME; + public static final String PVP_1X_CN = PVP_1X_PREFIX + PVP_1X_CN_NAME; + public static final String PVP_1X_COST_CENTER_ID = PVP_1X_PREFIX + PVP_1X_COST_CENTER_ID_NAME; + public static final String PVP_1X_INVOICE_RECPT_ID = PVP_1X_PREFIX + PVP_1X_INVOICE_RECPT_ID_NAME; + public static final String PVP_1X_ROLES = PVP_1X_PREFIX + PVP_1X_ROLES_NAME; + public static final String PVP_1X_GV_OU_OKZ = PVP_1X_PREFIX + PVP_1X_GV_OU_OKZ_NAME; + + + //PVP 2.x headers + public static final String PVP_2X_VALUE_VERSION_PREFIX = "2."; + + public static final String PVP_2X_VERSION = "X-PVP-VERSION"; + public static final String PVP_2X_USERID = "X-PVP-USERID"; + public static final String PVP_2X_GID = "X-PVP-GID"; + public static final String PVP_2X_PARTICIPANT_ID = "X-PVP-PARTICIPANT-ID"; + public static final String PVP_2X_GV_OU_ID = "X-PVP-OU-GV-OU-ID"; + public static final String PVP_2X_OU = "X-PVP-OU"; + public static final String PVP_2X_FUNCTION = "X-PVP-FUNCTION"; + public static final String PVP_2X_SECCLASS = "X-PVP-SECCLASS"; + public static final String PVP_2X_PRINCIPAL_NAME = "X-PVP-PRINCIPAL-NAME"; + public static final String PVP_2X_BINDING = "X-PVP-BINDING"; + public static final String PVP_2X_OU_OKZ = "X-PVP-OU-OKZ"; + public static final String PVP_2X_COST_CENTER_ID = "X-PVP-COST-CENTER-ID"; + public static final String PVP_2X_INVOICE_RECPT_ID = "X-PVP-INVOICE-RECPT-ID"; + public static final String PVP_2X_ROLES = "X-PVP-ROLES"; + + public static final String PVP_ERROR_440_CODE = "440"; + public static final String PVP_ERROR_440_MSG = "Mandatory PVP-Header {0} fehlt"; + public static final String PVP_ERROR_441_CODE = "441"; + public static final String PVP_ERROR_441_MSG = "Werte in X-PVP-ROLES haben ungültiges Format"; + public static final String PVP_ERROR_442_CODE = "442"; + public static final String PVP_ERROR_442_MSG = "Kein zulässiges Recht in X-PVP-ROLES"; + public static final String PVP_ERROR_443_CODE = "443"; + public static final String PVP_ERROR_443_MSG = "Die UserId ist am Anwendungsportal gesperrt"; + public static final String PVP_ERROR_444_CODE = "444"; + public static final String PVP_ERROR_444_MSG = + "Stammportal ist für Anfragen des angegebenen Participants nicht berechtigt"; + public static final String PVP_ERROR_445_CODE = "445"; + public static final String PVP_ERROR_445_MSG = "Participant am Anwendungsportal nicht registriert"; + public static final String PVP_ERROR_490_CODE = "490"; + public static final String PVP_ERROR_490_MSG = "Zertifikatsüberprüfung fehlgeschlagen. Grund: {0}"; + public static final String PVP_ERROR_493_CODE = "493"; + public static final String PVP_ERROR_493_MSG = "Keine Berechtigung für diese Anwendung im Stammportal"; + public static final String PVP_ERROR_494_CODE = "494"; + public static final String PVP_ERROR_494_MSG = "Die Authentifizierung des Stammportals ist fehlgeschlagen"; + public static final String PVP_ERROR_511_CODE = "511"; + public static final String PVP_ERROR_511_MSG = "PVP Version nicht unterstützt"; + + private PvpRProfileHttpHeaders() { + + } +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java index de54d103..2f4e18fa 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/idp/conf/SpConfigurationImpl.java @@ -20,8 +20,10 @@ package at.gv.egiz.eaaf.core.impl.idp.conf; import java.util.Collections; +import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -38,8 +40,8 @@ public class SpConfigurationImpl implements ISpConfiguration { private static final Logger log = LoggerFactory.getLogger(SpConfigurationImpl.class); private final Map<String, String> spConfiguration; - private final List<String> targetAreasWithNoInteralBaseIdRestriction; - private final List<String> targetAreasWithNoBaseIdTransmissionRestriction; + private final Set<String> targetAreasWithNoInteralBaseIdRestriction; + private final Set<String> targetAreasWithNoBaseIdTransmissionRestriction; /** * Service-provider configuration holder. @@ -52,21 +54,19 @@ public class SpConfigurationImpl implements ISpConfiguration { // set oa specific restrictions targetAreasWithNoInteralBaseIdRestriction = Collections - .unmodifiableList(KeyValueUtils.getListOfCsvValues(authConfig.getBasicConfiguration( - CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, EaafConstants.URN_PREFIX_CDID))); + .unmodifiableSet(new HashSet<String>(KeyValueUtils.getListOfCsvValues(authConfig.getBasicConfiguration( + CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL, EaafConstants.URN_PREFIX_CDID)))); targetAreasWithNoBaseIdTransmissionRestriction = Collections - .unmodifiableList(KeyValueUtils.getListOfCsvValues(authConfig.getBasicConfiguration( - CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, EaafConstants.URN_PREFIX_CDID))); + .unmodifiableSet(new HashSet<String>(KeyValueUtils.getListOfCsvValues(authConfig.getBasicConfiguration( + CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION, EaafConstants.URN_PREFIX_CDID)))); if (log.isTraceEnabled()) { log.trace("Internal policy for OA: " + getUniqueIdentifier()); - for (final String el : targetAreasWithNoInteralBaseIdRestriction) { - log.trace(" Allow baseID processing for prefix " + el); - } - for (final String el : targetAreasWithNoBaseIdTransmissionRestriction) { - log.trace(" Allow baseID transfer for prefix " + el); - } + targetAreasWithNoInteralBaseIdRestriction.stream() + .forEach(el -> log.trace(" Allow baseID processing for prefix " + el)); + targetAreasWithNoBaseIdTransmissionRestriction.stream() + .forEach(el -> log.trace(" Allow baseID transfer for prefix " + el)); } } @@ -143,12 +143,12 @@ public class SpConfigurationImpl implements ISpConfiguration { } @Override - public final List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + public final Set<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { return this.targetAreasWithNoInteralBaseIdRestriction; } @Override - public final List<String> getTargetsWithNoBaseIdTransferRestriction() { + public final Set<String> getTargetsWithNoBaseIdTransferRestriction() { return this.targetAreasWithNoBaseIdTransmissionRestriction; } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java new file mode 100644 index 00000000..ca1db67d --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/AuthenticatedEncryptionPendingRequestIdGenerationStrategy.java @@ -0,0 +1,280 @@ +package at.gv.egiz.eaaf.core.impl.utils; + +import java.nio.charset.StandardCharsets; +import java.security.Provider; +import java.util.Base64; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; +import javax.crypto.SecretKey; + +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.joda.time.DurationFieldType; +import org.joda.time.format.DateTimeFormat; +import org.joda.time.format.DateTimeFormatter; +import org.jose4j.jca.ProviderContext; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +/** + * PendingRequestId generation strategy based on signed tokens that facilitates + * extended token validation. + * + * @author tlenz + * + */ +public class AuthenticatedEncryptionPendingRequestIdGenerationStrategy + implements IPendingRequestIdGenerationStrategy { + private static final Logger log = + LoggerFactory.getLogger(AuthenticatedEncryptionPendingRequestIdGenerationStrategy.class); + + @Autowired(required = true) IConfiguration baseConfig; + @Autowired EaafKeyStoreFactory keyStoreFactory; + + private static final String FRIENDLYNAME = "pendingRequestId key"; + + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_TYPE = + "core.pendingrequestid.digist.type"; + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET = + "core.pendingrequestid.digist.secret"; + + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_KEYSTORE = + "core.pendingrequestid.digist.keystore.name"; + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_ALIAS = + "core.pendingrequestid.digist.key.alias"; + + public static final String CONFIG_PROP_PENDINGREQUESTID_MAX_LIFETIME = + "core.pendingrequestid.maxlifetime"; + + public static final String DEFAULT_PENDINGREQUESTID_DIGIST_ALGORITHM = "HmacSHA256"; + public static final String DEFAULT_PENDINGREQUESTID_MAX_LIFETIME = "300"; + + private static final int ENCODED_TOKEN_PARTS = 2; + private static final String TOKEN_SEPARATOR = "|"; + private static final DateTimeFormatter TOKEN_TEXTUAL_DATE_FORMAT = + DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss SSS ZZ").withZoneUTC(); + + private int maxPendingRequestIdLifeTime = 300; + private final int maxPendingReqIdSize = 1024; + private Pair<SecretKey, Provider> key = null; + private final String salt = "notRequiredInThisScenario"; + + @Override + public String generateExternalPendingRequestId() throws EaafException { + try { + final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now()); + JsonWebEncryption encToken = new JsonWebEncryption(); + encToken.setAlgorithmHeaderValue(selectKeyWrappingAlgorithm(key.getFirst())); + encToken.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); + encToken.setKey(key.getFirst()); + encToken.setPayload(toSign); + + + + if (key.getSecond() != null) { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( + key.getSecond().getName()); + encToken.setProviderContext(providerCtx); + + } + + return Base64.getUrlEncoder() + .encodeToString(encToken.getCompactSerialization().getBytes(StandardCharsets.UTF_8)); + + } catch (final JoseException e) { + throw new EaafException("internal.pendingreqid.02", new Object[] { e.getMessage() }, e); + + } + + } + + @Override + public String getPendingRequestIdWithOutChecks(final String externalPendingReqId) + throws PendingReqIdValidationException { + try { + String stringToken = getDecryptedExternalPendingRequestId(externalPendingReqId); + log.debug("Token decryption successful"); + + if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) { + log.warn("PendingRequestId has an unvalid format"); + log.debug("PendingRequestId: {}", stringToken); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.01"); + + } + + final String[] tokenElements = + StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS); + return tokenElements[1]; + + } catch (JoseException e) { + log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); + log.debug("TokenValue: {}", externalPendingReqId); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e); + + } + } + + @Override + public String validateAndGetPendingRequestId(final String externalPendingReqId) + throws PendingReqIdValidationException { + try { + String stringToken = getDecryptedExternalPendingRequestId(externalPendingReqId); + log.debug("Token decryption successful"); + + if (!(StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1)) { + log.info("PendingRequestId: {}", stringToken); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.01"); + + } + + final String[] tokenElements = + StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS); + final String internalPendingReqId = tokenElements[1]; + final DateTime timeStamp = TOKEN_TEXTUAL_DATE_FORMAT.parseDateTime(tokenElements[0]); + + log.trace("Checking valid period ... "); + final DateTime now = DateTime.now(); + if (timeStamp.withFieldAdded(DurationFieldType.seconds(), maxPendingRequestIdLifeTime) + .isBefore(now)) { + log.info("Token exceeds the valid period. Token: {} | Now: {}", timeStamp, now); + throw new PendingReqIdValidationException(internalPendingReqId, + "internal.pendingreqid.06"); + + } + log.debug("Token valid-period check successful"); + + return internalPendingReqId; + + } catch (JoseException e) { + log.warn("Token is NOT a valid encrypt. Msg: {}", e.getMessage()); + log.debug("TokenValue: {}", externalPendingReqId); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.04", e); + + } catch (final IllegalArgumentException e) { + log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); + log.debug("TokenValue: {}", externalPendingReqId); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.05", e); + + } + } + + @Nonnull + private String getDecryptedExternalPendingRequestId(String externalPendingReqId) + throws JoseException, PendingReqIdValidationException { + if (StringUtils.isEmpty(externalPendingReqId)) { + log.info("PendingReqId is 'null' or empty"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.00"); + + } + + log.trace("RAW external pendingReqId: {}", externalPendingReqId); + final byte[] externalPendingReqIdBytes = Base64.getUrlDecoder().decode(externalPendingReqId); + + if (externalPendingReqIdBytes.length > maxPendingReqIdSize) { + log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.03"); + + } + + + JsonWebEncryption encToken = new JsonWebEncryption(); + encToken.setContentEncryptionAlgorithmConstraints(new AlgorithmConstraints( + ConstraintType.WHITELIST, ContentEncryptionAlgorithmIdentifiers.AES_128_GCM)); + encToken.setAlgorithmConstraints(new AlgorithmConstraints( + ConstraintType.WHITELIST, + KeyManagementAlgorithmIdentifiers.DIRECT, + KeyManagementAlgorithmIdentifiers.A128GCMKW + )); + encToken.setKey(key.getFirst()); + + if (key.getSecond() != null) { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( + key.getSecond().getName()); + encToken.setProviderContext(providerCtx); + + } + + encToken.setCompactSerialization(new String(externalPendingReqIdBytes, StandardCharsets.UTF_8)); + return encToken.getPayload(); + + } + + private String selectKeyWrappingAlgorithm(SecretKey first) { + if ("AES".equals(first.getAlgorithm())) { + return KeyManagementAlgorithmIdentifiers.A128GCMKW; + + } else { + return KeyManagementAlgorithmIdentifiers.DIRECT; + + } + } + + @PostConstruct + private void initialize() throws EaafConfigurationException { + log.debug("Initializing " + this.getClass().getName() + " ... "); + + maxPendingRequestIdLifeTime = + Integer.parseInt(baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_MAX_LIFETIME, + DEFAULT_PENDINGREQUESTID_MAX_LIFETIME)); + + + SymmetricKeyConfiguration secretKeyConfig = new SymmetricKeyConfiguration(); + secretKeyConfig.setFriendlyName(FRIENDLYNAME); + secretKeyConfig.setKeyType( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_TYPE, + SymmetricKeyType.PASSPHRASE.name())); + + secretKeyConfig.setSoftKeyPassphrase( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET)); + secretKeyConfig.setSoftKeySalt(salt); + + secretKeyConfig.setKeyStoreName( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_KEYSTORE)); + secretKeyConfig.setKeyAlias( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_ALIAS)); + + //validate symmetric-key configuration + secretKeyConfig.validate(); + + try { + key = keyStoreFactory.buildNewSymmetricKey(secretKeyConfig); + + } catch (EaafException e) { + log.error("Can NOT initialize TokenService with configuration object", e); + throw new EaafConfigurationException("config.09", + new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key" }, + e); + + } + + log.info(this.getClass().getName() + " initialized with Alg: {} and maxLifeTime: {}", + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, maxPendingRequestIdLifeTime); + + } + + private String buildInternalToken(final String internalPendingReqId, final DateTime now) { + return new StringBuilder().append(TOKEN_TEXTUAL_DATE_FORMAT.print(now)).append(TOKEN_SEPARATOR) + .append(internalPendingReqId).toString(); + } + +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java new file mode 100644 index 00000000..e15c7a37 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafObjectInputStream.java @@ -0,0 +1,39 @@ +package at.gv.egiz.eaaf.core.impl.utils; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InvalidClassException; +import java.io.ObjectInputStream; +import java.io.ObjectStreamClass; +import java.util.List; + +import javax.annotation.Nonnull; + +public class EaafObjectInputStream extends ObjectInputStream { + + private List<String> allowedClassNames; + + /** + * Object input-stream with internal class validation. + * + * @param is Inputstream to deserialize. + * @param classNames Whitelisted classnames + * @throws IOException In case of an error + */ + public EaafObjectInputStream(@Nonnull InputStream is, @Nonnull List<String> classNames) throws IOException { + super(is); + this.allowedClassNames = classNames; + + } + + //Only deserialize instances of our expected class + @Override + protected Class<?> resolveClass(ObjectStreamClass desc) + throws IOException, ClassNotFoundException { + if (!allowedClassNames.contains(desc.getName())) { + throw new InvalidClassException("Unauthorized deserialization attempt: {}",desc.getName()); + + } + return super.resolveClass(desc); + } +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java new file mode 100644 index 00000000..e15c6800 --- /dev/null +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/EaafSerializationUtils.java @@ -0,0 +1,69 @@ +package at.gv.egiz.eaaf.core.impl.utils; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.util.List; + +import org.springframework.lang.Nullable; + +public class EaafSerializationUtils { + + private EaafSerializationUtils() { + + } + + /** + * Serialize a given Java object into a byte array. + * + * @param object Java object to serialize. + * @return Serialized Java object + */ + @Nullable + public static byte[] serialize(@Nullable Object object) { + if (object == null) { + return null; + + } + + final ByteArrayOutputStream baos = new ByteArrayOutputStream(1024); + try (ObjectOutputStream oos = new ObjectOutputStream(baos)) { + oos.writeObject(object); + oos.flush(); + + } catch (final IOException ex) { + throw new IllegalArgumentException("Failed to serialize object of type: " + object.getClass(), ex); + + } + + return baos.toByteArray(); + } + + /** + * Deserialize the byte array into an object. + * + * @param bytes a serialized object + * @param allowedClassName List of classnames that are allowed for deserialization + * @return the result of deserializing the bytes + */ + @Nullable + public static Object deserialize(@Nullable byte[] bytes, List<String> allowedClassName) { + if (bytes == null) { + return null; + + } + + try (ObjectInputStream ois = new EaafObjectInputStream(new ByteArrayInputStream(bytes), allowedClassName)) { + return ois.readObject(); + + } catch (final IOException ex) { + throw new IllegalArgumentException("Failed to deserialize object", ex); + + } catch (final ClassNotFoundException ex) { + throw new IllegalStateException("Failed to deserialize object type", ex); + + } + } +} diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java index 99b87819..be51426c 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyStoreUtils.java @@ -30,12 +30,16 @@ import java.security.KeyStoreException; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import lombok.extern.slf4j.Slf4j; + /** * Utility for creating and loading key stores. * * @author Paul Ivancsics * @version $Id$ */ +@Slf4j public class KeyStoreUtils { /** @@ -110,6 +114,32 @@ public class KeyStoreUtils { } /** + * Loads a keyStore with known keyStore type. + * + * @param is input stream + * @param password Password protecting the keyStore + * @param keyStoreType Type of the KeyStore + * @return loaded KeyStore + * @throws IOException In case of a general error + * @throws GeneralSecurityException In case of a KeyStore access error + */ + public static KeyStore loadKeyStore(final InputStream is, final String password, KeyStoreType keyStoreType) + throws IOException, GeneralSecurityException { + String internalType = KEYSTORE_TYPE_PKCS12; + if (keyStoreType.equals(KeyStoreType.JKS)) { + internalType = KEYSTORE_TYPE_JKS; + + } else if (keyStoreType.equals(KeyStoreType.PKCS12)) { + internalType = KEYSTORE_TYPE_PKCS12; + + } + + return loadKeyStore(internalType, is, password); + + } + + + /** * Loads a keyStore without knowing the keyStore type. * * @param is input stream @@ -125,14 +155,18 @@ public class KeyStoreUtils { try { try { ks = loadKeyStore(KEYSTORE_TYPE_PKCS12, is, password); + } catch (final IOException e2) { is.reset(); ks = loadKeyStore(KEYSTORE_TYPE_JKS, is, password); + } + } catch (final Exception e) { - e.printStackTrace(); - + log.warn("Can not load keystore", e); + } + return ks; } diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java index 0c5eeb40..b0a91e74 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/KeyValueUtils.java @@ -28,13 +28,12 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.Set; +import java.util.stream.Collectors; import javax.annotation.Nonnull; import javax.annotation.Nullable; import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * Utils to operate on Key/Value based configurations. @@ -43,8 +42,7 @@ import org.slf4j.LoggerFactory; * */ public class KeyValueUtils { - private static final Logger log = LoggerFactory.getLogger(KeyValueUtils.class); - + public static final String KEY_DELIMITER = "."; public static final String CSV_DELIMITER = ","; public static final String KEYVVALUEDELIMITER = "="; @@ -154,18 +152,14 @@ public class KeyValueUtils { * null */ public static Map<String, String> removePrefixFromKeys(final Map<String, String> keys, - final String prefix) { - final Map<String, String> result = new HashMap<>(); - final Iterator<Entry<String, String>> interator = keys.entrySet().iterator(); - while (interator.hasNext()) { - final Entry<String, String> el = interator.next(); - final String newKey = removePrefixFromKey(el.getKey(), prefix); - if (StringUtils.isNotEmpty(newKey)) { - result.put(newKey, el.getValue()); - } - } - - return result; + final String prefix) { + return keys.entrySet().stream() + .filter(el -> StringUtils.isNotEmpty(removePrefixFromKey(el.getKey(), prefix))) + .collect(Collectors.toMap( + el -> removePrefixFromKey(el.getKey(), prefix), + el -> el.getValue())); + + } /** @@ -351,19 +345,13 @@ public class KeyValueUtils { * @return Map of Key / Value pairs, but never null */ public static Map<String, String> convertListToMap(final List<String> elements) { - final Map<String, String> map = new HashMap<>(); - for (final String el : elements) { - if (el.contains(KEYVVALUEDELIMITER)) { - final String[] split = el.split(KEYVVALUEDELIMITER); - map.put(split[0], split[1]); - - } else { - log.debug("Key/Value Mapper: '" + el + "' contains NO '='. Ignore it."); - } - - } + return elements.stream() + .filter(el -> el.contains(KEYVVALUEDELIMITER)) + .map(el -> el.split(KEYVVALUEDELIMITER)) + .collect(Collectors.toMap( + el -> el[0], + el -> el[1])); - return map; } /** diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java index bc770a8c..5cac4cb0 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/SecurePendingRequestIdGenerationStrategy.java @@ -1,19 +1,14 @@ package at.gv.egiz.eaaf.core.impl.utils; -import java.io.UnsupportedEncodingException; -import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; import java.security.InvalidKeyException; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.KeySpec; -import java.util.Arrays; import java.util.Base64; import javax.annotation.PostConstruct; import javax.crypto.Mac; import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; @@ -32,6 +27,9 @@ import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafIllegalStateException; import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; /** * PendingRequestId generation strategy based on signed tokens that facilitates @@ -45,11 +43,22 @@ public class SecurePendingRequestIdGenerationStrategy private static final Logger log = LoggerFactory.getLogger(SecurePendingRequestIdGenerationStrategy.class); - @Autowired(required = true) - IConfiguration baseConfig; + @Autowired(required = true) IConfiguration baseConfig; + @Autowired EaafKeyStoreFactory keyStoreFactory; + private static final String FRIENDLYNAME = "pendingRequestId key"; + + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_TYPE = + "core.pendingrequestid.digist.type"; public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET = "core.pendingrequestid.digist.secret"; + + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_KEYSTORE = + "core.pendingrequestid.digist.keystore.name"; + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_ALIAS = + "core.pendingrequestid.digist.key.alias"; + + public static final String CONFIG_PROP_PENDINGREQUESTID_DIGIST_ALGORITHM = "core.pendingrequestid.digist.algorithm"; public static final String CONFIG_PROP_PENDINGREQUESTID_MAX_LIFETIME = @@ -61,43 +70,32 @@ public class SecurePendingRequestIdGenerationStrategy private static final int ENCODED_TOKEN_PARTS = 3; private static final String TOKEN_SEPARATOR = "|"; private static final DateTimeFormatter TOKEN_TEXTUAL_DATE_FORMAT = - DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss SSS"); + DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss SSS ZZ").withZoneUTC(); private int maxPendingRequestIdLifeTime = 300; private final int maxPendingReqIdSize = 1024; private String digistAlgorithm = null; private SecretKey key = null; - private final byte[] salt = "notRequiredInThisScenario".getBytes(Charset.defaultCharset()); + private final String salt = "notRequiredInThisScenario"; @Override public String generateExternalPendingRequestId() throws EaafException { - try { - final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now()); - final StringBuilder externalPendingRequestId = new StringBuilder(); - externalPendingRequestId.append(toSign); - externalPendingRequestId.append(TOKEN_SEPARATOR); - externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign))); - return Base64.getUrlEncoder() - .encodeToString(externalPendingRequestId.toString().getBytes("UTF-8")); - - } catch (final UnsupportedEncodingException e) { - throw new EaafException("internal.99", new Object[] { e.getMessage() }, e); - - } + final String toSign = buildInternalToken(Random.nextLongRandom(), DateTime.now()); + final StringBuilder externalPendingRequestId = new StringBuilder(); + externalPendingRequestId.append(toSign); + externalPendingRequestId.append(TOKEN_SEPARATOR); + externalPendingRequestId.append(Base64.getEncoder().encodeToString(calculateHmac(toSign))); + return Base64.getUrlEncoder() + .encodeToString(externalPendingRequestId.toString().getBytes(StandardCharsets.UTF_8)); } @Override public String getPendingRequestIdWithOutChecks(final String externalPendingReqId) throws PendingReqIdValidationException { - try { - final String[] tokenElements = extractTokens(externalPendingReqId); - return tokenElements[1]; - - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); - - } + final String[] tokenElements = extractTokens(externalPendingReqId); + return tokenElements[1]; + } @Override @@ -111,11 +109,11 @@ public class SecurePendingRequestIdGenerationStrategy log.trace("Checking HMAC from externalPendingReqId ... "); final byte[] tokenDigest = Base64.getDecoder().decode(tokenElements[2]); final byte[] refDigist = calculateHmac(buildInternalToken(internalPendingReqId, timeStamp)); - if (!Arrays.equals(tokenDigest, refDigist)) { + + if (!MessageDigest.isEqual(refDigist,tokenDigest)) { log.warn("Digest of Token does NOT match"); log.debug("Token: {} | Ref: {}", tokenDigest, refDigist); - throw new PendingReqIdValidationException(null, - "Digest of pendingRequestId does NOT match"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.04"); } log.debug("PendingRequestId HMAC digest check successful"); @@ -126,8 +124,7 @@ public class SecurePendingRequestIdGenerationStrategy .isBefore(now)) { log.warn("Token exceeds the valid period"); log.debug("Token: {} | Now: {}", timeStamp, now); - throw new PendingReqIdValidationException(internalPendingReqId, - "PendingRequestId exceeds the valid period"); + throw new PendingReqIdValidationException(internalPendingReqId, "internal.pendingreqid.06"); } log.debug("Token valid-period check successful"); @@ -137,20 +134,17 @@ public class SecurePendingRequestIdGenerationStrategy } catch (final IllegalArgumentException | EaafIllegalStateException e) { log.warn("Token is NOT a valid String. Msg: {}", e.getMessage()); log.debug("TokenValue: {}", externalPendingReqId); - throw new PendingReqIdValidationException(null, "PendingReqId is NOT a valid String", e); - - } catch (final UnsupportedEncodingException e) { - throw new RuntimeException(e); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.06", e); } } @NonNull private String[] extractTokens(@Nullable final String externalPendingReqId) - throws PendingReqIdValidationException, UnsupportedEncodingException { + throws PendingReqIdValidationException { if (StringUtils.isEmpty(externalPendingReqId)) { log.info("PendingReqId is 'null' or empty"); - throw new PendingReqIdValidationException(null, "PendingReqId is 'null' or empty"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.00"); } @@ -159,12 +153,11 @@ public class SecurePendingRequestIdGenerationStrategy if (externalPendingReqIdBytes.length > maxPendingReqIdSize) { log.warn("pendingReqId size exceeds {}", maxPendingReqIdSize); - throw new PendingReqIdValidationException(null, - "pendingReqId exceeds max.size: " + maxPendingReqIdSize); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.03"); } - final String stringToken = new String(externalPendingReqIdBytes, "UTF-8"); + final String stringToken = new String(externalPendingReqIdBytes, StandardCharsets.UTF_8); if (StringUtils.countMatches(stringToken, TOKEN_SEPARATOR) == ENCODED_TOKEN_PARTS - 1) { final String[] tokenElements = StringUtils.split(stringToken, TOKEN_SEPARATOR, ENCODED_TOKEN_PARTS); @@ -173,7 +166,7 @@ public class SecurePendingRequestIdGenerationStrategy } else { log.warn("PendingRequestId has an unvalid format"); log.debug("PendingRequestId: {}", stringToken); - throw new PendingReqIdValidationException(null, "PendingReqId has an unvalid format"); + throw new PendingReqIdValidationException(null, "internal.pendingreqid.01"); } @@ -183,13 +176,6 @@ public class SecurePendingRequestIdGenerationStrategy private void initialize() throws EaafConfigurationException { log.debug("Initializing " + this.getClass().getName() + " ... "); - final String pendingReqIdDigistSecret = - baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET); - if (StringUtils.isEmpty(pendingReqIdDigistSecret)) { - throw new EaafConfigurationException("config.08", - new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET }); - } - digistAlgorithm = baseConfig.getBasicConfiguration( CONFIG_PROP_PENDINGREQUESTID_DIGIST_ALGORITHM, DEFAULT_PENDINGREQUESTID_DIGIST_ALGORITHM); @@ -197,12 +183,29 @@ public class SecurePendingRequestIdGenerationStrategy Integer.parseInt(baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_MAX_LIFETIME, DEFAULT_PENDINGREQUESTID_MAX_LIFETIME)); + + SymmetricKeyConfiguration secretKeyConfig = new SymmetricKeyConfiguration(); + secretKeyConfig.setFriendlyName(FRIENDLYNAME); + secretKeyConfig.setKeyType( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_TYPE, + SymmetricKeyType.PASSPHRASE.name())); + + secretKeyConfig.setSoftKeyPassphrase( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET)); + secretKeyConfig.setSoftKeySalt(salt); + + secretKeyConfig.setKeyStoreName( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_KEYSTORE)); + secretKeyConfig.setKeyAlias( + baseConfig.getBasicConfiguration(CONFIG_PROP_PENDINGREQUESTID_DIGIST_HSM_ALIAS)); + + //validate symmetric-key configuration + secretKeyConfig.validate(); + try { - final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA256"); - final KeySpec spec = new PBEKeySpec(pendingReqIdDigistSecret.toCharArray(), salt, 10000, 128); - key = keyFactory.generateSecret(spec); + key = keyStoreFactory.buildNewSymmetricKey(secretKeyConfig).getFirst(); - } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { + } catch (EaafException e) { log.error("Can NOT initialize TokenService with configuration object", e); throw new EaafConfigurationException("config.09", new Object[] { CONFIG_PROP_PENDINGREQUESTID_DIGIST_SECRET, "Can NOT generate HMAC key" }, @@ -224,9 +227,9 @@ public class SecurePendingRequestIdGenerationStrategy try { final Mac mac = Mac.getInstance(digistAlgorithm); mac.init(key); - return mac.doFinal(toSign.getBytes("UTF-8")); + return mac.doFinal(toSign.getBytes(StandardCharsets.UTF_8)); - } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeyException e) { + } catch (NoSuchAlgorithmException | InvalidKeyException e) { log.error("Can NOT generate secure pendingRequestId", e); throw new EaafIllegalStateException( new Object[] { "Can NOT caluclate digist for secure pendingRequestId" }, e); diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java index 4c1601c0..212460d7 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/TransactionIdUtils.java @@ -21,7 +21,10 @@ package at.gv.egiz.eaaf.core.impl.utils; import java.util.UUID; +import javax.annotation.Nullable; + import at.gv.egiz.eaaf.core.api.IRequest; +import lombok.extern.slf4j.Slf4j; /** * Transaction Identifier Utils. @@ -29,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; * @author tlenz * */ +@Slf4j public class TransactionIdUtils { /** @@ -58,11 +62,16 @@ public class TransactionIdUtils { * * @param pendingRequest Http request object */ - public static void setAllLoggingVariables(final IRequest pendingRequest) { - setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); - setSessionId(pendingRequest.getUniqueSessionIdentifier()); - setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier()); - + public static void setAllLoggingVariables(@Nullable final IRequest pendingRequest) { + if (pendingRequest != null) { + setTransactionId(pendingRequest.getUniqueTransactionIdentifier()); + setSessionId(pendingRequest.getUniqueSessionIdentifier()); + setServiceProviderId(pendingRequest.getServiceProviderConfiguration().getUniqueIdentifier()); + + } else { + log.info("Can NOT set MDC variables from pendingRequest because it is 'null'"); + + } } /** diff --git a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java index 72c183bf..4d872ebe 100644 --- a/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java +++ b/eaaf_core_utils/src/main/java/at/gv/egiz/eaaf/core/impl/utils/X509Utils.java @@ -1,6 +1,7 @@ package at.gv.egiz.eaaf.core.impl.utils; import java.security.cert.X509Certificate; +import java.util.Arrays; import java.util.List; import javax.security.auth.x500.X500Principal; @@ -11,6 +12,18 @@ public class X509Utils { * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should * be the Hostname, the last Element should be the Root Certificate. * + * @param certChain The first element must be the correct one. + * @return sorted Certificate Chain + */ + public static List<X509Certificate> sortCertificates(X509Certificate[] certChain) { + return sortCertificates(Arrays.asList(certChain)); + + } + + /** + * Sorts the Certificate Chain by IssuerDN and SubjectDN. The [0]-Element should + * be the Hostname, the last Element should be the Root Certificate. + * * @param certs The first element must be the correct one. * @return sorted Certificate Chain */ @@ -48,4 +61,5 @@ public class X509Utils { return certs; } + } diff --git a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties index b20c5f63..79f82af8 100644 --- a/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties +++ b/eaaf_core_utils/src/main/resources/messages/eaaf_utils_message.properties @@ -11,8 +11,22 @@ internal.keystore.06=KeyStore: {0} initialization failed. Reason: {1} internal.keystore.07=Validation of KeyStore: {0} failed. Reason: {1} internal.keystore.08=Can not access Key: {1} in KeyStore: {0} internal.keystore.09=Can not access Key: {1} in KeyStore: {0} Reason: {2} +internal.keystore.10=HSM-Facade NOT INITIALIZED. Find HSM-Facade class: {0} put that looks WRONG. +internal.keystore.11=KeyStore: {0} has a wrong configuration. Property: {0} Reason:{1} + +internal.key.00=Can not generate passphrase based symmetric-key: {0} Reason: {1} +internal.key.01=Can not use key from Keystore: {0} Reason: {1} internal.httpclient.00=HttpClient:{0} uses http Basic-Auth, but 'Username' is NOT set internal.httpclient.01=HttpClient:{0} uses X509 client-auth, but 'KeyStoreConfig' is NOT set internal.httpclient.02=HttpClient:{0} uses KeyStore:{1}, but 'keyPassword' is NOT set -internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1}
\ No newline at end of file +internal.httpclient.03=Can not initialize SSLContext for HttpClient:{0} Reason:{1} + +internal.pendingreqid.00=Process Token is 'null' or 'empty' +internal.pendingreqid.01=Process Token is NOT valid because it has an invalid format +internal.pendingreqid.02=Can not create process Token +internal.pendingreqid.03=Process Token is NOT valid because it reached maximum size +internal.pendingreqid.04=Process Token is NOT valid because it is cryptographically invalid +internal.pendingreqid.05=Process Token is NOT valid because it has an invalid encoding +internal.pendingreqid.06=Process Token is NOT valid because it exceeds the valid period + diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java index 53ea54dc..125dcb09 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/logging/EaafUtilsMessageSourceTest.java @@ -2,19 +2,21 @@ package at.gv.egiz.eaaf.core.impl.logging; import java.util.List; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; +import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext public class EaafUtilsMessageSourceTest { @Autowired diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java new file mode 100644 index 00000000..93ef17b9 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest.java @@ -0,0 +1,447 @@ +package at.gv.egiz.eaaf.core.impl.utils.test; + +import java.io.UnsupportedEncodingException; +import java.security.Provider; +import java.util.Base64; + +import javax.crypto.SecretKey; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.joda.time.DateTime; +import org.joda.time.ReadableInstant; +import org.joda.time.format.DateTimeFormat; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.Assert; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext +public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyTest { + + @Autowired private EaafKeyStoreFactory keyStoreFactory; + @Autowired private AuthenticatedEncryptionPendingRequestIdGenerationStrategy pendingIdStrategy; + + + @Test + public void generatePendingRequestId() throws EaafException { + String pendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("pendingId", pendingId); + + } + + @Test + public void validatePendingRequestId() throws EaafException { + String extPendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("external pendingId", extPendingId); + + + String pendingId = pendingIdStrategy.validateAndGetPendingRequestId(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId); + + String pendingId2 = pendingIdStrategy.getPendingRequestIdWithOutChecks(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId2); + + Assert.assertEquals("pendingId not match", pendingId, pendingId2); + + } + + @Test + public void nullPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(null); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId()); + + } + } + + @Test + public void emptyPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(StringUtils.EMPTY); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.00", e.getErrorId()); + + } + } + + @Test + public void noBase64UrlPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(RandomStringUtils.randomAlphanumeric(25)); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId()); + + } + } + + @Test + public void toLongBase64UrlPendingRequestId() { + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(RandomStringUtils.randomAlphanumeric(1100).getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.03", e.getErrorId()); + + } + } + + @Test + public void wrongFormat() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatToLong() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25) + "|" + "aabbcc"; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatNoDate() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.05", e.getErrorId()); + + } + } + + @Test + public void wrongFormatWrongDate() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = "2020-01-01 12:01:55 111 +00:00" + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNotNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.06", e.getErrorId()); + + } + } + + @Test + public void wrongFormatNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatToLongNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25) + "|" + "aabbcc"; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.01", e.getErrorId()); + + } + } + + @Test + public void wrongFormatNoDateNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25) + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + + } + + @Test + public void wrongFormatWrongDateNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = "2020-01-01 12:01:55 111" + "|" + + RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + + + } + + @Test + public void validFormat() throws EaafException, JoseException, UnsupportedEncodingException { + String intId = RandomStringUtils.randomAlphanumeric(25); + ReadableInstant now = DateTime.now(); + String payLoad = DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss SSS").print(now) + + "|" + intId; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + Assert.assertEquals("pendingId not match", intId, intPendingId); + + } + + @Test + public void validFormatNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String intId = RandomStringUtils.randomAlphanumeric(25); + String payLoad = "2020-01-01 12:01:55 111" + + "|" + intId; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + + } + + @Test + public void validFormatWrongDateNotValidation() throws EaafException, JoseException, UnsupportedEncodingException { + String intId = RandomStringUtils.randomAlphanumeric(25); + String payLoad = "2020-01-01 12:01:55 111" + "|" + + intId; + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "pendingReqIdSecret"); + + + String intPendingId = pendingIdStrategy.getPendingRequestIdWithOutChecks(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.assertNotNull("Int PendingId", intPendingId); + Assert.assertEquals("pendingId not match", intId, intPendingId); + + + } + + @Test + public void wrongEncrypted() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.DIRECT, + ContentEncryptionAlgorithmIdentifiers.AES_128_GCM, + "wrongPassword"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "internal.pendingreqid.04", e.getErrorId()); + + } + } + + @Ignore + @Test + public void wrongEncryptionAlg() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.A256KW, + ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); + Assert.assertEquals("Wrong errorMsg", + "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " + + "PendingReqId has an unvalid format]", + e.getMessage()); + + } + } + + @Ignore + @Test + public void wrongKeyEncAlg() throws EaafException, JoseException, UnsupportedEncodingException { + String payLoad = RandomStringUtils.randomAlphanumeric(25); + + String extPendingId = generateEncryptedPendingId(payLoad, + KeyManagementAlgorithmIdentifiers.A128KW, + ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256, + "pendingReqIdSecret"); + + try { + pendingIdStrategy.validateAndGetPendingRequestId(Base64.getUrlEncoder() + .encodeToString(extPendingId.getBytes())); + Assert.fail("Wrong pendingId not detected"); + + } catch (PendingReqIdValidationException e) { + Assert.assertNull("internal pendingReqId", e.getInvalidInternalPendingReqId()); + Assert.assertNull("internal pendingReq", e.getInvalidPendingReq()); + Assert.assertEquals("Wrong errorId", "process.99", e.getErrorId()); + Assert.assertEquals("Wrong errorMsg", + "No StatusMessager-Backend available! StatusCode:process.99 Params:[null, " + + "PendingReqId is NOT a valid String]", + e.getMessage()); + + } + } + + private String generateEncryptedPendingId(String payLoad, String direct, String aes128Gcm, String softKeyPassphrase) + throws EaafException, JoseException, UnsupportedEncodingException { + SymmetricKeyConfiguration config = new SymmetricKeyConfiguration(); + config.setFriendlyName("jUnit"); + config.setKeyType(SymmetricKeyType.PASSPHRASE); + config.setSoftKeySalt("notRequiredInThisScenario"); + config.setSoftKeyPassphrase(softKeyPassphrase); + Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(config); + + JsonWebEncryption encToken = new JsonWebEncryption(); + encToken.setAlgorithmHeaderValue(direct); + encToken.setEncryptionMethodHeaderParameter(aes128Gcm); + encToken.setKey(key.getFirst()); + encToken.setPayload(payLoad); + + return encToken.getCompactSerialization(); + + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest.java new file mode 100644 index 00000000..b588bb3a --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest.java @@ -0,0 +1,44 @@ +package at.gv.egiz.eaaf.core.impl.utils.test; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml") +@DirtiesContext +public class AuthenticatedEncryptionPendingRequestIdGenerationStrategyWithHsmTest { + + @Autowired private AuthenticatedEncryptionPendingRequestIdGenerationStrategy pendingIdStrategy; + + @Test + public void generatePendingRequestId() throws EaafException { + String pendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("pendingId", pendingId); + + } + + @Test + public void validatePendingRequestId() throws EaafException { + String extPendingId = pendingIdStrategy.generateExternalPendingRequestId(); + Assert.assertNotNull("external pendingId", extPendingId); + + + String pendingId = pendingIdStrategy.validateAndGetPendingRequestId(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId); + + String pendingId2 = pendingIdStrategy.getPendingRequestIdWithOutChecks(extPendingId); + Assert.assertNotNull("internal pendingId", pendingId2); + + Assert.assertEquals("pendingId not match", pendingId, pendingId2); + + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java index 58788392..ca90f05b 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/impl/utils/test/KeyValueUtilsTest.java @@ -153,7 +153,8 @@ public class KeyValueUtilsTest { + RandomStringUtils.randomAlphabetic(6) + KeyValueUtils.KEY_DELIMITER + RandomStringUtils.randomAlphabetic(5); final Map<String, String> testMap = generateTestMap(testPrefix, 5, 5); - + testMap.put(testPrefix, RandomStringUtils.randomAlphabetic(10)); + final Map<String, String> result = KeyValueUtils.removePrefixFromKeys(testMap, testPrefix); Assert.assertNotNull("Result is null", result); Assert.assertFalse("Result is empty", result.isEmpty()); diff --git a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/builder/BpkBuilderTest.java index 64c13781..bccab09f 100644 --- a/eaaf_core/src/test/java/at/gv/egiz/eaaf/core/impl/idp/auth/builder/BpkBuilderTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/builder/BpkBuilderTest.java @@ -1,12 +1,20 @@ -package at.gv.egiz.eaaf.core.impl.idp.auth.builder; +package at.gv.egiz.eaaf.core.test.builder; +import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.spec.ECGenParameterSpec; import org.apache.commons.lang3.RandomStringUtils; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.lang.JoseException; import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -15,6 +23,7 @@ import org.junit.runners.BlockJUnit4ClassRunner; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException; +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; import at.gv.egiz.eaaf.core.impl.data.Pair; @RunWith(BlockJUnit4ClassRunner.class) @@ -33,11 +42,76 @@ public class BpkBuilderTest { @Before public void initialize() throws NoSuchAlgorithmException, NoSuchProviderException { KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); + keyGen.initialize(2048); keyPair = keyGen.generateKeyPair(); } @Test + public void encBpkTextualLength() throws EaafBuilderException, InvalidKeyException, NoSuchAlgorithmException, + NoSuchProviderException, InvalidAlgorithmParameterException, JoseException { + String bpk = "MDEyMzQ1Njc4OWFiY2RIZg+CU"; + String target = EaafConstants.URN_PREFIX_CDID + "AA"; + + printResult("Legacy RSA 1024:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(1024))); + printResult("Legacy RSA 2048:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(2048))); + printResult("Legacy RSA 3072:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(3072))); + printResult("Legacy RSA 4096:", BpkBuilder.encryptBpk(bpk, target, generateRsaPubKey(4096))); + + + bpk = "V1::urn:publicid:gv.at:cdid+BW::MDEyMzQ1Njc 4OW FiY2RIZg+CU&g=::2004-01-22T20:57:12"; + + printResult("RSA 2048:", createJsonEnc(generateRsaPubKey(2048), bpk, target, + KeyManagementAlgorithmIdentifiers.RSA_OAEP_256)); + printResult("RSA 3072:", createJsonEnc(generateRsaPubKey(3072), bpk, target, + KeyManagementAlgorithmIdentifiers.RSA_OAEP_256)); + printResult("RSA 4096:", createJsonEnc(generateRsaPubKey(4048), bpk, target, + KeyManagementAlgorithmIdentifiers.RSA_OAEP_256)); + + printResult("ECC 256:", createJsonEnc(generateEcPubKey("secp256r1"), bpk, target, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW)); + printResult("ECC 384:", createJsonEnc(generateEcPubKey("secp384r1"), bpk, target, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW)); + printResult("ECC 521:", createJsonEnc(generateEcPubKey("secp521r1"), bpk, target, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW)); + + System.out.println("Finished!"); + } + + private void printResult(String prefix, String body) { + System.out.println(prefix + " " + body.length() + " full:" + body); + + } + + private String createJsonEnc(PublicKey pubKey, String bpk, String target, String keyWrapAlg) throws JoseException { + JsonWebEncryption enc = new JsonWebEncryption(); + enc.setKey(pubKey); + enc.setPayload(bpk); + enc.setAlgorithmHeaderValue(keyWrapAlg); + enc.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); + enc.setKeyIdHeaderValue("myFirstKey"); + enc.setContentTypeHeaderValue(target); + return enc.getCompactSerialization(); + + } + + private PublicKey generateRsaPubKey(int size) throws NoSuchAlgorithmException { + KeyPairGenerator keyGen3 = KeyPairGenerator.getInstance("RSA"); + keyGen3.initialize(size); + return keyGen3.generateKeyPair().getPublic(); + + } + + private PublicKey generateEcPubKey(String curve) throws NoSuchAlgorithmException, + NoSuchProviderException, InvalidAlgorithmParameterException { + KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); + ECGenParameterSpec ecSpec = new ECGenParameterSpec(curve); + generator.initialize(ecSpec, new SecureRandom()); + return generator.generateKeyPair().getPublic(); + + } + + @Test public void encBpkWrongTarget() throws InvalidKeyException { String bpk = RandomStringUtils.randomAlphanumeric(25); String target = RandomStringUtils.randomAlphanumeric(25); @@ -141,7 +215,7 @@ public class BpkBuilderTest { BpkBuilder.generateAreaSpecificPersonIdentifier(null, EaafConstants.URN_PREFIX_CDID + "AA"); } catch (EaafBuilderException e) { - Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); } } @@ -151,7 +225,7 @@ public class BpkBuilderTest { BpkBuilder.generateAreaSpecificPersonIdentifier(BASEID, null); } catch (EaafBuilderException e) { - Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); } } @@ -162,7 +236,7 @@ public class BpkBuilderTest { null, EaafConstants.URN_PREFIX_CDID + "AA"); } catch (EaafBuilderException e) { - Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); } } @@ -173,7 +247,7 @@ public class BpkBuilderTest { EaafConstants.URN_PREFIX_CDID + "BB", EaafConstants.URN_PREFIX_CDID + "AA"); } catch (EaafBuilderException e) { - Assert.assertEquals("Wrong errorCode", "builder.00", e.getErrorId()); + Assert.assertEquals("Wrong errorCode", "builder.33", e.getErrorId()); } } @@ -228,7 +302,7 @@ public class BpkBuilderTest { Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( BASEID, EaafConstants.URN_PREFIX_WBPK + "ZVR+123456"); - Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=", + Assert.assertEquals("wbPK", "1WvaBLiTxcc3kVzfB71Zh2sCtvA=", result1.getFirst()); Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", result1.getSecond()); @@ -241,7 +315,7 @@ public class BpkBuilderTest { Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( BASEID, EaafConstants.URN_PREFIX_WBPK + "ERSB+123456"); - Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=", + Assert.assertEquals("wbPK", "xtAWGAiblvhYJiCpUB3dwdRFPpg=", result1.getFirst()); Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", result1.getSecond()); @@ -267,7 +341,7 @@ public class BpkBuilderTest { Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( BASEID, EaafConstants.URN_PREFIX_WBPK + "XZVR+123456"); - Assert.assertEquals("wbPK", "g4JRKGS+AJxd9FU8k2tG8Lxrx6M=", + Assert.assertEquals("wbPK", "1WvaBLiTxcc3kVzfB71Zh2sCtvA=", result1.getFirst()); Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XZVR+123456", result1.getSecond()); @@ -280,7 +354,7 @@ public class BpkBuilderTest { Pair<String, String> result1 = BpkBuilder.generateAreaSpecificPersonIdentifier( BASEID, EaafConstants.URN_PREFIX_WBPK + "XERSB+123456"); - Assert.assertEquals("wbPK", "Bjnl0BofeJGgqynJP1r/ff6E1Rk=", + Assert.assertEquals("wbPK", "xtAWGAiblvhYJiCpUB3dwdRFPpg=", result1.getFirst()); Assert.assertEquals("wbPK", "urn:publicid:gv.at:wbpk+XERSB+123456", result1.getSecond()); @@ -384,7 +458,7 @@ public class BpkBuilderTest { @Test public void calcNormalizeNullTarget() { Assert.assertNull("Wrong normalized target", - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(null)); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(null)); } @@ -393,7 +467,7 @@ public class BpkBuilderTest { String target = EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2); Assert.assertEquals("Wrong normalized target", target, - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(target)); } @@ -402,7 +476,7 @@ public class BpkBuilderTest { Assert.assertEquals("Wrong normalized target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i", - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(EaafConstants.URN_PREFIX_WBPK + "FN+123456i")); } @@ -411,7 +485,7 @@ public class BpkBuilderTest { String target = EaafConstants.URN_PREFIX_WBPK + RandomStringUtils.randomAlphabetic(2); Assert.assertEquals("Wrong normalized target", target, - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(target)); } @@ -419,7 +493,7 @@ public class BpkBuilderTest { public void calcNormalizeWbpkTargetWithXMappingFn() { Assert.assertEquals("Wrong normalized target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i", - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XFN+123456i")); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(EaafConstants.URN_PREFIX_WBPK + "XFN+123456i")); } @@ -427,7 +501,7 @@ public class BpkBuilderTest { public void calcNormalizeWbpkTargetWithXMappingZvr() { Assert.assertEquals("Wrong normalized target", EaafConstants.URN_PREFIX_WBPK + "ZVR+1122334455", - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455")); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(EaafConstants.URN_PREFIX_WBPK + "XZVR+1122334455")); } @@ -435,7 +509,7 @@ public class BpkBuilderTest { public void calcNormalizeWbpkTargetWithXMappingErsb() { Assert.assertEquals("Wrong normalized target", EaafConstants.URN_PREFIX_WBPK + "ERSB+998877665544", - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat( + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat( EaafConstants.URN_PREFIX_WBPK + "XERSB+998877665544")); } @@ -446,8 +520,43 @@ public class BpkBuilderTest { + "+" + RandomStringUtils.randomAlphabetic(2); Assert.assertEquals("Wrong normalized target", target, - BpkBuilder.normalizeBpkTargetIdentifierToCalculationFormat(target)); + BpkBuilder.normalizeBpkTargetIdentifierToNonXFormat(target)); } + @Test + public void removeBpkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_CDID + spTarget)); + + } + + @Test + public void removeWpbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(10); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_WBPK + spTarget)); + + } + + @Test + public void removeEidasPbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(2) + "+" + RandomStringUtils.randomAlphabetic(2); + Assert.assertEquals("Wrong SP target without prefix", + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_EIDAS + spTarget)); + + } + + @Test + public void removeUnknownPbkPrefix() { + String spTarget = RandomStringUtils.randomAlphabetic(10); + Assert.assertEquals("Wrong SP target without prefix", + EaafConstants.URN_PREFIX_BASEID + spTarget, + BpkBuilder.removeBpkTypePrefix(EaafConstants.URN_PREFIX_BASEID + spTarget)); + + } } diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java index cefb1e7e..3e82c510 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java @@ -4,18 +4,23 @@ import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.Provider; +import java.security.Security; import java.security.cert.X509Certificate; import java.util.List; +import javax.crypto.SecretKey; + import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.annotation.DirtiesContext.MethodMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -25,6 +30,7 @@ import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; +import at.asitplus.hsmfacade.provider.HsmFacadeProvider; import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -33,13 +39,15 @@ import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; import io.grpc.StatusRuntimeException; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml") -@DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) +@DirtiesContext(classMode = ClassMode.BEFORE_EACH_TEST_METHOD) public class EaafKeyStoreFactoryTest { private static final String HSM_FACASE_HOST = "eid.a-sit.at"; @@ -66,14 +74,15 @@ public class EaafKeyStoreFactoryTest { /** * jUnit test set-up. */ - @Before + @Before public void testSetup() { mapConfig.clearAllConfig(); - + Security.removeProvider(HsmFacadeProvider.getInstance().getName()); + } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void startWithoutConfigHsmFacadeConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -81,7 +90,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void buildyStoreWithOutConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -99,7 +108,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void buildyStoreWithPkcs11() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -118,7 +127,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutConfig() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -137,7 +146,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutConfigSecond() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -156,7 +165,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutPassword() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -177,7 +186,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutPath() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -199,7 +208,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithoutType() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -217,7 +226,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithWrongPath() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -234,13 +243,13 @@ public class EaafKeyStoreFactoryTest { } catch (final EaafException e) { org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); - Assert.assertEquals("wrong errorCode", "internal.keystore.05", e.getErrorId()); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); } } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreWithWrongPassword() { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -263,7 +272,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreSuccessJks() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -280,10 +289,13 @@ public class EaafKeyStoreFactoryTest { Assert.assertNotNull("KeyStore is null", keyStore.getFirst()); Assert.assertNull("KeyStore is null", keyStore.getSecond()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UNKNOWN, + keyStoreFactory.checkHsmFacadeStatus()); + } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreAccessOperations() throws EaafException, KeyStoreException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -352,7 +364,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void softwareKeyStoreSuccessPkcs12() throws EaafException { final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); @@ -372,6 +384,75 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricSoftwareKeyWithOutConfig() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricSoftwareKeyWithOutSalt() { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10)); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricSoftwareKeyValid() throws EaafException { + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertFalse("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.PASSPHRASE); + keyConfig.setSoftKeyPassphrase(RandomStringUtils.randomAlphanumeric(10)); + keyConfig.setSoftKeySalt(RandomStringUtils.randomAlphanumeric(10)); + + Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNull("Provider is not null", key.getSecond()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeNoHostConfig() { + context.getBean(EaafKeyStoreFactory.class); + + } + + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeOnlyHostConfig() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -386,6 +467,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingPort() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -405,6 +487,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingUsername() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -423,6 +506,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingPassword() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -442,6 +526,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -463,6 +548,7 @@ public class EaafKeyStoreFactoryTest { } @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingTrustedCertificateFile() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -485,7 +571,8 @@ public class EaafKeyStoreFactoryTest { } } - @Test + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeMissingWrongTrustedCertificate() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -508,8 +595,35 @@ public class EaafKeyStoreFactoryTest { } } + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeWrongGrpcDeadlineParameter() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + "src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml"); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + RandomStringUtils.randomAlphabetic(5)); + + try { + context.getBean(EaafKeyStoreFactory.class); + Assert.fail("Missing HSM Facade not detected"); + + } catch (final BeansException e) { + checkMissingConfigException(e, "internal.keystore.05"); + + } + } + + @Ignore @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeInitialized() { mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, RandomStringUtils.randomNumeric(10)); @@ -521,14 +635,54 @@ public class EaafKeyStoreFactoryTest { RandomStringUtils.randomAlphanumeric(10)); mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, PATH_TO_HSM_FACADE_TRUST_CERT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_GRPC_DEADLINE, + RandomStringUtils.randomNumeric(2)); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeHealthCheckNoProvider() { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, + RandomStringUtils.randomNumeric(4)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, + RandomStringUtils.randomNumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, + RandomStringUtils.randomAlphanumeric(10)); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, + PATH_TO_HSM_FACADE_TRUST_CERT); final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + Security.removeProvider("HsmFacade"); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.DOWN, + keyStoreFactory.checkHsmFacadeStatus()); } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeAlreadLoaded() { + HsmFacadeProvider provider = HsmFacadeProvider.getInstance(); + Security.addProvider(provider); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); + } + @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeKeyStoreNoKeyStoreName() { configureHsmFacade(); @@ -550,7 +704,7 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) public void hsmFacadeKeyStoreSuccess() throws EaafException { configureHsmFacade(); @@ -578,13 +732,106 @@ public class EaafKeyStoreFactoryTest { } @Test - @DirtiesContext - public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException { + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyWithOutConfig() { configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.06", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyWithOutKeyAlias() { + configureHsmFacade(); + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.key.00", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyWrongKeyAlias() { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias("notExist"); + + try { + keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.fail("Wrong config not detected"); + + } catch (final EaafException e) { + org.springframework.util.Assert.isInstanceOf(EaafKeyAccessException.class, e, "Wong ExceptionType"); + Assert.assertEquals("wrong errorCode", "internal.keystore.09", e.getErrorId()); + + } + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void symmetricHsmFacadeKeyValid() throws EaafException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias("aes-key-1"); + + Pair<SecretKey, Provider> key = keyStoreFactory.buildNewSymmetricKey(keyConfig); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNotNull("Provider is null", key.getFirst()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException { + configureHsmFacade(); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + Assert.assertEquals("Wrong HSM-Facade state", EaafKeyStoreFactory.HsmFacadeStatus.UP, + keyStoreFactory.checkHsmFacadeStatus()); + final KeyStoreConfiguration keyStoreConfig = new KeyStoreConfiguration(); keyStoreConfig.setKeyStoreType(KeyStoreType.HSMFACADE); keyStoreConfig.setKeyStoreName("authhandler"); diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java new file mode 100644 index 00000000..ac456c13 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EncryptionTask.java @@ -0,0 +1,156 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import static org.junit.Assert.assertArrayEquals; + +import java.security.Provider; +import java.util.concurrent.CompletableFuture; + +import javax.crypto.Cipher; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.scheduling.annotation.Async; +import org.springframework.scheduling.annotation.AsyncResult; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +public class EncryptionTask implements Runnable { + + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9050"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = + "src/test/resources/data/junit.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = + "src/test/resources/data/junit_without_trustcerts.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = + "src/test/resources/data/junit_without_trustcerts.p12"; + private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; + + private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; + + private static final String CIPHER_MODE = "AES/GCM/NoPadding"; + private static final int GCM_NONCE_LENGTH = 12; // in bytes + private static final int GCM_TAG_LENGTH = 16; // in bytes + + protected static final String KEYNAME = "AES"; + + @Autowired + private DummyAuthConfigMap mapConfig; + @Autowired + private ApplicationContext context; + + String keyName; + int rounds; + private Exception error; + + public EncryptionTask(ApplicationContext context2, DummyAuthConfigMap mapConfig2, + String keyName, int rounds) { + this.context = context2; + this.mapConfig = mapConfig2; + + this.keyName = keyName; + this.rounds = rounds; + + } + + @Override + public void run() { + run(this.keyName, this.rounds); + + } + + @Async + public CompletableFuture<String> run(String keyName, int rounds) { + try { + Pair<SecretKey, Provider> key = loadSymmetricKey(keyName); + Assert.assertNotNull("Key container is null", key); + + for(int i = 0; i < rounds; i++) { + + log.info("Starting threat: {} Round: {}", Thread.currentThread().getName(), i); + + byte[] data = RandomStringUtils.randomAlphanumeric(1024*64).getBytes(); + Pair<byte[], byte[]> enc = encryptData(key.getFirst(), data); + + byte[] checkData = decryptData(enc, key.getFirst()); + log.info("Finishing threat: {} Round: {}", Thread.currentThread().getName(), i); + + + assertArrayEquals("plaintext not match", data, checkData); + + + + } + + } catch (Exception e) { + this.error = e; + throw new RuntimeException(e); + + } + + return new AsyncResult<>("finished").completable(); + + } + + private byte[] decryptData(Pair<byte[], byte[]> enc, SecretKey secret) throws Exception { + final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, enc.getSecond()); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.DECRYPT_MODE, secret, iv); + return cipher.doFinal(enc.getFirst()); + + } + + + + private Pair<byte[], byte[]> encryptData(SecretKey secret, byte[] toEncrypt) throws Exception { + final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH); + final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce); + final Cipher cipher = Cipher.getInstance(CIPHER_MODE); + cipher.init(Cipher.ENCRYPT_MODE, secret, spec); + + final byte[] encdata = cipher.doFinal(toEncrypt); + final byte[] iv = cipher.getIV(); + + return Pair.newInstance(encdata, iv); + + } + + private Pair<SecretKey, Provider> loadSymmetricKey(String keyName) throws EaafException { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias(keyName); + + return keyStoreFactory.buildNewSymmetricKey(keyConfig); + } + + + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyOperationPerformanceTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyOperationPerformanceTest.java new file mode 100644 index 00000000..90d878b9 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/KeyOperationPerformanceTest.java @@ -0,0 +1,155 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import static org.junit.Assert.assertFalse; + +import java.security.Provider; +import java.security.Security; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import javax.crypto.SecretKey; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.hsmfacade.provider.HsmFacadeProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import lombok.extern.slf4j.Slf4j; + +@Ignore +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_lazy.beans.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_EACH_TEST_METHOD) +@Slf4j +public class KeyOperationPerformanceTest { + + private static final String HSM_FACASE_HOST = "eid.a-sit.at"; + private static final String HSM_FACASE_PORT = "9050"; + private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; + private static final String HSM_FACASE_USERNAME = "authhandler-junit"; + private static final String HSM_FACASE_PASSWORD = "supersecret123"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS_WITH_TRUSTED_CERTS = + "src/test/resources/data/junit.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_JKS = + "src/test/resources/data/junit_without_trustcerts.jks"; + private static final String PATH_TO_SOFTWARE_KEYSTORE_PKCS12 = + "src/test/resources/data/junit_without_trustcerts.p12"; + private static final String SOFTWARE_KEYSTORE_PASSWORD = "password"; + + private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; + + private static final String CIPHER_MODE = "AES/GCM/NoPadding"; + private static final int GCM_NONCE_LENGTH = 12; // in bytes + private static final int GCM_TAG_LENGTH = 16; // in bytes + + protected static final String KEYNAME = "AES"; + + + private static final String AES_KEY_1 = "aes-key-1"; + private static final String AES_KEY_2 = "aes-key-2"; + + private static final List<String> ALL_AES_KEYS = Arrays.asList(AES_KEY_1, AES_KEY_2); + + @Autowired + private DummyAuthConfigMap mapConfig; + @Autowired + private ApplicationContext context; + + /** + * jUnit test set-up. + */ + @Before + public void testSetup() { + mapConfig.clearAllConfig(); + Security.removeProvider(HsmFacadeProvider.getInstance().getName()); + + } + + @Ignore + @Test + public void symmetricHsmFacadeKeyLoad() throws EaafException { + Pair<SecretKey, Provider> key = loadSymmetricKey(AES_KEY_1); + Assert.assertNotNull("Key container is null", key); + Assert.assertNotNull("Key is null", key.getFirst()); + Assert.assertNotNull("Provider is null", key.getFirst()); + + } + + + @Ignore + @Test + public void symmetricHsmFacadeKeyOperations() throws Exception { + Pair<SecretKey, Provider> key = loadSymmetricKey(AES_KEY_1); + Assert.assertNotNull("Key container is null", key); + new EncryptionTask(context, mapConfig, AES_KEY_2, 15).run(AES_KEY_2, 15); + + } + + @Test + public void symmetricHsmFacadeMultithreatKeyOperations() throws Exception { + Pair<SecretKey, Provider> key = loadSymmetricKey(AES_KEY_1); + Assert.assertNotNull("Key container is null", key); + + int threads = 30; + + ArrayList<EncryptionTask> taskList = new ArrayList<EncryptionTask>(); + ArrayList<Thread> threadList = new ArrayList<Thread>(); + for(int i=0; i < threads; i++){ + EncryptionTask task = new EncryptionTask(context, mapConfig, ALL_AES_KEYS.get(i % 2), 20); + taskList.add(task); + Thread t = new Thread(task); + threadList.add(t); + t.start(); + } + + // wait until they are all done + log.trace("Wait for mandate sources .... "); + for(int i=0; i<threadList.size(); i++){ + threadList.get(i).join(); + } + log.trace("Mandate sources collection finished "); + + + assertFalse("Find Thread with error", taskList.stream() + .filter(el -> el.getError() != null) + .findFirst() + .isPresent()); + + + } + + private Pair<SecretKey, Provider> loadSymmetricKey(String keyName) throws EaafException { + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME); + mapConfig.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); + + final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class); + Assert.assertTrue("HSM Facade state wrong", keyStoreFactory.isHsmFacadeInitialized()); + + SymmetricKeyConfiguration keyConfig = new SymmetricKeyConfiguration(); + keyConfig.setFriendlyName("jUnit test"); + keyConfig.setKeyType(SymmetricKeyType.HSMFACADE); + keyConfig.setKeyStoreName("authhandler"); + keyConfig.setKeyAlias(keyName); + + return keyStoreFactory.buildNewSymmetricKey(keyConfig); + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java new file mode 100644 index 00000000..eb4eb212 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/SymmetricKeyConfigurationTest.java @@ -0,0 +1,162 @@ +package at.gv.egiz.eaaf.core.test.credentials; + +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.SymmetricKeyConfiguration.SymmetricKeyType; + +@RunWith(BlockJUnit4ClassRunner.class) +public class SymmetricKeyConfigurationTest { + + private Map<String, String> config; + + @Before + public void testSetup() { + config = new HashMap<>(); + + } + + @Test + public void emptyConfigMap() { + try { + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void emptyKeyType() { + try { + config.put("key.type", ""); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void unknownKeyType() { + try { + config.put("key.type", "test"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.01", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeMissingName() { + try { + config.put("key.type", "hsmfacade"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeMissingAlias() { + try { + final String keyStoreName = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "hsmfacade"); + config.put("keystore.name", keyStoreName); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void hsmFacadeKeyTypeSucces() throws EaafConfigurationException { + final String keyStoreName = RandomStringUtils.randomAlphabetic(5); + final String keyAlias = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "hsmfacade"); + config.put("keystore.name", keyStoreName); + config.put("key.alias", keyAlias); + + final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", SymmetricKeyType.HSMFACADE, keyStoreConfig.getKeyType()); + Assert.assertEquals("Wrong KeyStoreName", keyStoreName, keyStoreConfig.getKeyStoreName()); + Assert.assertEquals("Wrong KeyStoreName", keyAlias, keyStoreConfig.getKeyAlias()); + + + keyStoreConfig.validate(); + + } + + @Test + public void passphraseKeyTypeMissingPassphrase() { + try { + config.put("key.type", "passphrase"); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void passphraseKeyTypeMissingSalt() { + try { + final String passphrase = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "passphrase"); + config.put("key.passphrase", passphrase); + + SymmetricKeyConfiguration.buildFromConfigurationMap(config, "jUnitTest"); + Assert.fail("Wrong config not detected"); + + } catch (final EaafConfigurationException e) { + Assert.assertEquals("wrong errorCode", "internal.keystore.04", e.getErrorId()); + } + } + + @Test + public void passphraseKeyTypeSucces() throws EaafConfigurationException { + final String passphrase = RandomStringUtils.randomAlphabetic(5); + final String salt = RandomStringUtils.randomAlphabetic(5); + config.put("key.type", "passphrase"); + config.put("key.passphrase", passphrase); + config.put("key.salt", salt); + + final SymmetricKeyConfiguration keyStoreConfig = SymmetricKeyConfiguration.buildFromConfigurationMap(config, + "jUnitTest"); + + Assert.assertNotNull("KeyStore config object", keyStoreConfig); + Assert.assertEquals("Wrong Type", SymmetricKeyType.PASSPHRASE, keyStoreConfig.getKeyType()); + Assert.assertEquals("Wrong KeyStoreName", passphrase, keyStoreConfig.getSoftKeyPassphrase()); + Assert.assertEquals("Wrong KeyStoreName", salt, keyStoreConfig.getSoftKeySalt()); + + keyStoreConfig.validate(); + + } +} + diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java index bf1dfd03..09301f57 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/dummy/DummyAuthConfigMap.java @@ -123,7 +123,7 @@ public class DummyAuthConfigMap implements IConfigurationWithSP { @Override public String validateIdpUrl(final URL authReqUrl) throws EaafException { - return null; + return authReqUrl.toExternalForm(); } public void putConfigValue(final String key, final String value) { diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java new file mode 100644 index 00000000..55c17ee8 --- /dev/null +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryProdHostTest.java @@ -0,0 +1,98 @@ +package at.gv.egiz.eaaf.core.test.http; + +import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.Base64; + +import org.apache.http.client.ClientProtocolException; +import org.apache.http.client.methods.CloseableHttpResponse; +import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.impl.client.CloseableHttpClient; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.MethodMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext +public class HttpClientFactoryProdHostTest { + + @Autowired private IHttpClientFactory httpClientFactory; + @Autowired private EaafKeyStoreFactory keyStoreFactory; + + /** + * Initialize full class. + */ + @BeforeClass + public static void classInitializer() { + final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse"); + logger.setLevel(Level.TRACE); + + } + + /** + * JUnit test set-up. + * + */ + @Before + public void setup() { + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void getCustomClientX509AuthWithHsmFacadeTrustStore() throws EaafException, ClientProtocolException, + IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, + CertificateEncodingException { + System.setProperty("javax.net.debug", "ssl:handshake"); + + final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client"); + clientConfig.setAuthMode("ssl"); + //clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "eid-junit"); + //clientConfig.setSslKeyAlias("rsa-key-1"); + clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler"); + clientConfig.setSslKeyAlias("authhandler-sign"); + clientConfig.setDisableTlsHostCertificateValidation(false); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig); + Assert.assertNotNull("httpClient", client); + + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig()); + final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[1]; + final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[0]; + Base64.getEncoder().encodeToString(clientEeCert.getEncoded()); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet("https://apps.egiz.gv.at//sslclientcertdemo/"); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + +} diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java index 25bd3008..c71d8352 100644 --- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java +++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java @@ -1,42 +1,66 @@ package at.gv.egiz.eaaf.core.test.http; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.net.HttpURLConnection; import java.net.InetAddress; +import java.net.SocketTimeoutException; +import java.security.Key; +import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; import java.security.Provider; +import java.security.UnrecoverableKeyException; import java.security.cert.X509Certificate; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.http.StatusLine; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; +import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.entity.ContentType; import org.apache.http.impl.client.CloseableHttpClient; import org.junit.After; +import org.junit.AfterClass; import org.junit.Assert; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.MethodMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.http.HttpClientConfiguration; +import at.gv.egiz.eaaf.core.impl.http.HttpUtils; import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; import okhttp3.HttpUrl; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; import okhttp3.mockwebserver.RecordedRequest; +import okhttp3.mockwebserver.SocketPolicy; import okhttp3.tls.HandshakeCertificates; import okhttp3.tls.HeldCertificate; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/spring/test_eaaf_pvp_not_lazy.beans.xml") +@DirtiesContext public class HttpClientFactoryTest { @Autowired private EaafKeyStoreFactory keyStoreFactory; @@ -46,6 +70,27 @@ public class HttpClientFactoryTest { private HttpUrl mockServerUrl; /** + * Initialize full class. + */ + @BeforeClass + public static void classInitializer() { + final Logger logger = (Logger) LoggerFactory.getLogger("org.bouncycastle.jsse"); + logger.setLevel(Level.TRACE); + + } + + /** + * Reset test environment. + */ + @AfterClass + public static void classReset() { + System.clearProperty("javax.net.ssl.trustStoreType"); + System.clearProperty("javax.net.ssl.trustStore"); + System.clearProperty("javax.net.ssl.trustStorePassword"); + + } + + /** * JUnit test set-up. * */ @@ -84,6 +129,27 @@ public class HttpClientFactoryTest { } @Test + public void defaultHttpClientRetryOneTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final CloseableHttpClient client = httpClientFactory.getHttpClient(); + Assert.assertNotNull("No httpClient", client); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp1 = client.execute(httpGet1); + Assert.assertEquals("http statusCode", 200, httpResp1.getStatusLine().getStatusCode()); + + } + + @Test public void getCustomClientsDefault() throws EaafException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); Assert.assertFalse("Wrong default config - Hostnamevalidation", @@ -109,7 +175,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, + public void getCustomClientBasicAuth() throws EaafException, ClientProtocolException, IOException, InterruptedException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("password"); @@ -157,6 +223,193 @@ public class HttpClientFactoryTest { } @Test + public void httpPostRetryNotAllowed() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + config.setHttpErrorRetryPost(false); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpPost(mockServerUrl.url().toString()); + try { + client.execute(httpGet1); + Assert.fail("HTTP POST retry not allowed"); + + } catch (final SocketTimeoutException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + + } + + } + + @Test + public void httpPostRetryOneTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + config.setHttpErrorRetryPost(true); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpPost(mockServerUrl.url().toString()); + final StatusLine httpResp1 = client.execute(httpGet1, + HttpUtils.simpleStatusCodeResponseHandler()); + Assert.assertEquals("http statusCode", 200, httpResp1.getStatusCode()); + + } + + @Test + public void testHttpClientRetryOneTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + + String bodyData = RandomStringUtils.randomAlphanumeric(10); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(bodyData)); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + final Triple<StatusLine, ByteArrayInputStream, ContentType> httpResp1 = client.execute(httpGet1, + HttpUtils.bodyStatusCodeResponseHandler()); + Assert.assertEquals("http statusCode", 200, httpResp1.getFirst().getStatusCode()); + Assert.assertEquals("http statusCode", bodyData, new String(StreamUtils.readStream(httpResp1.getSecond()))); + + + } + + @Test + public void testHttpClientRetryTwoTime() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp1 = client.execute(httpGet1); + Assert.assertEquals("http statusCode", 200, httpResp1.getStatusLine().getStatusCode()); + + } + + @Test + public void testHttpClientRetryMaxReached() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(2); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + try { + client.execute(httpGet1); + Assert.fail("Max retry failed"); + + } catch (final SocketTimeoutException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + + } + } + + @Test + public void testHttpClientNoRetry() throws EaafException, InterruptedException, + ClientProtocolException, IOException { + final HttpClientConfiguration config = + new HttpClientConfiguration("jUnit_retry_" + RandomStringUtils.randomAlphabetic(3)); + config.setHttpErrorRetryCount(0); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(config); + Assert.assertNotNull("No httpClient", client); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/junit"); + mockWebServer.enqueue(new MockResponse() + .setSocketPolicy(SocketPolicy.NO_RESPONSE) + .setResponseCode(HttpURLConnection.HTTP_NO_CONTENT)); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("GetData")); + + //request webservice + final HttpUriRequest httpGet1 = new HttpGet(mockServerUrl.url().toString()); + try { + client.execute(httpGet1); + Assert.fail("Max retry failed"); + + } catch (final SocketTimeoutException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + + } + } + + @Test public void getCustomClientBasicAuthNoPassword() throws EaafException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("password"); @@ -283,7 +536,7 @@ public class HttpClientFactoryTest { } @Test - public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, + public void getCustomClientX509AuthWithWrongAlias() throws EaafException, KeyStoreException, ClientProtocolException, IOException { final HttpClientConfiguration config = new HttpClientConfiguration("jUnit"); config.setAuthMode("ssl"); @@ -311,9 +564,120 @@ public class HttpClientFactoryTest { final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() .addTrustedCertificate( (X509Certificate) sslClientKeyStore.getFirst().getCertificate("meta")) + .addTrustedCertificate( + (X509Certificate) sslClientKeyStore.getFirst().getCertificate("sig")) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void getCustomClientX509AuthWithHsmFacade() throws EaafException, ClientProtocolException, + IOException, KeyStoreException { + final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client"); + clientConfig.setAuthMode("ssl"); + clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler"); + clientConfig.setSslKeyAlias("authhandler-sign"); + clientConfig.setDisableTlsHostCertificateValidation(true); + + + + final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig()); + final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[1]; + final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[0]; + + final String localhost = InetAddress.getByName("localhost").getCanonicalHostName(); + final HeldCertificate localhostCertificate = new HeldCertificate.Builder() + .addSubjectAlternativeName(localhost) + .build(); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate(clientEeCert) + .addTrustedCertificate(clientRootCert) + .heldCertificate(localhostCertificate) + .build(); + mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); + mockWebServer.requireClientAuth(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("Successful auth!")); + mockServerUrl = mockWebServer.url("/sp/junit"); + + //perform test request + final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString()); + final CloseableHttpResponse httpResp2 = client.execute(httpGet2); + Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); + + } + + @Test + @DirtiesContext(methodMode = MethodMode.BEFORE_METHOD) + public void getCustomClientX509AuthWithHsmFacadeTrustStore() throws EaafException, ClientProtocolException, + IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException { + + final String current = new java.io.File(".").getCanonicalPath(); + System.setProperty("javax.net.ssl.trustStoreType", "jks"); + System.setProperty("javax.net.ssl.trustStore", + current + "/src/test/resources/data/ssL_truststore.jks"); + System.setProperty("javax.net.ssl.trustStorePassword", + "password"); + + final KeyStoreConfiguration sslServerCertConfig = new KeyStoreConfiguration(); + sslServerCertConfig.setKeyStoreType(KeyStoreType.JKS); + sslServerCertConfig.setFriendlyName("SSL host cert"); + sslServerCertConfig.setSoftKeyStoreFilePath("src/test/resources/data/ssl_host.jks"); + sslServerCertConfig.setSoftKeyStorePassword("password"); + + Pair<KeyStore, Provider> sslServerHostKeyStore = + keyStoreFactory.buildNewKeyStore(sslServerCertConfig); + + + final HttpClientConfiguration clientConfig = new HttpClientConfiguration("jUnit-client"); + clientConfig.setAuthMode("ssl"); + clientConfig.buildKeyStoreConfig("hsmfacade", null, null, "authhandler"); + clientConfig.setSslKeyAlias("authhandler-sign"); + clientConfig.setDisableTlsHostCertificateValidation(false); + + final CloseableHttpClient client = httpClientFactory.getHttpClient(clientConfig); + Assert.assertNotNull("httpClient", client); + + //set-up mock-up web-server with SSL client authentication + final Pair<KeyStore, Provider> sslClientKeyStore = + keyStoreFactory.buildNewKeyStore(clientConfig.getKeyStoreConfig()); + final X509Certificate clientRootCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[1]; + final X509Certificate clientEeCert = (X509Certificate) sslClientKeyStore.getFirst() + .getCertificateChain(clientConfig.getSslKeyAlias())[0]; + + Key sslKey = sslServerHostKeyStore.getFirst().getKey("ssl", "password".toCharArray()); + X509Certificate sslCert = (X509Certificate) sslServerHostKeyStore.getFirst().getCertificate("ssl"); + KeyPair keyPair = new KeyPair(sslCert.getPublicKey(), (PrivateKey) sslKey); + HeldCertificate localhostCertificate = new HeldCertificate(keyPair, sslCert); + final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder() + .addTrustedCertificate(clientEeCert) + .addTrustedCertificate(clientRootCert) .heldCertificate(localhostCertificate) .build(); mockWebServer = new MockWebServer(); + mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false); mockWebServer.requireClientAuth(); mockWebServer.enqueue(new MockResponse().setResponseCode(200) @@ -326,4 +690,5 @@ public class HttpClientFactoryTest { Assert.assertEquals("http statusCode", 200, httpResp2.getStatusLine().getStatusCode()); } + } diff --git a/eaaf_core_utils/src/test/resources/data/config1.properties b/eaaf_core_utils/src/test/resources/data/config1.properties new file mode 100644 index 00000000..12209d21 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/config1.properties @@ -0,0 +1,15 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2 + +core.pendingrequestid.maxlifetime=180 +core.pendingrequestid.digist.type=passphrase +core.pendingrequestid.digist.secret=pendingReqIdSecret +core.pendingrequestid.digist.keystore.name= +core.pendingrequestid.digist.key.alias=
\ No newline at end of file diff --git a/eaaf_core_utils/src/test/resources/data/config2.properties b/eaaf_core_utils/src/test/resources/data/config2.properties new file mode 100644 index 00000000..3a1194b4 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/config2.properties @@ -0,0 +1,15 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2 + +core.pendingrequestid.maxlifetime=180 +core.pendingrequestid.digist.type=hsmfacade +core.pendingrequestid.digist.secret=pendingReqIdSecret +core.pendingrequestid.digist.keystore.name=authhandler +core.pendingrequestid.digist.key.alias=aes-key-1
\ No newline at end of file diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt new file mode 100644 index 00000000..aa83c8d9 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_ee-RSA_rootcert.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIICDTCCAbOgAwIBAgIIVLxIFI8kRpkwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MTBaFw0yNTA2MTgwNzM2MTBaMDwxGzAZBgNVBAMMEmludC1yc2Eta2V5LTEtMDAwMTERMA8GA1UECgwIc29mdHdhcmUxCjAIBgNVBAUTATEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrM1ocQqtch95Dm21JHi0V35nlWZibsjLqR+g8ERdD1qFgun/X0I/Rbft+KxB8QsDX7UmIjXGdavNcEjY/XcbiJxUcpv7vn/2+x3JxZO6Iye/ut001okICt3OGIqP93ZEnIaTTNhDsK7OnvD/eUjlmuHiTaFq1dZLKYDQlz9jl/9F4axfrz1V7oo60iqFIW+7tlUeh8VGDUPjQpHghzjHXTJv/OIAt752K31Tn8KR3kvkn6WTPo8eOWVaPQ480Dik0e2afTPPJNZJ7BW111IwqBAOKp586yVsQ4XVEF8H64Cq+s+b4/HBboo9TDJKTJvo2yQmcTsahbH+Rlm20ifUTAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIhANKN/N2Atb5fbeHSB2Myv/JcNf9JonxFe92AOu4f62NNAiBjOEeg4OyJZKPiDl6aqYVtz1Qroo6xzUC9UVA4qNe4LA== +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt new file mode 100644 index 00000000..b4c47c78 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_ee_eecert.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIDEzCCArqgAwIBAgIIMrAOP6EqywMwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MDlaFw0yNTA2MTgwNzM2MDlaMEMxIjAgBgNVBAMMGWludC1hdXRoaGFuZGxlci1zaWduLTAwMDExETAPBgNVBAoMCHNvZnR3YXJlMQowCAYDVQQFEwExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5j2vR8ZV88fOJzFHmLuPizHXk+aiE0fX8Bu63FqCNa2Vy343u2k+4HVQBWpAtyRej8nL7JQuhFa11YRtVF+Vos9cyUDk482sUlYA2LdAFIuHJP6iTRrrHYdiTskc3FQUm9m9KorVFwnfzqJ40wjn9hD0xKCE0odk9IHA5aLTul0mSMcHQ+MMu2cbelK2TWTEC0wcGum2NrTWukhf0E4/e4SuqMgEUPdHSEaNZLGKZU0kyVtXKK0HCtWF8OKGay4V504dk3qnmRHHO8ik3oyPk2yLipQAPL0bUGMZ7tlRLo5VxJvkZSsJfAzvYn1JzcQIt6bXszQGU/JS6dw7Jq99Ckzox/vk8p1YUPd4tCuUJPXzhFhI7CedHKGItwk7mQf5llgeVJy40sVrFwHLDPufY5mlm9C+gVBs71+ibT/sJ96gCueWqduzDX8fHzeaNVj2NFEx2pT46D5cbRWZBow3+Rx+hpge6SDMzaebpbkgLPX+35D952bMLjm+9T0DulGk1tLL2k4YK+1WWUprlo+rm65OA5FxnO5YxNmGk2Uizu3tSoZMxmXwEWoFfYaMsTt5Not3+CLPjfs6pE4ML9ifAOxW+pPsmanDiNaMiL0/aSddvvkv3lSMRiU9nYh3DuOu6sGIMaPdyYF0V/9Fua2SDZV3QKIbzPbJfEsXFKtjtzUCAwEAATAKBggqhkjOPQQDAgNHADBEAiBHsK819KfxVn91KAmjRjb7zx8TLLBApyaZHXi5HVrYUwIgQbF6u6bXziAWdijlJC0IOWdBuTLWmTvFqBH7uX1HL9c= +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt b/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt new file mode 100644 index 00000000..fa7b132f --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/hsm_ee_rootcert.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBPDCB46ADAgECAghZ0/gtbA6FrjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdFQy1Sb290MB4XDTIwMDYxODA3MzU1M1oXDTMwMDYxODA3MzU1M1owEjEQMA4GA1UEAwwHRUMtUm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIjgL+6qiE9oj2yWCkVm6s7AaYkbDhTptYXTW92MhASiTqxL6g8tr28MlRA2P8HPrNSK9payeMe5QW9Kxn+EMPejIzAhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgWgMAoGCCqGSM49BAMCA0gAMEUCIDq2f4xjYD8pzr+mdzuT8wzePRnj/EatjmimGnvNt3FjAiEArezudh6G+wE+ds6S0dnFxG0o/BrbR0fiRNTQwiZA9ec= +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt index 01be3821..204ddccf 100644 --- a/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt +++ b/eaaf_core_utils/src/test/resources/data/hsm_facade_trust_root.crt @@ -1,10 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBdDCCARqgAwIBAgIEXkz1yjAKBggqhkjOPQQDAjARMQ8wDQYDVQQDDAZlY3Jv -b3QwHhcNMjAwMjE5MDg0NjAyWhcNMjEwMjE4MDg0NjAyWjARMQ8wDQYDVQQDDAZl -Y3Jvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8yvpVIWbPj4E7Lr87hwQR -T9DZf9WY5LMV7gF6NKpnJ5JkEql/s7fqBVbrh8aSNo6gmfmSk4VYGhPJ+DCMzzQj -o2AwXjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFOXafzYpIOlu6BgNU+Ee -JWuJobgWMB0GA1UdDgQWBBTl2n82KSDpbugYDVPhHiVriaG4FjALBgNVHQ8EBAMC -AQYwCgYIKoZIzj0EAwIDSAAwRQIgRt/51PKL/bATuLCdib95Ika+h845Jo0G+Sbn -bzNwJAcCIQCVD1cxEBuUkKaiaLbTiNVsEjvQb6ti0TFbbQUH66jCGA== +MIIByzCCAXGgAwIBAgIEYC5cIjAKBggqhkjOPQQDAjA7MRMwEQYDVQQKDApBLVNJ +VCBQbHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwHhcN +MjEwMjE4MTIyMjU4WhcNMzEwMjE4MTIyMjU4WjA7MRMwEQYDVQQKDApBLVNJVCBQ +bHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAARK1UAE+T3xYsoI0VkRcP20jPwTd2MePMkXRsSR +lpqPMQ6dPMlxPmAzWK33DWPFAFMY8+ecF0J8t2D+5RiJSSB+o2MwYTAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT1v6FCAwJIM8kv +JD7gVjdGXqhcYjAdBgNVHQ4EFgQU9b+hQgMCSDPJLyQ+4FY3Rl6oXGIwCgYIKoZI +zj0EAwIDSAAwRQIhAI+5lHyNCQfyj8c0pdBDVWY3fkCOj9ZTJ/hqgW+6TIQBAiBS +jn7uIj7tGm+f0RgXMbhcgtQhYgVwf0x8OnRwmDOwaw== -----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/server_host.crt b/eaaf_core_utils/src/test/resources/data/server_host.crt new file mode 100644 index 00000000..21d3a1e4 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/server_host.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC2TCCAcECBGB5WpEwDQYJKoZIhvcNAQELBQAwMTELMAkGA1UEBhMCQVQxDjAM +BgNVBAsMBWpVbml0MRIwEAYDVQQDDAlsb2NhbGhvc3QwHhcNMjEwNDE2MDkzNjE3 +WhcNMjQwMTEwMDkzNjE3WjAxMQswCQYDVQQGEwJBVDEOMAwGA1UECwwFalVuaXQx +EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAJVYLzPzq7oBGS5Wer0++rHbp+DWI7srAV1lGHdq8ST6APh/7fEVWpdZDpMY +bOXl6uIiVmMsx/jUhQwOu4rFXThiQlwyQOv57SO7WHqNPqbRs/EUVnzW35aXU/DB +CmkqKyjK/+vuq7tIahlpqrppCzBVC9/Z15U+RMTdnATrohALNJovydH3VSkdkKX0 +5BDx779/8malTgyWTUgl+p3F/91iIIl4ZvIngo2ZYQCFm1nV6jmpErGFkG6YVrO7 +oe3OlGKFiXtqCmq+NSFeXsv/SaXWNUw82pYKuK/5EFSLX49HLBBDI14eOCuVLnGA +H/kG3tGteYMBNzSMmC/kcKgRDnUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAAJn2 +a/VbtXGmHe9wmtu8K3noyECfG5fbu9URUjXhCBlXGcdjfz1gzrOHcmaBndk0a566 +R2W0fLvjLpjWChrj7r34EpNYGPMLV2gp3ZkiSGl9kv8mf9iChK6+ga3SlyHJuXXu +gw6eOIAxBrE/vLw+pZtCEV9yPrIydkt19jjejf1wjs5y2G7m5r5pBIh6Wlmmc4f2 +3M6l6Dge78WVdUaU5AeAHjgGgXwULxmLGxi6yiS5HsSeb79oGz9psHbq1EAvwOVY +sLepTbDQvX/VAAG7HOJXhdGM0fRIkM7HFA5+6joTHvAKhuMlFIJ8Y4QIG2QaIBAh +eBBh91x/aB2xOKs+Kg== +-----END CERTIFICATE----- diff --git a/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks b/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks Binary files differnew file mode 100644 index 00000000..4d7bc2f3 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/ssL_truststore.jks diff --git a/eaaf_core_utils/src/test/resources/data/ssl_host.jks b/eaaf_core_utils/src/test/resources/data/ssl_host.jks Binary files differnew file mode 100644 index 00000000..4ca07595 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/data/ssl_host.jks diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml index 210b88be..672efe5d 100644 --- a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_lazy.beans.xml @@ -13,11 +13,20 @@ <bean id="dummyAuthConfigMap" class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap" /> - + <bean id="eaafKeyStoreFactory" class="at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory" /> <bean id="eaafUtilsMessageSource" class="at.gv.egiz.eaaf.core.impl.logging.EaafUtilsMessageSource" /> + <bean class="org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor"> + <property name="corePoolSize" value="5" /> + <property name="maxPoolSize" value="25" /> + <property name="queueCapacity" value="100" /> + </bean> + + <bean class="at.gv.egiz.eaaf.core.test.credentials.EncryptionTask" + scope="prototype"/> + </beans>
\ No newline at end of file diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml index 402e07f9..92dd5928 100644 --- a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy.beans.xml @@ -12,7 +12,14 @@ default-lazy-init="true"> <bean id="dummyAuthConfigMap" - class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap" /> + class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap"> + <constructor-arg value="/data/config1.properties" /> + </bean> + + <bean id="encrytedTokenGenerationStrategy" + class="at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy" /> + + <import resource="classpath:/spring/eaaf_utils.beans.xml"/> diff --git a/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml new file mode 100644 index 00000000..0f235e29 --- /dev/null +++ b/eaaf_core_utils/src/test/resources/spring/test_eaaf_pvp_not_lazy_with_hsm.beans.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" + default-lazy-init="true"> + + <bean id="dummyAuthConfigMap" + class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap"> + <constructor-arg value="/data/config2.properties" /> + </bean> + + <bean id="encrytedTokenGenerationStrategy" + class="at.gv.egiz.eaaf.core.impl.utils.AuthenticatedEncryptionPendingRequestIdGenerationStrategy" /> + + + + <import resource="classpath:/spring/eaaf_utils.beans.xml"/> + +</beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_auth_sl20/pom.xml b/eaaf_modules/eaaf_module_auth_sl20/pom.xml index b87c5c98..c4bb0714 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/pom.xml +++ b/eaaf_modules/eaaf_module_auth_sl20/pom.xml @@ -6,7 +6,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <artifactId>eaaf_module_auth_sl20</artifactId> <name>Generic SL2.0 authentication</name> @@ -32,7 +32,6 @@ <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf-core</artifactId> - <version>${egiz.eaaf.version}</version> </dependency> <dependency> <groupId>org.bitbucket.b_c</groupId> @@ -52,6 +51,39 @@ <artifactId>javax.servlet-api</artifactId> <scope>provided</scope> </dependency> + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>com.google.guava</groupId> + <artifactId>guava</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_core_utils</artifactId> + <scope>test</scope> + <type>test-jar</type> + </dependency> + <dependency> + <groupId>at.asitplus.hsmfacade</groupId> + <artifactId>provider</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate</artifactId> + <scope>test</scope> + </dependency> + </dependencies> <build> @@ -61,32 +93,7 @@ </resource> </resources> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.8.0</version> - <configuration> - <source>${java.version}</source> - <target>${java.version}</target> - </configuration> - </plugin> - - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <version>3.1.1</version> - <configuration> - <archive> - <manifest> - <addClasspath>true</addClasspath> - <addDefaultImplementationEntries>true</addDefaultImplementationEntries> - <addDefaultSpecificationEntries>true</addDefaultSpecificationEntries> - </manifest> - </archive> - </configuration> - </plugin> - + <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-clean-plugin</artifactId> @@ -99,23 +106,20 @@ </filesets> </configuration> </plugin> - - <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> </plugins> </build> + <repositories> + <repository> + <id>MOA_Sig_local</id> + <name>MOA-Sig Dependencies</name> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> + <layout>default</layout> + <url>file://${basedir}/../eaaf_module_moa-sig/repository</url> + </repository> + </repositories> + </project>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java index e9932ae8..d561a0bc 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/AbstractSL20AuthenticationModulImpl.java @@ -29,11 +29,9 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule private int priority = 3; public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4"); - + @Autowired(required = true) protected IConfiguration authConfig; - @Autowired(required = true) - private AbstractAuthenticationManager authManager; @Override public int getPriority() { @@ -51,9 +49,9 @@ public abstract class AbstractSL20AuthenticationModulImpl implements AuthModule @PostConstruct protected void initalSL20Authentication() { - // parameter to whiteList - authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE); - authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE); + // parameter to whiteList + AbstractAuthenticationManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE); + AbstractAuthenticationManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE); } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java index 11fd41fb..74d67d01 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/Constants.java @@ -7,37 +7,41 @@ public class Constants { public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id"; - + //KeyStore configuration - public static final String CONFIG_PROP_SECURITY_KEYSTORE_TYPE = + public static final String CONFIG_PROP_SECURITY_KEYSTORE_TYPE = CONFIG_PROP_PREFIX + ".security.keystore.type"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_NAME = + public static final String CONFIG_PROP_SECURITY_KEYSTORE_NAME = CONFIG_PROP_PREFIX + ".security.keystore.name"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password"; - - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = + + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX + ".security.sign.password"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias"; - public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password"; //TrustStore configuration - public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_TYPE = + public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_TYPE = CONFIG_PROP_PREFIX + ".security.truststore.type"; - public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_NAME = + public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_NAME = CONFIG_PROP_PREFIX + ".security.truststore.name"; - public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_PATH = + public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_PATH = CONFIG_PROP_PREFIX + ".security.truststore.path"; - public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_PASSWORD = + public static final String CONFIG_PROP_SECURITY_TRUSTSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.truststore.password"; - - + + public static final String CONFIG_PROP_SECURITY_SIG_ALG_RSA = + CONFIG_PROP_PREFIX + ".security.sigalg.rsa"; + public static final String CONFIG_PROP_SECURITY_SIG_ALG_ECC = + CONFIG_PROP_PREFIX + ".security.sigalg.ecc"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT = "default"; public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_VDA_ENDPOINT_QUALeID + CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT_ELEMENT; diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/EventCodes.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/EventCodes.java index af155206..62779072 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/EventCodes.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/EventCodes.java @@ -12,5 +12,5 @@ public class EventCodes { public static final int AUTHPROCESS_SL20_ENDPOINT_URL = 4112; public static final int AUTHPROCESS_SL20_DATAURL_IP = 4113; - public static final int AUTHPROCESS_SL20_CONSENT_VALID = 4113; + public static final int AUTHPROCESS_SL20_CONSENT_VALID = 4114; } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20EidDataValidationException.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20EidDataValidationException.java index a14fbe9e..f0d993ca 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20EidDataValidationException.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20EidDataValidationException.java @@ -1,15 +1,26 @@ package at.gv.egiz.eaaf.modules.auth.sl20.exceptions; public class SL20EidDataValidationException extends SL20Exception { - private static final long serialVersionUID = 1L; + + private static final long serialVersionUID = -2604130523926584663L; public SL20EidDataValidationException(final Object[] parameters) { - super("sl20.07", parameters); + this("99", parameters); } - + public SL20EidDataValidationException(final Object[] parameters, final Throwable e) { - super("sl20.07", parameters, e); + this("99", parameters, e); + + } + + public SL20EidDataValidationException(final String subErrorId, final Object[] parameters) { + super("sl20.07." + subErrorId, parameters); + + } + + public SL20EidDataValidationException(final String subErrorId, final Object[] parameters, final Throwable e) { + super("sl20.07." + subErrorId, parameters, e); } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20Exception.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20Exception.java index 12921ad6..08373a2d 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20Exception.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/exceptions/SL20Exception.java @@ -4,7 +4,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException; public class SL20Exception extends EaafAuthenticationException { - private static final long serialVersionUID = 1L; + private static final long serialVersionUID = -6716465236880571576L; public SL20Exception(final String messageId, final Object[] parameters) { super(messageId, parameters); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java index 6c11fa63..9dcfbe75 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractCreateQualEidRequestTask.java @@ -1,25 +1,29 @@ package at.gv.egiz.eaaf.modules.auth.sl20.tasks; import java.io.Serializable; +import java.net.SocketException; +import java.net.SocketTimeoutException; +import java.nio.charset.StandardCharsets; import java.security.cert.CertificateEncodingException; import java.util.ArrayList; import java.util.List; +import java.util.Locale; import java.util.Map; +import java.util.concurrent.TimeUnit; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; -import org.apache.http.HttpResponse; +import org.apache.commons.lang3.time.StopWatch; import org.apache.http.NameValuePair; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URIBuilder; import org.apache.http.message.BasicNameValuePair; import org.jose4j.base64url.Base64Url; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.node.ObjectNode; @@ -33,7 +37,6 @@ import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; -import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; import at.gv.egiz.eaaf.modules.auth.sl20.Constants; import at.gv.egiz.eaaf.modules.auth.sl20.EventCodes; import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; @@ -42,12 +45,16 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants.VdaAuthMethod; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20HttpBindingUtils.Sl20ResponseHolder; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonBuilderUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(AbstractCreateQualEidRequestTask.class); + private static final String FRIENDLYNAME_HTTP_CLIENT = "A-Trust Client"; + @Autowired(required = true) private IHttpClientFactory httpClientFactory; @Autowired(required = true) @@ -60,7 +67,8 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl log.debug("Starting SL2.0 authentication process .... "); revisionsLogger.logEvent(pendingReq, EventCodes.AUTHPROCESS_SL20_SELECTED, "sl20auth"); - + + String vdaQualEidDUrl = null; try { // get service-provider configuration final ISpConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); @@ -72,7 +80,7 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl } // get basic configuration parameters - final String vdaQualEidDUrl = extractVdaUrlForSpecificOa(oaConfig, executionContext); + vdaQualEidDUrl = extractVdaUrlForSpecificOa(oaConfig, executionContext); if (StringUtils.isEmpty(vdaQualEidDUrl)) { log.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); throw new SL20Exception("sl20.03", new Object[] { "NO VDA URL for qualified eID" }); @@ -89,55 +97,48 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl // build request container final String qualEidReqId = Random.nextProcessReferenceValue(); - final ObjectNode sl20Req = SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, null, null, - signedQualEidCommand); + final ObjectNode sl20Req = SL20JsonBuilderUtils.createGenericRequest(qualEidReqId, + pendingReq.getUniqueTransactionIdentifier(), null, signedQualEidCommand); // build http POST request final HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualEidDUrl).build()); final List<NameValuePair> parameters = new ArrayList<>(); parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, - Base64Url.encode(sl20Req.toString().getBytes("UTF-8")))); - - //set specific authentication method if it was selection by process step before - VdaAuthMethod authMethod = getVdaAuthMethodFromContext(executionContext); - if (authMethod != null) { - log.debug("Request VDA with authType: {}", authMethod); - parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM, - authMethod.getAuthMethod())); - } + Base64Url.encode(sl20Req.toString().getBytes(StandardCharsets.UTF_8)))); - //set VDA sessionId if it was available on context - String vdaSessionId = getVdaSessionIdFromContext(executionContext); - if (vdaSessionId != null) { - log.trace("Request VDA with sessionId: {}", vdaSessionId); - parameters.add(new BasicNameValuePair( - SL20Constants.PARAM_SL20_REQ_AUTH_VDA_SESSIONID, - vdaSessionId)); - - } - - - - httpReq.setEntity(new UrlEncodedFormEntity(parameters)); + //inject additional request parameters + injectAdditionalSL20RequestParams(parameters, executionContext, request); - // build http GET request - // URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl); - // sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, - // Base64Url.encode(sl20Req.toString().getBytes())); - // HttpGet httpReq = new HttpGet(sl20ReqUri.build()); + httpReq.setEntity(new UrlEncodedFormEntity(parameters)); // set native client header httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); - log.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes("UTF-8"))); + log.trace("Request VDA via SL20 with: {}", + Base64Url.encode(sl20Req.toString().getBytes(StandardCharsets.UTF_8))); // request VDA - final HttpResponse httpResp = httpClientFactory.getHttpClient(false).execute(httpReq); - - // parse response - log.info("Receive response from VDA ... "); - final JsonNode sl20Resp = SL20JsonExtractorUtils.getSL20ContainerFromResponse(httpResp); - final VerificationResult respPayloadContainer = SL20JsonExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + + final StopWatch watch = StopWatch.createStarted(); + log.info("Requesting {} for authentication ... ", FRIENDLYNAME_HTTP_CLIENT); + final Sl20ResponseHolder httpResp = httpClientFactory.getHttpClient(false).execute( + httpReq, SL20HttpBindingUtils.sl20ResponseHandler()); + + watch.stop(); + log.info("Respone from {} received after: {}[ms] with statusCode: {}", FRIENDLYNAME_HTTP_CLIENT, + watch.getTime(TimeUnit.MILLISECONDS), httpResp.getResponseStatus().getStatusCode()); + + //check on error on http channel + if (httpResp.getError() != null) { + log.info("Basic SL2.0 response processing has an error. HTTP-StatusCode: {} ErrorMsg: {}", + httpResp.getResponseStatus().getStatusCode(), httpResp.getError().getMessage()); + throw httpResp.getError(); + + } + + // parse response + final VerificationResult respPayloadContainer = + SL20JsonExtractorUtils.extractSL20PayLoad(httpResp.getResponseBody(), null, false); if (respPayloadContainer.isValidSigned() == null) { log.debug("Receive unsigned payLoad from VDA"); @@ -158,10 +159,10 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); // create forward SL2.0 command - final ObjectNode sl20Forward = sl20Resp.deepCopy(); + final ObjectNode sl20Forward = httpResp.getResponseBody().deepCopy(); SL20JsonBuilderUtils.addOnlyOnceOfTwo(sl20Forward, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, command.deepCopy(), signedCommand); - + // store pending request pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, qualEidReqId); @@ -201,21 +202,58 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl } catch (final EaafAuthenticationException e) { throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + } catch (final SocketException | SocketTimeoutException e) { + log.error("SL2.0 Authentication has a VDA connector error. Endpoint: {}", + vdaQualEidDUrl, e); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new SL20Exception("sl20.02", new Object[] { e.getMessage()}, e)); + } catch (final Exception e) { log.warn("SL2.0 Authentication FAILED with a generic error.", e); throw new TaskExecutionException(pendingReq, e.getMessage(), e); - } finally { - TransactionIdUtils.removeTransactionId(); - TransactionIdUtils.removeSessionId(); + } + + } + protected void injectAdditionalSL20RequestParams(List<NameValuePair> parameters, + ExecutionContext executionContext, HttpServletRequest request) { + //set specific authentication method if it was selection by process step before + final VdaAuthMethod authMethod = getVdaAuthMethodFromContext(executionContext); + if (authMethod != null) { + log.debug("Request VDA with authType: {}", authMethod); + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_AUTH_METHOD_PARAM, + authMethod.getAuthMethod())); } + //set VDA sessionId if it was available on context + final String vdaSessionId = getVdaSessionIdFromContext(executionContext); + if (vdaSessionId != null) { + log.trace("Request VDA with sessionId: {}", vdaSessionId); + parameters.add(new BasicNameValuePair( + SL20Constants.PARAM_SL20_REQ_AUTH_VDA_SESSIONID, + vdaSessionId)); + + } + + //set i18n language into VDA request + final Locale locale = LocaleContextHolder.getLocale(); + final String language = locale.getLanguage(); + if (StringUtils.isNotEmpty(language)) { + log.trace("Find i18n context). Inject locale: {} into VDA request", locale.getLanguage()); + parameters.add(new BasicNameValuePair( + SL20Constants.PARAM_SL20_REQ_AUTH_VDA_LOCALE, + language.toUpperCase(locale))); + + } else { + log.info("Find i18n context, but Language is UNKNOWN. It will be ignored"); + + } } /** - * Get ExecutionContext parameter-key for VDA AuthMethod information. - * + * Get ExecutionContext parameter-key for VDA AuthMethod information. + * * @return Key to get AuthMethod from {@link ExecutionContext} */ protected abstract String getAuthMethodContextParamKey(); @@ -231,34 +269,34 @@ public abstract class AbstractCreateQualEidRequestTask extends AbstractAuthServl */ protected abstract String buildSignedQualifiedEidCommand() throws CertificateEncodingException, SL20Exception; - + private VdaAuthMethod getVdaAuthMethodFromContext(ExecutionContext executionContext) { - Serializable authMethodRaw = executionContext.get(getAuthMethodContextParamKey()); + final Serializable authMethodRaw = executionContext.get(getAuthMethodContextParamKey()); if (authMethodRaw instanceof String) { log.trace("Find authMethod parameter: {} on context", authMethodRaw); return VdaAuthMethod.fromString((String) authMethodRaw); - + } - + return null; } - + private String getVdaSessionIdFromContext(ExecutionContext executionContext) { - Serializable vdaSessionId = executionContext.get( + final Serializable vdaSessionId = executionContext.get( SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERROR_VDASESSIONID); - if (vdaSessionId instanceof String + if (vdaSessionId instanceof String && StringUtils.isNotEmpty((CharSequence) vdaSessionId)) { executionContext.remove( SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERROR_VDASESSIONID); - + log.trace("Find vdaSessionId parameter: {} on context", vdaSessionId); return (String) vdaSessionId; - + } - + return null; } - + private String extractVdaUrlForSpecificOa(final ISpConfiguration oaConfig, final ExecutionContext executionContext) { // load SP specific config for development and testing purposes diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java index 4786ff39..dfa05a89 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/tasks/AbstractReceiveQualEidTask.java @@ -8,8 +8,6 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; import org.jose4j.base64url.Base64Url; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import com.fasterxml.jackson.core.JsonParseException; @@ -22,7 +20,6 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DataUrlBuilder; import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; -import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; import at.gv.egiz.eaaf.modules.auth.sl20.Constants; import at.gv.egiz.eaaf.modules.auth.sl20.EventCodes; import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; @@ -35,9 +32,10 @@ import at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonMapper; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20Constants; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20JsonExtractorUtils; import at.gv.egiz.eaaf.modules.auth.sl20.utils.SL20ResponseUtils; +import lombok.extern.slf4j.Slf4j; +@Slf4j public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask { - private static final Logger log = LoggerFactory.getLogger(AbstractReceiveQualEidTask.class); @Autowired(required = true) private IJoseTools joseTools; @@ -82,13 +80,14 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask sl20ReqObj = new JsonMapper().getMapper().readTree(Base64Url.decodeToUtf8String(sl20Result)); } catch (final JsonParseException e) { - log.warn("SL2.0 command or result is NOT valid JSON.", e); - log.debug("SL2.0 msg: " + sl20Result); + log.error("SL2.0 command or result is NOT valid JSON. Received msg: {}", sl20Result, e); throw new SL20Exception("sl20.02", new Object[] { "SL2.0 command or result is NOT valid JSON." }, e); } + log.info("Receive response from A-Trust. Starting response-message validation ... "); + // check on errorMessage final VerificationResult payLoadContainerErrorCheck = SL20JsonExtractorUtils.extractSL20PayLoad( sl20ReqObj, @@ -117,7 +116,7 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask log.debug("VDA provides an optional sessionId. Inject it to internal error-holder "); ex.setVdaSessionId(vdaSessionId); - } + } throw ex; } else { @@ -161,7 +160,6 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask } } catch (final EaafAuthenticationException e) { - log.warn("SL2.0 processing error:", e); if (sl20Result != null) { log.debug("Received SL2.0 result: " + sl20Result); } @@ -170,8 +168,8 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); } catch (final Exception e) { - log.warn("ERROR:", e); - log.warn("SL2.0 Authentication FAILED with a generic error.", e); + + if (sl20Result != null) { log.debug("Received SL2.0 result: " + sl20Result); } @@ -212,11 +210,6 @@ public abstract class AbstractReceiveQualEidTask extends AbstractAuthServletTask log.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e); } - - } finally { - TransactionIdUtils.removeTransactionId(); - TransactionIdUtils.removeSessionId(); - } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java new file mode 100644 index 00000000..5b221bbe --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtils.java @@ -0,0 +1,374 @@ +package at.gv.egiz.eaaf.modules.auth.sl20.utils; + +import java.io.IOException; +import java.security.Key; +import java.security.KeyFactory; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.PublicKey; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.security.interfaces.ECPrivateKey; +import java.security.interfaces.ECPublicKey; +import java.security.interfaces.RSAPrivateKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import javax.annotation.Nonnull; + +import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.jose4j.jca.ProviderContext; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.Headers; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; +import org.jose4j.lang.JoseException; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.exception.EaafKeyUsageException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.X509Utils; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +/** + * {@link JoseUtils} provides static methods JWS and JWE processing. + * + * @author tlenz + * + */ +@Slf4j +public class JoseUtils { + + private static final Provider provider = new BouncyCastleProvider(); + + /** + * Create a JWS signature. + * + * <p> + * Use {@link org.jose4j.jws.AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case + * of a RSA based key and + * {@link org.jose4j.jws.AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} + * in case of an ECC based key. + * </p> + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, Collections.emptyMap(), + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + friendlyNameForLogging); + + } + + /** + * Create a JWS signature. + * + * <p> + * Use {@link org.jose4j.jws.AlgorithmIdentifiers.RSA_PSS_USING_SHA256} in case + * of a RSA based key and + * {@link org.jose4j.jws.AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256} + * in case of an ECC based key. + * </p> + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param joseHeaders HeaderName and HeaderValue that should be set + * into JOSE header + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull final Map<String, String> joseHeaders, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + return createSignature(keyStore, keyAlias, keyPassword, payLoad, addFullCertChain, joseHeaders, + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + friendlyNameForLogging); + + } + + /** + * Create a JWS signature. + * + * @param keyStore KeyStore that should be used + * @param keyAlias Alias of the private key + * @param keyPassword Password to access the key + * @param payLoad PayLoad to sign + * @param addFullCertChain If true the full certificate chain will be + * added, otherwise only the + * X509CertSha256Fingerprint is added into JOSE + * header + * @param joseHeaders HeaderName and HeaderValue that should be set + * into JOSE header + * @param rsaAlgToUse Signing algorithm that should be used in case + * of a signing key based on RSA + * @param eccAlgToUse Signing algorithm that should be used in case + * of a signing key based on ECC + * @param friendlyNameForLogging FriendlyName for the used KeyStore for logging + * purposes only + * @return Signed PayLoad in serialized form + * @throws EaafException In case of a key-access or key-usage error + * @throws JoseException In case of a JOSE error + */ + public static String createSignature(@Nonnull Pair<KeyStore, Provider> keyStore, + @Nonnull final String keyAlias, @Nonnull final char[] keyPassword, + @Nonnull final String payLoad, boolean addFullCertChain, + @Nonnull final Map<String, String> joseHeaders, + @Nonnull final String rsaAlgToUse, @Nonnull final String eccAlgToUse, + @Nonnull String friendlyNameForLogging) throws EaafException, JoseException { + + final JsonWebSignature jws = new JsonWebSignature(); + + // set payload + jws.setPayload(payLoad); + + // set JOSE headers + for (final Entry<String, String> el : joseHeaders.entrySet()) { + log.trace("Set JOSE header: {} with value: {} into JWS", el.getKey(), el.getValue()); + jws.setHeader(el.getKey(), el.getValue()); + + } + + // set signing information + final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + keyStore.getFirst(), keyAlias, keyPassword, true, friendlyNameForLogging); + + // set verification key + jws.setKey(convertToBcKeyIfRequired(signingCred.getFirst())); + + jws.setAlgorithmHeaderValue(getKeyOperationAlgorithmFromCredential( + jws.getKey(), rsaAlgToUse, eccAlgToUse, friendlyNameForLogging)); + + // set special provider if required + if (keyStore.getSecond() != null) { + log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider(keyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jws.setProviderContext(providerCtx); + + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jws.setProviderContext(providerCtx); + + } + + if (addFullCertChain) { + jws.setCertificateChainHeaderValue(signingCred.getSecond()); + + } + + jws.setX509CertSha256ThumbprintHeaderValue(signingCred.getSecond()[0]); + + return jws.getCompactSerialization(); + + } + + /** + * Verify a JOSE signature. + * + * @param serializedContent Serialized content that should be verified + * @param trustedCerts Trusted certificates that should be used for + * verification + * @param constraints {@link AlgorithmConstraints} for verification + * @return {@link JwsResult} object + * @throws JoseException In case of a signature verification error + * @throws IOException In case of a general error + */ + public static JwsResult validateSignature(@Nonnull final String serializedContent, + @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) + throws JoseException, IOException { + final JsonWebSignature jws = new JsonWebSignature(); + // set payload + jws.setCompactSerialization(serializedContent); + + // set security constrains + jws.setAlgorithmConstraints(constraints); + + // load signinc certs + Key selectedKey = null; + final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); + final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + log.debug("Found x509 certificate in JOSE header ... "); + log.trace("Sorting received X509 certificates ... "); + final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { + selectedKey = sortedX5cCerts.get(0).getPublicKey(); + + } else { + log.info("Can NOT find JOSE certificate in truststore."); + if (log.isDebugEnabled()) { + try { + log.debug("Cert: {}", Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded())); + + } catch (final CertificateEncodingException e) { + log.warn("Can not create DEBUG output", e); + + } + } + } + + } else if (StringUtils.isNotEmpty(x5t256)) { + log.debug("Found x5t256 fingerprint in JOSE header .... "); + final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver( + trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + + } else { + throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); + + } + + if (selectedKey == null) { + throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); + + } + + //set BouncyCastleProvider as default provider + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jws.setProviderContext(providerCtx); + + // set verification key + jws.setKey(convertToBcKeyIfRequired(selectedKey)); + + // load payLoad + return new JwsResult( + jws.verifySignature(), + jws.getUnverifiedPayload(), + jws.getHeaders(), + x5cCerts); + + } + + + /** + * Convert an ECC public-key into BouncyCastle implementation. + * + * <p> IAIK JCE / Eccelerate ECC Keys are not compatible to JWS impl.</p> + * @param input Key + * @return input Key, or BC ECC-Key in case of a ECC Key + */ + public static Key convertToBcKeyIfRequired(Key input) { + try { + if (input instanceof ECPublicKey + && "iaik.security.ec.common.ECPublicKey".equals(input.getClass().getName())) { + + //convert Key to BouncyCastle KeyImplemenation because there is an + //incompatibility with IAIK EC Keys and JWS signature-verfification implementation + PublicKey publicKey = KeyFactory.getInstance( + input.getAlgorithm(), provider).generatePublic( + new X509EncodedKeySpec(input.getEncoded())); + return publicKey; + + } else if (input instanceof ECPrivateKey + && "iaik.security.ec.common.ECPrivateKey".equals(input.getClass().getName())) { + //convert Key to BouncyCastle KeyImplemenation because there is an + //incompatibility with IAIK EC Keys and JWS signature-creation implementation + Key privateKey = KeyFactory.getInstance( + input.getAlgorithm(), provider).generatePrivate( + new PKCS8EncodedKeySpec(input.getEncoded())); + + return privateKey; + + } + + } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { + log.warn("Can NOT convert {} to {}. The verification may FAIL.", + input.getClass().getName(), PublicKey.class.getName(), e); + + } + + return input; + + } + + /** + * Select signature algorithm for a given credential. + * + * @param key {@link X509Credential} that will be used for + * key operations + * @param rsaSigAlgorithm RSA based algorithm that should be used in case + * of RSA credential + * @param ecSigAlgorithm EC based algorithm that should be used in case + * of RSA credential + * @param friendlyNameForLogging KeyStore friendlyName for logging purposes + * @return either the RSA based algorithm or the EC based algorithm + * @throws EaafKeyUsageException In case of an unsupported private-key type + */ + private static String getKeyOperationAlgorithmFromCredential(Key key, + String rsaSigAlgorithm, String ecSigAlgorithm, String friendlyNameForLogging) + throws EaafKeyUsageException { + if (key instanceof RSAPrivateKey) { + return rsaSigAlgorithm; + + } else if (key instanceof ECPrivateKey) { + return ecSigAlgorithm; + + } else { + log.warn("Could NOT select the cryptographic algorithm from Private-Key type"); + throw new EaafKeyUsageException(EaafKeyUsageException.ERROR_CODE_01, + friendlyNameForLogging, + "Can not select cryptographic algorithm"); + + } + + } + + private JoseUtils() { + + } + + @Getter + @AllArgsConstructor + public static class JwsResult { + final boolean valid; + final String payLoad; + final Headers fullJoseHeader; + final List<X509Certificate> x5cCerts; + + } +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java index 43c44647..58e3e41c 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtils.java @@ -14,15 +14,14 @@ import javax.annotation.Nonnull; import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.jose4j.jca.ProviderContext; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jws.AlgorithmIdentifiers; -import org.jose4j.jws.JsonWebSignature; -import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.jwx.HeaderParameterNames; import org.jose4j.keys.X509Util; -import org.jose4j.keys.resolvers.X509VerificationKeyResolver; import org.jose4j.lang.JoseException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -37,6 +36,7 @@ import com.fasterxml.jackson.databind.JsonNode; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exception.EaafKeyAccessException; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; @@ -49,6 +49,7 @@ import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20SecurityException; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoBuildException; import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; +import at.gv.egiz.eaaf.modules.auth.sl20.utils.JoseUtils.JwsResult; @Service public class JsonSecurityUtils implements IJoseTools { @@ -125,40 +126,16 @@ public class JsonSecurityUtils implements IJoseTools { @Override public String createSignature(final String payLoad, boolean addFullCertChain) throws SlCommandoBuildException { try { - final JsonWebSignature jws = new JsonWebSignature(); - - // set payload - jws.setPayload(payLoad); - - // set basic header - jws.setContentTypeHeaderValue(SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND); - - // set signing information - jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); - final Pair<Key, X509Certificate[]> signingCred = EaafKeyStoreUtils.getPrivateKeyAndCertificates( - keyStore.getFirst(), getSigningKeyAlias(), getSigningKeyPassword(), true, FRIENDLYNAME_KEYSTORE); - jws.setKey(signingCred.getFirst()); - - // set special provider if required - if (keyStore.getSecond() != null) { - log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); - final ProviderContext providerCtx = new ProviderContext(); - providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( - keyStore.getSecond().getName()); - jws.setProviderContext(providerCtx); - - } - - if (addFullCertChain) { - jws.setCertificateChainHeaderValue(signingCred.getSecond()); - - } - - jws.setX509CertSha256ThumbprintHeaderValue(signingCred.getSecond()[0]); - - return jws.getCompactSerialization(); + return JoseUtils.createSignature(keyStore, getSigningKeyAlias(), getSigningKeyPassword(), + payLoad, addFullCertChain, + Collections.singletonMap( + HeaderParameterNames.CONTENT_TYPE, + SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND), + getRsaSigningAlgorithm(), + getEccSigningAlgorithm(), + FRIENDLYNAME_KEYSTORE); - } catch (final JoseException | EaafKeyAccessException e) { + } catch (final JoseException | EaafException e) { log.warn("Can NOT sign SL2.0 command.", e); throw new SlCommandoBuildException("Can NOT sign SL2.0 command.", e); @@ -179,61 +156,12 @@ public class JsonSecurityUtils implements IJoseTools { public VerificationResult validateSignature(@Nonnull final String serializedContent, @Nonnull final List<X509Certificate> trustedCerts, @Nonnull final AlgorithmConstraints constraints) throws JoseException, IOException { - final JsonWebSignature jws = new JsonWebSignature(); - // set payload - jws.setCompactSerialization(serializedContent); - - // set security constrains - jws.setAlgorithmConstraints(constraints); - - // load signinc certs - Key selectedKey = null; - final List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); - final String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); - if (x5cCerts != null) { - log.debug("Found x509 certificate in JOSE header ... "); - log.trace("Sorting received X509 certificates ... "); - final List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); - - if (trustedCerts.contains(sortedX5cCerts.get(0))) { - selectedKey = sortedX5cCerts.get(0).getPublicKey(); - - } else { - log.info("Can NOT find JOSE certificate in truststore."); - try { - log.debug("Cert: " + Base64Utils.encodeToString(sortedX5cCerts.get(0).getEncoded())); - - } catch (final CertificateEncodingException e) { - e.printStackTrace(); - } - - } - - } else if (StringUtils.isNotEmpty(x5t256)) { - log.debug("Found x5t256 fingerprint in JOSE header .... "); - final X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver( - trustedCerts); - selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); - - } else { - throw new JoseException("JWS contains NO signature certificate or NO certificate fingerprint"); - - } - - if (selectedKey == null) { - throw new JoseException("Can NOT select verification key for JWS. Signature verification FAILED"); - - } - - // set verification key - jws.setKey(selectedKey); - - // load payLoad + final JwsResult result = JoseUtils.validateSignature(serializedContent, trustedCerts, constraints); return new VerificationResult( - mapper.getMapper().readTree(jws.getHeaders().getFullHeaderAsJsonString()), - mapper.getMapper().readTree(jws.getPayload()), - x5cCerts, jws.verifySignature()); + mapper.getMapper().readTree(result.getFullJoseHeader().getFullHeaderAsJsonString()), + mapper.getMapper().readTree(result.getPayLoad()), + result.getX5cCerts(), result.isValid()); } @@ -241,7 +169,7 @@ public class JsonSecurityUtils implements IJoseTools { @Nonnull public VerificationResult validateSignature(@Nonnull final String serializedContent) throws SL20Exception { try { - final AlgorithmConstraints algConstraints = new AlgorithmConstraints(ConstraintType.WHITELIST, + final AlgorithmConstraints algConstraints = new AlgorithmConstraints(ConstraintType.PERMIT, SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])); @@ -251,7 +179,7 @@ public class JsonSecurityUtils implements IJoseTools { if (!result.isValidSigned()) { log.info("JWS signature invalide. Stopping authentication process ..."); - log.debug("Received JWS msg: " + serializedContent); + log.debug("Received JWS msg: {}", serializedContent); throw new SL20SecurityException("JWS signature invalide."); } @@ -278,11 +206,11 @@ public class JsonSecurityUtils implements IJoseTools { // set security constrains receiverJwe.setAlgorithmConstraints( - new AlgorithmConstraints(ConstraintType.WHITELIST, + new AlgorithmConstraints(ConstraintType.PERMIT, SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); receiverJwe.setContentEncryptionAlgorithmConstraints( - new AlgorithmConstraints(ConstraintType.WHITELIST, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION + new AlgorithmConstraints(ConstraintType.PERMIT, SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); // set payload @@ -292,6 +220,21 @@ public class JsonSecurityUtils implements IJoseTools { keyStore.getFirst(), getEncryptionKeyAlias(), getEncryptionKeyPassword(), true, FRIENDLYNAME_KEYSTORE); + // set special provider if required + if (keyStore.getSecond() != null) { + log.trace("Injecting special Java Security Provider: {}", keyStore.getSecond().getName()); + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(keyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + receiverJwe.setProviderContext(providerCtx); + + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + receiverJwe.setProviderContext(providerCtx); + + } + // validate key from header against key from config final List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); final String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); @@ -318,7 +261,7 @@ public class JsonSecurityUtils implements IJoseTools { final String certFingerPrint = X509Util.x5tS256(encryptionCred.getSecond()[0]); if (!certFingerPrint.equals(x5t256)) { log.info("X5t256 from JOSE header does NOT match encryption certificate"); - log.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); + log.debug("X5t256 from JOSE header: {} Encrytption cert: {}", x5t256, certFingerPrint); throw new SL20Exception("sl20.05", new Object[] { "X5t256 from JOSE header does NOT match encryption certificate" }); @@ -332,7 +275,7 @@ public class JsonSecurityUtils implements IJoseTools { } // set key - receiverJwe.setKey(encryptionCred.getFirst()); + receiverJwe.setKey(JoseUtils.convertToBcKeyIfRequired(encryptionCred.getFirst())); // decrypt payload return mapper.getMapper().readTree(receiverJwe.getPlaintextString()); @@ -377,8 +320,7 @@ public class JsonSecurityUtils implements IJoseTools { config.setFriendlyName(FRIENDLYNAME_KEYSTORE); config.setKeyStoreType(authConfig.getBasicConfiguration( - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_TYPE), - KeyStoreType.JKS.getKeyStoreType())); + Constants.CONFIG_PROP_SECURITY_KEYSTORE_TYPE, KeyStoreType.JKS.getKeyStoreType())); config.setKeyStoreName( authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_NAME)); config.setSoftKeyStoreFilePath( @@ -398,8 +340,7 @@ public class JsonSecurityUtils implements IJoseTools { config.setFriendlyName(FRIENDLYNAME_TRUSTSTORE); config.setKeyStoreType(authConfig.getBasicConfiguration( - authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_TYPE), - KeyStoreType.JKS.getKeyStoreType())); + Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_TYPE, KeyStoreType.JKS.getKeyStoreType())); config.setKeyStoreName( authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_TRUSTSTORE_NAME)); config.setSoftKeyStoreFilePath( @@ -452,4 +393,26 @@ public class JsonSecurityUtils implements IJoseTools { return null; } + private String getRsaSigningAlgorithm() { + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_SIG_ALG_RSA, + AlgorithmIdentifiers.RSA_PSS_USING_SHA256); + if (value != null) { + value = value.trim(); + } + + return value; + + } + + private String getEccSigningAlgorithm() { + String value = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_SIG_ALG_ECC, + AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256); + if (value != null) { + value = value.trim(); + } + + return value; + + } + } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java index edf70cc8..c95bcc45 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20Constants.java @@ -13,14 +13,15 @@ import org.jose4j.jws.AlgorithmIdentifiers; public class SL20Constants { public static final int CURRENT_SL20_VERSION = 10; - + // http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; public static final String PARAM_SL20_REQ_AUTH_METHOD_PARAM = "authtype"; public static final String PARAM_SL20_REQ_AUTH_VDA_SESSIONID = "session"; - + public static final String PARAM_SL20_REQ_AUTH_VDA_LOCALE = "locale"; + public enum VdaAuthMethod { ANY("any"), MOBILEPHONE("handy"), CARD("card"), SMARTPHONE("smartphone"); @@ -51,7 +52,7 @@ public class SL20Constants { } catch (IllegalArgumentException | NullPointerException e) { return VdaAuthMethod.ANY; - + } } @@ -59,9 +60,9 @@ public class SL20Constants { public String toString() { return getAuthMethod(); - } + } } - + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; @@ -97,7 +98,11 @@ public class SL20Constants { KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Collections - .unmodifiableList(Arrays.asList(JSON_ALGORITHM_ENC_KEY_RSAOAEP, JSON_ALGORITHM_ENC_KEY_RSAOAEP256)); + .unmodifiableList(Arrays.asList( + JSON_ALGORITHM_ENC_KEY_RSAOAEP, + JSON_ALGORITHM_ENC_KEY_RSAOAEP256, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A128KW, + KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW)); public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; @@ -177,7 +182,7 @@ public class SL20Constants { // error command public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE = "errorCode"; public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE = "errorMessage"; - public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERROR_VDASESSIONID + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERROR_VDASESSIONID = "handySignaturSession"; // qualified eID command diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java index 1d7c9646..2b6ddb96 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20HttpBindingUtils.java @@ -3,23 +3,133 @@ package at.gv.egiz.eaaf.modules.auth.sl20.utils; import java.io.IOException; import java.io.StringWriter; import java.net.URISyntaxException; +import java.text.MessageFormat; import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.http.Header; +import org.apache.http.HttpEntity; +import org.apache.http.ParseException; +import org.apache.http.StatusLine; +import org.apache.http.client.ResponseHandler; import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; +import org.apache.http.util.EntityUtils; import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import com.fasterxml.jackson.databind.JsonNode; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SlCommandoParserException; +import lombok.Data; +import lombok.Getter; + public class SL20HttpBindingUtils { private static final Logger log = LoggerFactory.getLogger(SL20HttpBindingUtils.class); + private static JsonMapper mapper = new JsonMapper(); + + @Data + @Getter + public static class Sl20ResponseHolder { + private final JsonNode responseBody; + private final StatusLine responseStatus; + private SlCommandoParserException error; + + } + + /** + * Security-Layer 2.0 specific response-handler for Apache HTTP client. + * + * @return {@link Sl20ResponseHolder} + */ + public static ResponseHandler<Sl20ResponseHolder> sl20ResponseHandler() { + return response -> { + try { + final int httpStatusCode = response.getStatusLine().getStatusCode(); + if (httpStatusCode == HttpStatus.OK.value()) { + if (response.getEntity().getContentType() == null) { + throw new SlCommandoParserException("SL20 response contains NO ContentType"); + + } + + final ContentType contentType = ContentType.getOrDefault(response.getEntity()); + if (!ContentType.APPLICATION_JSON.getMimeType().equals(contentType.getMimeType())) { + log.error("SL20 response with statuscode: {} has wrong http ContentType: {}", + response.getStatusLine(), contentType); + throw new SlCommandoParserException( + "SL20 response with a wrong http ContentType: " + contentType); + + } + + //parse OK response from body + return new Sl20ResponseHolder(parseSL20ResultFromResponse(response.getEntity()), + response.getStatusLine()); + + } else if (httpStatusCode == HttpStatus.SEE_OTHER.value() + || httpStatusCode == HttpStatus.TEMPORARY_REDIRECT.value()) { + final Header[] locationHeader = response.getHeaders("Location"); + if (locationHeader == null) { + throw new SlCommandoParserException("Find Redirect statuscode but not Location header"); + + } + + final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + return new Sl20ResponseHolder(mapper.getMapper().readTree(Base64Url.decode(sl20RespString)), + response.getStatusLine()); + + } else if ( + httpStatusCode == HttpStatus.INTERNAL_SERVER_ERROR.value() + || httpStatusCode == HttpStatus.UNAUTHORIZED.value() + || httpStatusCode == HttpStatus.BAD_REQUEST.value()) { + log.info("SL20 response with http-code: {}. Search for error message", httpStatusCode); + + String bodyMsg = "_EMPTY_"; + try { + //extract JSON body from defined http error-codes + bodyMsg = EntityUtils.toString(response.getEntity()); + log.info("SL20 response with http-code: {0} and errorMsg: {1}", httpStatusCode, bodyMsg); + Sl20ResponseHolder holder = new Sl20ResponseHolder( + mapper.getMapper().readTree(bodyMsg), response.getStatusLine()); + return holder; + + } catch (final IOException | ParseException e) { + log.warn("SL20 response contains no )valid JSON", e); + throw new SlCommandoParserException(MessageFormat.format( + "SL20 response with http-code: {0} with body: {1} and generic response-processing error: {2}", + httpStatusCode, bodyMsg, e.getMessage())); + + } + + } else { + //all other HTTP StatusCodes + throw new SlCommandoParserException(MessageFormat.format( + "SL20 response with http-code: {0} and errorMsg: {1}", + httpStatusCode, EntityUtils.toString(response.getEntity()))); + + } + + } catch (SlCommandoParserException e) { + Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine()); + holder.setError(e); + return holder; + + } catch (final Exception e) { + Sl20ResponseHolder holder = new Sl20ResponseHolder(null, response.getStatusLine()); + holder.setError( + new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e)); + return holder; + + } + }; + } + /** * Write SL2.0 response into http-response object * @@ -59,6 +169,34 @@ public class SL20HttpBindingUtils { httpResp.setHeader("Location", clientRedirectUri.build().toString()); } + } + + private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + final String rawSL20Resp = EntityUtils.toString(resp); + try { + final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp); + if (sl20Resp != null) { + return sl20Resp; + + } else { + log.error("SL2.0 can NOT parse to a JSON object from msg: {}", rawSL20Resp); + throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); + } + + } catch (SlCommandoParserException e) { + throw e; + + } catch (Exception e) { + log.error("SL2.0 can NOT parse to a JSON object from msg: {}", rawSL20Resp); + throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); + + } + + } else { + throw new SlCommandoParserException("Can NOT find any content in http response"); + + } } } diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java index 40ea0430..bed25c0c 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20JsonExtractorUtils.java @@ -8,12 +8,6 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; -import org.apache.http.Header; -import org.apache.http.HttpEntity; -import org.apache.http.HttpResponse; -import org.apache.http.client.utils.URIBuilder; -import org.apache.http.util.EntityUtils; -import org.jose4j.base64url.Base64Url; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -299,84 +293,6 @@ public class SL20JsonExtractorUtils { } - /** - * Extract generic transport container from httpResponse. - * - * @param httpResp Http response object - * @return JSON with SL2.0 response - * @throws SlCommandoParserException In case of an error - */ - public static JsonNode getSL20ContainerFromResponse(final HttpResponse httpResp) throws SlCommandoParserException { - try { - JsonNode sl20Resp = null; - if (httpResp.getStatusLine().getStatusCode() == 303 || httpResp.getStatusLine().getStatusCode() == 307) { - final Header[] locationHeader = httpResp.getHeaders("Location"); - if (locationHeader == null) { - throw new SlCommandoParserException("Find Redirect statuscode but not Location header"); - } - - final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); - sl20Resp = mapper.getMapper().readTree(Base64Url.decode(sl20RespString)); - - } else if (httpResp.getStatusLine().getStatusCode() == 200) { - if (httpResp.getEntity().getContentType() == null) { - throw new SlCommandoParserException("SL20 response contains NO ContentType"); - } - - if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) { - throw new SlCommandoParserException( - "SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); - } - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - } else if (httpResp.getStatusLine().getStatusCode() == 500 || httpResp.getStatusLine().getStatusCode() == 401 - || httpResp.getStatusLine().getStatusCode() == 400) { - log.info( - "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + ". Search for error message"); - - try { - sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); - - } catch (final Exception e) { - log.warn("SL20 response contains no valid JSON", e); - throw new SlCommandoParserException("SL20 response with http-code: " - + httpResp.getStatusLine().getStatusCode() + " AND NO valid JSON errormsg", e); - - } - - } else { - throw new SlCommandoParserException( - "SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); - } - - log.info("Find JSON object in http response"); - return sl20Resp; - - } catch (final Exception e) { - throw new SlCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); - - } - } - - private static JsonNode parseSL20ResultFromResponse(final HttpEntity resp) throws Exception { - if (resp != null && resp.getContent() != null) { - final String rawSL20Resp = EntityUtils.toString(resp); - final JsonNode sl20Resp = mapper.getMapper().readTree(rawSL20Resp); - - // TODO: check sl20Resp type like && sl20Resp.isJsonObject() - if (sl20Resp != null) { - return sl20Resp; - - } else { - throw new SlCommandoParserException("SL2.0 can NOT parse to a JSON object"); - } - - } else { - throw new SlCommandoParserException("Can NOT find content in http response"); - } - - } - private static JsonNode getAndCheck(final JsonNode input, final String keyID, final boolean isRequired) throws SlCommandoParserException { final JsonNode internal = input.get(keyID); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java index 4bb91634..c3826087 100644 --- a/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java +++ b/eaaf_modules/eaaf_module_auth_sl20/src/main/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/SL20ResponseUtils.java @@ -11,17 +11,17 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.modules.auth.sl20.Constants; -import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; - import org.apache.commons.lang3.StringUtils; import org.apache.http.client.utils.URIBuilder; import org.apache.http.entity.ContentType; import com.fasterxml.jackson.databind.node.ObjectNode; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.modules.auth.sl20.Constants; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; import lombok.extern.slf4j.Slf4j; @Slf4j @@ -134,7 +134,7 @@ public class SL20ResponseUtils { } else { log.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); - log.debug("Client request containts is no native client ... "); + log.debug("Client request is no a native client. SL2.0 anwser will be a http redirect ... "); final URIBuilder clientRedirectUri = new URIBuilder(fullRedirectUrl); response.setStatus(Integer.parseInt(authConfig.getBasicConfiguration(Constants.CONFIG_PROP_HTTP_REDIRECT_CODE, Constants.CONFIG_PROP_HTTP_REDIRECT_CODE_DEFAULT_VALUE))); diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java new file mode 100644 index 00000000..ae4284d5 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/AbstractJsonSecurityUtilsTest.java @@ -0,0 +1,394 @@ +package at.gv.egiz.eaaf.modules.auth.sl20.utils; + +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; + +import org.apache.commons.lang3.RandomStringUtils; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.jose4j.base64url.Base64Url; +import org.jose4j.jca.ProviderContext; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.fasterxml.jackson.databind.JsonNode; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap; +import at.gv.egiz.eaaf.modules.auth.sl20.data.VerificationResult; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml") +public abstract class AbstractJsonSecurityUtilsTest { + + @Autowired protected DummyAuthConfigMap config; + @Autowired protected IJoseTools joseTools; + @Autowired protected EaafKeyStoreFactory keyStoreFactory; + + /** + *jUnit test class initializer. + */ + @BeforeClass + public static void classInitializer() { + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + + Security.addProvider(new BouncyCastleProvider()); + } + + /** + * jUnit test class cleaner. + */ + @AfterClass + public static final void classFinisher() { + Security.removeProvider(IAIK.getInstance().getName()); + Security.removeProvider(ECCelerate.getInstance().getName()); + + } + + protected abstract void setRsaSigningKey(); + + protected abstract void setEcSigningKey(); + + protected abstract void setRsaEncryptionKey(); + + protected abstract void setEcEncryptionKey(); + + protected abstract Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException; + + protected abstract String getRsaKeyAlias(); + + protected abstract String getRsaKeyPassword(); + + protected abstract String getEcKeyAlias(); + + protected abstract String getEcKeyPassword(); + + + @Test + public void fullEncryptDecrypt() throws JoseException, EaafException { + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + + final JsonWebEncryption jwe = new JsonWebEncryption(); + jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW); + jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); + jwe.setKey(JoseUtils.convertToBcKeyIfRequired(joseTools.getEncryptionCertificate().getPublicKey())); + jwe.setX509CertSha256ThumbprintHeaderValue(joseTools.getEncryptionCertificate()); + jwe.setPayload(payLoad); + + // set special provider if required + final Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore(); + if (rsaEncKeyStore.getSecond() != null) { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( + rsaEncKeyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jwe.setProviderContext(providerCtx); + + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jwe.setProviderContext(providerCtx); + + } + + final String encData = jwe.getCompactSerialization(); + Assert.assertNotNull("JWE Encryption", encData); + + + final JsonNode decData = joseTools.decryptPayload(encData); + Assert.assertNotNull("JWE Decryption", decData); + + } + + @Test + public void encryptionRsa() throws JoseException, EaafException { + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + final Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore(); + final Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + rsaEncKeyStore.getFirst(), getRsaKeyAlias(), getRsaKeyPassword().toCharArray(), + true, "jUnit RSA JWE"); + + final JsonWebEncryption jwe = new JsonWebEncryption(); + jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.RSA_OAEP_256); + jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); + jwe.setKey(key.getSecond()[0].getPublicKey()); + jwe.setPayload(payLoad); + + // set special provider if required + if (rsaEncKeyStore.getSecond() != null) { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setSignatureProvider( + rsaEncKeyStore.getSecond().getName()); + jwe.setProviderContext(providerCtx); + + } + + final String encData = jwe.getCompactSerialization(); + Assert.assertNotNull("JWE", encData); + + + //decrypt it again + final JsonWebEncryption jweDecrypt = new JsonWebEncryption(); + jweDecrypt.setCompactSerialization(encData); + jweDecrypt.setKey(JoseUtils.convertToBcKeyIfRequired(key.getFirst())); + + + // set special provider if required + if (rsaEncKeyStore.getSecond() != null) { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(rsaEncKeyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jweDecrypt.setProviderContext(providerCtx); + + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jweDecrypt.setProviderContext(providerCtx); + + } + + String decPayload = jweDecrypt.getPayload(); + Assert.assertNotNull("decrypted Payload", decPayload); + Assert.assertEquals("Decrypted message not match", payLoad, decPayload); + + } + + @Test + public void encryptionEc() throws JoseException, EaafException { + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + final Pair<KeyStore, Provider> rsaEncKeyStore = getEncryptionKeyStore(); + final Pair<Key, X509Certificate[]> key = EaafKeyStoreUtils.getPrivateKeyAndCertificates( + rsaEncKeyStore.getFirst(), getEcKeyAlias(), getEcKeyPassword().toCharArray(), + true, "jUnit RSA JWE"); + + final JsonWebEncryption jwe = new JsonWebEncryption(); + jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.ECDH_ES_A256KW); + jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_128_GCM); + jwe.setKey(JoseUtils.convertToBcKeyIfRequired(key.getSecond()[0].getPublicKey())); + jwe.setPayload(payLoad); + + // set special provider if required + if (rsaEncKeyStore.getSecond() != null) { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(rsaEncKeyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jwe.setProviderContext(providerCtx); + + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jwe.setProviderContext(providerCtx); + + } + + final String encData = jwe.getCompactSerialization(); + + Assert.assertNotNull("JWE", encData); + + + //decrypt it again + final JsonWebEncryption jweDecrypt = new JsonWebEncryption(); + jweDecrypt.setCompactSerialization(encData); + jweDecrypt.setKey(JoseUtils.convertToBcKeyIfRequired(key.getFirst())); + + + // set special provider if required + if (rsaEncKeyStore.getSecond() != null) { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getSuppliedKeyProviderContext().setGeneralProvider(rsaEncKeyStore.getSecond().getName()); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jweDecrypt.setProviderContext(providerCtx); + + } else { + final ProviderContext providerCtx = new ProviderContext(); + providerCtx.getGeneralProviderContext().setGeneralProvider(BouncyCastleProvider.PROVIDER_NAME); + jweDecrypt.setProviderContext(providerCtx); + + } + + String decPayload = jweDecrypt.getPayload(); + Assert.assertNotNull("decrypted Payload", decPayload); + Assert.assertEquals("Decrypted message not match", payLoad, decPayload); + + } + + + @Test + public void noTrustedCert() throws CertificateEncodingException, KeyStoreException, + JoseException, IOException, EaafException { + setRsaSigningKey(); + setRsaEncryptionKey(); + + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + + final String jws = joseTools.createSignature(payLoad); + Assert.assertNotNull("Signed msg", jws); + + try { + joseTools.validateSignature( + jws, + keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigOnlyEc()).getFirst(), + getDefaultAlgorithmConstrains()); + Assert.fail("Wrong JOSE Sig not detected"); + + } catch (final JoseException e) { + Assert.assertEquals("Wrong errorCode", + "Can NOT select verification key for JWS. Signature verification FAILED", + e.getMessage()); + + } + } + + @Test + public void invalidSignature() throws CertificateEncodingException, KeyStoreException, + JoseException, IOException, EaafException { + setRsaSigningKey(); + setRsaEncryptionKey(); + + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + + final String jws = joseTools.createSignature(payLoad); + Assert.assertNotNull("Signed msg", jws); + + final String invalidJws = jws.substring(0, jws.indexOf(".")) + + "." + + Base64Url.encodeUtf8ByteRepresentation("{\"aac\":\"" + RandomStringUtils.randomAlphabetic(25) + "\"}") + + "." + + jws.substring(jws.lastIndexOf(".") + 1); + + + final VerificationResult result = joseTools.validateSignature( + invalidJws, + keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(), + getDefaultAlgorithmConstrains()); + + Assert.assertFalse("wrong sig. verification state", result.isValidSigned()); + + } + + @Test + public void validSigningRsa() throws CertificateEncodingException, KeyStoreException, + JoseException, IOException, EaafException { + setRsaSigningKey(); + setRsaEncryptionKey(); + + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + + final String jws = joseTools.createSignature(payLoad); + Assert.assertNotNull("Signed msg", jws); + + final VerificationResult verify = joseTools.validateSignature( + jws, + keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(), + getDefaultAlgorithmConstrains()); + Assert.assertTrue("wrong verify state", verify.isValidSigned()); + Assert.assertNotNull("JWS Header", verify.getJoseHeader()); + Assert.assertNotNull("JWS Payload", verify.getPayload()); + Assert.assertNotNull("CertChain", verify.getCertChain()); + + + } + + @Test + public void validSigningRsaPss() throws CertificateEncodingException, KeyStoreException, + JoseException, IOException, EaafException { + + // + config.putConfigValue("modules.sl20.security.sigalg.rsa", "PS256"); + + setRsaSigningKey(); + setRsaEncryptionKey(); + + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + + final String jws = joseTools.createSignature(payLoad); + Assert.assertNotNull("Signed msg", jws); + + final VerificationResult verify = joseTools.validateSignature( + jws, + keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(), + getDefaultAlgorithmConstrains()); + Assert.assertTrue("wrong verify state", verify.isValidSigned()); + Assert.assertNotNull("JWS Header", verify.getJoseHeader()); + Assert.assertNotNull("JWS Payload", verify.getPayload()); + Assert.assertNotNull("CertChain", verify.getCertChain()); + + + } + + @Test + public void validSigningEc() throws CertificateEncodingException, KeyStoreException, + JoseException, IOException, EaafException { + setEcSigningKey(); + setEcEncryptionKey(); + + final String payLoad = "{\"aac\":\"" + RandomStringUtils.randomAlphanumeric(100) + "\"}"; + + final String jws = joseTools.createSignature(payLoad); + Assert.assertNotNull("Signed msg", jws); + + final VerificationResult verify = joseTools.validateSignature( + jws, + keyStoreFactory.buildNewKeyStore(getSigTrustStoreConfigValid()).getFirst(), + getDefaultAlgorithmConstrains()); + Assert.assertTrue("wrong verify state", verify.isValidSigned()); + Assert.assertNotNull("JWS Header", verify.getJoseHeader()); + Assert.assertNotNull("JWS Payload", verify.getPayload()); + Assert.assertNotNull("CertChain", verify.getCertChain()); + + } + + protected KeyStoreConfiguration getSigTrustStoreConfigValid() { + final KeyStoreConfiguration trustConfig = new KeyStoreConfiguration(); + trustConfig.setFriendlyName("jUnit TrustStore"); + trustConfig.setKeyStoreType(KeyStoreType.JKS); + trustConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit.jks"); + trustConfig.setSoftKeyStorePassword("password"); + + return trustConfig; + + } + + protected KeyStoreConfiguration getSigTrustStoreConfigOnlyEc() { + final KeyStoreConfiguration trustConfig = new KeyStoreConfiguration(); + trustConfig.setFriendlyName("jUnit TrustStore"); + trustConfig.setKeyStoreType(KeyStoreType.JKS); + trustConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit_no_rsa.jks"); + trustConfig.setSoftKeyStorePassword("password"); + + return trustConfig; + + } + + private AlgorithmConstraints getDefaultAlgorithmConstrains() { + return new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING + .toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])); + } + +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java new file mode 100644 index 00000000..b5a7639e --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JoseUtilsTest.java @@ -0,0 +1,83 @@ +package at.gv.egiz.eaaf.modules.auth.sl20.utils; + +import java.io.IOException; +import java.security.NoSuchProviderException; +import java.security.Security; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.io.IOUtils; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.lang.JoseException; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egiz.eaaf.modules.auth.sl20.utils.JoseUtils.JwsResult; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +@RunWith(BlockJUnit4ClassRunner.class) +public class JoseUtilsTest { + + private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList( + Arrays.asList( + AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, + AlgorithmIdentifiers.RSA_PSS_USING_SHA256, + AlgorithmIdentifiers.RSA_PSS_USING_SHA512)); + + /** + *jUnit test class initializer. + */ + @BeforeClass + public static final void classInitializer() { + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + + } + + /** + * jUnit test class cleaner. + */ + @AfterClass + public static final void classFinisher() { + Security.removeProvider(IAIK.getInstance().getName()); + Security.removeProvider(ECCelerate.getInstance().getName()); + + } + + @Test + public void testBindingAuthBlock() throws JoseException, IOException, CertificateException, NoSuchProviderException { + + final String serializedContent = IOUtils.toString(JoseUtils.class.getResourceAsStream( + "/data/bindingAuth1.jws"), "UTF-8"); + + final iaik.x509.X509Certificate trustedCert = new iaik.x509.X509Certificate(JoseUtils.class + .getResourceAsStream("/data/bindingAuth1.crt")); + + final List<X509Certificate> trustedCerts = Arrays.asList(trustedCert); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING + .toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + + final JwsResult result = JoseUtils.validateSignature(serializedContent, trustedCerts, constraints); + + Assert.assertNotNull("JWS verify result", result); + Assert.assertTrue("JWS not valid", result.isValid()); + Assert.assertNotNull("JWS payload", result.getPayLoad()); + Assert.assertNotNull("JWS Headers", result.getFullJoseHeader()); + Assert.assertNotNull("JWS Signercerts", result.getX5cCerts()); + Assert.assertEquals("Signercerts size", 1, result.getX5cCerts().size()); + Assert.assertArrayEquals("Signercerts", trustedCert.getEncoded(), result.getX5cCerts().get(0).getEncoded()); + + } +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java new file mode 100644 index 00000000..b01330d2 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsHsmKeyTest.java @@ -0,0 +1,86 @@ +package at.gv.egiz.eaaf.modules.auth.sl20.utils; + +import java.security.KeyStore; +import java.security.Provider; + +import org.apache.commons.lang3.StringUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_sl20_hsm.beans.xml") +public class JsonSecurityUtilsHsmKeyTest extends AbstractJsonSecurityUtilsTest { + + /** + * Initialize jUnit test. + */ + @Before + public void initialize() { + config.putConfigValue("modules.sl20.security.sigalg.rsa", "RS256"); + config.putConfigValue("modules.sl20.security.sigalg.ecc", "ES256"); + + } + + @Override + protected void setRsaSigningKey() { + config.putConfigValue("modules.sl20.security.sign.alias", "rsa-key-1"); + + } + + @Override + protected void setEcSigningKey() { + config.putConfigValue("modules.sl20.security.sign.alias", "ec-key-1"); + + } + + @Override + protected void setRsaEncryptionKey() { + config.putConfigValue("modules.sl20.security.encryption.alias", "rsa-key-1"); + + } + + @Override + protected void setEcEncryptionKey() { + config.putConfigValue("modules.sl20.security.encryption.alias", "ec-key-1"); + + } + + @Override + protected Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException { + final KeyStoreConfiguration keyConfig = new KeyStoreConfiguration(); + keyConfig.setFriendlyName("Junit Enc Key Rsa"); + keyConfig.setKeyStoreType(KeyStoreType.HSMFACADE); + keyConfig.setKeyStoreName("eid-junit"); + + return keyStoreFactory.buildNewKeyStore(keyConfig); + } + + @Override + protected String getRsaKeyAlias() { + return "rsa-key-1"; + } + + @Override + protected String getRsaKeyPassword() { + return StringUtils.EMPTY; + } + + @Override + protected String getEcKeyAlias() { + return "ec-key-1"; + } + + @Override + protected String getEcKeyPassword() { + return StringUtils.EMPTY; + } + + +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java new file mode 100644 index 00000000..d78bdbd7 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/java/at/gv/egiz/eaaf/modules/auth/sl20/utils/JsonSecurityUtilsSoftwareKeyTest.java @@ -0,0 +1,110 @@ +package at.gv.egiz.eaaf.modules.auth.sl20.utils; + +import java.security.KeyStore; +import java.security.Provider; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Base64Utils; + +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.auth.sl20.exceptions.SL20Exception; + + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/spring/test_eaaf_sl20.beans.xml") +public class JsonSecurityUtilsSoftwareKeyTest extends AbstractJsonSecurityUtilsTest { + + @Test + public void invalidSignatureRandomString() { + try { + joseTools.validateSignature(RandomStringUtils.randomAlphabetic(10)); + Assert.fail("Wrong JOSE Sig not detected"); + + } catch (SL20Exception e) { + Assert.assertEquals("Wrong errorCode", "sl20.05", e.getErrorId()); + } + + } + + @Test + public void invalidSignatureRandomBase64UrlEncoded() { + String testValue = Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes()) + + "." + + Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes()) + + "." + + Base64Utils.encodeToUrlSafeString(RandomStringUtils.randomAlphanumeric(10).getBytes()); + + try { + joseTools.validateSignature(testValue); + Assert.fail("Wrong JOSE Sig not detected"); + + } catch (SL20Exception e) { + Assert.assertEquals("Wrong errorCode", "sl20.05", e.getErrorId()); + } + + } + + @Override + protected void setRsaSigningKey() { + config.putConfigValue("modules.sl20.security.sign.alias", "meta"); + + } + + @Override + protected void setEcSigningKey() { + config.putConfigValue("modules.sl20.security.sign.alias", "sig"); + + } + + @Override + protected void setRsaEncryptionKey() { + config.putConfigValue("modules.sl20.security.encryption.alias", "meta"); + + } + + @Override + protected void setEcEncryptionKey() { + config.putConfigValue("modules.sl20.security.encryption.alias", "sig"); + + } + + @Override + protected Pair<KeyStore, Provider> getEncryptionKeyStore() throws EaafException { + KeyStoreConfiguration keyConfig = new KeyStoreConfiguration(); + keyConfig.setFriendlyName("Junit Enc Key Rsa"); + keyConfig.setKeyStoreType(KeyStoreType.JKS); + keyConfig.setSoftKeyStoreFilePath("src/test/resources/data/junit.jks"); + keyConfig.setSoftKeyStorePassword("password"); + + return keyStoreFactory.buildNewKeyStore(keyConfig); + } + + @Override + protected String getRsaKeyAlias() { + return "meta"; + } + + @Override + protected String getRsaKeyPassword() { + return "password"; + } + + @Override + protected String getEcKeyAlias() { + return "sig"; + } + + @Override + protected String getEcKeyPassword() { + return "password"; + } + +} diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.crt new file mode 100644 index 00000000..11c17e71 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBXzCCAQWgAwIBAgIIPuBGtvo16nUwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRHVtbXlQa2lTZXJ2aWNlMB4XDTIwMTAwNzEyMTAyMVoXDTIxMTAwNzEyMTAyMVowUTEpMCcGA1UEAwwgNWMzM2Q3MjdlY2YzZTAyYTE2NmYzYWI2NWZiYTEzOGExFDASBgNVBAoMC0VJRC1ERVYtUEtJMQ4wDAYDVQQLDAVULUVudjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABACA6RBPYIX3i0+TqYq2gb3XAD0B1/tee3/lP8sPc+tt6GFDN0Vsos77VojhRQnGRndmoWi9OW7KS5uQe+5++W8wCgYIKoZIzj0EAwIDSAAwRQIhAO7NlM4YfnapZ9Vam/LF/5ASPGbN4SK0fK4bhGHQw8yIAiB77JHkZIaDtgCcv7CSPf/mvldSf5ViPelhuZBPSLRUsQ== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.jws b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.jws new file mode 100644 index 00000000..6ba84d97 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/bindingAuth1.jws @@ -0,0 +1 @@ +eyJ4NWMiOlsiTUlJQlh6Q0NBUVdnQXdJQkFnSUlQdUJHdHZvMTZuVXdDZ1lJS29aSXpqMEVBd0l3R2pFWU1CWUdBMVVFQXd3UFJIVnRiWGxRYTJsVFpYSjJhV05sTUI0WERUSXdNVEF3TnpFeU1UQXlNVm9YRFRJeE1UQXdOekV5TVRBeU1Wb3dVVEVwTUNjR0ExVUVBd3dnTldNek0yUTNNamRsWTJZelpUQXlZVEUyTm1ZellXSTJOV1ppWVRFek9HRXhGREFTQmdOVkJBb01DMFZKUkMxRVJWWXRVRXRKTVE0d0RBWURWUVFMREFWVUxVVnVkakJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCQUNBNlJCUFlJWDNpMCtUcVlxMmdiM1hBRDBCMVwvdGVlM1wvbFA4c1BjK3R0NkdGRE4wVnNvczc3Vm9qaFJRbkdSbmRtb1dpOU9XN0tTNXVRZSs1KytXOHdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWhBTzdObE00WWZuYXBaOVZhbVwvTEZcLzVBU1BHYk40U0swZks0YmhHSFF3OHlJQWlCNzdKSGtaSWFEdGdDY3Y3Q1NQZlwvbXZsZFNmNVZpUGVsaHVaQlBTTFJVc1E9PSJdLCJ0eXAiOiJiaW5kaW5nQXV0aCIsImFsZyI6IkVTMjU2In0.MzIxZmVmYTQtODVkOC00YmE5LWE0MmUtYWY4MzM3YTEyNTA1.diiXXegwv3Gu6ezJRxf7F5BnRxNhTnBXJ0D5RX4OqDxs2QvfzSPA4mOkUed18_56aILMBLVL-XIMszNILfp7OA
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/config1.properties b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/config1.properties new file mode 100644 index 00000000..f58e3da9 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/config1.properties @@ -0,0 +1,19 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 + +modules.sl20.security.keystore.type=jks +modules.sl20.security.keystore.path=src/test/resources/data/junit.jks +modules.sl20.security.keystore.password=password +modules.sl20.security.keystore.name= +modules.sl20.security.sign.alias=sig +modules.sl20.security.sign.password=password +modules.sl20.security.encryption.alias=meta +modules.sl20.security.encryption.password=password + +modules.sl20.security.truststore.type=jks +modules.sl20.security.truststore.path=src/test/resources/data/junit.jks +modules.sl20.security.truststore.password=password +modules.sl20.security.truststore.name=
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/config2.properties b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/config2.properties new file mode 100644 index 00000000..ff99dcef --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/config2.properties @@ -0,0 +1,19 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 + +modules.sl20.security.keystore.type=hsmfacade +modules.sl20.security.keystore.path= +modules.sl20.security.keystore.password= +modules.sl20.security.keystore.name=eid-junit +modules.sl20.security.sign.alias=rsa-key-1 +modules.sl20.security.sign.password= +modules.sl20.security.encryption.alias=ec-key-1 +modules.sl20.security.encryption.password= + +modules.sl20.security.truststore.type=hsmfacade +modules.sl20.security.truststore.path=src/test/resources/data/junit.jks +modules.sl20.security.truststore.password= +modules.sl20.security.truststore.name=eid-junit
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_ec.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_ec.crt new file mode 100644 index 00000000..ad780a21 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_ec.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBQTCB56ADAgECAghqWvzGZbotTjAKBggqhkjOPQQDAjASMRAwDgYDVQQDDAdFQy1Sb290MB4XDTIwMDYxODA3MzYwOVoXDTI1MDYxODA3MzYwOVowOzEaMBgGA1UEAwwRaW50LWVjLWtleS0xLTAwMDExETAPBgNVBAoMCHNvZnR3YXJlMQowCAYDVQQFEwExMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMYva5n1ISLX4bZdG9ecGVNVId7OEY4Yjeu+4kk+nbppxNMj6JX5tO2iCCpgHlKC5WWTSJyxSQh3CoLzc8XLUmjAKBggqhkjOPQQDAgNJADBGAiEAiegmUzDThtinnuUwsHXwdr4Y/XUednOyIy7RBeClvyYCIQC/v5NZzg+H6FUrQ2nds2hlB6sD7z5cZPJcqm8+S0wYCw== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_facade_trust_root.crt new file mode 100644 index 00000000..204ddccf --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_facade_trust_root.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIByzCCAXGgAwIBAgIEYC5cIjAKBggqhkjOPQQDAjA7MRMwEQYDVQQKDApBLVNJ +VCBQbHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwHhcN +MjEwMjE4MTIyMjU4WhcNMzEwMjE4MTIyMjU4WjA7MRMwEQYDVQQKDApBLVNJVCBQ +bHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAARK1UAE+T3xYsoI0VkRcP20jPwTd2MePMkXRsSR +lpqPMQ6dPMlxPmAzWK33DWPFAFMY8+ecF0J8t2D+5RiJSSB+o2MwYTAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT1v6FCAwJIM8kv +JD7gVjdGXqhcYjAdBgNVHQ4EFgQU9b+hQgMCSDPJLyQ+4FY3Rl6oXGIwCgYIKoZI +zj0EAwIDSAAwRQIhAI+5lHyNCQfyj8c0pdBDVWY3fkCOj9ZTJ/hqgW+6TIQBAiBS +jn7uIj7tGm+f0RgXMbhcgtQhYgVwf0x8OnRwmDOwaw== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_rsa.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_rsa.crt new file mode 100644 index 00000000..aa83c8d9 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/hsm_rsa.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIICDTCCAbOgAwIBAgIIVLxIFI8kRpkwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAeFw0yMDA2MTgwNzM2MTBaFw0yNTA2MTgwNzM2MTBaMDwxGzAZBgNVBAMMEmludC1yc2Eta2V5LTEtMDAwMTERMA8GA1UECgwIc29mdHdhcmUxCjAIBgNVBAUTATEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrM1ocQqtch95Dm21JHi0V35nlWZibsjLqR+g8ERdD1qFgun/X0I/Rbft+KxB8QsDX7UmIjXGdavNcEjY/XcbiJxUcpv7vn/2+x3JxZO6Iye/ut001okICt3OGIqP93ZEnIaTTNhDsK7OnvD/eUjlmuHiTaFq1dZLKYDQlz9jl/9F4axfrz1V7oo60iqFIW+7tlUeh8VGDUPjQpHghzjHXTJv/OIAt752K31Tn8KR3kvkn6WTPo8eOWVaPQ480Dik0e2afTPPJNZJ7BW111IwqBAOKp586yVsQ4XVEF8H64Cq+s+b4/HBboo9TDJKTJvo2yQmcTsahbH+Rlm20ifUTAgMBAAEwCgYIKoZIzj0EAwIDSAAwRQIhANKN/N2Atb5fbeHSB2Myv/JcNf9JonxFe92AOu4f62NNAiBjOEeg4OyJZKPiDl6aqYVtz1Qroo6xzUC9UVA4qNe4LA== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit.jks b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit.jks Binary files differnew file mode 100644 index 00000000..a18df332 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit.jks diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_no_rsa.jks b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_no_rsa.jks Binary files differnew file mode 100644 index 00000000..370cf19e --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/junit_no_rsa.jks diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_ec.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_ec.crt new file mode 100644 index 00000000..5311f3f1 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_ec.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcwHhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwCLZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqGSM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIhANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_rsa.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_rsa.crt new file mode 100644 index 00000000..c70f5031 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/software_rsa.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJBVDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFkYXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRhZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYAO5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6Hrp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONbf+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3lPIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NXzh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWSYI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZipurO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/test.crt b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/test.crt new file mode 100644 index 00000000..76c18361 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/data/test.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +MIIEXDCCA0SgAwIBAgIEY4Qn3zANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEmMCQGA1UECwwdYS1zaWduLVRlc3QtUHJlbWl1bS1Nb2JpbGUtMDUxJjAkBgNVBAMMHWEtc2lnbi1UZXN0LVByZW1pdW0tTW9iaWxlLTA1MB4XDTE5MTIxMzEzNDg0N1oXDTI0MTIxMzEzNDg0N1owYDELMAkGA1UEBhMCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUTDDgxNjkyMjY1ODM0ODBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAUAVvbow4O/DMA5ZZoPHQXe0rtf86lvH8GLM/Crz1vvRYyQ5D4ESYRFy+s3zHdLqhE4l8I95i9jz2qTvof46mqjggGfMIIBmzCBggYIKwYBBQUHAQEEdjB0MEkGCCsGAQUFBzAChj1odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMvYS1zaWduLXRlc3QtcHJlbWl1bS1tb2JpbGUtMDUuY3J0MCcGCCsGAQUFBzABhhtodHRwOi8vb2NzcC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAITuhoD/7N29AwEQYDVR0OBAoECEyqhgBwLul2MA4GA1UdDwEB/wQEAwIGwDAJBgNVHRMEAjAAMIGGBgNVHSAEfzB9MHsGBiooABEBBDBxMDgGCCsGAQUFBwICMCwaKkRpZXNlcyBaZXJ0aWZpa2F0IGRpZW50IG51ciB6dSBUZXN0endlY2tlbjA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLVRFU1QwSAYDVR0fBEEwPzA9oDugOYY3aHR0cDovL2NybC5hLXRydXN0LmF0L2NybC9hLXNpZ24tdGVzdC1wcmVtaXVtLW1vYmlsZS0wNTANBgkqhkiG9w0BAQsFAAOCAQEATD4ZnrEV+xeT7PFI/idqHdElLZ1BVUO9G9qfQQn4oKNCWWHxMo/ZXSlvsOtTjFezCQFkcFO1eJtXNHCyqfr69jorzhZcicscNRMrDlJoB/sJr0l/Ekjlt/dgRaTuZ7NzWE/oTefI3M3xkkLd0ydAMrhrZx+9f82VE3k63I1fmT90kQ8PfDzAMMRmlwbZDA+2TB8iF7SQkOOL6H1j2L9qrhjlG2ekU4cyx6KMkRjLLbr1JVgS07qOzUkeQPR2KTJcWWR+/NQZWDKdOz97eVOulxeI+Y3y96arraGM7lIbV9ZrpkbUn/IxQ9TQTE5X02EipgnZdR7bZrwJ7hJ27vwnfQ== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/spring/test_eaaf_sl20.beans.xml b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/spring/test_eaaf_sl20.beans.xml new file mode 100644 index 00000000..e4002a8f --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/spring/test_eaaf_sl20.beans.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" + default-lazy-init="true"> + + <bean id="dummyAuthConfigMap" + class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap"> + <constructor-arg value="/data/config1.properties" /> + </bean> + + <bean id="jwsJweUtils" + class="at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonSecurityUtils"/> + + <import resource="classpath:/spring/eaaf_utils.beans.xml"/> + +</beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/spring/test_eaaf_sl20_hsm.beans.xml b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/spring/test_eaaf_sl20_hsm.beans.xml new file mode 100644 index 00000000..a9f5dc80 --- /dev/null +++ b/eaaf_modules/eaaf_module_auth_sl20/src/test/resources/spring/test_eaaf_sl20_hsm.beans.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd" + default-lazy-init="true"> + + <bean id="dummyAuthConfigMap" + class="at.gv.egiz.eaaf.core.test.dummy.DummyAuthConfigMap"> + <constructor-arg value="/data/config2.properties" /> + </bean> + + <bean id="jwsJweUtils" + class="at.gv.egiz.eaaf.modules.auth.sl20.utils.JsonSecurityUtils"/> + + <import resource="classpath:/spring/eaaf_utils.beans.xml"/> + +</beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/pom.xml b/eaaf_modules/eaaf_module_moa-sig/pom.xml index 93bcffec..4a6a2d74 100644 --- a/eaaf_modules/eaaf_module_moa-sig/pom.xml +++ b/eaaf_modules/eaaf_module_moa-sig/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <artifactId>eaaf_module_moa-sig</artifactId> <name>MOA-Sig signature verification module</name> @@ -75,8 +75,8 @@ </dependency> <dependency> - <groupId>MOA.spss.server</groupId> - <artifactId>moa-sig-lib</artifactId> + <groupId>moaSig</groupId> + <artifactId>moa-sig-lib</artifactId> <exclusions> <exclusion> <groupId>commons-logging</groupId> @@ -89,12 +89,12 @@ </exclusions> </dependency> <dependency> - <groupId>MOA.spss</groupId> + <groupId>moaSig</groupId> <artifactId>common</artifactId> </dependency> <dependency> - <groupId>MOA.spss</groupId> - <artifactId>tsl_lib</artifactId> + <groupId>at.gv.egovernment.moa.sig</groupId> + <artifactId>tsl-lib</artifactId> </dependency> <dependency> <groupId>iaik.prod</groupId> @@ -161,18 +161,22 @@ <artifactId>jaxen</artifactId> </dependency> - - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> - </dependency> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.3</version> + <scope>test</scope> + </dependency> </dependencies> @@ -184,15 +188,6 @@ </resources> <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.8.0</version> - <configuration> - <source>${java.version}</source> - <target>${java.version}</target> - </configuration> - </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> @@ -222,21 +217,6 @@ </configuration> </plugin> - <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> </plugins> </build> </project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.jar Binary files differnew file mode 100644 index 00000000..065eadc0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.pom new file mode 100644 index 00000000..d5e7b657 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.3/common-3.1.3.pom @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss.common</groupId> + <artifactId>common</artifactId> + <version>3.1.3</version> + <dependencies> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>1.7.30</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.12.0</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + <version>2.7.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + <version>2.10.6</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>jaxen</groupId> + <artifactId>jaxen</artifactId> + <version>1.2.0</version> + <scope>compile</scope> + </dependency> + </dependencies> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.4-RC1/common-3.1.4-RC1.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.4-RC1/common-3.1.4-RC1.jar Binary files differnew file mode 100644 index 00000000..e1fddffb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.4-RC1/common-3.1.4-RC1.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.4-RC1/common-3.1.4-RC1.xml b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.4-RC1/common-3.1.4-RC1.xml new file mode 100644 index 00000000..cf0b3f9b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/common/3.1.4-RC1/common-3.1.4-RC1.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>moaSig</groupId> + <artifactId>common</artifactId> + <version>3.1.4-RC1</version> + <dependencies> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>1.7.30</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.12.0</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>xalan</groupId> + <artifactId>xalan</artifactId> + <version>2.7.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>joda-time</groupId> + <artifactId>joda-time</artifactId> + <version>2.10.6</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>jaxen</groupId> + <artifactId>jaxen</artifactId> + <version>1.2.0</version> + <scope>compile</scope> + </dependency> + </dependencies> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.jar Binary files differnew file mode 100644 index 00000000..06f21d25 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.pom new file mode 100644 index 00000000..77ca744c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.3/moa-sig-lib-3.1.3.pom @@ -0,0 +1,88 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss.server</groupId> + <artifactId>moa-sig-lib</artifactId> + <version>3.1.3</version> + <dependencies> + <dependency> + <groupId>MOA.spss</groupId> + <artifactId>common</artifactId> + <version>3.1.3</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>1.2.17</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>1.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.7</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.14</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.axis</groupId> + <artifactId>axis-jaxrpc</artifactId> + <version>1.4</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.xerial</groupId> + <artifactId>sqlite-jdbc</artifactId> + <version>3.32.3.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>javax.xml.bind</groupId> + <artifactId>jaxb-api</artifactId> + <version>2.3.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-core</artifactId> + <version>2.3.0.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-impl</artifactId> + <version>2.3.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.postgresql</groupId> + <artifactId>postgresql</artifactId> + <version>42.2.15.jre7</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.11</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient-cache</artifactId> + <version>4.5.12</version> + <scope>compile</scope> + </dependency> + </dependencies> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.4-RC1/moa-sig-lib-3.1.4-RC1.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.4-RC1/moa-sig-lib-3.1.4-RC1.jar Binary files differnew file mode 100644 index 00000000..75c83313 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.4-RC1/moa-sig-lib-3.1.4-RC1.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.4-RC1/moa-sig-lib-3.1.4-RC1.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.4-RC1/moa-sig-lib-3.1.4-RC1.pom new file mode 100644 index 00000000..151eccc7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/server/moa-sig-lib/3.1.4-RC1/moa-sig-lib-3.1.4-RC1.pom @@ -0,0 +1,118 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss.server</groupId> + <artifactId>moa-sig-lib</artifactId> + <version>3.1.4-SNAPSHOT</version> + <dependencies> + <dependency> + <groupId>moaSig</groupId> + <artifactId>common</artifactId> + <version>3.1.4-SNAPSHOT</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>1.2.17</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-logging</groupId> + <artifactId>commons-logging</artifactId> + <version>1.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.7</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>commons-codec</groupId> + <artifactId>commons-codec</artifactId> + <version>1.14</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.axis</groupId> + <artifactId>axis-jaxrpc</artifactId> + <version>1.4</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.xerial</groupId> + <artifactId>sqlite-jdbc</artifactId> + <version>3.32.3.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>javax.xml.bind</groupId> + <artifactId>jaxb-api</artifactId> + <version>2.3.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-core</artifactId> + <version>2.3.0.1</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-impl</artifactId> + <version>2.3.2</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.postgresql</groupId> + <artifactId>postgresql</artifactId> + <version>42.2.15.jre7</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.pdfbox</groupId> + <artifactId>pdfbox</artifactId> + <version>2.0.21</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.pdfbox</groupId> + <artifactId>pdfbox-tools</artifactId> + <version>2.0.21</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.pdfbox</groupId> + <artifactId>pdfbox-app</artifactId> + <version>2.0.21</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.pdfbox</groupId> + <artifactId>preflight</artifactId> + <version>2.0.21</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.pdfbox</groupId> + <artifactId>preflight-app</artifactId> + <version>2.0.21</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.11</version> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient-cache</artifactId> + <version>4.5.12</version> + <scope>compile</scope> + </dependency> + </dependencies> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom index c16e4887..93cb2c66 100644 --- a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom @@ -1,37 +1,130 @@ -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" - "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> -<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'> -<head> -<title>EAAF-Components - EAAF-Components</title> -<meta name='generator' content='cgit v0.10.2'/> -<meta name='robots' content='index, nofollow'/> -<link rel='stylesheet' type='text/css' href='/cgit.css'/> -<link rel='shortcut icon' href='/favicon.ico'/> -<link rel='alternate' title='Atom feed' href='https://git.egiz.gv.at/EAAF-Components/atom/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom?h=master' type='application/atom+xml'/> -</head> -<body> -<div id='cgit'><table id='header'> -<tr> -<td class='logo' rowspan='2'><a href='/'><img src='/cgit.png' alt='cgit logo'/></a></td> -<td class='main'><a href='/'>index</a> : <a title='EAAF-Components' href='/EAAF-Components/'>EAAF-Components</a></td><td class='form'><form method='get' action=''> -<select name='h' onchange='this.form.submit();'> -<option value='master' selected='selected'>master</option> -</select> <input type='submit' name='' value='switch'/></form></td></tr> -<tr><td class='sub'>EAAF-Components</td><td class='sub right'>tlenz</td></tr></table> -<table class='tabs'><tr><td> -<a href='/EAAF-Components/'>summary</a><a href='/EAAF-Components/refs/'>refs</a><a href='/EAAF-Components/log/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom'>log</a><a class='active' href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom'>tree</a><a href='/EAAF-Components/commit/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom'>commit</a><a href='/EAAF-Components/diff/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom'>diff</a></td><td class='form'><form class='right' method='get' action='/EAAF-Components/log/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom'> -<select name='qt'> -<option value='grep'>log msg</option> -<option value='author'>author</option> -<option value='committer'>committer</option> -<option value='range'>range</option> -</select> -<input class='txt' type='text' size='10' name='q' value=''/> -<input type='submit' value='search'/> -</form> -</td></tr></table> -<div class='path'>path: <a href='/EAAF-Components/tree/'>root</a>/<a href='/EAAF-Components/tree/eaaf_modules'>eaaf_modules</a>/<a href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig'>eaaf_module_moa-sig</a>/<a href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig/repository'>repository</a>/<a href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig/repository/MOA'>MOA</a>/<a href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss'>spss</a>/<a href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib'>tsl_lib</a>/<a href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2'>2.0.2</a>/<a href='/EAAF-Components/tree/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.2/tsl_lib-2.0.2.pom'>tsl_lib-2.0.2.pom</a></div><div class='content'></div> <!-- class=content --> -<div class='footer'>generated by cgit v0.10.2 at 2019-07-19 09:05:24 (GMT)</div> -</div> <!-- id=cgit --> -</body> -</html> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss</groupId> + <artifactId>tsl_lib</artifactId> + <version>2.0.2</version> + <name>MOA-Sig TLS-library</name> + + <developers> + <developer> + <id>tlenz</id> + <name>Thomas Lenz</name> + <organization>IAIK</organization> + <email>thomas.lenz@iaik.tugraz.at</email> + <timezone>+1</timezone> + <roles> + <role>developer</role> + </roles> + </developer> + </developers> + + <organization> + <name>EGIZ - E-Government Innovationszentrum - Austria</name> + <url>http://www.egiz.gv.at/</url> + </organization> + + <repositories> + <repository> + <id>MOA</id> + <name>MOA Dependencies</name> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> + <layout>default</layout> + <url>file://${basedir}/repository</url> + </repository> + </repositories> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.5.1</version> + <configuration> + <compilerArguments> + <verbose /> + </compilerArguments> + <source>1.7</source> + <target>1.7</target> + </configuration> + </plugin> + + <!-- if maven should be used to build jaxb classes --> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>jaxb2-maven-plugin</artifactId> + <version>1.5</version> + <executions> + <execution> + <id>xjc</id> + <goals> + <goal>xjc</goal> + </goals> + </execution> + </executions> + <configuration> + <outputDirectory>${project.basedir}/src/main/xjc</outputDirectory> + <bindingDirectory>${project.basedir}/src/main/resources/spec/jaxb/</bindingDirectory> + <bindingFiles>ts_119612v010201_sie_xsd.binding.xml</bindingFiles> + <schemaDirectory>${project.basedir}/src/main/resources/spec/jaxb/</schemaDirectory> + <schemaFiles>ts_119612v010201_sie_xsd.xsd</schemaFiles> + <extension>true</extension> + </configuration> + </plugin> + </plugins> + </build> + + <dependencies> + + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_pki_module</artifactId> + <version>2.01_moa</version> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <version>5.52_moa</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_xsect</artifactId> + <version>2.13_moa</version> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_moa</artifactId> + <version>2.06</version> + </dependency> + + + <dependency> + <groupId>org.xerial</groupId> + <artifactId>sqlite-jdbc</artifactId> + <version>3.15.1</version> + </dependency> + + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.11.0</version> + </dependency> + + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>1.2.17</version> + </dependency> + + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.4</version> + </dependency> + + </dependencies> + +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.jar b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.jar Binary files differnew file mode 100644 index 00000000..e1321ac1 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.pom b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.pom new file mode 100644 index 00000000..354fbfca --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/MOA/spss/tsl_lib/2.0.3/tsl_lib-2.0.3.pom @@ -0,0 +1,186 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.spss</groupId> + <artifactId>tsl_lib</artifactId> + <version>2.0.3</version> + <name>MOA-Sig TLS-library</name> + + <developers> + <developer> + <id>tlenz</id> + <name>Thomas Lenz</name> + <organization>IAIK</organization> + <email>thomas.lenz@iaik.tugraz.at</email> + <timezone>+1</timezone> + <roles> + <role>developer</role> + </roles> + </developer> + </developers> + + <organization> + <name>EGIZ - E-Government Innovationszentrum - Austria</name> + <url>http://www.egiz.gv.at/</url> + </organization> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + + <org.projectlombok.lombok.version>1.18.12</org.projectlombok.lombok.version> + </properties> + + <repositories> + <repository> + <id>MOA</id> + <name>MOA Dependencies</name> + <releases> + <enabled>true</enabled> + <checksumPolicy>ignore</checksumPolicy> + </releases> + <layout>default</layout> + <url>file://${basedir}/repository</url> + </repository> + </repositories> + + <build> + <resources> + <resource> + <directory>${project.build.directory}/xjc</directory> + </resource> + <resource> + <directory>src/main/resources</directory> + <excludes> + <exclude>**/jaxb</exclude> + </excludes> + </resource> + </resources> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.5.1</version> + <configuration> + <compilerArguments> + <verbose /> + </compilerArguments> + <source>1.7</source> + <target>1.7</target> + </configuration> + </plugin> + + <!-- if maven should be used to build jaxb classes --> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>jaxb2-maven-plugin</artifactId> + <version>2.5.0</version> + <executions> + <execution> + <id>xjc</id> + <goals> + <goal>xjc</goal> + </goals> + <phase>generate-sources</phase> + </execution> + </executions> + <configuration> + <sources> + <source>${project.basedir}/src/main/resources/spec/jaxb/ts_119612v020101_sie_xsd.xsd</source> + </sources> + <xjbSources> + <xjbSource>${project.basedir}/src/main/resources/spec/jaxb/ts_119612v020101_sie_xsd.binding.xml</xjbSource> + </xjbSources> + <outputDirectory>${project.build.directory}/xjc</outputDirectory> + </configuration> + </plugin> + </plugins> + </build> + + <dependencies> + + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_pki_module</artifactId> + <version>2.01_moa</version> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <version>5.61_moa</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_xsect</artifactId> + <version>2.14_moa</version> + </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_moa</artifactId> + <version>2.06</version> + </dependency> + + + <dependency> + <groupId>org.xerial</groupId> + <artifactId>sqlite-jdbc</artifactId> + <version>3.32.3.2</version> + </dependency> + + <dependency> + <groupId>javax.xml.bind</groupId> + <artifactId>jaxb-api</artifactId> + <version>2.3.1</version> + </dependency> + + + <dependency> + <groupId>xerces</groupId> + <artifactId>xercesImpl</artifactId> + <version>2.11.0</version> + </dependency> + + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-api</artifactId> + <version>1.7.30</version> + </dependency> + + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.11</version> + </dependency> + + <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>2.7</version> + </dependency> + + <dependency> + <groupId>org.apache.httpcomponents</groupId> + <artifactId>httpclient-cache</artifactId> + <version>4.5.12</version> + </dependency> + + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-classic</artifactId> + <version>1.2.3</version> + <scope>test</scope> + </dependency> + + <dependency> + <groupId>org.projectlombok</groupId> + <artifactId>lombok</artifactId> + <version>${org.projectlombok.lombok.version}</version> + <scope>provided</scope> + </dependency> + + </dependencies> + +</project>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1.1/iaik_cms-5.1.1.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1.1/iaik_cms-5.1.1.jar Binary files differnew file mode 100644 index 00000000..127160d1 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1.1/iaik_cms-5.1.1.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1.1/iaik_cms-5.1.1.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1.1/iaik_cms-5.1.1.pom new file mode 100644 index 00000000..bc56e9d2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1.1/iaik_cms-5.1.1.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_cms</artifactId> + <version>5.1.1</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1/_remote.repositories deleted file mode 100644 index bf48e71f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/5.1/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:26 CEST 2019 -iaik_cms-5.1.jar>= -iaik_cms-5.1.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/maven-metadata-local.xml deleted file mode 100644 index cf983a9a..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cms/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_cms</artifactId> - <versioning> - <release>5.1</release> - <versions> - <version>5.1</version> - </versions> - <lastUpdated>20190802081526</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.jar Binary files differnew file mode 100644 index 00000000..300c215c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.pom new file mode 100644 index 00000000..de0ec131 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.4_moa/iaik_cpades-2.4_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_cpades</artifactId> + <version>2.4_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.5.1_moa/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.5.1_moa/_remote.repositories deleted file mode 100644 index 94972b34..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/2.5.1_moa/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:14 CEST 2019 -iaik_cpades-2.5.1_moa.jar>= -iaik_cpades-2.5.1_moa.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/maven-metadata-local.xml deleted file mode 100644 index 32137191..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpades/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_cpades</artifactId> - <versioning> - <release>2.5.1_moa</release> - <versions> - <version>2.5.1_moa</version> - </versions> - <lastUpdated>20190802081514</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpxlevel/0.9_moa/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpxlevel/0.9_moa/_remote.repositories deleted file mode 100644 index cbbb35ef..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpxlevel/0.9_moa/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:13 CEST 2019 -iaik_cpxlevel-0.9_moa.jar>= -iaik_cpxlevel-0.9_moa.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpxlevel/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpxlevel/maven-metadata-local.xml deleted file mode 100644 index 3d8a158f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_cpxlevel/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_cpxlevel</artifactId> - <versioning> - <release>0.9_moa</release> - <versions> - <version>0.9_moa</version> - </versions> - <lastUpdated>20190802081513</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/5.01/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/5.01/_remote.repositories deleted file mode 100644 index 8921e467..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/5.01/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:20 CEST 2019 -iaik_eccelerate-5.01.jar>= -iaik_eccelerate-5.01.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.jar Binary files differnew file mode 100644 index 00000000..e30b629e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.pom new file mode 100644 index 00000000..45bf20e7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/6.02/iaik_eccelerate-6.02.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate</artifactId> + <version>6.02</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/maven-metadata-local.xml deleted file mode 100644 index a503da91..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_eccelerate</artifactId> - <versioning> - <release>5.01</release> - <versions> - <version>5.01</version> - </versions> - <lastUpdated>20190802081520</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/5.01/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/5.01/_remote.repositories deleted file mode 100644 index 3c6373a0..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/5.01/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:15 CEST 2019 -iaik_eccelerate_addon-5.01.pom>= -iaik_eccelerate_addon-5.01.jar>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.jar Binary files differnew file mode 100644 index 00000000..94f2de55 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.pom new file mode 100644 index 00000000..681a6ef3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/6.02/iaik_eccelerate_addon-6.02.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate_addon</artifactId> + <version>6.02</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/maven-metadata-local.xml deleted file mode 100644 index ffca7133..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_addon/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_eccelerate_addon</artifactId> - <versioning> - <release>5.01</release> - <versions> - <version>5.01</version> - </versions> - <lastUpdated>20190802081515</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/5.01/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/5.01/_remote.repositories deleted file mode 100644 index e1f24d7e..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/5.01/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:21 CEST 2019 -iaik_eccelerate_cms-5.01.pom>= -iaik_eccelerate_cms-5.01.jar>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.jar Binary files differnew file mode 100644 index 00000000..32d7aec0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.pom new file mode 100644 index 00000000..13b0b357 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/6.02/iaik_eccelerate_cms-6.02.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_eccelerate_cms</artifactId> + <version>6.02</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/maven-metadata-local.xml deleted file mode 100644 index e994c73c..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_eccelerate_cms/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_eccelerate_cms</artifactId> - <versioning> - <release>5.01</release> - <versions> - <version>5.01</version> - </versions> - <lastUpdated>20190802081522</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/1.2.2.5/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/1.2.2.5/_remote.repositories deleted file mode 100644 index 7d2568d9..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/1.2.2.5/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:06 CEST 2019 -iaik_ixsil-1.2.2.5.jar>= -iaik_ixsil-1.2.2.5.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/maven-metadata-local.xml deleted file mode 100644 index 5c190625..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_ixsil/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_ixsil</artifactId> - <versioning> - <release>1.2.2.5</release> - <versions> - <version>1.2.2.5</version> - </versions> - <lastUpdated>20190802081506</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.52_moa/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.52_moa/_remote.repositories deleted file mode 100644 index aa8aa788..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.52_moa/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:24 CEST 2019 -iaik_jce_full-5.52_moa.pom>= -iaik_jce_full-5.52_moa.jar>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.jar Binary files differnew file mode 100644 index 00000000..78b79e97 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.pom new file mode 100644 index 00000000..97989c62 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.61_moa/iaik_jce_full-5.61_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <version>5.61_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.62_moa/iaik_jce_full-5.62_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.62_moa/iaik_jce_full-5.62_moa.jar Binary files differnew file mode 100644 index 00000000..382593e4 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.62_moa/iaik_jce_full-5.62_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.62_moa/iaik_jce_full-5.62_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.62_moa/iaik_jce_full-5.62_moa.pom new file mode 100644 index 00000000..5883a370 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/5.62_moa/iaik_jce_full-5.62_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_jce_full</artifactId> + <version>5.62_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/maven-metadata-local.xml deleted file mode 100644 index 5d1c160c..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jce_full/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_jce_full</artifactId> - <versioning> - <release>5.52_moa</release> - <versions> - <version>5.52_moa</version> - </versions> - <lastUpdated>20190802081524</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/4.4/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/4.4/_remote.repositories deleted file mode 100644 index 4b692f1f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/4.4/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:06 CEST 2019 -iaik_jsse-4.4.jar>= -iaik_jsse-4.4.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/maven-metadata-local.xml deleted file mode 100644 index 5a7a319f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_jsse/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_jsse</artifactId> - <versioning> - <release>4.4</release> - <versions> - <version>4.4</version> - </versions> - <lastUpdated>20190802081506</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.06/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.06/_remote.repositories deleted file mode 100644 index e2c65c24..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.06/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:27 CEST 2019 -iaik_moa-2.06.jar>= -iaik_moa-2.06.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.07/iaik_moa-2.07.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.07/iaik_moa-2.07.jar Binary files differnew file mode 100644 index 00000000..b3436eff --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.07/iaik_moa-2.07.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.07/iaik_moa-2.07.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.07/iaik_moa-2.07.pom new file mode 100644 index 00000000..c737d787 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/2.07/iaik_moa-2.07.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_moa</artifactId> + <version>2.07</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/maven-metadata-local.xml deleted file mode 100644 index d55ab915..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_moa/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_moa</artifactId> - <versioning> - <release>2.06</release> - <versions> - <version>2.06</version> - </versions> - <lastUpdated>20190802081527</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.01_moa/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.01_moa/_remote.repositories deleted file mode 100644 index add0ea40..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.01_moa/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:17 CEST 2019 -iaik_pki_module-2.01_moa.jar>= -iaik_pki_module-2.01_moa.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar Binary files differnew file mode 100644 index 00000000..b7979e51 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom new file mode 100644 index 00000000..b947fb59 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/2.02_moa/iaik_pki_module-2.02_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_pki_module</artifactId> + <version>2.02_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/maven-metadata-local.xml deleted file mode 100644 index e4d6960c..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_pki_module/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_pki_module</artifactId> - <versioning> - <release>2.01_moa</release> - <versions> - <version>2.01_moa</version> - </versions> - <lastUpdated>20190802081517</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_sva/1.0.3_moa/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_sva/1.0.3_moa/_remote.repositories deleted file mode 100644 index b66b9ea6..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_sva/1.0.3_moa/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:23 CEST 2019 -iaik_sva-1.0.3_moa.pom>= -iaik_sva-1.0.3_moa.jar>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_sva/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_sva/maven-metadata-local.xml deleted file mode 100644 index c35d2589..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_sva/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_sva</artifactId> - <versioning> - <release>1.0.3_moa</release> - <versions> - <version>1.0.3_moa</version> - </versions> - <lastUpdated>20190802081523</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_tsp/2.32_eval/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_tsp/2.32_eval/_remote.repositories deleted file mode 100644 index 69225450..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_tsp/2.32_eval/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:06 CEST 2019 -iaik_tsp-2.32_eval.jar>= -iaik_tsp-2.32_eval.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_tsp/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_tsp/maven-metadata-local.xml deleted file mode 100644 index 368cc1b0..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_tsp/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_tsp</artifactId> - <versioning> - <release>2.32_eval</release> - <versions> - <version>2.32_eval</version> - </versions> - <lastUpdated>20190802081506</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/0.23/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/0.23/_remote.repositories deleted file mode 100644 index 236735f2..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/0.23/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:05 CEST 2019 -iaik_util-0.23.jar>= -iaik_util-0.23.pom>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/maven-metadata-local.xml deleted file mode 100644 index 31b9ea63..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_util/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_util</artifactId> - <versioning> - <release>0.23</release> - <versions> - <version>0.23</version> - </versions> - <lastUpdated>20190802081505</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xades/2.13_moa/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xades/2.13_moa/_remote.repositories deleted file mode 100644 index 4a8351bd..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xades/2.13_moa/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:15 CEST 2019 -iaik_xades-2.13_moa.pom>= -iaik_xades-2.13_moa.jar>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xades/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xades/maven-metadata-local.xml deleted file mode 100644 index c268797f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xades/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_xades</artifactId> - <versioning> - <release>2.13_moa</release> - <versions> - <version>2.13_moa</version> - </versions> - <lastUpdated>20190802081515</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.13_moa/_remote.repositories b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.13_moa/_remote.repositories deleted file mode 100644 index 5ecef39c..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.13_moa/_remote.repositories +++ /dev/null @@ -1,4 +0,0 @@ -#NOTE: This is a Maven Resolver internal implementation file, its format can be changed without prior notice. -#Fri Aug 02 10:15:20 CEST 2019 -iaik_xsect-2.13_moa.pom>= -iaik_xsect-2.13_moa.jar>= diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.jar b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.jar Binary files differnew file mode 100644 index 00000000..aa3c229c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.jar diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.pom b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.pom new file mode 100644 index 00000000..1fb2f424 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/2.14_moa/iaik_xsect-2.14_moa.pom @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <groupId>iaik.prod</groupId> + <artifactId>iaik_xsect</artifactId> + <version>2.14_moa</version> + <description>POM was created from install:install-file</description> +</project> diff --git a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/maven-metadata-local.xml b/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/maven-metadata-local.xml deleted file mode 100644 index 3ada4dea..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/repository/iaik/prod/iaik_xsect/maven-metadata-local.xml +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<metadata> - <groupId>iaik.prod</groupId> - <artifactId>iaik_xsect</artifactId> - <versioning> - <release>2.13_moa</release> - <versions> - <version>2.13_moa</version> - </versions> - <lastUpdated>20190802081520</lastUpdated> - </versioning> -</metadata> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureCreationService.java new file mode 100644 index 00000000..dbf5846b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureCreationService.java @@ -0,0 +1,5 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api; + +public interface ISignatureCreationService { + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java new file mode 100644 index 00000000..1a0df63c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/ISignatureVerificationService.java @@ -0,0 +1,191 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api; + +import java.util.Date; +import java.util.List; +import java.util.Map; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; + +public interface ISignatureVerificationService { + + /** + * Verify a CAdES or CMS signature. <br> + * <br> + * <i>This method only validates the first CMS or CAdES signature if more than + * one signature exists</i> + * + * @param signature Enveloped CMS or CAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @return {@link ICmsSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID) + throws MoaSigServiceException; + + /** + * Verify a CAdES or CMS signature. <br> + * <br> + * <i>This method only validates the first CMS or CAdES signature if more than + * one signature exists</i> + * + * @param signature Enveloped CMS or CAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param performExtendedValidation If <code>true</code> than MOA-Sig perform extended validation on this signature. + * @return {@link ICmsSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException; + + + /** + * Verify a PAdES or PDF signature. + * + * @param pdf PDF document + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @return {@link List} of {@link IPdfSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID) + throws MoaSigServiceException; + + + /** + * Verify a PAdES or PDF signature. + * + * @param pdf PDF document + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param performExtendedValidation If <code>true</code> than MOA-Sig perform extended validation on this signature. + * @return {@link List} of {@link IPdfSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException; + + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID) + throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration + * @param signingDate Signature timestamp + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + Date signingDate) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param signatureLocationXpath Xpath that points to location of Signature + * element + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + String signatureLocationXpath) throws MoaSigServiceException; + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @param signatureLocationXpath Xpath that points to location of + * Signature element + * @param signingDate Signature timestamp + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + List<String> verifyTransformsInfoProfileID, String signatureLocationXpath, Date signingDate) + throws MoaSigServiceException; + + + /** + * Verify a XML or XAdES signature. <br> + * <br> + * <i>This method only validates the first XML or XAdES signature if more than + * one signature exists</i> + * + * @param signature Serialized XML or XAdES signature + * @param trustProfileID Id of the Trust-Profile from MOA-Sig + * configuration + * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that + * should be used for + * signature-verification + * @param signatureLocationXpath Xpath that points to location of + * Signature element + * @param signingDate Signature timestamp + * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry + * in this map becomes a Content/Base64Content child in the SupplementProfile + * node. + * @return @link {@link IXmlSignatureVerificationResponse}, or null if no + * signature was found + * @throws MoaSigServiceException on signatue-verification error + */ + IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List<String> verifyTransformsInfoProfileID, + final String signatureLocationXpath, Date signingDate, + final Map<String, byte[]> supplementContent) throws MoaSigServiceException; +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java index 5e7a4564..f3d1dffc 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ICmsSignatureVerificationResponse.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; public interface ICmsSignatureVerificationResponse extends IGenericSignatureVerificationResponse { diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java index 8ebd90be..8e8511fa 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IGenericSignatureVerificationResponse.java @@ -1,10 +1,15 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; import java.util.Date; +import java.util.List; + +import javax.annotation.Nonnull; import org.springframework.lang.Nullable; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse.ExtendedCertificateValidation; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse.ExtendedResult; import iaik.x509.X509Certificate; public interface IGenericSignatureVerificationResponse { @@ -71,4 +76,34 @@ public interface IGenericSignatureVerificationResponse { @Nullable String getPublicAuthorityCode(); + + /** + * Return the signature-algorithm that was used for signing or <code>null</code> if no result exists. + * <br> + * <p>This result requires extended validation.</p> + * + * @return + */ + @Nullable + String getSignatureAlgorithmIdentifier(); + + /** + * Return the extended certificate-validation result or <code>null</code> if no result exists. + * <br> + * <p>This result requires extended validation.</p> + * + * @return + */ + @Nullable + ExtendedCertificateValidation getExtendedCertificateValidation(); + + /** + * Return the form-validation result or an empty list if no result exists. + * <br> + * <p>This result requires extended validation.</p> + * + * @return + */ + @Nonnull + List<ExtendedResult> getFormValidationResults(); } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java new file mode 100644 index 00000000..1bf2d7b2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IPdfSignatureVerificationResponse.java @@ -0,0 +1,29 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; + +import java.util.List; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument; + +/** + * PDF specific signature-verification response. + * + * @author tlenz + * + */ +public interface IPdfSignatureVerificationResponse extends IGenericSignatureVerificationResponse { + + /** + * Flag if signature covers the full pdf-document. + * + * @return + */ + CoversFullDocument getSignatureCoversFullDocument(); + + /** + * PDF signing ranges as {@link List} of {@link Pair} of starting-byte and byte-length. + * + * @return + */ + List<Pair<Integer, Integer>> getByteRange(); +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java index 17d5fa59..edbbf628 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/ISchemaRessourceProvider.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; import java.io.InputStream; import java.util.Map; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java index 5b766917..c7d0b276 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/api/data/IXmlSignatureVerificationResponse.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data; +package at.gv.egiz.eaaf.modules.sigverify.moasig.api.data; /** * XML signature verification result. diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java index e32ab932..560732c3 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceBuilderException.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; public class MoaSigServiceBuilderException extends MoaSigServiceException { diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java index fd5f8caf..97817e01 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceConfigurationException.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; public class MoaSigServiceConfigurationException extends MoaSigServiceException { diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceException.java index a4fb6290..56277d7d 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceException.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceException.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; import at.gv.egiz.eaaf.core.exceptions.EaafServiceException; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java index a47b45e0..760e293f 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/exceptions/MoaSigServiceParserException.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions; +package at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions; public class MoaSigServiceParserException extends MoaSigServiceException { diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java index d2cab2ef..942cd35c 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/AbstractSignatureService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/AbstractSignatureService.java @@ -1,4 +1,7 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; + +import java.security.Provider; +import java.security.Security; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -10,7 +13,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.w3c.dom.Document; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; -import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider; import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator; import at.gv.egovernment.moa.spss.server.transaction.TransactionContext; import at.gv.egovernment.moa.spss.server.transaction.TransactionContextManager; @@ -47,25 +49,41 @@ public abstract class AbstractSignatureService { protected final void setUpContexts(final String transactionID) throws ConfigurationException { final TransactionContextManager txMgr = TransactionContextManager.getInstance(); final LoggingContextManager logMgr = LoggingContextManager.getInstance(); - + if (txMgr.getTransactionContext() == null) { log.debug("Set not MOA-Sig transaction context"); final TransactionContext ctx = - new TransactionContext(transactionID, null, ConfigurationProvider.getInstance()); + new TransactionContext(transactionID, null, moaSigConfig.getConfigHolder().getMoaSpssConfig()); txMgr.setTransactionContext(ctx); } + //set Logging context into MOA-Sig if (logMgr.getLoggingContext() == null) { final LoggingContext ctx = new LoggingContext(transactionID); logMgr.setLoggingContext(ctx); } - new IaikConfigurator().configure(ConfigurationProvider.getInstance()); + //dump Java Security-Providers + if (log.isTraceEnabled()) { + log.trace("Set-Up verifier Bean: {}", this); + dumpSecProviders("MOA-Sig Context-Set-Up"); + + } + + new IaikConfigurator().configure(moaSigConfig.getConfigHolder().getMoaSpssConfig()); } + private static void dumpSecProviders(String message) { + log.trace("Security Providers: {}", message); + for (final Provider provider : Security.getProviders()) { + log.trace(" - {} - {}", provider.getName(), provider.getVersion()); + + } + } + /** * Tear down thread-local context information. */ diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java index 77bbc88b..dc4aa4c0 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigInitializer.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigInitializer.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import java.io.IOException; import java.io.InputStream; @@ -7,23 +7,23 @@ import java.security.Security; import java.util.Iterator; import java.util.Map.Entry; -import javax.annotation.Nonnull; import javax.annotation.PostConstruct; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ISchemaRessourceProvider; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException; -import at.gv.egovernment.moa.spss.MOAException; -import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ISchemaRessourceProvider; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceConfigurationException; +import at.gv.egovernment.moa.spss.server.init.StartupConfigurationHolder; +import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moaspss.logging.LoggingContext; import at.gv.egovernment.moaspss.logging.LoggingContextManager; import at.gv.egovernment.moaspss.util.DOMUtils; import iaik.asn1.structures.AlgorithmID; import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; +import lombok.Getter; public class MoaSigInitializer { private static final Logger log = LoggerFactory.getLogger(MoaSigInitializer.class); @@ -31,18 +31,12 @@ public class MoaSigInitializer { @Autowired(required = false) ISchemaRessourceProvider[] schemas; - private Configurator moaSigConfigurator; - /** * Get MOA-Sig configuration object. - * - * @return moa-sig configuration */ - @Nonnull - public Configurator getMoaSigConfigurator() { - return moaSigConfigurator; + @Getter + private StartupConfigurationHolder configHolder; - } @PostConstruct private synchronized void initialize() throws MoaSigServiceConfigurationException { @@ -55,27 +49,18 @@ public class MoaSigInitializer { try { LoggingContextManager.getInstance().setLoggingContext(new LoggingContext("startup")); log.debug("MOA-Sig library initialization process ... "); - Configurator.getInstance().init(); + configHolder = SystemInitializer.init(); log.info("MOA-Sig library initialization complete "); - Security.insertProviderAt(IAIK.getInstance(), 0); - - final ECCelerate eccProvider = ECCelerate.getInstance(); - if (Security.getProvider(eccProvider.getName()) != null) { - Security.removeProvider(eccProvider.getName()); - } - Security.addProvider(new ECCelerate()); - fixJava8_141ProblemWithSslAlgorithms(); if (log.isDebugEnabled()) { log.debug("Loaded Security Provider:"); final Provider[] providerList = Security.getProviders(); for (int i = 0; i < providerList.length; i++) { - log.debug( - i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion()); + log.debug("{}: {} Version {}", i, providerList[i].getName(), providerList[i].getVersion()); + } - } // Inject additional XML schemes @@ -99,10 +84,8 @@ public class MoaSigInitializer { } } - moaSigConfigurator = Configurator.getInstance(); - - } catch (final MOAException e) { - log.error("MOA-SP initialization FAILED!", e.getWrapped()); + } catch (final RuntimeException e) { + log.error("MOA-SP initialization FAILED!", e); throw new MoaSigServiceConfigurationException("service.moasig.04", new Object[] { e.toString() }, e); } diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java index d09b26de..b5e190d8 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/MoaSigSpringResourceProvider.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.Resource; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureCreationService.java index 559af62a..0d8b7975 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureCreationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureCreationService.java @@ -1,4 +1,4 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import javax.annotation.PostConstruct; @@ -6,7 +6,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.stereotype.Service; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureCreationService; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureCreationService; import at.gv.egovernment.moa.spss.server.invoke.CMSSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java index 8fc4086e..79f39e65 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/SignatureVerificationService.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/SignatureVerificationService.java @@ -1,11 +1,17 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl; +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl; import java.io.ByteArrayInputStream; import java.security.cert.CertificateEncodingException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.Iterator; import java.util.List; +import java.util.Map; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.time.DateFormatUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.lang.Nullable; @@ -15,12 +21,17 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceBuilderException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.GenericSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser.VerifyXmlSignatureResponseParser; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureResponse; @@ -50,6 +61,8 @@ public class SignatureVerificationService extends AbstractSignatureService private static final String DSIG = Constants.DSIG_PREFIX + ":"; private static final String DEFAULT_XPATH_SIGNATURE_LOCATION = "//" + DSIG + "Signature"; + public static final String PATTERN_ISSUE_INSTANT = "yyyy-MM-dd'T'HH:mm:ssXXX"; + private CMSSignatureVerificationInvoker cadesInvoker; private XMLSignatureVerificationInvoker xadesInvocer; @@ -63,13 +76,20 @@ public class SignatureVerificationService extends AbstractSignatureService @Nullable public ICmsSignatureVerificationResponse verifyCmsSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { + return verifyCmsSignature(signature, trustProfileID, false); + + } + + @Override + public ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException { try { // setup context setUpContexts(Thread.currentThread().getName()); // verify signature final VerifyCMSSignatureRequest cmsSigVerifyReq = - buildVerfifyCmsRequest(signature, trustProfileID, false, false); + buildVerfifyCmsRequest(signature, trustProfileID, false, performExtendedValidation); final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature(cmsSigVerifyReq); return parseCmsVerificationResult(cmsSigVerifyResp); @@ -87,9 +107,43 @@ public class SignatureVerificationService extends AbstractSignatureService tearDownContexts(); } - } + + @Override + public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID) + throws MoaSigServiceException { + return verifyPdfSignature(pdf, trustProfileID, false); + + } + + @Override + public List<IPdfSignatureVerificationResponse> verifyPdfSignature(byte[] pdf, String trustProfileID, + boolean performExtendedValidation) throws MoaSigServiceException { + try { + // setup context + setUpContexts(Thread.currentThread().getName()); + + // verify signature + final VerifyCMSSignatureResponse cmsSigVerifyResp = cadesInvoker.verifyCMSSignature( + buildVerfifyCmsRequest(pdf, trustProfileID, true, performExtendedValidation)); + + return parsePdfVerificationResult(cmsSigVerifyResp); + + } catch (final MOAException e) { + log.warn("PDF signature verification has an error.", e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + } catch (final CertificateEncodingException e) { + log.warn("Can NOT serialize X509 certificate from PDF/PAdES signature-verification response", + e); + throw new MoaSigServiceException("service.03", new Object[] { e.toString() }, e); + + } finally { + tearDownContexts(); + + } + } + /* * (non-Javadoc) * @@ -99,7 +153,8 @@ public class SignatureVerificationService extends AbstractSignatureService @Override public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION); + return verifyXmlSignature(signature, trustProfileID, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, + Collections.emptyMap()); } @@ -115,7 +170,7 @@ public class SignatureVerificationService extends AbstractSignatureService final String trustProfileID, final List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException { return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, - DEFAULT_XPATH_SIGNATURE_LOCATION); + DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); } /* @@ -129,27 +184,37 @@ public class SignatureVerificationService extends AbstractSignatureService public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final String signatureLocationXpath) throws MoaSigServiceException { - return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath); + return verifyXmlSignature(signature, trustProfileID, null, signatureLocationXpath, null, Collections.emptyMap()); } - /* - * (non-Javadoc) - * - * @see at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl. - * ISignatureVerificationService# verifyXMLSignature(byte[], java.lang.String, - * java.util.List, java.lang.String) - */ + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, + Date signingDate) throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, null, + DEFAULT_XPATH_SIGNATURE_LOCATION, signingDate, Collections.emptyMap()); + } + + @Override public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, final String trustProfileID, final List<String> verifyTransformsInfoProfileID, - final String xpathSignatureLocation) throws MoaSigServiceException { + final String xpathSignatureLocation, Date signingDate) throws MoaSigServiceException { + return verifyXmlSignature(signature, trustProfileID, verifyTransformsInfoProfileID, xpathSignatureLocation, + signingDate, Collections.emptyMap()); + } + + @Override + public IXmlSignatureVerificationResponse verifyXmlSignature(final byte[] signature, + final String trustProfileID, final List<String> verifyTransformsInfoProfileID, + final String xpathSignatureLocation, Date signingDate, final Map<String, byte[]> supplementContent) + throws MoaSigServiceException { try { // setup context setUpContexts(Thread.currentThread().getName()); // build signature-verification request final Element domVerifyXmlSignatureRequest = buildVerifyXmlRequest(signature, trustProfileID, - verifyTransformsInfoProfileID, xpathSignatureLocation); + verifyTransformsInfoProfileID, xpathSignatureLocation, signingDate, supplementContent); // send signature-verification to MOA-Sig final VerifyXMLSignatureRequest vsrequest = @@ -191,33 +256,90 @@ public class SignatureVerificationService extends AbstractSignatureService log.warn( "CMS or CAdES signature contains more than one technical signatures. Only validate the first signature"); } + + return (ICmsSignatureVerificationResponse) parseBasisSignatureInformation( + new at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(), + (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0)); + } + + private List<IPdfSignatureVerificationResponse> parsePdfVerificationResult( + VerifyCMSSignatureResponse cmsSigVerifyResp) throws CertificateEncodingException { + + List<IPdfSignatureVerificationResponse> result = new ArrayList<>(); + if (cmsSigVerifyResp.getResponseElements() == null + || cmsSigVerifyResp.getResponseElements().isEmpty()) { + log.info("No CMS signature FOUND. "); + + } else { + Iterator<?> it = cmsSigVerifyResp.getResponseElements().iterator(); + while (it.hasNext()) { + VerifyCMSSignatureResponseElement el = (VerifyCMSSignatureResponseElement) it.next(); + VerifyPdfSignatureResponse pdfSigResult = + (VerifyPdfSignatureResponse) parseBasisSignatureInformation(new VerifyPdfSignatureResponse(), el); + + pdfSigResult.setSignatureCoversFullDocument( + el.getCoversFullDocument() != null + ? el.getCoversFullDocument() ? CoversFullDocument.YES : CoversFullDocument.NO + : CoversFullDocument.UNKNOWN); + pdfSigResult.setByteRange(convertByteRanges(el.getByteRangeOfSignature())); + result.add(pdfSigResult); + + } + } + + return result; + + } + + private List<Pair<Integer, Integer>> convertByteRanges(int[] byteRangeOfSignature) { + List<Pair<Integer, Integer>> result = new ArrayList<>(); + + if (byteRangeOfSignature != null) { + for (int i = 0; i < byteRangeOfSignature.length / 2; i++) { + result.add(Pair.newInstance( + Integer.valueOf(byteRangeOfSignature[i]), + Integer.valueOf(byteRangeOfSignature[i + 1]))); + + } + } else { + log.debug("PDF signature-verification result contains no byte-range information"); + + } + + return result; + } - final VerifyCMSSignatureResponseElement firstSig = - (VerifyCMSSignatureResponseElement) cmsSigVerifyResp.getResponseElements().get(0); - - final at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse result = - new at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyCmsSignatureResponse(); - + private GenericSignatureVerificationResponse parseBasisSignatureInformation( + GenericSignatureVerificationResponse result, VerifyCMSSignatureResponseElement resp) + throws CertificateEncodingException { // parse results into response container - result.setSignatureCheckCode(firstSig.getSignatureCheck().getCode()); - result.setCertificateCheckCode(firstSig.getCertificateCheck().getCode()); + result.setSignatureCheckCode(resp.getSignatureCheck().getCode()); + result.setCertificateCheckCode(resp.getCertificateCheck().getCode()); - if (firstSig.getSignerInfo() != null) { - result.setSigningDateTime(firstSig.getSignerInfo().getSigningTime()); + if (resp.getSignerInfo() != null) { + result.setSigningDateTime(resp.getSignerInfo().getSigningTime()); result - .setX509CertificateEncoded(firstSig.getSignerInfo().getSignerCertificate().getEncoded()); - result.setQualifiedCertificate(firstSig.getSignerInfo().isQualifiedCertificate()); + .setX509CertificateEncoded(resp.getSignerInfo().getSignerCertificate().getEncoded()); + result.setQualifiedCertificate(resp.getSignerInfo().isQualifiedCertificate()); - result.setPublicAuthority(firstSig.getSignerInfo().isPublicAuthority()); - result.setPublicAuthorityCode(firstSig.getSignerInfo().getPublicAuhtorityID()); + result.setPublicAuthority(resp.getSignerInfo().isPublicAuthority()); + result.setPublicAuthorityCode(resp.getSignerInfo().getPublicAuhtorityID()); } else { log.info("CMS or CAdES verification result contains no SignerInfo"); + } - + + + //TODO: add extended validation infos + result.setSignatureAlgorithmIdentifier(resp.getSignatureAlgorithm()); + result.setExtendedCertificateCheckResult(resp.getExtendedCertificateCheck()); + result.setFormValidationResults(resp.getAdESFormResults()); + return result; + } - + /** * Build a VerifyCMS-Siganture request for MOA-Sig. <br> * <br> @@ -258,15 +380,21 @@ public class SignatureVerificationService extends AbstractSignatureService * used for validation * @param xpathSignatureLocation Xpath that points to location of * Signature element + * @param sigValDate Signature timestamp + * @param supplementContent Map that contains supplement profile content; keyed by references. Each entry + * in this map becomes a Content/Base64Content child in the SupplementProfile + * node. Use this map to specify content of references that the verification + * service cannot resolve. * @return MOA-Sig verification request element * @throws MoaSigServiceBuilderException In case of an error */ private Element buildVerifyXmlRequest(final byte[] signature, final String trustProfileID, - final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation) - throws MoaSigServiceBuilderException { + final List<String> verifyTransformsInfoProfileID, final String xpathSignatureLocation, + Date sigValDate, final Map<String, byte[]> supplementContent) throws MoaSigServiceBuilderException { try { // build empty document final Document requestDoc_ = getNewDocumentBuilder(); + final Element requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); @@ -275,6 +403,18 @@ public class SignatureVerificationService extends AbstractSignatureService requestDoc_.appendChild(requestElem_); // build the request + + // build set signing time + if (sigValDate != null) { + final Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); + requestElem_.appendChild(dateTimeElem); + final Node dateTime = requestDoc_.createTextNode( + DateFormatUtils.format(sigValDate, PATTERN_ISSUE_INSTANT)); + dateTimeElem.appendChild(dateTime); + + } + + //set other parameters final Element verifiySignatureInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); requestElem_.appendChild(verifiySignatureInfoElem); @@ -334,6 +474,25 @@ public class SignatureVerificationService extends AbstractSignatureService trustProfileIdElem.appendChild(requestDoc_.createTextNode(trustProfileID)); requestElem_.appendChild(trustProfileIdElem); + // add supplement profile + if (!supplementContent.isEmpty()) { + + final Element supplementProfile = requestDoc_.createElementNS(MOA_NS_URI, "SupplementProfile"); + + for (Map.Entry<String, byte[]> entry: supplementContent.entrySet()) { + String reference = entry.getKey(); + byte[] contentBytes = entry.getValue(); + final Element content = requestDoc_.createElementNS(MOA_NS_URI, "Content"); + content.setAttribute("Reference", reference); + final Element b64content = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + b64content.setTextContent(Base64Utils.encodeToString(contentBytes)); + content.appendChild(b64content); + supplementProfile.appendChild(content); + } + + requestElem_.appendChild(supplementProfile); + } + return requestElem_; } catch (final Throwable t) { @@ -342,7 +501,6 @@ public class SignatureVerificationService extends AbstractSignatureService t); } - } @PostConstruct diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java new file mode 100644 index 00000000..6006b731 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java @@ -0,0 +1,223 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import java.io.Serializable; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; +import at.gv.egovernment.moa.spss.api.common.ExtendedCertificateCheckResult; +import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; +import iaik.x509.X509Certificate; +import lombok.Builder; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@Getter +@Setter +public class GenericSignatureVerificationResponse + implements IGenericSignatureVerificationResponse, Serializable { + + private static final long serialVersionUID = -7751001050689401118L; + + /** The signing time. */ + private Date signingDateTime; + + /** The signatureCheckCode to be stored. */ + private int signatureCheckCode; + + /** The certificateCheckCode to be stored. */ + private int certificateCheckCode; + + /** The publicAuthority to be stored. */ + private boolean publicAuthority; + + /** The publicAuthorityCode to be stored. */ + private String publicAuthorityCode; + + /** The qualifiedCertificate to be stored. */ + private boolean qualifiedCertificate; + + private byte[] x509CertificateEncoded; + + /** + * Identifier of the signing algorithm. + */ + private String signatureAlgorithmIdentifier; + + private ExtendedCertificateValidation extendedCertificateValidation; + + private List<ExtendedResult> formValidationResults = null; + + @Override + public Date getSigningDateTime() { + if (this.signingDateTime != null) { + return new Date(this.signingDateTime.getTime()); + } + return null; + + } + + @Override + public X509Certificate getX509Certificate() throws MoaSigServiceException { + if (x509CertificateEncoded != null) { + try { + return new X509Certificate(x509CertificateEncoded); + + } catch (final CertificateException e) { + log.error("Can NOT parse X509 certifcate in " + + GenericSignatureVerificationResponse.class.getName(), e); + throw new MoaSigServiceParserException("service.moasig.01", null, e); + } + + } + + return null; + + } + + @Override + public byte[] getX509CertificateEncoded() { + if (this.x509CertificateEncoded != null) { + return this.x509CertificateEncoded.clone(); + + } + return null; + + } + + @Override + public String getPublicAuthorityCode() { + if (StringUtils.isNotEmpty(this.publicAuthorityCode)) { + return this.publicAuthorityCode; + + } else { + return null; + + } + + } + + @Override + public List<ExtendedResult> getFormValidationResults() { + if (formValidationResults == null) { + return Collections.emptyList(); + + } else { + return formValidationResults; + + } + } + + /** + * Set signature creation timestramp. + * + * @param signingDateTime timestamp + */ + public void setSigningDateTime(final Date signingDateTime) { + if (signingDateTime != null) { + this.signingDateTime = new Date(signingDateTime.getTime()); + } + } + + /** + * Set encoded signer certificate. + * + * @param x509CertificateEncoded signer cerificate + */ + public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) { + if (x509CertificateEncoded != null) { + this.x509CertificateEncoded = x509CertificateEncoded.clone(); + + } + } + + /** + * Set extended certificate-validation result. + * + * @param extendedCertificateCheck Extended result from MOA-Sig + */ + public void setExtendedCertificateCheckResult(ExtendedCertificateCheckResult extendedCertificateCheck) { + if (extendedCertificateCheck != null) { + this.extendedCertificateValidation = ExtendedCertificateValidation.builder() + .majorResult(ExtendedResult.builder() + .code(extendedCertificateCheck.getMajorCode()) + .info(extendedCertificateCheck.getMajorInfo()) + .build()) + .minorResult(ExtendedResult.builder() + .code(extendedCertificateCheck.getMinorCode()) + .info(extendedCertificateCheck.getMinorInfo()) + .build()) + .build(); + + } else { + log.debug("No extended verification-result. Skipping certificate-result extraction ... "); + + } + } + + /** + * Set form-validation result. + * + * @param formCheckResult Extended form-validation result from MOA-Sig + */ + public void setFormValidationResults(List<?> formCheckResult) { + if (formCheckResult != null) { + for (Object elObj : formCheckResult) { + if (elObj instanceof AdESFormResults) { + AdESFormResults el = (AdESFormResults)elObj; + + if (formValidationResults == null) { + formValidationResults = new ArrayList<>(); + + } + + formValidationResults.add(ExtendedResult.builder() + .code(el.getCode()) + .info(el.getName()) + .build()); + + } else { + log.warn("Skip unknown form-validation result of type: {}", elObj.getClass().getName()); + + } + } + + } else { + log.debug("No extended verification-result. Skipping form-validation result extraction ... "); + + } + + } + + @Getter + @Builder + public static class ExtendedCertificateValidation implements Serializable { + + private static final long serialVersionUID = -7800026008655393276L; + + private ExtendedResult majorResult; + private ExtendedResult minorResult; + + } + + @Getter + @Builder + public static class ExtendedResult implements Serializable { + + private static final long serialVersionUID = 8523769744476971010L; + + private int code; + private String info; + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java new file mode 100644 index 00000000..a812db56 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java @@ -0,0 +1,14 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse + implements ICmsSignatureVerificationResponse { + + private static final long serialVersionUID = 708260904158070696L; + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java new file mode 100644 index 00000000..740ac55a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyPdfSignatureResponse.java @@ -0,0 +1,30 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import java.util.List; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; +import lombok.Getter; +import lombok.Setter; + +@Getter +@Setter +public class VerifyPdfSignatureResponse extends VerifyCmsSignatureResponse + implements IPdfSignatureVerificationResponse { + + private static final long serialVersionUID = 1835687958341837826L; + + /** + * Flag if signature covers the full pdf-document. + */ + private CoversFullDocument signatureCoversFullDocument = CoversFullDocument.UNKNOWN; + + /** + * PDF signing ranges as {@link List} of {@link Pair} of starting-byte and byte-length. + */ + private List<Pair<Integer, Integer>> byteRange; + + + public enum CoversFullDocument { YES, NO, UNKNOWN } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java new file mode 100644 index 00000000..4021a90b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java @@ -0,0 +1,35 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import lombok.Getter; +import lombok.Setter; + +/** + * MOA-Sig signature verification response for XML based signatures. + * + * @author tlenz + * + */ + +@Getter +@Setter +public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse + implements IXmlSignatureVerificationResponse { + + private static final long serialVersionUID = 8386070769565711601L; + + /** The xmlDsigSubjectName to be stored. */ + private String xmlDsigSubjectName; + + /** The xmlDSIGManifestCheckCode to be stored. */ + private int xmlDsigManifestCheckCode; + /** The xmlDSIGManigest to be stored. */ + private boolean xmlDsigManigest; + + /** + * The result of the signature manifest check. The default value <code>-1</code> + * indicates that the signature manifest has not been checked. + */ + private int signatureManifestCheckCode = -1; + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java index 231cb94f..746b5461 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eaaf/modules/sigverify/moasig/impl/parser/VerifyXmlSignatureResponseParser.java @@ -1,27 +1,26 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.parser; +package at.gv.egiz.eaaf.modules.sigverify.moasig.impl.parser; import java.io.ByteArrayInputStream; import java.io.InputStream; import org.joda.time.DateTime; import org.joda.time.format.ISODateTimeFormat; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.lang.NonNull; import org.w3c.dom.Element; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data.VerifyXmlSignatureResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyXmlSignatureResponse; import at.gv.egovernment.moaspss.util.Constants; import at.gv.egovernment.moaspss.util.DOMUtils; import at.gv.egovernment.moaspss.util.XPathUtils; import iaik.utils.Base64InputStream; import iaik.x509.X509Certificate; +import lombok.extern.slf4j.Slf4j; +@Slf4j public class VerifyXmlSignatureResponseParser { - private static final Logger log = LoggerFactory.getLogger(VerifyXmlSignatureResponseParser.class); // // XPath namespace prefix shortcuts @@ -180,7 +179,9 @@ public class VerifyXmlSignatureResponseParser { respData.setSigningDateTime(datetime.toDate()); } - + + //TODO: parse extended validation results + return respData; } catch (final Throwable t) { diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java deleted file mode 100644 index 66eedd79..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureCreationService.java +++ /dev/null @@ -1,5 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api; - -public interface ISignatureCreationService { - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java deleted file mode 100644 index 67e9e29d..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/api/ISignatureVerificationService.java +++ /dev/null @@ -1,100 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api; - -import java.util.List; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; - -public interface ISignatureVerificationService { - - /** - * Verify a CAdES or CMS signature. <br> - * <br> - * <i>This method only validates the first CMS or CAdES signature if more than - * one signature exists</i> - * - * @param signature Enveloped CMS or CAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @return @link {@link ICmsSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - ICmsSignatureVerificationResponse verifyCmsSignature(byte[] signature, String trustProfileID) - throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature. <br> - * <br> - * <i>This method only validates the first XML or XAdES signature if more than - * one signature exists</i> - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig configuration - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID) - throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature. <br> - * <br> - * <i>This method only validates the first XML or XAdES signature if more than - * one signature exists</i> - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig - * configuration - * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that - * should be used for - * signature-verification - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - List<String> verifyTransformsInfoProfileID) throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature. <br> - * <br> - * <i>This method only validates the first XML or XAdES signature if more than - * one signature exists</i> - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig - * configuration - * @param signatureLocationXpath Xpath that points to location of Signature - * element - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - String signatureLocationXpath) throws MoaSigServiceException; - - /** - * Verify a XML or XAdES signature. <br> - * <br> - * <i>This method only validates the first XML or XAdES signature if more than - * one signature exists</i> - * - * @param signature Serialized XML or XAdES signature - * @param trustProfileID Id of the Trust-Profile from MOA-Sig - * configuration - * @param verifyTransformsInfoProfileID {@link List} of XML Transformations that - * should be used for - * signature-verification - * @param signatureLocationXpath Xpath that points to location of - * Signature element - * @return @link {@link IXmlSignatureVerificationResponse}, or null if no - * signature was found - * @throws MoaSigServiceException on signatue-verification error - */ - IXmlSignatureVerificationResponse verifyXmlSignature(byte[] signature, String trustProfileID, - List<String> verifyTransformsInfoProfileID, String signatureLocationXpath) - throws MoaSigServiceException; - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java deleted file mode 100644 index 0485f31f..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/GenericSignatureVerificationResponse.java +++ /dev/null @@ -1,152 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; - -import java.io.Serializable; -import java.security.cert.CertificateException; -import java.util.Date; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IGenericSignatureVerificationResponse; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceException; -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.exceptions.MoaSigServiceParserException; -import iaik.x509.X509Certificate; - -public class GenericSignatureVerificationResponse - implements IGenericSignatureVerificationResponse, Serializable { - - private static final long serialVersionUID = -7751001050689401118L; - private static final Logger log = - LoggerFactory.getLogger(GenericSignatureVerificationResponse.class); - - /** The signing time. */ - private Date signingDateTime; - - /** The signatureCheckCode to be stored. */ - private int signatureCheckCode; - - /** The certificateCheckCode to be stored. */ - private int certificateCheckCode; - - /** The publicAuthority to be stored. */ - private boolean publicAuthority; - - /** The publicAuthorityCode to be stored. */ - private String publicAuthorityCode; - - /** The qualifiedCertificate to be stored. */ - private boolean qualifiedCertificate; - - private byte[] x509CertificateEncoded; - - @Override - public Date getSigningDateTime() { - if (this.signingDateTime != null) { - return new Date(this.signingDateTime.getTime()); - } - return null; - - } - - @Override - public int getSignatureCheckCode() { - return this.signatureCheckCode; - - } - - @Override - public int getCertificateCheckCode() { - return this.certificateCheckCode; - - } - - @Override - public boolean isQualifiedCertificate() { - return this.qualifiedCertificate; - - } - - @Override - public X509Certificate getX509Certificate() throws MoaSigServiceException { - if (x509CertificateEncoded != null) { - try { - return new X509Certificate(x509CertificateEncoded); - - } catch (final CertificateException e) { - log.error("Can NOT parse X509 certifcate in " - + GenericSignatureVerificationResponse.class.getName(), e); - throw new MoaSigServiceParserException("service.moasig.01", null, e); - } - - } - - return null; - - } - - @Override - public byte[] getX509CertificateEncoded() { - if (this.x509CertificateEncoded != null) { - return this.x509CertificateEncoded.clone(); - - } - return null; - - } - - @Override - public boolean isPublicAuthority() { - return this.publicAuthority; - - } - - @Override - public String getPublicAuthorityCode() { - return this.publicAuthorityCode; - - } - - /** - * Set signature creation timestramp. - * - * @param signingDateTime timestamp - */ - public void setSigningDateTime(final Date signingDateTime) { - if (signingDateTime != null) { - this.signingDateTime = new Date(signingDateTime.getTime()); - } - } - - public void setSignatureCheckCode(final int signatureCheckCode) { - this.signatureCheckCode = signatureCheckCode; - } - - public void setCertificateCheckCode(final int certificateCheckCode) { - this.certificateCheckCode = certificateCheckCode; - } - - public void setPublicAuthority(final boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - public void setPublicAuthorityCode(final String publicAuthorityCode) { - this.publicAuthorityCode = publicAuthorityCode; - } - - public void setQualifiedCertificate(final boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Set encoded signer certificate. - * - * @param x509CertificateEncoded signer cerificate - */ - public void setX509CertificateEncoded(final byte[] x509CertificateEncoded) { - if (x509CertificateEncoded != null) { - this.x509CertificateEncoded = x509CertificateEncoded.clone(); - - } - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java deleted file mode 100644 index ed679828..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyCmsSignatureResponse.java +++ /dev/null @@ -1,10 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.ICmsSignatureVerificationResponse; - -public class VerifyCmsSignatureResponse extends GenericSignatureVerificationResponse - implements ICmsSignatureVerificationResponse { - - private static final long serialVersionUID = 708260904158070696L; - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java b/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java deleted file mode 100644 index 4b0632b1..00000000 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/java/at/gv/egiz/eid/authhandler/modules/sigverify/moasig/impl/data/VerifyXmlSignatureResponse.java +++ /dev/null @@ -1,115 +0,0 @@ -package at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.data; - -import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; - -/** - * MOA-Sig signature verification response for XML based signatures. - * - * @author tlenz - * - */ - -public class VerifyXmlSignatureResponse extends GenericSignatureVerificationResponse - implements IXmlSignatureVerificationResponse { - - private static final long serialVersionUID = 8386070769565711601L; - - /** The xmlDsigSubjectName to be stored. */ - private String xmlDsigSubjectName; - - /** The xmlDSIGManifestCheckCode to be stored. */ - private int xmlDsigManifestCheckCode; - /** The xmlDSIGManigest to be stored. */ - private boolean xmlDsigManigest; - - /** - * The result of the signature manifest check. The default value <code>-1</code> - * indicates that the signature manifest has not been checked. - */ - private int signatureManifestCheckCode = -1; - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getXmlDSIGManifestCheckCode() - */ - @Override - public int getXmlDsigManifestCheckCode() { - return xmlDsigManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getXmlDsigSubjectName() - */ - @Override - public String getXmlDsigSubjectName() { - return xmlDsigSubjectName; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDSIGManifestCheckCode( int) - */ - public void setXmlDsigManifestCheckCode(final int xmlDsigManifestCheckCode) { - this.xmlDsigManifestCheckCode = xmlDsigManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDsigSubjectName(java.lang .String) - */ - public void setXmlDsigSubjectName(final String xmlDsigSubjectName) { - this.xmlDsigSubjectName = xmlDsigSubjectName; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * isXmlDSIGManigest() - */ - @Override - public boolean isXmlDsigManigest() { - return xmlDsigManigest; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setXmlDSIGManigest(boolean) - */ - public void setXmlDsigManigest(final boolean xmlDsigManigest) { - this.xmlDsigManigest = xmlDsigManigest; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * getSignatureManifestCheckCode() - */ - @Override - public int getSignatureManifestCheckCode() { - return signatureManifestCheckCode; - } - - /* - * (non-Javadoc) - * - * @see at.gv.egovernment.moa.id.auth.data.IVerifiyXMLSignatureResponse# - * setSignatureManifestCheckCode( int) - */ - public void setSignatureManifestCheckCode(final int signatureManifestCheckCode) { - this.signatureManifestCheckCode = signatureManifestCheckCode; - } - -} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider index 2f0ae67f..a0a1d413 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -1 +1 @@ -at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.MoaSigSpringResourceProvider
\ No newline at end of file +at.gv.egiz.eaaf.modules.sigverify.moasig.impl.MoaSigSpringResourceProvider
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/MOASPSSConfiguration.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/MOASPSSConfiguration.xml new file mode 100644 index 00000000..0840ecd9 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/MOASPSSConfiguration.xml @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<cfg:Common> + <cfg:PermitExternalUris> + <cfg:BlackListUri> + <cfg:IP>192.168</cfg:IP> + </cfg:BlackListUri> + </cfg:PermitExternalUris> + </cfg:Common> + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName> + <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>false</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/MOASPSSConfiguration_zuse.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/MOASPSSConfiguration_zuse.xml new file mode 100644 index 00000000..cd618916 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/MOASPSSConfiguration_zuse.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<cfg:Common> + <cfg:PermitExternalUris> + <cfg:BlackListUri> + <cfg:IP>192.168</cfg:IP> + </cfg:BlackListUri> + </cfg:PermitExternalUris> + </cfg:Common> + + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName> + <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + + <cfg:TrustProfile> + <cfg:Id>default-trustprofile</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/default-trustprofile</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>false</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD Binary files differnew file mode 100644 index 00000000..61bfd22b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 Binary files differnew file mode 100644 index 00000000..55707d69 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 Binary files differnew file mode 100644 index 00000000..815f53d9 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 Binary files differnew file mode 100644 index 00000000..88275398 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A Binary files differnew file mode 100644 index 00000000..f28aa4b8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 Binary files differnew file mode 100644 index 00000000..5171276f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/12EF3AF8A20F39B003E23DE20A1D1821D5FDB770/2A5F716B5A72BAC254CACFD8E8CE5D0C4B5EAAAC b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/12EF3AF8A20F39B003E23DE20A1D1821D5FDB770/2A5F716B5A72BAC254CACFD8E8CE5D0C4B5EAAAC Binary files differnew file mode 100644 index 00000000..efe3c3d5 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/12EF3AF8A20F39B003E23DE20A1D1821D5FDB770/2A5F716B5A72BAC254CACFD8E8CE5D0C4B5EAAAC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 Binary files differnew file mode 100644 index 00000000..6e17b9db --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 Binary files differnew file mode 100644 index 00000000..911640d0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE Binary files differnew file mode 100644 index 00000000..1bb44944 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D Binary files differnew file mode 100644 index 00000000..807fa786 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 Binary files differnew file mode 100644 index 00000000..b2a1e145 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 Binary files differnew file mode 100644 index 00000000..22d64fb5 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C Binary files differnew file mode 100644 index 00000000..8588ce58 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 Binary files differnew file mode 100644 index 00000000..7bbf658e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E Binary files differnew file mode 100644 index 00000000..2fa45b28 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 Binary files differnew file mode 100644 index 00000000..c79d3e6b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA Binary files differnew file mode 100644 index 00000000..ab9e0cd7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 Binary files differnew file mode 100644 index 00000000..01965769 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 Binary files differnew file mode 100644 index 00000000..5026d395 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 Binary files differnew file mode 100644 index 00000000..9b2ee0fc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2F849DCCDEABA497857648268CA112DA6E6355A5/5BCFEAFB92BBB66F3C8481F525842D8D0D7F7AF7 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2F849DCCDEABA497857648268CA112DA6E6355A5/5BCFEAFB92BBB66F3C8481F525842D8D0D7F7AF7 Binary files differnew file mode 100644 index 00000000..a5d79820 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/2F849DCCDEABA497857648268CA112DA6E6355A5/5BCFEAFB92BBB66F3C8481F525842D8D0D7F7AF7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 Binary files differnew file mode 100644 index 00000000..9d2132e7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F Binary files differnew file mode 100644 index 00000000..c34d0f38 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 Binary files differnew file mode 100644 index 00000000..d894e92c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D Binary files differnew file mode 100644 index 00000000..380486f6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E Binary files differnew file mode 100644 index 00000000..0f0db03b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E Binary files differnew file mode 100644 index 00000000..39e377ed --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 Binary files differnew file mode 100644 index 00000000..0a1fcff8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C Binary files differnew file mode 100644 index 00000000..61d346a8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 Binary files differnew file mode 100644 index 00000000..9ae7ffa0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 Binary files differnew file mode 100644 index 00000000..a68ae2db --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 Binary files differnew file mode 100644 index 00000000..28cb48bb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E Binary files differnew file mode 100644 index 00000000..c9da4158 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 Binary files differnew file mode 100644 index 00000000..28fbdf42 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 Binary files differnew file mode 100644 index 00000000..b9a0e5a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 Binary files differnew file mode 100644 index 00000000..24d1795f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 Binary files differnew file mode 100644 index 00000000..6da18c62 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 Binary files differnew file mode 100644 index 00000000..3a274af3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F Binary files differnew file mode 100644 index 00000000..3beb4529 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 Binary files differnew file mode 100644 index 00000000..da38ce02 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 Binary files differnew file mode 100644 index 00000000..7e9fd5b0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 Binary files differnew file mode 100644 index 00000000..41dc7c55 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F Binary files differnew file mode 100644 index 00000000..b596d82e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D Binary files differnew file mode 100644 index 00000000..4adc3b7e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 Binary files differnew file mode 100644 index 00000000..1e4f2277 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 Binary files differnew file mode 100644 index 00000000..fe561ad6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA Binary files differnew file mode 100644 index 00000000..5205ec51 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 Binary files differnew file mode 100644 index 00000000..10a1f714 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Binary files differnew file mode 100644 index 00000000..dae01965 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E Binary files differnew file mode 100644 index 00000000..b9fe1280 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 Binary files differnew file mode 100644 index 00000000..ea1585a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 Binary files differnew file mode 100644 index 00000000..0c2494a4 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 Binary files differnew file mode 100644 index 00000000..424f849a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B Binary files differnew file mode 100644 index 00000000..06b40aa6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E Binary files differnew file mode 100644 index 00000000..3be7b6a0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E Binary files differnew file mode 100644 index 00000000..b2beddaa --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5DEF09D3EB4882A51F78FADCFFD89DAE61FEDB88/8B7D65E9116BFA561CE16472750779988C4F736E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5DEF09D3EB4882A51F78FADCFFD89DAE61FEDB88/8B7D65E9116BFA561CE16472750779988C4F736E Binary files differnew file mode 100644 index 00000000..87a36296 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5DEF09D3EB4882A51F78FADCFFD89DAE61FEDB88/8B7D65E9116BFA561CE16472750779988C4F736E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 Binary files differnew file mode 100644 index 00000000..73553b99 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 Binary files differnew file mode 100644 index 00000000..6368a6cc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 Binary files differnew file mode 100644 index 00000000..08d7b28e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE Binary files differnew file mode 100644 index 00000000..e47d2b8b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA Binary files differnew file mode 100644 index 00000000..5168e1af --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D Binary files differnew file mode 100644 index 00000000..c5bcc42e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A Binary files differnew file mode 100644 index 00000000..3c7775b6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A Binary files differnew file mode 100644 index 00000000..b6f39e35 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 Binary files differnew file mode 100644 index 00000000..f9fef65f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 Binary files differnew file mode 100644 index 00000000..f9f27442 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F Binary files differnew file mode 100644 index 00000000..69de7560 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE Binary files differnew file mode 100644 index 00000000..efa28178 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 Binary files differnew file mode 100644 index 00000000..8c434777 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 Binary files differnew file mode 100644 index 00000000..289fc219 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 Binary files differnew file mode 100644 index 00000000..b7d4b08a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 Binary files differnew file mode 100644 index 00000000..89cfe44f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C Binary files differnew file mode 100644 index 00000000..d9d633e3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE Binary files differnew file mode 100644 index 00000000..c3fc9135 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 Binary files differnew file mode 100644 index 00000000..64091864 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/70F7FEE6A786C95E4B2060931106FC9BCE5533D2/9B234116E494979AB9ED53F360C126CE3FA43580 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/70F7FEE6A786C95E4B2060931106FC9BCE5533D2/9B234116E494979AB9ED53F360C126CE3FA43580 Binary files differnew file mode 100644 index 00000000..2766c792 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/70F7FEE6A786C95E4B2060931106FC9BCE5533D2/9B234116E494979AB9ED53F360C126CE3FA43580 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A Binary files differnew file mode 100644 index 00000000..ad13d7b2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B Binary files differnew file mode 100644 index 00000000..d361d919 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 Binary files differnew file mode 100644 index 00000000..69a8e487 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D Binary files differnew file mode 100644 index 00000000..1a310674 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 Binary files differnew file mode 100644 index 00000000..558ce15e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D Binary files differnew file mode 100644 index 00000000..0bab7703 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F Binary files differnew file mode 100644 index 00000000..b60dea24 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 Binary files differnew file mode 100644 index 00000000..ac2e3c2b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C Binary files differnew file mode 100644 index 00000000..4dd2c49b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 Binary files differnew file mode 100644 index 00000000..1bfd4d66 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 Binary files differnew file mode 100644 index 00000000..c478bf0f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 Binary files differnew file mode 100644 index 00000000..09bd4626 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 Binary files differnew file mode 100644 index 00000000..592c9623 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 Binary files differnew file mode 100644 index 00000000..c171b6d3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB Binary files differnew file mode 100644 index 00000000..6f97837a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 Binary files differnew file mode 100644 index 00000000..d7799119 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B Binary files differnew file mode 100644 index 00000000..508f7f07 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B Binary files differnew file mode 100644 index 00000000..c0feb0d0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 Binary files differnew file mode 100644 index 00000000..ebfbce9a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 Binary files differnew file mode 100644 index 00000000..5c75689f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB Binary files differnew file mode 100644 index 00000000..e08466c5 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E Binary files differnew file mode 100644 index 00000000..ed5ba194 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA Binary files differnew file mode 100644 index 00000000..bc5ed1e6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B Binary files differnew file mode 100644 index 00000000..cb519b7e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 Binary files differnew file mode 100644 index 00000000..f2bbe24c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 Binary files differnew file mode 100644 index 00000000..a592bd28 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 Binary files differnew file mode 100644 index 00000000..6114ab41 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 Binary files differnew file mode 100644 index 00000000..beff5366 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 Binary files differnew file mode 100644 index 00000000..60405d6b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 Binary files differnew file mode 100644 index 00000000..4132c67c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 Binary files differnew file mode 100644 index 00000000..36c381da --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE Binary files differnew file mode 100644 index 00000000..e20156af --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A Binary files differnew file mode 100644 index 00000000..6f92cf71 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 Binary files differnew file mode 100644 index 00000000..0cba97ee --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD Binary files differnew file mode 100644 index 00000000..1de8f2cd --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 Binary files differnew file mode 100644 index 00000000..23d9533d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 Binary files differnew file mode 100644 index 00000000..a7948e48 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE Binary files differnew file mode 100644 index 00000000..c4d97cda --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D73EFD748AD39AE858E449A5528FA1E2CCEF2A7/33AF2DC34F39AC0B81EA20D9DAF770E589D1E3EB b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D73EFD748AD39AE858E449A5528FA1E2CCEF2A7/33AF2DC34F39AC0B81EA20D9DAF770E589D1E3EB Binary files differnew file mode 100644 index 00000000..4ed3a01f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9D73EFD748AD39AE858E449A5528FA1E2CCEF2A7/33AF2DC34F39AC0B81EA20D9DAF770E589D1E3EB diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 Binary files differnew file mode 100644 index 00000000..a63cd9ad --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 Binary files differnew file mode 100644 index 00000000..f5e70ea0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 Binary files differnew file mode 100644 index 00000000..a5e651f8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B Binary files differnew file mode 100644 index 00000000..b15880c2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA Binary files differnew file mode 100644 index 00000000..d53dce92 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE Binary files differnew file mode 100644 index 00000000..5375c57c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 Binary files differnew file mode 100644 index 00000000..7085c5ac --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 Binary files differnew file mode 100644 index 00000000..97dc187d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 Binary files differnew file mode 100644 index 00000000..ad5d7dea --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B Binary files differnew file mode 100644 index 00000000..2bf4ad71 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E Binary files differnew file mode 100644 index 00000000..c3363a92 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC Binary files differnew file mode 100644 index 00000000..750c0857 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 Binary files differnew file mode 100644 index 00000000..069640ff --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Binary files differnew file mode 100644 index 00000000..391ffc14 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C Binary files differnew file mode 100644 index 00000000..255c513a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 Binary files differnew file mode 100644 index 00000000..6225c0ca --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 Binary files differnew file mode 100644 index 00000000..83aeb1fc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 Binary files differnew file mode 100644 index 00000000..f8a8957a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 Binary files differnew file mode 100644 index 00000000..376d0753 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 Binary files differnew file mode 100644 index 00000000..6bbb4b5a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 Binary files differnew file mode 100644 index 00000000..3536bd3c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D Binary files differnew file mode 100644 index 00000000..8e513a9f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 Binary files differnew file mode 100644 index 00000000..36a442b8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E Binary files differnew file mode 100644 index 00000000..54f80996 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA Binary files differnew file mode 100644 index 00000000..8ddc7d79 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 Binary files differnew file mode 100644 index 00000000..c9fd41f7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 Binary files differnew file mode 100644 index 00000000..61a7ccb1 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 Binary files differnew file mode 100644 index 00000000..e4bd48da --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A Binary files differnew file mode 100644 index 00000000..f6df0f4f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 Binary files differnew file mode 100644 index 00000000..0668256a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 Binary files differnew file mode 100644 index 00000000..cac44093 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 Binary files differnew file mode 100644 index 00000000..46d4477a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C Binary files differnew file mode 100644 index 00000000..4989f3e7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 Binary files differnew file mode 100644 index 00000000..7c6adedf --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 Binary files differnew file mode 100644 index 00000000..70f5b7c9 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A Binary files differnew file mode 100644 index 00000000..141b05ef --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/DCBA60B785A3B332E2DA7573E523E336EAA26BBF/FE52D92F5FFA970F528814B09B75CA2613F49936 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/DCBA60B785A3B332E2DA7573E523E336EAA26BBF/FE52D92F5FFA970F528814B09B75CA2613F49936 Binary files differnew file mode 100644 index 00000000..3aa42163 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/DCBA60B785A3B332E2DA7573E523E336EAA26BBF/FE52D92F5FFA970F528814B09B75CA2613F49936 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Binary files differnew file mode 100644 index 00000000..95500f6b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC Binary files differnew file mode 100644 index 00000000..87d8b52d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 Binary files differnew file mode 100644 index 00000000..91acd396 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A Binary files differnew file mode 100644 index 00000000..b5f5fa6c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 Binary files differnew file mode 100644 index 00000000..abeb964d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 Binary files differnew file mode 100644 index 00000000..34c8cf8a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE Binary files differnew file mode 100644 index 00000000..cc35ba69 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B Binary files differnew file mode 100644 index 00000000..783dd271 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC Binary files differnew file mode 100644 index 00000000..74c4ce3b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 Binary files differnew file mode 100644 index 00000000..f3cf5e67 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC Binary files differnew file mode 100644 index 00000000..fc5bd433 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 Binary files differnew file mode 100644 index 00000000..0a8de4bb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 Binary files differnew file mode 100644 index 00000000..d2e7db66 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 Binary files differnew file mode 100644 index 00000000..f2f1c656 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 Binary files differnew file mode 100644 index 00000000..476a3efb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 Binary files differnew file mode 100644 index 00000000..5c88b668 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 Binary files differnew file mode 100644 index 00000000..38c2de58 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B Binary files differnew file mode 100644 index 00000000..f1d7b6a2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD Binary files differnew file mode 100644 index 00000000..c1b90c0f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E Binary files differnew file mode 100644 index 00000000..3c77b90d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 Binary files differnew file mode 100644 index 00000000..29d93550 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F Binary files differnew file mode 100644 index 00000000..2a88295a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 Binary files differnew file mode 100644 index 00000000..84a1690d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 Binary files differnew file mode 100644 index 00000000..0dc18601 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 Binary files differnew file mode 100644 index 00000000..a699436c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 Binary files differnew file mode 100644 index 00000000..05a8b86f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA Binary files differnew file mode 100644 index 00000000..836ba376 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B Binary files differnew file mode 100644 index 00000000..87b13faa --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F Binary files differnew file mode 100644 index 00000000..f1c03d68 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 Binary files differnew file mode 100644 index 00000000..781d1e4f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B Binary files differnew file mode 100644 index 00000000..8286cabb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B Binary files differnew file mode 100644 index 00000000..a0148f63 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C Binary files differnew file mode 100644 index 00000000..42a64da0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 Binary files differnew file mode 100644 index 00000000..32893db7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C Binary files differnew file mode 100644 index 00000000..277b6083 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 Binary files differnew file mode 100644 index 00000000..afe6fdf0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF Binary files differnew file mode 100644 index 00000000..d71177a4 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 00000000..e67b1f5c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 00000000..741013cd --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms></VerifyTransformsInfoProfile> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_own.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_own.xml new file mode 100644 index 00000000..517f6437 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_own.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default"/><xsl:template xmlns="http://www.w3.org/1999/xhtml" match="/"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.cer Binary files differnew file mode 100644 index 00000000..3c7775b6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.cer Binary files differnew file mode 100644 index 00000000..54f80996 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.cer Binary files differnew file mode 100644 index 00000000..01965769 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.cer Binary files differnew file mode 100644 index 00000000..b9a0e5a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05.crt b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05.crt new file mode 100644 index 00000000..9befb53f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Consent_test.crt b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Consent_test.crt new file mode 100644 index 00000000..203c416f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Consent_test.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfzCCBGegAwIBAgIHAJZY0iYXUjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQG +EwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9m +IFRlY2hub2xvZ3kxDTALBgNVBAsTBElBSUsxIjAgBgNVBAMTGUlBSUsgVGVzdCBJ +bnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTI4MTQ0NTIxWhcNMjEwNTI4MTQ0NTIxWjAw +MQwwCgYDVQQqEwNFaWQxDTALBgNVBAQTBFRlc3QxETAPBgNVBAMTCEVpZCBUZXN0 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs+u9OdjFmRGF1Cbsa+XSuvzPoIG +pPtcJs+4thMbCubwSQMvUOssrCzrC1Ji9YVxeqHs3DU2RDEosoSUROJH3KOCAyAw +ggMcMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMIIBNgYIKwYBBQUHAQEE +ggEoMIIBJDCBggYIKwYBBQUHMAKGdmxkYXA6Ly9jYXBzby10ZXN0LmlhaWsudHVn +cmF6LmF0OjEzODkvY249aWFpay10ZXN0LWludGVybWVkaWF0ZS1jYSxvdT1wa2ks +ZGM9aWFpayxkYz10dWdyYXosZGM9YXQ/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwUAYI +KwYBBQUHMAKGRGh0dHA6Ly9jYXBzby10ZXN0LmlhaWsudHVncmF6LmF0L2NlcnRz +L2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEsGCCsGAQUFBzABhj9odHRw +Oi8vY2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdC9vY3NwL2lhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2EwHwYDVR0jBBgwFoAUedgPAoHlywvut/xEv9Nn+hCGURIwgaAG +A1UdIASBmDCBlTCBkgYMKwYBBAGVEgECBwEBMIGBMH8GCCsGAQUFBwICMHMMcVRo +aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBieSBhICoqY29weSoqIG9mIGFuIElB +SUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgYW5kIG1heSBiZSB1c2VkIGZvciB0ZXN0 +IHB1cnBvc2VzIG9ubHkuMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYJsZGFwOi8v +Y2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdDoxMzg5L2NuPWlhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2Esb3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5hkNodHRwOi8vY2Fwc28tdGVzdC5p +YWlrLnR1Z3Jhei5hdC9jcmxzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY3Js +MB0GA1UdDgQWBBSOwKEfd5HkkkiziZBb5Yj4HWy1DDANBgkqhkiG9w0BAQsFAAOC +AgEAAjjDMSWxbUHvklPKS4xTJJV7Bl5Gy++/LZ39Mb8ZCgjIsGIP9w3hhz0kfi4z +Iz6hvf/Yx9zlKZ/wRIU8R4iygqQSY5Zm28WKVm3Vbhfs4ewN4FJTP8w8LgUSHJ02 +V+JIHtUt5i9U2a/I01bmzIIfBYL0IW8s1K3VMAzADyHDGW/U6h9ck7dayw8OWi8t +NT4tnKX4mEhH6z2kUPnv7fqFlSRrD0uqkeKZad3A1a155S0Dgj1cZmNjR4sRhQhh +gba/EGuHNyEXchVasIITohORuJV9BAq4CckbSLo/qCSf+uiQUJm336LwavjGZked +O/auvRTETctPipjdONSxF/jbjAQ3fmYR/VqvoCm6K3ZgWTzxk0S4mfarrwooDvlE +rkSnrlLf+D6EyQt9LCw/i5LvH/+E+ZQ4AKwTHmJok4xdSgywyNrxsciZrvUGgwe9 +n+CV3IzEymYfL28qykKWpqbPTlSHqa3SlImdl8ywJI4hAW7mzZDp4OjhibRydJsR +7uiFnfhIKMTDicnZGgPZZqIuS4qGwYBszU77R+XmwmZqZBkNP88eYW1qnxCFGEtI +OiiETwO4zxXFF21CeB06PEwRCVgebBg0zBnX+hIsT/nJqwHK8I0Yh24BCudESUC2 +gE9xrujrk3e7r+lOqbYbzeWRJnXILg+SnflzC9kS3LxRfJI= +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt new file mode 100644 index 00000000..fda99f2b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.crt b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.crt new file mode 100644 index 00000000..803b30eb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIEOWntwTANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg +aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1U +ZXN0LVF1YWwtMDIxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1RdWFsLTAyMB4XDTE0 +MTEyNDE0NDkxN1oXDTI0MTExODEzNDkxN1owgaExCzAJBgNVBAYTAkFUMUgwRgYD +VQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0 +ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsMGmEtc2lnbi1QcmVtaXVtLVRl +c3QtU2lnLTAyMSMwIQYDVQQDDBphLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwJSfWpRaziThddTTup72Cl +tlXl8oc7HQoK2SWsYQwZGAd5nJZbwbI4K8VFKlNnK72Zl8UhmQ2FxhzS6u+Q+qEz +JOM2xTfA2NB6A9/KFpTJXUjvCHgRvW16EEF9YpYXxKTSK+QrYCXAC5rL6SuYOzgA +7Q1ivq+zLbyXxroux2zVEBIiaBGpZhOHGDFJk6h/4QelIqzd2TIDCRzvhmLDVmhq +X2C1NQb5kZuMgrxxOhG5Cr1F8solkwyu43JiM+apY4bZJVQBwi9ATBMz5tfdoLRs +lQy1BCQ4X+b6u/2856gucU+1e/wa5pB9Ff0eP+xy+j2DZOXLNd8m/IQvnshjNusC +AwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIRgafjkGOFb0wEwYD +VR0jBAwwCoAIQg8xWXA9iecwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA +A4IBAQBq/owq5eGvhxegchLvnMjPnE9gTYIHEvMq8DN6h2J7pTEhKG2o09LLn/pN +HWRjKENU/LqZBIAJ5zebm5XqzB631BYcuu1abyPFfpMdAL9X4zFuDvg9EGaTir2c +81XaBYzVSLN7fxmNLKSmMwUt0JQQyqpe3V9iyoBE/WcQyKmKaEp7mCZsGFBm6KmJ +gqD6TPb7X9bWUr3yx6Z5gek71f3vQi69m1x811azXlxu1i/XFnVpzxkrKRXJWC+w +nQRxXmU7YnMzYPOA7UOpUG6J+7tYi29hY3EpMgyXM/T/BL5MdyzBefbPVzLHng5z +VaXNpO0ENCrlUyi1m3Yd/7QPDdJM +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.cer Binary files differnew file mode 100644 index 00000000..cac44093 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a..cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a..cer Binary files differnew file mode 100644 index 00000000..32893db7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a..cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.cer new file mode 100644 index 00000000..60bc9a55 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT +VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx +NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK +DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g +RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx +HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B +kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV +HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8 +fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK +shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61 +0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB +/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ +IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g +zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc +d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh +eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq +/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.cer Binary files differnew file mode 100644 index 00000000..3c7775b6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.cer Binary files differnew file mode 100644 index 00000000..54f80996 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.cer Binary files differnew file mode 100644 index 00000000..01965769 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.cer Binary files differnew file mode 100644 index 00000000..b9a0e5a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.cer b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/XMLSchema-instance.xsd b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/XMLSchema-instance.xsd new file mode 100644 index 00000000..f47577b8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/XMLSchema-instance.xsd @@ -0,0 +1,37 @@ +<?xml version='1.0'?> +<!DOCTYPE xs:schema SYSTEM "XMLSchema.dtd" [ +<!ELEMENT p ANY> +<!ELEMENT a ANY> +<!ATTLIST a href CDATA #IMPLIED> +<!ELEMENT hr ANY> +<!ELEMENT h1 ANY> +<!ELEMENT br ANY> +]> +<xs:schema targetNamespace="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="http://www.w3.org/1999/xhtml"> + <xs:annotation> + <xs:documentation> + <h1>XML Schema instance namespace</h1> + <p>See <a href="http://www.w3.org/TR/xmlschema-1/">the XML Schema + Recommendation</a> for an introduction</p> + + + <hr /> + $Date: 2001/03/16 20:25:57 $<br /> + $Id: XMLSchema-instance.xsd,v 1.4 2001/03/16 20:25:57 ht Exp $ + </xs:documentation> + </xs:annotation> + <xs:annotation> + <xs:documentation><p>This schema should never be used as such: + <a href="http://www.w3.org/TR/xmlschema-1/#no-xsi">the XML + Schema Recommendation</a> forbids the declaration of + attributes in this namespace</p> + </xs:documentation> + </xs:annotation> + + <xs:attribute name="nil"/> + <xs:attribute name="type"/> + <xs:attribute name="schemaLocation"/> + <xs:attribute name="noNamespaceSchemaLocation"/> +</xs:schema> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/XMLSchema.dtd b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/XMLSchema.dtd new file mode 100644 index 00000000..e8e8f762 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/XMLSchema.dtd @@ -0,0 +1,402 @@ +<!-- DTD for XML Schemas: Part 1: Structures + Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN" + Official Location: http://www.w3.org/2001/XMLSchema.dtd --> +<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ --> +<!-- Note this DTD is NOT normative, or even definitive. --> <!--d--> +<!-- prose copy in the structures REC is the definitive version --> <!--d--> +<!-- (which shouldn't differ from this one except for this --> <!--d--> +<!-- comment and entity expansions, but just in case) --> <!--d--> +<!-- With the exception of cases with multiple namespace + prefixes for the XML Schema namespace, any XML document which is + not valid per this DTD given redefinitions in its internal subset of the + 'p' and 's' parameter entities below appropriate to its namespace + declaration of the XML Schema namespace is almost certainly not + a valid schema. --> + +<!-- The simpleType element and its constituent parts + are defined in XML Schema: Part 2: Datatypes --> +<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' > + +<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a + schema document to establish a different + namespace prefix --> +<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must + also define %s as the suffix for the appropriate + namespace declaration (e.g. :foo) --> +<!ENTITY % nds 'xmlns%s;'> + +<!-- Define all the element names, with optional prefix --> +<!ENTITY % schema "%p;schema"> +<!ENTITY % complexType "%p;complexType"> +<!ENTITY % complexContent "%p;complexContent"> +<!ENTITY % simpleContent "%p;simpleContent"> +<!ENTITY % extension "%p;extension"> +<!ENTITY % element "%p;element"> +<!ENTITY % unique "%p;unique"> +<!ENTITY % key "%p;key"> +<!ENTITY % keyref "%p;keyref"> +<!ENTITY % selector "%p;selector"> +<!ENTITY % field "%p;field"> +<!ENTITY % group "%p;group"> +<!ENTITY % all "%p;all"> +<!ENTITY % choice "%p;choice"> +<!ENTITY % sequence "%p;sequence"> +<!ENTITY % any "%p;any"> +<!ENTITY % anyAttribute "%p;anyAttribute"> +<!ENTITY % attribute "%p;attribute"> +<!ENTITY % attributeGroup "%p;attributeGroup"> +<!ENTITY % include "%p;include"> +<!ENTITY % import "%p;import"> +<!ENTITY % redefine "%p;redefine"> +<!ENTITY % notation "%p;notation"> + +<!-- annotation elements --> +<!ENTITY % annotation "%p;annotation"> +<!ENTITY % appinfo "%p;appinfo"> +<!ENTITY % documentation "%p;documentation"> + +<!-- Customisation entities for the ATTLIST of each element type. + Define one of these if your schema takes advantage of the + anyAttribute='##other' in the schema for schemas --> + +<!ENTITY % schemaAttrs ''> +<!ENTITY % complexTypeAttrs ''> +<!ENTITY % complexContentAttrs ''> +<!ENTITY % simpleContentAttrs ''> +<!ENTITY % extensionAttrs ''> +<!ENTITY % elementAttrs ''> +<!ENTITY % groupAttrs ''> +<!ENTITY % allAttrs ''> +<!ENTITY % choiceAttrs ''> +<!ENTITY % sequenceAttrs ''> +<!ENTITY % anyAttrs ''> +<!ENTITY % anyAttributeAttrs ''> +<!ENTITY % attributeAttrs ''> +<!ENTITY % attributeGroupAttrs ''> +<!ENTITY % uniqueAttrs ''> +<!ENTITY % keyAttrs ''> +<!ENTITY % keyrefAttrs ''> +<!ENTITY % selectorAttrs ''> +<!ENTITY % fieldAttrs ''> +<!ENTITY % includeAttrs ''> +<!ENTITY % importAttrs ''> +<!ENTITY % redefineAttrs ''> +<!ENTITY % notationAttrs ''> +<!ENTITY % annotationAttrs ''> +<!ENTITY % appinfoAttrs ''> +<!ENTITY % documentationAttrs ''> + +<!ENTITY % complexDerivationSet "CDATA"> + <!-- #all or space-separated list drawn from derivationChoice --> +<!ENTITY % blockSet "CDATA"> + <!-- #all or space-separated list drawn from + derivationChoice + 'substitution' --> + +<!ENTITY % mgs '%all; | %choice; | %sequence;'> +<!ENTITY % cs '%choice; | %sequence;'> +<!ENTITY % formValues '(qualified|unqualified)'> + + +<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'> + +<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'> + +<!-- This is used in part2 --> +<!ENTITY % restriction1 '((%mgs; | %group;)?)'> + +%xs-datatypes; + +<!-- the duplication below is to produce an unambiguous content model + which allows annotation everywhere --> +<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*, + ((%simpleType; | %complexType; + | %element; | %attribute; + | %attributeGroup; | %group; + | %notation; ), + (%annotation;)*)* )> +<!ATTLIST %schema; + targetNamespace %URIref; #IMPLIED + version CDATA #IMPLIED + %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema' + xmlns CDATA #IMPLIED + finalDefault %complexDerivationSet; '' + blockDefault %blockSet; '' + id ID #IMPLIED + elementFormDefault %formValues; 'unqualified' + attributeFormDefault %formValues; 'unqualified' + xml:lang CDATA #IMPLIED + %schemaAttrs;> +<!-- Note the xmlns declaration is NOT in the Schema for Schemas, + because at the Infoset level where schemas operate, + xmlns(:prefix) is NOT an attribute! --> +<!-- The declaration of xmlns is a convenience for schema authors --> + +<!-- The id attribute here and below is for use in external references + from non-schemas using simple fragment identifiers. + It is NOT used for schema-to-schema reference, internal or + external. --> + +<!-- a type is a named content type specification which allows attribute + declarations--> +<!-- --> + +<!ELEMENT %complexType; ((%annotation;)?, + (%simpleContent;|%complexContent;| + %particleAndAttrs;))> + +<!ATTLIST %complexType; + name %NCName; #IMPLIED + id ID #IMPLIED + abstract %boolean; #IMPLIED + final %complexDerivationSet; #IMPLIED + block %complexDerivationSet; #IMPLIED + mixed (true|false) 'false' + %complexTypeAttrs;> + +<!-- particleAndAttrs is shorthand for a root type --> +<!-- mixed is disallowed if simpleContent, overriden if complexContent + has one too. --> + +<!-- If anyAttribute appears in one or more referenced attributeGroups + and/or explicitly, the intersection of the permissions is used --> + +<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))> +<!ATTLIST %complexContent; + mixed (true|false) #IMPLIED + id ID #IMPLIED + %complexContentAttrs;> + +<!-- restriction should use the branch defined above, not the simple + one from part2; extension should use the full model --> + +<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))> +<!ATTLIST %simpleContent; + id ID #IMPLIED + %simpleContentAttrs;> + +<!-- restriction should use the simple branch from part2, not the + one defined above; extension should have no particle --> + +<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))> +<!ATTLIST %extension; + base %QName; #REQUIRED + id ID #IMPLIED + %extensionAttrs;> + +<!-- an element is declared by either: + a name and a type (either nested or referenced via the type attribute) + or a ref to an existing element declaration --> + +<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?, + (%unique; | %key; | %keyref;)*)> +<!-- simpleType or complexType only if no type|ref attribute --> +<!-- ref not allowed at top level --> +<!ATTLIST %element; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + type %QName; #IMPLIED + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + nillable %boolean; #IMPLIED + substitutionGroup %QName; #IMPLIED + abstract %boolean; #IMPLIED + final %complexDerivationSet; #IMPLIED + block %blockSet; #IMPLIED + default CDATA #IMPLIED + fixed CDATA #IMPLIED + form %formValues; #IMPLIED + %elementAttrs;> +<!-- type and ref are mutually exclusive. + name and ref are mutually exclusive, one is required --> +<!-- In the absence of type AND ref, type defaults to type of + substitutionGroup, if any, else the ur-type, i.e. unconstrained --> +<!-- default and fixed are mutually exclusive --> + +<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)> +<!ATTLIST %group; + name %NCName; #IMPLIED + ref %QName; #IMPLIED + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %groupAttrs;> + +<!ELEMENT %all; ((%annotation;)?, (%element;)*)> +<!ATTLIST %all; + minOccurs (1) #IMPLIED + maxOccurs (1) #IMPLIED + id ID #IMPLIED + %allAttrs;> + +<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)> +<!ATTLIST %choice; + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %choiceAttrs;> + +<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)> +<!ATTLIST %sequence; + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %sequenceAttrs;> + +<!-- an anonymous grouping in a model, or + a top-level named group definition, or a reference to same --> + +<!-- Note that if order is 'all', group is not allowed inside. + If order is 'all' THIS group must be alone (or referenced alone) at + the top level of a content model --> +<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside --> +<!-- Should allow minOccurs=0 inside order='all' . . . --> + +<!ELEMENT %any; (%annotation;)?> +<!ATTLIST %any; + namespace CDATA '##any' + processContents (skip|lax|strict) 'strict' + minOccurs %nonNegativeInteger; '1' + maxOccurs CDATA '1' + id ID #IMPLIED + %anyAttrs;> + +<!-- namespace is interpreted as follows: + ##any - - any non-conflicting WFXML at all + + ##other - - any non-conflicting WFXML from namespace other + than targetNamespace + + ##local - - any unqualified non-conflicting WFXML/attribute + one or - - any non-conflicting WFXML from + more URI the listed namespaces + references + + ##targetNamespace ##local may appear in the above list, + with the obvious meaning --> + +<!ELEMENT %anyAttribute; (%annotation;)?> +<!ATTLIST %anyAttribute; + namespace CDATA '##any' + processContents (skip|lax|strict) 'strict' + id ID #IMPLIED + %anyAttributeAttrs;> +<!-- namespace is interpreted as for 'any' above --> + +<!-- simpleType only if no type|ref attribute --> +<!-- ref not allowed at top level, name iff at top level --> +<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)> +<!ATTLIST %attribute; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + type %QName; #IMPLIED + use (prohibited|optional|required) #IMPLIED + default CDATA #IMPLIED + fixed CDATA #IMPLIED + form %formValues; #IMPLIED + %attributeAttrs;> +<!-- type and ref are mutually exclusive. + name and ref are mutually exclusive, one is required --> +<!-- default for use is optional when nested, none otherwise --> +<!-- default and fixed are mutually exclusive --> +<!-- type attr and simpleType content are mutually exclusive --> + +<!-- an attributeGroup is a named collection of attribute decls, or a + reference thereto --> +<!ELEMENT %attributeGroup; ((%annotation;)?, + (%attribute; | %attributeGroup;)*, + (%anyAttribute;)?) > +<!ATTLIST %attributeGroup; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + %attributeGroupAttrs;> + +<!-- ref iff no content, no name. ref iff not top level --> + +<!-- better reference mechanisms --> +<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %unique; + name %NCName; #REQUIRED + id ID #IMPLIED + %uniqueAttrs;> + +<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %key; + name %NCName; #REQUIRED + id ID #IMPLIED + %keyAttrs;> + +<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %keyref; + name %NCName; #REQUIRED + refer %QName; #REQUIRED + id ID #IMPLIED + %keyrefAttrs;> + +<!ELEMENT %selector; ((%annotation;)?)> +<!ATTLIST %selector; + xpath %XPathExpr; #REQUIRED + id ID #IMPLIED + %selectorAttrs;> +<!ELEMENT %field; ((%annotation;)?)> +<!ATTLIST %field; + xpath %XPathExpr; #REQUIRED + id ID #IMPLIED + %fieldAttrs;> + +<!-- Schema combination mechanisms --> +<!ELEMENT %include; (%annotation;)?> +<!ATTLIST %include; + schemaLocation %URIref; #REQUIRED + id ID #IMPLIED + %includeAttrs;> + +<!ELEMENT %import; (%annotation;)?> +<!ATTLIST %import; + namespace %URIref; #IMPLIED + schemaLocation %URIref; #IMPLIED + id ID #IMPLIED + %importAttrs;> + +<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; | + %attributeGroup; | %group;)*> +<!ATTLIST %redefine; + schemaLocation %URIref; #REQUIRED + id ID #IMPLIED + %redefineAttrs;> + +<!ELEMENT %notation; (%annotation;)?> +<!ATTLIST %notation; + name %NCName; #REQUIRED + id ID #IMPLIED + public CDATA #REQUIRED + system %URIref; #IMPLIED + %notationAttrs;> + +<!-- Annotation is either application information or documentation --> +<!-- By having these here they are available for datatypes as well + as all the structures elements --> + +<!ELEMENT %annotation; (%appinfo; | %documentation;)*> +<!ATTLIST %annotation; %annotationAttrs;> + +<!-- User must define annotation elements in internal subset for this + to work --> +<!ELEMENT %appinfo; ANY> <!-- too restrictive --> +<!ATTLIST %appinfo; + source %URIref; #IMPLIED + id ID #IMPLIED + %appinfoAttrs;> +<!ELEMENT %documentation; ANY> <!-- too restrictive --> +<!ATTLIST %documentation; + source %URIref; #IMPLIED + id ID #IMPLIED + xml:lang CDATA #IMPLIED + %documentationAttrs;> + +<!NOTATION XMLSchemaStructures PUBLIC + 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' > +<!NOTATION XML PUBLIC + 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' > diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/xml.xsd b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/xml.xsd new file mode 100644 index 00000000..79dbc02b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/xml.xsd @@ -0,0 +1,83 @@ +<?xml version='1.0'?>
+<!-- documented out for compatibility with Xerces-2.0.2
+<!DOCTYPE xs:schema PUBLIC "-//W3C//DTD XMLSCHEMA 200102//EN" "XMLSchema.dtd" >
+-->
+<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="en">
+
+ <xs:annotation>
+ <xs:documentation>
+ See http://www.w3.org/XML/1998/namespace.html and
+ http://www.w3.org/TR/REC-xml for information about this namespace.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>This schema defines attributes and an attribute group
+ suitable for use by
+ schemas wishing to allow xml:base, xml:lang or xml:space attributes
+ on elements they define.
+
+ To enable this, such a schema must import this schema
+ for the XML namespace, e.g. as follows:
+ <schema . . .>
+ . . .
+ <import namespace="http://www.w3.org/XML/1998/namespace"
+ schemaLocation="http://www.w3.org/2001/03/xml.xsd"/>
+
+ Subsequently, qualified reference to any of the attributes
+ or the group defined below will have the desired effect, e.g.
+
+ <type . . .>
+ . . .
+ <attributeGroup ref="xml:specialAttrs"/>
+
+ will define a type which will schema-validate an instance
+ element with any of those attributes</xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>In keeping with the XML Schema WG's standard versioning
+ policy, this schema document will persist at
+ http://www.w3.org/2001/03/xml.xsd.
+ At the date of issue it can also be found at
+ http://www.w3.org/2001/xml.xsd.
+ The schema document at that URI may however change in the future,
+ in order to remain compatible with the latest version of XML Schema
+ itself. In other words, if the XML Schema namespace changes, the version
+ of this document at
+ http://www.w3.org/2001/xml.xsd will change
+ accordingly; the version at
+ http://www.w3.org/2001/03/xml.xsd will not change.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="lang" type="xs:language">
+ <xs:annotation>
+ <xs:documentation>In due course, we should install the relevant ISO 2- and 3-letter
+ codes as the enumerated possible values . . .</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attribute name="space" default="preserve">
+ <xs:simpleType>
+ <xs:restriction base="xs:NCName">
+ <xs:enumeration value="default"/>
+ <xs:enumeration value="preserve"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="base" type="xs:anyURI">
+ <xs:annotation>
+ <xs:documentation>See http://www.w3.org/TR/xmlbase/ for
+ information about this attribute.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attributeGroup name="specialAttrs">
+ <xs:attribute ref="xml:base"/>
+ <xs:attribute ref="xml:lang"/>
+ <xs:attribute ref="xml:space"/>
+ </xs:attributeGroup>
+
+</xs:schema>
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/zuse_mypersondata_en_p2.xsd b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/zuse_mypersondata_en_p2.xsd new file mode 100644 index 00000000..5c4248bd --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/zuse_mypersondata_en_p2.xsd @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:p="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" targetNamespace="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.2.006"> + <xs:element name="Identification" type="p:IdentificationType" /> + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element name="Value" type="xs:string" /> + </xs:sequence> + </xs:complexType> +</xs:schema> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/zuse_p2.xsd b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/zuse_p2.xsd new file mode 100644 index 00000000..2d277405 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/config/zuseSchema/zuse_p2.xsd @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:p="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" xmlns:msg="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#" targetNamespace="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.2.007"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" schemaLocation="zuse_mypersondata_en_p2.xsd"/> + <xs:element name="DeliveryRequest" type="msg:DeliveryRequestType" /> + <xs:complexType name="DeliveryRequestType"> + <xs:sequence> + <xs:element ref="msg:Receiver"/> + </xs:sequence> + </xs:complexType> + <xs:element name="DeliveryResponse" type="xs:string" /> + <xs:element name="Receiver"> + <xs:complexType> + <xs:sequence> + <xs:element ref="p:Identification"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml index c5e05853..d3de7ba1 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml +++ b/eaaf_modules/eaaf_module_moa-sig/src/main/resources/moa-sig-service.beans.xml @@ -12,14 +12,14 @@ <context:annotation-config /> <bean id="moaSigInitializer" - class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.MoaSigInitializer" /> + class="at.gv.egiz.eaaf.modules.sigverify.moasig.impl.MoaSigInitializer" /> <bean id="moaSigVerifyService" - class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService" + class="at.gv.egiz.eaaf.modules.sigverify.moasig.impl.SignatureVerificationService" depends-on="moaSigInitializer" /> <bean id="moaSigCreateService" - class="at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureCreationService" + class="at.gv.egiz.eaaf.modules.sigverify.moasig.impl.SignatureCreationService" depends-on="moaSigInitializer" /> </beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/MoaSigSpringResourceProviderTest.java b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/MoaSigSpringResourceProviderTest.java new file mode 100644 index 00000000..341c5a8c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/MoaSigSpringResourceProviderTest.java @@ -0,0 +1,52 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.MoaSigSpringResourceProvider; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class MoaSigSpringResourceProviderTest { + + static final String TEST_SPI_LOADER_PATH = + "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider"; + + @Test + public void testSpringConfig() { + final MoaSigSpringResourceProvider test = new MoaSigSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + } + + @Test + public void testSpiLoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream(TEST_SPI_LOADER_PATH); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", MoaSigSpringResourceProvider.class.getName(), + spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: " + TEST_SPI_LOADER_PATH + " not found"); + } + + } +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java new file mode 100644 index 00000000..71c4b1af --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceTest.java @@ -0,0 +1,202 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.test.verify; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.util.List; + +import org.apache.commons.io.IOUtils; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IPdfSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egiz.eaaf.modules.sigverify.moasig.impl.data.VerifyPdfSignatureResponse.CoversFullDocument; +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; +import lombok.extern.slf4j.Slf4j; + +@Slf4j +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/moa-sig-service.beans.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class SignatureVerificationServiceTest { + + @Autowired ISignatureVerificationService service; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + * @throws ConfigurationException In case of an error + */ + @BeforeClass + public static void moaSpssInitialize() throws IOException, ConfigurationException { + log.info("Loading Java security providers."); + final String current = new java.io.File(".").getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", + current + "/src/test/resources/config/moaspss_config/MOASPSSConfiguration.xml"); + + ((Logger) LoggerFactory.getLogger("at.gv.egovernment.moa")).setLevel(Level.DEBUG); + ((Logger) LoggerFactory.getLogger("iaik.server")).setLevel(Level.INFO); + ((Logger) LoggerFactory.getLogger("iaik.pki")).setLevel(Level.INFO); + + } + + /** + * Reset MOA-SPSS configuration. + */ + @AfterClass + public static void removeMoaSpssConfig() { + System.setProperty("moa.spss.server.configuration", ""); + + } + + @Test + public void unknownTrustProfile() throws IOException { + // load signature + byte[] signature = IOUtils.resourceToByteArray("/data/xml/zuse_sig_1.xml"); + + // start verification + MoaSigServiceException exception = assertThrows(MoaSigServiceException.class, + () -> service.verifyXmlSignature(signature, "notexist")); + + // verify state + Assert.assertEquals("wrong exception", "service.moasig.03", exception.getErrorId()); + + } + + @Test + public void simpleSignaturVerificationTest() throws MoaSigServiceException, IOException { + // load signature + byte[] signature = IOUtils.resourceToByteArray("/data/xml/zuse_sig_1.xml"); + + //start verification + IXmlSignatureVerificationResponse result = + service.verifyXmlSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten"); + + //verify result + Assert.assertEquals("sig. checkCode", 0, result.getSignatureCheckCode()); + Assert.assertEquals("cert. checkCode", 1, result.getCertificateCheckCode()); + Assert.assertEquals("XML manifest. checkCode", 0, result.getXmlDsigManifestCheckCode()); + Assert.assertEquals("manifest. checkCode", 0, result.getSignatureManifestCheckCode()); + + Assert.assertNotNull("X509Cert", result.getX509Certificate()); + Assert.assertNotNull("X509Cert encoded", result.getX509CertificateEncoded()); + + Assert.assertFalse("PubAuthority flag", result.isPublicAuthority()); + Assert.assertNull("PubAuthorityIdentifer", result.getPublicAuthorityCode()); + + Assert.assertFalse("qcCert flag", result.isQualifiedCertificate()); + + } + + @Test + public void noCertPathByMissingX509Extensions() throws MoaSigServiceException, IOException { + // load signature + byte[] signature = IOUtils.resourceToByteArray("/data/zuse/signed-notification-with-pdf.xml"); + + //start verification + IXmlSignatureVerificationResponse result = + service.verifyXmlSignature(signature, "default-trustprofile"); + + //verify result + Assert.assertEquals("cert. checkCode", 1, result.getCertificateCheckCode()); + + } + + @Test + public void simplePdfSignatureTest() throws IOException, MoaSigServiceException { + // load signature + byte[] signature = IOUtils.resourceToByteArray( + "/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf"); + + List<IPdfSignatureVerificationResponse> result = + service.verifyPdfSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten"); + + assertNotNull("result", result); + assertFalse("result is empty", result.isEmpty()); + assertEquals("missing signature", 2, result.size()); + + assertNull("sigAlg 1", result.get(0).getSignatureAlgorithmIdentifier()); + assertNull("formCheck 1", result.get(0).getExtendedCertificateValidation()); + assertTrue("ext. certCheck 1", result.get(0).getFormValidationResults().isEmpty()); + assertEquals("coversFullDoc 1", CoversFullDocument.UNKNOWN, result.get(0).getSignatureCoversFullDocument()); + + assertNull("SigAlg 2", result.get(1).getSignatureAlgorithmIdentifier()); + assertNull("formCheck 2", result.get(1).getExtendedCertificateValidation()); + assertTrue("ext. certCheck 2", result.get(1).getFormValidationResults().isEmpty()); + assertEquals("coversFullDoc 2", CoversFullDocument.UNKNOWN, result.get(1).getSignatureCoversFullDocument()); + + } + + @Test + public void extendedPdfSignatureTest() throws IOException, MoaSigServiceException { + // load signature + byte[] signature = IOUtils.resourceToByteArray( + "/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf"); + + List<IPdfSignatureVerificationResponse> result = + service.verifyPdfSignature(signature, "MOAIDBuergerkarteAuthentisierungsDaten", true); + + assertNotNull("result", result); + assertFalse("result is empty", result.isEmpty()); + assertEquals("missing signature", 2, result.size()); + + assertEquals("sigCheckCode", 0, result.get(0).getSignatureCheckCode()); + assertEquals("certCheckCode", 0, result.get(0).getCertificateCheckCode()); + + assertNotNull("sigAlg 1", result.get(0).getSignatureAlgorithmIdentifier()); + assertNotNull("formCheck 1", result.get(0).getExtendedCertificateValidation()); + assertFalse("ext. certCheck 1", result.get(0).getFormValidationResults().isEmpty()); + assertEquals("coversFullDoc 1", CoversFullDocument.NO, result.get(0).getSignatureCoversFullDocument()); + + //valid ext. cert result + assertEquals("ext. cert. check code", 2, + result.get(0).getExtendedCertificateValidation().getMajorResult().getCode()); + assertEquals("ext. cert. check info", "INDETERMINATE", + result.get(0).getExtendedCertificateValidation().getMajorResult().getInfo()); + assertEquals("ext. cert. check code", 24, + result.get(0).getExtendedCertificateValidation().getMinorResult().getCode()); + assertEquals("ext. cert. check info", "ERROR", + result.get(0).getExtendedCertificateValidation().getMinorResult().getInfo()); + + + //validate form-check result + assertEquals("ext. formcheck size", 4, result.get(0).getFormValidationResults().size()); + assertEquals("wrong PAdES-B Code", 0, result.get(0).getFormValidationResults().stream() + .filter(el -> el.getInfo().equals("B-B")) + .findFirst() + .get().getCode()); + + result.get(0).getFormValidationResults().stream() + .filter(el -> !el.getInfo().equals("B-B")) + .forEach(el -> assertEquals("wrong form check-code", 2, el.getCode())); + + + assertNotNull("SigAlg 2", result.get(1).getSignatureAlgorithmIdentifier()); + assertNotNull("formCheck 2", result.get(1).getExtendedCertificateValidation()); + assertFalse("ext. certCheck 2", result.get(1).getFormValidationResults().isEmpty()); + assertEquals("coversFullDoc 2", CoversFullDocument.YES, result.get(1).getSignatureCoversFullDocument()); + + } + +} + diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceZuseConfigTest.java b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceZuseConfigTest.java new file mode 100644 index 00000000..909c37dc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/java/at/gv/egiz/eaaf/modules/sigverify/moasig/test/verify/SignatureVerificationServiceZuseConfigTest.java @@ -0,0 +1,82 @@ +package at.gv.egiz.eaaf.modules.sigverify.moasig.test.verify; + +import java.io.IOException; + +import org.apache.commons.io.IOUtils; +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.ISignatureVerificationService; +import at.gv.egiz.eaaf.modules.sigverify.moasig.api.data.IXmlSignatureVerificationResponse; +import at.gv.egiz.eaaf.modules.sigverify.moasig.exceptions.MoaSigServiceException; +import at.gv.egovernment.moa.spss.server.config.ConfigurationException; +import lombok.extern.slf4j.Slf4j; + +@Ignore +@Slf4j +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/moa-sig-service.beans.xml") +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class SignatureVerificationServiceZuseConfigTest { + + @Autowired ISignatureVerificationService service; + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + * @throws ConfigurationException In case of an error + */ + @BeforeClass + public static void moaSpssInitialize() throws IOException, ConfigurationException { + log.info("Loading Java security providers."); + final String current = new java.io.File(".").getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", + current + "/src/test/resources/config/moaspss_config/MOASPSSConfiguration_zuse.xml"); + + } + + /** + * Reset MOA-SPSS configuration. + */ + @AfterClass + public static void removeMoaSpssConfig() { + System.setProperty("moa.spss.server.configuration", ""); + + } + + @Test + public void simpleSignaturVerificationTest() throws IOException, MoaSigServiceException { + // load signature + byte[] signature = IOUtils.resourceToByteArray("/data/xml/zuse_sig_1.xml"); + + //start verification + IXmlSignatureVerificationResponse result = + service.verifyXmlSignature(signature, "default-trustprofile"); + + //verify result + Assert.assertEquals("sig. checkCode", 0, result.getSignatureCheckCode()); + Assert.assertEquals("cert. checkCode", 1, result.getCertificateCheckCode()); + Assert.assertEquals("XML manifest. checkCode", 0, result.getXmlDsigManifestCheckCode()); + Assert.assertEquals("manifest. checkCode", 0, result.getSignatureManifestCheckCode()); + + Assert.assertNotNull("X509Cert", result.getX509Certificate()); + Assert.assertNotNull("X509Cert encoded", result.getX509CertificateEncoded()); + + Assert.assertFalse("PubAuthority flag", result.isPublicAuthority()); + Assert.assertNull("PubAuthorityIdentifer", result.getPublicAuthorityCode()); + + Assert.assertFalse("qcCert flag", result.isQualifiedCertificate()); + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/java/console/PdfSigDecoder.java b/eaaf_modules/eaaf_module_moa-sig/src/test/java/console/PdfSigDecoder.java index 28338746..b9e9e517 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/test/java/console/PdfSigDecoder.java +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/java/console/PdfSigDecoder.java @@ -21,7 +21,7 @@ public class PdfSigDecoder { * @throws UnsupportedEncodingException In case of a general error */ public static void main(String[] args) throws CodingException, UnsupportedEncodingException, IOException { - InputStream is = PdfSigDecoder.class.getResourceAsStream("/pdf_cades_3.hex"); + InputStream is = PdfSigDecoder.class.getResourceAsStream("/pdf_cades_4.hex"); String test = new String(StreamUtils.copyToByteArray(is), "UTF-8"); test = test.replaceAll("\\n", ""); final byte[] bytes = new byte[test.length() / 2]; diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/java/console/SchemaValidationTest.java b/eaaf_modules/eaaf_module_moa-sig/src/test/java/console/SchemaValidationTest.java new file mode 100644 index 00000000..4680fa3e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/java/console/SchemaValidationTest.java @@ -0,0 +1,51 @@ +package console; + +import java.io.InputStream; + +import org.w3c.dom.Document; + +import at.gv.egovernment.moaspss.util.DOMUtils; + +public class SchemaValidationTest { + + public static final String SCHEMA_ROOT = "/config/zuseSchema/"; + + public static final String XML_NS_URI = "http://www.w3.org/XML/1998/namespace"; + public static final String XML_SCHEMA_LOCATION = SCHEMA_ROOT + "xml.xsd"; + + public static final String XSI_NS_URI = "http://www.w3.org/2001/XMLSchema-instance"; + public static final String XSI_SCHEMA_LOCATION = SCHEMA_ROOT + "XMLSchema-instance.xsd"; + + public static final String eDELIVERY20 = "http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#"; + public static final String eDELIVERY20_SCHEMA_LOCATION = SCHEMA_ROOT + "zuse_p2.xsd"; + + public static final String eDELIVERY_PERSON_20 = "http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#"; + public static final String eDELIVERY_PERSON_20_SCHEMA_LOCATION = SCHEMA_ROOT + "zuse_mypersondata_en_p2.xsd"; + + private static final String ZUSE_SCHEMAS = +// (XML_NS_URI + " " + XML_SCHEMA_LOCATION + " ") +// + (XSI_NS_URI + " " + XSI_SCHEMA_LOCATION + " ") + (eDELIVERY20 + " " + eDELIVERY20_SCHEMA_LOCATION + " ") + + (eDELIVERY_PERSON_20 + " " + eDELIVERY_PERSON_20_SCHEMA_LOCATION); + + /** + * Simple test. + * + * @param args not used yet + * @throws Exception in case of an error + */ + public static void main(String[] args) throws Exception { + + InputStream is = SchemaValidationTest.class.getResourceAsStream("/data/zuse/msg.xml"); + + +// Element result = DOMUtils.parseXmlValidating(is); + + Document result = DOMUtils.parseDocument(is, true, ZUSE_SCHEMAS, null); + + + System.out.print(DOMUtils.serializeNode(result)); + + } + +} diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/MOASPSSConfiguration.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/MOASPSSConfiguration.xml new file mode 100644 index 00000000..32b4c7c6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/MOASPSSConfiguration.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<cfg:Common> + <cfg:PermitExternalUris> + <cfg:BlackListUri> + <cfg:IP>192.168</cfg:IP> + </cfg:BlackListUri> + </cfg:PermitExternalUris> + </cfg:Common> + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName> + <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>default-trustprofile</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/default-trustprofile</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>false</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/MOASPSSConfiguration_zuse.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/MOASPSSConfiguration_zuse.xml new file mode 100644 index 00000000..cd618916 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/MOASPSSConfiguration_zuse.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<cfg:Common> + <cfg:PermitExternalUris> + <cfg:BlackListUri> + <cfg:IP>192.168</cfg:IP> + </cfg:BlackListUri> + </cfg:PermitExternalUris> + </cfg:Common> + + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName> + <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + + <cfg:TrustProfile> + <cfg:Id>default-trustprofile</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/default-trustprofile</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>false</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD Binary files differnew file mode 100644 index 00000000..61bfd22b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 Binary files differnew file mode 100644 index 00000000..55707d69 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 Binary files differnew file mode 100644 index 00000000..815f53d9 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 Binary files differnew file mode 100644 index 00000000..88275398 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A Binary files differnew file mode 100644 index 00000000..f28aa4b8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 Binary files differnew file mode 100644 index 00000000..5171276f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/10BDF206E84DD47BA31F9E21B87DD20B5F72D283/A37349A211137B7F6D7D24CD6B15BF74EC4E6FB3 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/10BDF206E84DD47BA31F9E21B87DD20B5F72D283/A37349A211137B7F6D7D24CD6B15BF74EC4E6FB3 Binary files differnew file mode 100644 index 00000000..ad5cf17d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/10BDF206E84DD47BA31F9E21B87DD20B5F72D283/A37349A211137B7F6D7D24CD6B15BF74EC4E6FB3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/12EF3AF8A20F39B003E23DE20A1D1821D5FDB770/2A5F716B5A72BAC254CACFD8E8CE5D0C4B5EAAAC b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/12EF3AF8A20F39B003E23DE20A1D1821D5FDB770/2A5F716B5A72BAC254CACFD8E8CE5D0C4B5EAAAC Binary files differnew file mode 100644 index 00000000..efe3c3d5 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/12EF3AF8A20F39B003E23DE20A1D1821D5FDB770/2A5F716B5A72BAC254CACFD8E8CE5D0C4B5EAAAC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 Binary files differnew file mode 100644 index 00000000..6e17b9db --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 Binary files differnew file mode 100644 index 00000000..911640d0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE Binary files differnew file mode 100644 index 00000000..1bb44944 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D Binary files differnew file mode 100644 index 00000000..807fa786 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 Binary files differnew file mode 100644 index 00000000..b2a1e145 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 Binary files differnew file mode 100644 index 00000000..22d64fb5 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C Binary files differnew file mode 100644 index 00000000..8588ce58 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 Binary files differnew file mode 100644 index 00000000..7bbf658e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E Binary files differnew file mode 100644 index 00000000..2fa45b28 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 Binary files differnew file mode 100644 index 00000000..c79d3e6b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA Binary files differnew file mode 100644 index 00000000..ab9e0cd7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 Binary files differnew file mode 100644 index 00000000..01965769 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 Binary files differnew file mode 100644 index 00000000..5026d395 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 Binary files differnew file mode 100644 index 00000000..9b2ee0fc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2F849DCCDEABA497857648268CA112DA6E6355A5/5BCFEAFB92BBB66F3C8481F525842D8D0D7F7AF7 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2F849DCCDEABA497857648268CA112DA6E6355A5/5BCFEAFB92BBB66F3C8481F525842D8D0D7F7AF7 Binary files differnew file mode 100644 index 00000000..a5d79820 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/2F849DCCDEABA497857648268CA112DA6E6355A5/5BCFEAFB92BBB66F3C8481F525842D8D0D7F7AF7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 Binary files differnew file mode 100644 index 00000000..9d2132e7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F Binary files differnew file mode 100644 index 00000000..c34d0f38 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 Binary files differnew file mode 100644 index 00000000..d894e92c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D Binary files differnew file mode 100644 index 00000000..380486f6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E Binary files differnew file mode 100644 index 00000000..0f0db03b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E Binary files differnew file mode 100644 index 00000000..39e377ed --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 Binary files differnew file mode 100644 index 00000000..0a1fcff8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C Binary files differnew file mode 100644 index 00000000..61d346a8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 Binary files differnew file mode 100644 index 00000000..9ae7ffa0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 Binary files differnew file mode 100644 index 00000000..a68ae2db --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 Binary files differnew file mode 100644 index 00000000..28cb48bb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E Binary files differnew file mode 100644 index 00000000..c9da4158 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 Binary files differnew file mode 100644 index 00000000..28fbdf42 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 Binary files differnew file mode 100644 index 00000000..b9a0e5a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 Binary files differnew file mode 100644 index 00000000..24d1795f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 Binary files differnew file mode 100644 index 00000000..6da18c62 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 Binary files differnew file mode 100644 index 00000000..3a274af3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F Binary files differnew file mode 100644 index 00000000..3beb4529 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 Binary files differnew file mode 100644 index 00000000..da38ce02 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 Binary files differnew file mode 100644 index 00000000..7e9fd5b0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 Binary files differnew file mode 100644 index 00000000..41dc7c55 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F Binary files differnew file mode 100644 index 00000000..b596d82e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D Binary files differnew file mode 100644 index 00000000..4adc3b7e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 Binary files differnew file mode 100644 index 00000000..1e4f2277 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 Binary files differnew file mode 100644 index 00000000..fe561ad6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA Binary files differnew file mode 100644 index 00000000..5205ec51 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 Binary files differnew file mode 100644 index 00000000..10a1f714 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Binary files differnew file mode 100644 index 00000000..dae01965 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E Binary files differnew file mode 100644 index 00000000..b9fe1280 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 Binary files differnew file mode 100644 index 00000000..ea1585a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 Binary files differnew file mode 100644 index 00000000..0c2494a4 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 Binary files differnew file mode 100644 index 00000000..424f849a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B Binary files differnew file mode 100644 index 00000000..06b40aa6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E Binary files differnew file mode 100644 index 00000000..3be7b6a0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E Binary files differnew file mode 100644 index 00000000..b2beddaa --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5DEF09D3EB4882A51F78FADCFFD89DAE61FEDB88/8B7D65E9116BFA561CE16472750779988C4F736E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5DEF09D3EB4882A51F78FADCFFD89DAE61FEDB88/8B7D65E9116BFA561CE16472750779988C4F736E Binary files differnew file mode 100644 index 00000000..87a36296 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5DEF09D3EB4882A51F78FADCFFD89DAE61FEDB88/8B7D65E9116BFA561CE16472750779988C4F736E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 Binary files differnew file mode 100644 index 00000000..73553b99 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 Binary files differnew file mode 100644 index 00000000..6368a6cc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 Binary files differnew file mode 100644 index 00000000..08d7b28e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE Binary files differnew file mode 100644 index 00000000..e47d2b8b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA Binary files differnew file mode 100644 index 00000000..5168e1af --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D Binary files differnew file mode 100644 index 00000000..c5bcc42e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A Binary files differnew file mode 100644 index 00000000..3c7775b6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A Binary files differnew file mode 100644 index 00000000..b6f39e35 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 Binary files differnew file mode 100644 index 00000000..f9fef65f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 Binary files differnew file mode 100644 index 00000000..f9f27442 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F Binary files differnew file mode 100644 index 00000000..69de7560 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE Binary files differnew file mode 100644 index 00000000..efa28178 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 Binary files differnew file mode 100644 index 00000000..8c434777 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 Binary files differnew file mode 100644 index 00000000..289fc219 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 Binary files differnew file mode 100644 index 00000000..b7d4b08a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 Binary files differnew file mode 100644 index 00000000..89cfe44f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C Binary files differnew file mode 100644 index 00000000..d9d633e3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE Binary files differnew file mode 100644 index 00000000..c3fc9135 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 Binary files differnew file mode 100644 index 00000000..64091864 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/70F7FEE6A786C95E4B2060931106FC9BCE5533D2/9B234116E494979AB9ED53F360C126CE3FA43580 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/70F7FEE6A786C95E4B2060931106FC9BCE5533D2/9B234116E494979AB9ED53F360C126CE3FA43580 Binary files differnew file mode 100644 index 00000000..2766c792 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/70F7FEE6A786C95E4B2060931106FC9BCE5533D2/9B234116E494979AB9ED53F360C126CE3FA43580 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A Binary files differnew file mode 100644 index 00000000..ad13d7b2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B Binary files differnew file mode 100644 index 00000000..d361d919 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 Binary files differnew file mode 100644 index 00000000..69a8e487 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/774ADD83B5743FC3751010F1BFC595BC0E113859/851757D85BCF8970FB6876F9D7564522087EAC82 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/774ADD83B5743FC3751010F1BFC595BC0E113859/851757D85BCF8970FB6876F9D7564522087EAC82 Binary files differnew file mode 100644 index 00000000..247dba8c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/774ADD83B5743FC3751010F1BFC595BC0E113859/851757D85BCF8970FB6876F9D7564522087EAC82 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D Binary files differnew file mode 100644 index 00000000..1a310674 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 Binary files differnew file mode 100644 index 00000000..558ce15e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D Binary files differnew file mode 100644 index 00000000..0bab7703 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F Binary files differnew file mode 100644 index 00000000..b60dea24 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 Binary files differnew file mode 100644 index 00000000..ac2e3c2b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C Binary files differnew file mode 100644 index 00000000..4dd2c49b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 Binary files differnew file mode 100644 index 00000000..1bfd4d66 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 Binary files differnew file mode 100644 index 00000000..c478bf0f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 Binary files differnew file mode 100644 index 00000000..09bd4626 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 Binary files differnew file mode 100644 index 00000000..592c9623 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 Binary files differnew file mode 100644 index 00000000..c171b6d3 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB Binary files differnew file mode 100644 index 00000000..6f97837a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 Binary files differnew file mode 100644 index 00000000..d7799119 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B Binary files differnew file mode 100644 index 00000000..508f7f07 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B Binary files differnew file mode 100644 index 00000000..c0feb0d0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 Binary files differnew file mode 100644 index 00000000..ebfbce9a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 Binary files differnew file mode 100644 index 00000000..5c75689f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB Binary files differnew file mode 100644 index 00000000..e08466c5 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E Binary files differnew file mode 100644 index 00000000..ed5ba194 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA Binary files differnew file mode 100644 index 00000000..bc5ed1e6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B Binary files differnew file mode 100644 index 00000000..cb519b7e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 Binary files differnew file mode 100644 index 00000000..f2bbe24c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 Binary files differnew file mode 100644 index 00000000..a592bd28 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 Binary files differnew file mode 100644 index 00000000..6114ab41 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 Binary files differnew file mode 100644 index 00000000..beff5366 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 Binary files differnew file mode 100644 index 00000000..60405d6b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 Binary files differnew file mode 100644 index 00000000..4132c67c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 Binary files differnew file mode 100644 index 00000000..36c381da --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE Binary files differnew file mode 100644 index 00000000..e20156af --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A Binary files differnew file mode 100644 index 00000000..6f92cf71 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 Binary files differnew file mode 100644 index 00000000..0cba97ee --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD Binary files differnew file mode 100644 index 00000000..1de8f2cd --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 Binary files differnew file mode 100644 index 00000000..23d9533d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 Binary files differnew file mode 100644 index 00000000..a7948e48 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE Binary files differnew file mode 100644 index 00000000..c4d97cda --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D73EFD748AD39AE858E449A5528FA1E2CCEF2A7/33AF2DC34F39AC0B81EA20D9DAF770E589D1E3EB b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D73EFD748AD39AE858E449A5528FA1E2CCEF2A7/33AF2DC34F39AC0B81EA20D9DAF770E589D1E3EB Binary files differnew file mode 100644 index 00000000..4ed3a01f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9D73EFD748AD39AE858E449A5528FA1E2CCEF2A7/33AF2DC34F39AC0B81EA20D9DAF770E589D1E3EB diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 Binary files differnew file mode 100644 index 00000000..a63cd9ad --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 Binary files differnew file mode 100644 index 00000000..f5e70ea0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 Binary files differnew file mode 100644 index 00000000..a5e651f8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B Binary files differnew file mode 100644 index 00000000..b15880c2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/AA6E4D2D7038C9DC78E36F68D76DC1DCFCE0C705/45533EC08C70A3D03E2FA4C6CBDAA476C2B6ED59 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/AA6E4D2D7038C9DC78E36F68D76DC1DCFCE0C705/45533EC08C70A3D03E2FA4C6CBDAA476C2B6ED59 Binary files differnew file mode 100644 index 00000000..80e35ac0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/AA6E4D2D7038C9DC78E36F68D76DC1DCFCE0C705/45533EC08C70A3D03E2FA4C6CBDAA476C2B6ED59 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA Binary files differnew file mode 100644 index 00000000..d53dce92 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE Binary files differnew file mode 100644 index 00000000..5375c57c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 Binary files differnew file mode 100644 index 00000000..7085c5ac --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 Binary files differnew file mode 100644 index 00000000..97dc187d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 Binary files differnew file mode 100644 index 00000000..ad5d7dea --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B Binary files differnew file mode 100644 index 00000000..2bf4ad71 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E Binary files differnew file mode 100644 index 00000000..c3363a92 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC Binary files differnew file mode 100644 index 00000000..750c0857 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 Binary files differnew file mode 100644 index 00000000..069640ff --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Binary files differnew file mode 100644 index 00000000..391ffc14 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C Binary files differnew file mode 100644 index 00000000..255c513a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 Binary files differnew file mode 100644 index 00000000..6225c0ca --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 Binary files differnew file mode 100644 index 00000000..83aeb1fc --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 Binary files differnew file mode 100644 index 00000000..f8a8957a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 Binary files differnew file mode 100644 index 00000000..376d0753 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 Binary files differnew file mode 100644 index 00000000..6bbb4b5a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 Binary files differnew file mode 100644 index 00000000..3536bd3c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D Binary files differnew file mode 100644 index 00000000..8e513a9f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 Binary files differnew file mode 100644 index 00000000..36a442b8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E Binary files differnew file mode 100644 index 00000000..54f80996 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA Binary files differnew file mode 100644 index 00000000..8ddc7d79 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 Binary files differnew file mode 100644 index 00000000..c9fd41f7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 Binary files differnew file mode 100644 index 00000000..61a7ccb1 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 Binary files differnew file mode 100644 index 00000000..e4bd48da --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A Binary files differnew file mode 100644 index 00000000..f6df0f4f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 Binary files differnew file mode 100644 index 00000000..0668256a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 Binary files differnew file mode 100644 index 00000000..cac44093 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 Binary files differnew file mode 100644 index 00000000..46d4477a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C Binary files differnew file mode 100644 index 00000000..4989f3e7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 Binary files differnew file mode 100644 index 00000000..7c6adedf --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 Binary files differnew file mode 100644 index 00000000..70f5b7c9 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A Binary files differnew file mode 100644 index 00000000..141b05ef --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/DCBA60B785A3B332E2DA7573E523E336EAA26BBF/FE52D92F5FFA970F528814B09B75CA2613F49936 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/DCBA60B785A3B332E2DA7573E523E336EAA26BBF/FE52D92F5FFA970F528814B09B75CA2613F49936 Binary files differnew file mode 100644 index 00000000..3aa42163 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/DCBA60B785A3B332E2DA7573E523E336EAA26BBF/FE52D92F5FFA970F528814B09B75CA2613F49936 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Binary files differnew file mode 100644 index 00000000..95500f6b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC Binary files differnew file mode 100644 index 00000000..87d8b52d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 Binary files differnew file mode 100644 index 00000000..91acd396 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A Binary files differnew file mode 100644 index 00000000..b5f5fa6c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 Binary files differnew file mode 100644 index 00000000..abeb964d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 Binary files differnew file mode 100644 index 00000000..34c8cf8a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE Binary files differnew file mode 100644 index 00000000..cc35ba69 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B Binary files differnew file mode 100644 index 00000000..783dd271 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC Binary files differnew file mode 100644 index 00000000..74c4ce3b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 Binary files differnew file mode 100644 index 00000000..f3cf5e67 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC Binary files differnew file mode 100644 index 00000000..fc5bd433 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 Binary files differnew file mode 100644 index 00000000..0a8de4bb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 Binary files differnew file mode 100644 index 00000000..d2e7db66 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 Binary files differnew file mode 100644 index 00000000..f2f1c656 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 Binary files differnew file mode 100644 index 00000000..476a3efb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 Binary files differnew file mode 100644 index 00000000..5c88b668 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 Binary files differnew file mode 100644 index 00000000..38c2de58 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B Binary files differnew file mode 100644 index 00000000..f1d7b6a2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD Binary files differnew file mode 100644 index 00000000..c1b90c0f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E Binary files differnew file mode 100644 index 00000000..3c77b90d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 Binary files differnew file mode 100644 index 00000000..29d93550 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F Binary files differnew file mode 100644 index 00000000..2a88295a --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 Binary files differnew file mode 100644 index 00000000..84a1690d --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 Binary files differnew file mode 100644 index 00000000..0dc18601 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 Binary files differnew file mode 100644 index 00000000..a699436c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 Binary files differnew file mode 100644 index 00000000..05a8b86f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA Binary files differnew file mode 100644 index 00000000..836ba376 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B Binary files differnew file mode 100644 index 00000000..87b13faa --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F Binary files differnew file mode 100644 index 00000000..f1c03d68 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 Binary files differnew file mode 100644 index 00000000..781d1e4f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B Binary files differnew file mode 100644 index 00000000..8286cabb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B Binary files differnew file mode 100644 index 00000000..a0148f63 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C Binary files differnew file mode 100644 index 00000000..42a64da0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 Binary files differnew file mode 100644 index 00000000..32893db7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C Binary files differnew file mode 100644 index 00000000..277b6083 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 Binary files differnew file mode 100644 index 00000000..afe6fdf0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF Binary files differnew file mode 100644 index 00000000..d71177a4 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 00000000..e67b1f5c --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 00000000..741013cd --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms></VerifyTransformsInfoProfile> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_own.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_own.xml new file mode 100644 index 00000000..517f6437 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/profiles/SL20_authblock_v1.0_own.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default"/><xsl:template xmlns="http://www.w3.org/1999/xhtml" match="/"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.cer Binary files differnew file mode 100644 index 00000000..3c7775b6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.cer Binary files differnew file mode 100644 index 00000000..54f80996 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.cer Binary files differnew file mode 100644 index 00000000..01965769 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.cer Binary files differnew file mode 100644 index 00000000..b9a0e5a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05.crt b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05.crt new file mode 100644 index 00000000..9befb53f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Consent_test.crt b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Consent_test.crt new file mode 100644 index 00000000..203c416f --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Consent_test.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfzCCBGegAwIBAgIHAJZY0iYXUjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQG +EwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9m +IFRlY2hub2xvZ3kxDTALBgNVBAsTBElBSUsxIjAgBgNVBAMTGUlBSUsgVGVzdCBJ +bnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTI4MTQ0NTIxWhcNMjEwNTI4MTQ0NTIxWjAw +MQwwCgYDVQQqEwNFaWQxDTALBgNVBAQTBFRlc3QxETAPBgNVBAMTCEVpZCBUZXN0 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs+u9OdjFmRGF1Cbsa+XSuvzPoIG +pPtcJs+4thMbCubwSQMvUOssrCzrC1Ji9YVxeqHs3DU2RDEosoSUROJH3KOCAyAw +ggMcMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMIIBNgYIKwYBBQUHAQEE +ggEoMIIBJDCBggYIKwYBBQUHMAKGdmxkYXA6Ly9jYXBzby10ZXN0LmlhaWsudHVn +cmF6LmF0OjEzODkvY249aWFpay10ZXN0LWludGVybWVkaWF0ZS1jYSxvdT1wa2ks +ZGM9aWFpayxkYz10dWdyYXosZGM9YXQ/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwUAYI +KwYBBQUHMAKGRGh0dHA6Ly9jYXBzby10ZXN0LmlhaWsudHVncmF6LmF0L2NlcnRz +L2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEsGCCsGAQUFBzABhj9odHRw +Oi8vY2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdC9vY3NwL2lhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2EwHwYDVR0jBBgwFoAUedgPAoHlywvut/xEv9Nn+hCGURIwgaAG +A1UdIASBmDCBlTCBkgYMKwYBBAGVEgECBwEBMIGBMH8GCCsGAQUFBwICMHMMcVRo +aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBieSBhICoqY29weSoqIG9mIGFuIElB +SUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgYW5kIG1heSBiZSB1c2VkIGZvciB0ZXN0 +IHB1cnBvc2VzIG9ubHkuMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYJsZGFwOi8v +Y2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdDoxMzg5L2NuPWlhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2Esb3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5hkNodHRwOi8vY2Fwc28tdGVzdC5p +YWlrLnR1Z3Jhei5hdC9jcmxzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY3Js +MB0GA1UdDgQWBBSOwKEfd5HkkkiziZBb5Yj4HWy1DDANBgkqhkiG9w0BAQsFAAOC +AgEAAjjDMSWxbUHvklPKS4xTJJV7Bl5Gy++/LZ39Mb8ZCgjIsGIP9w3hhz0kfi4z +Iz6hvf/Yx9zlKZ/wRIU8R4iygqQSY5Zm28WKVm3Vbhfs4ewN4FJTP8w8LgUSHJ02 +V+JIHtUt5i9U2a/I01bmzIIfBYL0IW8s1K3VMAzADyHDGW/U6h9ck7dayw8OWi8t +NT4tnKX4mEhH6z2kUPnv7fqFlSRrD0uqkeKZad3A1a155S0Dgj1cZmNjR4sRhQhh +gba/EGuHNyEXchVasIITohORuJV9BAq4CckbSLo/qCSf+uiQUJm336LwavjGZked +O/auvRTETctPipjdONSxF/jbjAQ3fmYR/VqvoCm6K3ZgWTzxk0S4mfarrwooDvlE +rkSnrlLf+D6EyQt9LCw/i5LvH/+E+ZQ4AKwTHmJok4xdSgywyNrxsciZrvUGgwe9 +n+CV3IzEymYfL28qykKWpqbPTlSHqa3SlImdl8ywJI4hAW7mzZDp4OjhibRydJsR +7uiFnfhIKMTDicnZGgPZZqIuS4qGwYBszU77R+XmwmZqZBkNP88eYW1qnxCFGEtI +OiiETwO4zxXFF21CeB06PEwRCVgebBg0zBnX+hIsT/nJqwHK8I0Yh24BCudESUC2 +gE9xrujrk3e7r+lOqbYbzeWRJnXILg+SnflzC9kS3LxRfJI= +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt new file mode 100644 index 00000000..fda99f2b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.crt b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.crt new file mode 100644 index 00000000..803b30eb --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIEOWntwTANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg +aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1U +ZXN0LVF1YWwtMDIxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1RdWFsLTAyMB4XDTE0 +MTEyNDE0NDkxN1oXDTI0MTExODEzNDkxN1owgaExCzAJBgNVBAYTAkFUMUgwRgYD +VQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0 +ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsMGmEtc2lnbi1QcmVtaXVtLVRl +c3QtU2lnLTAyMSMwIQYDVQQDDBphLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwJSfWpRaziThddTTup72Cl +tlXl8oc7HQoK2SWsYQwZGAd5nJZbwbI4K8VFKlNnK72Zl8UhmQ2FxhzS6u+Q+qEz +JOM2xTfA2NB6A9/KFpTJXUjvCHgRvW16EEF9YpYXxKTSK+QrYCXAC5rL6SuYOzgA +7Q1ivq+zLbyXxroux2zVEBIiaBGpZhOHGDFJk6h/4QelIqzd2TIDCRzvhmLDVmhq +X2C1NQb5kZuMgrxxOhG5Cr1F8solkwyu43JiM+apY4bZJVQBwi9ATBMz5tfdoLRs +lQy1BCQ4X+b6u/2856gucU+1e/wa5pB9Ff0eP+xy+j2DZOXLNd8m/IQvnshjNusC +AwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIRgafjkGOFb0wEwYD +VR0jBAwwCoAIQg8xWXA9iecwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA +A4IBAQBq/owq5eGvhxegchLvnMjPnE9gTYIHEvMq8DN6h2J7pTEhKG2o09LLn/pN +HWRjKENU/LqZBIAJ5zebm5XqzB631BYcuu1abyPFfpMdAL9X4zFuDvg9EGaTir2c +81XaBYzVSLN7fxmNLKSmMwUt0JQQyqpe3V9iyoBE/WcQyKmKaEp7mCZsGFBm6KmJ +gqD6TPb7X9bWUr3yx6Z5gek71f3vQi69m1x811azXlxu1i/XFnVpzxkrKRXJWC+w +nQRxXmU7YnMzYPOA7UOpUG6J+7tYi29hY3EpMgyXM/T/BL5MdyzBefbPVzLHng5z +VaXNpO0ENCrlUyi1m3Yd/7QPDdJM +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.cer Binary files differnew file mode 100644 index 00000000..cac44093 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a..cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a..cer Binary files differnew file mode 100644 index 00000000..32893db7 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a..cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.cer new file mode 100644 index 00000000..60bc9a55 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT +VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx +NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK +DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g +RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx +HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B +kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV +HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8 +fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK +shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61 +0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB +/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ +IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g +zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc +d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh +eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq +/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA== +-----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.cer Binary files differnew file mode 100644 index 00000000..3c7775b6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.cer Binary files differnew file mode 100644 index 00000000..54f80996 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.cer Binary files differnew file mode 100644 index 00000000..01965769 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.cer Binary files differnew file mode 100644 index 00000000..b9a0e5a6 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/default-trustprofile/IAIK_test_intermediate_CA.der b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/default-trustprofile/IAIK_test_intermediate_CA.der Binary files differnew file mode 100644 index 00000000..558ce15e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/default-trustprofile/IAIK_test_intermediate_CA.der diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/default-trustprofile/vendo_zuse_root.cer b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/default-trustprofile/vendo_zuse_root.cer Binary files differnew file mode 100644 index 00000000..80e35ac0 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/moaspss_config/trustProfiles/default-trustprofile/vendo_zuse_root.cer diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/XMLSchema-instance.xsd b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/XMLSchema-instance.xsd new file mode 100644 index 00000000..f47577b8 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/XMLSchema-instance.xsd @@ -0,0 +1,37 @@ +<?xml version='1.0'?> +<!DOCTYPE xs:schema SYSTEM "XMLSchema.dtd" [ +<!ELEMENT p ANY> +<!ELEMENT a ANY> +<!ATTLIST a href CDATA #IMPLIED> +<!ELEMENT hr ANY> +<!ELEMENT h1 ANY> +<!ELEMENT br ANY> +]> +<xs:schema targetNamespace="http://www.w3.org/2001/XMLSchema-instance" + xmlns:xs="http://www.w3.org/2001/XMLSchema" + xmlns="http://www.w3.org/1999/xhtml"> + <xs:annotation> + <xs:documentation> + <h1>XML Schema instance namespace</h1> + <p>See <a href="http://www.w3.org/TR/xmlschema-1/">the XML Schema + Recommendation</a> for an introduction</p> + + + <hr /> + $Date: 2001/03/16 20:25:57 $<br /> + $Id: XMLSchema-instance.xsd,v 1.4 2001/03/16 20:25:57 ht Exp $ + </xs:documentation> + </xs:annotation> + <xs:annotation> + <xs:documentation><p>This schema should never be used as such: + <a href="http://www.w3.org/TR/xmlschema-1/#no-xsi">the XML + Schema Recommendation</a> forbids the declaration of + attributes in this namespace</p> + </xs:documentation> + </xs:annotation> + + <xs:attribute name="nil"/> + <xs:attribute name="type"/> + <xs:attribute name="schemaLocation"/> + <xs:attribute name="noNamespaceSchemaLocation"/> +</xs:schema> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/XMLSchema.dtd b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/XMLSchema.dtd new file mode 100644 index 00000000..e8e8f762 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/XMLSchema.dtd @@ -0,0 +1,402 @@ +<!-- DTD for XML Schemas: Part 1: Structures + Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN" + Official Location: http://www.w3.org/2001/XMLSchema.dtd --> +<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ --> +<!-- Note this DTD is NOT normative, or even definitive. --> <!--d--> +<!-- prose copy in the structures REC is the definitive version --> <!--d--> +<!-- (which shouldn't differ from this one except for this --> <!--d--> +<!-- comment and entity expansions, but just in case) --> <!--d--> +<!-- With the exception of cases with multiple namespace + prefixes for the XML Schema namespace, any XML document which is + not valid per this DTD given redefinitions in its internal subset of the + 'p' and 's' parameter entities below appropriate to its namespace + declaration of the XML Schema namespace is almost certainly not + a valid schema. --> + +<!-- The simpleType element and its constituent parts + are defined in XML Schema: Part 2: Datatypes --> +<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' > + +<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a + schema document to establish a different + namespace prefix --> +<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must + also define %s as the suffix for the appropriate + namespace declaration (e.g. :foo) --> +<!ENTITY % nds 'xmlns%s;'> + +<!-- Define all the element names, with optional prefix --> +<!ENTITY % schema "%p;schema"> +<!ENTITY % complexType "%p;complexType"> +<!ENTITY % complexContent "%p;complexContent"> +<!ENTITY % simpleContent "%p;simpleContent"> +<!ENTITY % extension "%p;extension"> +<!ENTITY % element "%p;element"> +<!ENTITY % unique "%p;unique"> +<!ENTITY % key "%p;key"> +<!ENTITY % keyref "%p;keyref"> +<!ENTITY % selector "%p;selector"> +<!ENTITY % field "%p;field"> +<!ENTITY % group "%p;group"> +<!ENTITY % all "%p;all"> +<!ENTITY % choice "%p;choice"> +<!ENTITY % sequence "%p;sequence"> +<!ENTITY % any "%p;any"> +<!ENTITY % anyAttribute "%p;anyAttribute"> +<!ENTITY % attribute "%p;attribute"> +<!ENTITY % attributeGroup "%p;attributeGroup"> +<!ENTITY % include "%p;include"> +<!ENTITY % import "%p;import"> +<!ENTITY % redefine "%p;redefine"> +<!ENTITY % notation "%p;notation"> + +<!-- annotation elements --> +<!ENTITY % annotation "%p;annotation"> +<!ENTITY % appinfo "%p;appinfo"> +<!ENTITY % documentation "%p;documentation"> + +<!-- Customisation entities for the ATTLIST of each element type. + Define one of these if your schema takes advantage of the + anyAttribute='##other' in the schema for schemas --> + +<!ENTITY % schemaAttrs ''> +<!ENTITY % complexTypeAttrs ''> +<!ENTITY % complexContentAttrs ''> +<!ENTITY % simpleContentAttrs ''> +<!ENTITY % extensionAttrs ''> +<!ENTITY % elementAttrs ''> +<!ENTITY % groupAttrs ''> +<!ENTITY % allAttrs ''> +<!ENTITY % choiceAttrs ''> +<!ENTITY % sequenceAttrs ''> +<!ENTITY % anyAttrs ''> +<!ENTITY % anyAttributeAttrs ''> +<!ENTITY % attributeAttrs ''> +<!ENTITY % attributeGroupAttrs ''> +<!ENTITY % uniqueAttrs ''> +<!ENTITY % keyAttrs ''> +<!ENTITY % keyrefAttrs ''> +<!ENTITY % selectorAttrs ''> +<!ENTITY % fieldAttrs ''> +<!ENTITY % includeAttrs ''> +<!ENTITY % importAttrs ''> +<!ENTITY % redefineAttrs ''> +<!ENTITY % notationAttrs ''> +<!ENTITY % annotationAttrs ''> +<!ENTITY % appinfoAttrs ''> +<!ENTITY % documentationAttrs ''> + +<!ENTITY % complexDerivationSet "CDATA"> + <!-- #all or space-separated list drawn from derivationChoice --> +<!ENTITY % blockSet "CDATA"> + <!-- #all or space-separated list drawn from + derivationChoice + 'substitution' --> + +<!ENTITY % mgs '%all; | %choice; | %sequence;'> +<!ENTITY % cs '%choice; | %sequence;'> +<!ENTITY % formValues '(qualified|unqualified)'> + + +<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'> + +<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'> + +<!-- This is used in part2 --> +<!ENTITY % restriction1 '((%mgs; | %group;)?)'> + +%xs-datatypes; + +<!-- the duplication below is to produce an unambiguous content model + which allows annotation everywhere --> +<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*, + ((%simpleType; | %complexType; + | %element; | %attribute; + | %attributeGroup; | %group; + | %notation; ), + (%annotation;)*)* )> +<!ATTLIST %schema; + targetNamespace %URIref; #IMPLIED + version CDATA #IMPLIED + %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema' + xmlns CDATA #IMPLIED + finalDefault %complexDerivationSet; '' + blockDefault %blockSet; '' + id ID #IMPLIED + elementFormDefault %formValues; 'unqualified' + attributeFormDefault %formValues; 'unqualified' + xml:lang CDATA #IMPLIED + %schemaAttrs;> +<!-- Note the xmlns declaration is NOT in the Schema for Schemas, + because at the Infoset level where schemas operate, + xmlns(:prefix) is NOT an attribute! --> +<!-- The declaration of xmlns is a convenience for schema authors --> + +<!-- The id attribute here and below is for use in external references + from non-schemas using simple fragment identifiers. + It is NOT used for schema-to-schema reference, internal or + external. --> + +<!-- a type is a named content type specification which allows attribute + declarations--> +<!-- --> + +<!ELEMENT %complexType; ((%annotation;)?, + (%simpleContent;|%complexContent;| + %particleAndAttrs;))> + +<!ATTLIST %complexType; + name %NCName; #IMPLIED + id ID #IMPLIED + abstract %boolean; #IMPLIED + final %complexDerivationSet; #IMPLIED + block %complexDerivationSet; #IMPLIED + mixed (true|false) 'false' + %complexTypeAttrs;> + +<!-- particleAndAttrs is shorthand for a root type --> +<!-- mixed is disallowed if simpleContent, overriden if complexContent + has one too. --> + +<!-- If anyAttribute appears in one or more referenced attributeGroups + and/or explicitly, the intersection of the permissions is used --> + +<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))> +<!ATTLIST %complexContent; + mixed (true|false) #IMPLIED + id ID #IMPLIED + %complexContentAttrs;> + +<!-- restriction should use the branch defined above, not the simple + one from part2; extension should use the full model --> + +<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))> +<!ATTLIST %simpleContent; + id ID #IMPLIED + %simpleContentAttrs;> + +<!-- restriction should use the simple branch from part2, not the + one defined above; extension should have no particle --> + +<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))> +<!ATTLIST %extension; + base %QName; #REQUIRED + id ID #IMPLIED + %extensionAttrs;> + +<!-- an element is declared by either: + a name and a type (either nested or referenced via the type attribute) + or a ref to an existing element declaration --> + +<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?, + (%unique; | %key; | %keyref;)*)> +<!-- simpleType or complexType only if no type|ref attribute --> +<!-- ref not allowed at top level --> +<!ATTLIST %element; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + type %QName; #IMPLIED + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + nillable %boolean; #IMPLIED + substitutionGroup %QName; #IMPLIED + abstract %boolean; #IMPLIED + final %complexDerivationSet; #IMPLIED + block %blockSet; #IMPLIED + default CDATA #IMPLIED + fixed CDATA #IMPLIED + form %formValues; #IMPLIED + %elementAttrs;> +<!-- type and ref are mutually exclusive. + name and ref are mutually exclusive, one is required --> +<!-- In the absence of type AND ref, type defaults to type of + substitutionGroup, if any, else the ur-type, i.e. unconstrained --> +<!-- default and fixed are mutually exclusive --> + +<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)> +<!ATTLIST %group; + name %NCName; #IMPLIED + ref %QName; #IMPLIED + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %groupAttrs;> + +<!ELEMENT %all; ((%annotation;)?, (%element;)*)> +<!ATTLIST %all; + minOccurs (1) #IMPLIED + maxOccurs (1) #IMPLIED + id ID #IMPLIED + %allAttrs;> + +<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)> +<!ATTLIST %choice; + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %choiceAttrs;> + +<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)> +<!ATTLIST %sequence; + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %sequenceAttrs;> + +<!-- an anonymous grouping in a model, or + a top-level named group definition, or a reference to same --> + +<!-- Note that if order is 'all', group is not allowed inside. + If order is 'all' THIS group must be alone (or referenced alone) at + the top level of a content model --> +<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside --> +<!-- Should allow minOccurs=0 inside order='all' . . . --> + +<!ELEMENT %any; (%annotation;)?> +<!ATTLIST %any; + namespace CDATA '##any' + processContents (skip|lax|strict) 'strict' + minOccurs %nonNegativeInteger; '1' + maxOccurs CDATA '1' + id ID #IMPLIED + %anyAttrs;> + +<!-- namespace is interpreted as follows: + ##any - - any non-conflicting WFXML at all + + ##other - - any non-conflicting WFXML from namespace other + than targetNamespace + + ##local - - any unqualified non-conflicting WFXML/attribute + one or - - any non-conflicting WFXML from + more URI the listed namespaces + references + + ##targetNamespace ##local may appear in the above list, + with the obvious meaning --> + +<!ELEMENT %anyAttribute; (%annotation;)?> +<!ATTLIST %anyAttribute; + namespace CDATA '##any' + processContents (skip|lax|strict) 'strict' + id ID #IMPLIED + %anyAttributeAttrs;> +<!-- namespace is interpreted as for 'any' above --> + +<!-- simpleType only if no type|ref attribute --> +<!-- ref not allowed at top level, name iff at top level --> +<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)> +<!ATTLIST %attribute; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + type %QName; #IMPLIED + use (prohibited|optional|required) #IMPLIED + default CDATA #IMPLIED + fixed CDATA #IMPLIED + form %formValues; #IMPLIED + %attributeAttrs;> +<!-- type and ref are mutually exclusive. + name and ref are mutually exclusive, one is required --> +<!-- default for use is optional when nested, none otherwise --> +<!-- default and fixed are mutually exclusive --> +<!-- type attr and simpleType content are mutually exclusive --> + +<!-- an attributeGroup is a named collection of attribute decls, or a + reference thereto --> +<!ELEMENT %attributeGroup; ((%annotation;)?, + (%attribute; | %attributeGroup;)*, + (%anyAttribute;)?) > +<!ATTLIST %attributeGroup; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + %attributeGroupAttrs;> + +<!-- ref iff no content, no name. ref iff not top level --> + +<!-- better reference mechanisms --> +<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %unique; + name %NCName; #REQUIRED + id ID #IMPLIED + %uniqueAttrs;> + +<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %key; + name %NCName; #REQUIRED + id ID #IMPLIED + %keyAttrs;> + +<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %keyref; + name %NCName; #REQUIRED + refer %QName; #REQUIRED + id ID #IMPLIED + %keyrefAttrs;> + +<!ELEMENT %selector; ((%annotation;)?)> +<!ATTLIST %selector; + xpath %XPathExpr; #REQUIRED + id ID #IMPLIED + %selectorAttrs;> +<!ELEMENT %field; ((%annotation;)?)> +<!ATTLIST %field; + xpath %XPathExpr; #REQUIRED + id ID #IMPLIED + %fieldAttrs;> + +<!-- Schema combination mechanisms --> +<!ELEMENT %include; (%annotation;)?> +<!ATTLIST %include; + schemaLocation %URIref; #REQUIRED + id ID #IMPLIED + %includeAttrs;> + +<!ELEMENT %import; (%annotation;)?> +<!ATTLIST %import; + namespace %URIref; #IMPLIED + schemaLocation %URIref; #IMPLIED + id ID #IMPLIED + %importAttrs;> + +<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; | + %attributeGroup; | %group;)*> +<!ATTLIST %redefine; + schemaLocation %URIref; #REQUIRED + id ID #IMPLIED + %redefineAttrs;> + +<!ELEMENT %notation; (%annotation;)?> +<!ATTLIST %notation; + name %NCName; #REQUIRED + id ID #IMPLIED + public CDATA #REQUIRED + system %URIref; #IMPLIED + %notationAttrs;> + +<!-- Annotation is either application information or documentation --> +<!-- By having these here they are available for datatypes as well + as all the structures elements --> + +<!ELEMENT %annotation; (%appinfo; | %documentation;)*> +<!ATTLIST %annotation; %annotationAttrs;> + +<!-- User must define annotation elements in internal subset for this + to work --> +<!ELEMENT %appinfo; ANY> <!-- too restrictive --> +<!ATTLIST %appinfo; + source %URIref; #IMPLIED + id ID #IMPLIED + %appinfoAttrs;> +<!ELEMENT %documentation; ANY> <!-- too restrictive --> +<!ATTLIST %documentation; + source %URIref; #IMPLIED + id ID #IMPLIED + xml:lang CDATA #IMPLIED + %documentationAttrs;> + +<!NOTATION XMLSchemaStructures PUBLIC + 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' > +<!NOTATION XML PUBLIC + 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' > diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/xml.xsd b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/xml.xsd new file mode 100644 index 00000000..79dbc02b --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/xml.xsd @@ -0,0 +1,83 @@ +<?xml version='1.0'?>
+<!-- documented out for compatibility with Xerces-2.0.2
+<!DOCTYPE xs:schema PUBLIC "-//W3C//DTD XMLSCHEMA 200102//EN" "XMLSchema.dtd" >
+-->
+<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="en">
+
+ <xs:annotation>
+ <xs:documentation>
+ See http://www.w3.org/XML/1998/namespace.html and
+ http://www.w3.org/TR/REC-xml for information about this namespace.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>This schema defines attributes and an attribute group
+ suitable for use by
+ schemas wishing to allow xml:base, xml:lang or xml:space attributes
+ on elements they define.
+
+ To enable this, such a schema must import this schema
+ for the XML namespace, e.g. as follows:
+ <schema . . .>
+ . . .
+ <import namespace="http://www.w3.org/XML/1998/namespace"
+ schemaLocation="http://www.w3.org/2001/03/xml.xsd"/>
+
+ Subsequently, qualified reference to any of the attributes
+ or the group defined below will have the desired effect, e.g.
+
+ <type . . .>
+ . . .
+ <attributeGroup ref="xml:specialAttrs"/>
+
+ will define a type which will schema-validate an instance
+ element with any of those attributes</xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>In keeping with the XML Schema WG's standard versioning
+ policy, this schema document will persist at
+ http://www.w3.org/2001/03/xml.xsd.
+ At the date of issue it can also be found at
+ http://www.w3.org/2001/xml.xsd.
+ The schema document at that URI may however change in the future,
+ in order to remain compatible with the latest version of XML Schema
+ itself. In other words, if the XML Schema namespace changes, the version
+ of this document at
+ http://www.w3.org/2001/xml.xsd will change
+ accordingly; the version at
+ http://www.w3.org/2001/03/xml.xsd will not change.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="lang" type="xs:language">
+ <xs:annotation>
+ <xs:documentation>In due course, we should install the relevant ISO 2- and 3-letter
+ codes as the enumerated possible values . . .</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attribute name="space" default="preserve">
+ <xs:simpleType>
+ <xs:restriction base="xs:NCName">
+ <xs:enumeration value="default"/>
+ <xs:enumeration value="preserve"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="base" type="xs:anyURI">
+ <xs:annotation>
+ <xs:documentation>See http://www.w3.org/TR/xmlbase/ for
+ information about this attribute.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attributeGroup name="specialAttrs">
+ <xs:attribute ref="xml:base"/>
+ <xs:attribute ref="xml:lang"/>
+ <xs:attribute ref="xml:space"/>
+ </xs:attributeGroup>
+
+</xs:schema>
diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/zuse_mypersondata_en_p2.xsd b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/zuse_mypersondata_en_p2.xsd new file mode 100644 index 00000000..5c4248bd --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/zuse_mypersondata_en_p2.xsd @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:p="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" targetNamespace="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.2.006"> + <xs:element name="Identification" type="p:IdentificationType" /> + <xs:complexType name="IdentificationType"> + <xs:sequence> + <xs:element name="Value" type="xs:string" /> + </xs:sequence> + </xs:complexType> +</xs:schema> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/zuse_p2.xsd b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/zuse_p2.xsd new file mode 100644 index 00000000..2d277405 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/config/zuseSchema/zuse_p2.xsd @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:p="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" xmlns:msg="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#" targetNamespace="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.2.007"> + <xs:import namespace="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" schemaLocation="zuse_mypersondata_en_p2.xsd"/> + <xs:element name="DeliveryRequest" type="msg:DeliveryRequestType" /> + <xs:complexType name="DeliveryRequestType"> + <xs:sequence> + <xs:element ref="msg:Receiver"/> + </xs:sequence> + </xs:complexType> + <xs:element name="DeliveryResponse" type="xs:string" /> + <xs:element name="Receiver"> + <xs:complexType> + <xs:sequence> + <xs:element ref="p:Identification"/> + </xs:sequence> + </xs:complexType> + </xs:element> +</xs:schema> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pades/PAdES_baseline_profile_test_files_hellopades-pades-b-sha256-auth.pdf b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pades/PAdES_baseline_profile_test_files_hellopades-pades-b-sha256-auth.pdf Binary files differnew file mode 100644 index 00000000..3be65b6e --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pades/PAdES_baseline_profile_test_files_hellopades-pades-b-sha256-auth.pdf diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf Binary files differnew file mode 100644 index 00000000..7d470a62 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pades/Plugtest2019_ESIG-P_AT_SIT_Signature-P-AT_SIT-4.pdf diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_1.hex b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pdf/pdf_cades_1.hex index 32861d68..32861d68 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_1.hex +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pdf/pdf_cades_1.hex diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_2.hex b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pdf/pdf_cades_2.hex index 0249d79c..0249d79c 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_2.hex +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pdf/pdf_cades_2.hex diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_3.hex b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pdf/pdf_cades_3.hex index eb2bcd07..eb2bcd07 100644 --- a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_3.hex +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/pdf/pdf_cades_3.hex diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/xml/zuse_sig_1.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/xml/zuse_sig_1.xml new file mode 100644 index 00000000..26f0b940 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/xml/zuse_sig_1.xml @@ -0,0 +1,30 @@ +<?xml version="1.0" encoding="UTF-8"?><DeliveryResponse xmlns="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#" xmlns:ns2="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#"><PartialSuccess><DeliverySystem>https://testzustellsystem.egiz.gv.at</DeliverySystem><ZSDeliveryID>zs-valid-delivery-request-id</ZSDeliveryID><AppDeliveryID>valid-delivery-request-id</AppDeliveryID><GZ>12345</GZ></PartialSuccess><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>ejvUI0yh/IIyauFe8x5ZonD/i5oznl8vFyS3oLNivzA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>hmVZrLkMDbXaRLYQKOaV3OtK13TQgMu3csKyw9M4zWqNyva1yxnYkzoX3dKDOdc9 +O56yQJsjoA3Cuw7pXlGO7jSfVM77dTXbWSDaF95O9Vdsrmr7R6Uki0jA9SmgQLXg +hZAUG8JpsHcBn8M0L2BXADKjSn0LuMDL2L7dmU3EM7eRy+OvFwDrXDw1fhjQO6L2 +KoflAWLgUerDhJSpzr0+YfmkrjzitLUA7oIg8ieOnfGyql31ECmDJEqgnL78hyPZ +KaNZImDf3EWFs8je6mt+os1TwsyXYwz+GGbjoDR8lGTS9xVqnXdrgP8Jyv6p9FEu +0IYgSY2FlbI3skPZC8ZVXg==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature></DeliveryResponse>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/msg.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/msg.xml new file mode 100644 index 00000000..200950a2 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/msg.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?><ns2:DeliveryRequest xmlns="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" xmlns:ns2="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#"> + <ns2:Receiver> + <Identification> + <Value>urn:publicid:gv.at:ecdid+ZUSETNVZ+ZU</Value> + </Identification> + </ns2:Receiver> +</ns2:DeliveryRequest> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/msg_wrong.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/msg_wrong.xml new file mode 100644 index 00000000..b922e715 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/msg_wrong.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?><ns2:DeliveryRequest xmlns="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" xmlns:ns2="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#"> + <ns2:Receiver> + <ns2:Identification> + <Value>urn:publicid:gv.at:ecdid+ZUSETNVZ+ZU</Value> + </ns2:Identification> + </ns2:Receiver> +</ns2:DeliveryRequest> diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/signed-notification-with-pdf.xml b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/signed-notification-with-pdf.xml new file mode 100644 index 00000000..6b5fa798 --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/data/zuse/signed-notification-with-pdf.xml @@ -0,0 +1,28 @@ +<DeliveryNotification xmlns="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#" xmlns:ns2="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#"><DeliverySystem>https://dev.meinpostfach.at/zuse/services/app2zuse</DeliverySystem><ZSDeliveryID>5d0edb8c-9798-11eb-981a-a15d731cc6a8</ZSDeliveryID><AppDeliveryID>5c17830c-9798-11eb-9d64-a2dcdc0f7425</AppDeliveryID><SenderDetails><ns2:Identification><ns2:Value>9110008961874</ns2:Value><ns2:Type>urn:publicid:gv.at:baseid+XERSB</ns2:Type></ns2:Identification><ns2:CorporateBody><ns2:FullName>Testunternehmen</ns2:FullName><ns2:Target>BF</ns2:Target></ns2:CorporateBody></SenderDetails><ReceiverDetails><ns2:Identification><ns2:Value>9110008961874</ns2:Value><ns2:Type>urn:publicid:gv.at:baseid+XERSB</ns2:Type></ns2:Identification><ns2:CorporateBody><ns2:FullName>Faonline Test</ns2:FullName></ns2:CorporateBody></ReceiverDetails><Timestamp>2021-04-07T13:57:33.088+02:00</Timestamp><User><Role>Representative</Role><ns2:Identification><ns2:Value>NEK/9ZsnA7e2phK71F/OSdIjwbU=</ns2:Value><ns2:Type>urn:publicid:gv.at:cdid+ZU</ns2:Type></ns2:Identification><ns2:PhysicalPerson><ns2:Name><ns2:GivenName>Max</ns2:GivenName><ns2:FamilyName>Mustermann</ns2:FamilyName></ns2:Name><ns2:DateOfBirth>1940-01-01+01:00</ns2:DateOfBirth></ns2:PhysicalPerson></User><Accepted><NotificationsPerformed><RecipientNotification><Timestamp>2021-04-07T13:57:02.064+02:00</Timestamp></RecipientNotification></NotificationsPerformed></Accepted><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/><dsig:DigestValue>SZsE5cGuC94rvB3jW/DE0WhvO9GCQLNDZvs7y1ECCMpK8l1ZmZDuVBf93FNHTlzj +m8aHSPTp0E1qjV2+Wj2L3Q==</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#etsi-signed-1-1"><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/><dsig:DigestValue>lj1sJvjI0IHoiuwCY+VCa33/9giE9nVIhFeF6y6dAN/rO1h2TT1COU7OVMBd6Olh +9ik6UqhCxwp5SYSz4nWndg==</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>viG7GebViQUNvN7oIzJitScVeadXb3WnbtPVC5egZuT9qQhDDjREtMJPTNgYQKey +B6OaKfue4fjlM4m+CJT+TadfkZ4NYSMBQKcSowMzesOzVpPtCWxYTADjLiEzcD+L +nsJ2hfK4Ybcjtb1cHcLAR1geO9nqbPcOQuS/GHPpnZ2Q35k8M9bjku9vtcuSTJUp +n3TkSRhrAGemFo34DmpbdaZ8MAG/dDOd1sl5SPYU4kfiy0Ydx2iXwVVX3aDZOXuq +ZtNgZ5ACpm7oaipNP+jAch8j6pohBPmRCLVANyzT+kgwqVTdqp+Iu9tXS/82DCio +FigMwFtm9yI93MLfDovBCw==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDjzCCAnegAwIBAgIEYEcgHzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJB +VDENMAsGA1UECAwEV2llbjENMAsGA1UEBwwEV2llbjEOMAwGA1UECgwFVmVuZG8x +CzAJBgNVBAsMAklUMRgwFgYDVQQDDA9WZW5kbyBadXNlIFJvb3QwHhcNMjEwMzA5 +MDcxMzM1WhcNMzkwMzA5MDcxMzM1WjBmMQswCQYDVQQGEwJBVDENMAsGA1UECAwE +V2llbjENMAsGA1UEBwwEV2llbjEOMAwGA1UECgwFVmVuZG8xCzAJBgNVBAsMAklU +MRwwGgYDVQQDDBNWZW5kbyBadXNlQW1vZCBTaWduMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEA2/x/jWhpY20BWQRI1uxRP5XRUqD8O7yl+zXCAqAopZuF +pzRaQy237wuXE+OYXhssIT9npKm0SDTCmQ4/mmFfPjcNYxmGm1oKLy6DeYhWcjjK +IqB5sjJ6dK25ImVgnZJSq2IAWd4rxy4KyV2EA+NcPrCv7nkUaUNDazHcj8wY6ekO +hRJU4kVYR3Ai1M8nZLgu4FS29MiwXwyfqWhTENKFljoNHYvieTUNpohBtjFwmwyk +6Og+yIJoJw/PiEASUSXTEDHKfK/q9r+O28s98s/+mB7/dh6SDpRVwuV99UC76AAk +biBZdZ6REm8SqJVc+/WavKV1RSN8zm96KN9RjKjQeQIDAQABo0kwRzALBgNVHQ8E +BAMCAoQwOAYDVR0lBDEwLwYIKwYBBQUHAwMGCisGAQQBgjcKAwwGCSqGSIb3LwEB +BQYGBACRNwMABgRVHSUAMA0GCSqGSIb3DQEBCwUAA4IBAQCAf3IekGtrnAgNY7kg +ZGwxumET4CsU7M9Xk8MXp1wsP7oZXRoY8CTYHaLizh5JqaTtLDsOwb3MkRkkb/h7 ++pli6s4EBFT9Ef6rd4BeKoXOs2zIELhnSTiCtYyK4ZJh0FQXUzydj8i4VxSSYlRd +j0h6QDz+JCD7CRE8cq/Qnujq7g2sI5zsxbfrkzkbzzO5f9UX8W2RhJyUg8nW78/2 +v2DZsB5T2+S6sGlMXVrAP0//srZnsZat5EVFhSRrGiatcu2jQrjxVLSBSbEGpauJ +KSU30CRQrS2D5y7vyfhWeKVmYXEEVswJeVDzynJaovJTX4ivKc6GOWMXlTlvO7XQ +79Np</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><etsi:QualifyingProperties xmlns:etsi="http://uri.etsi.org/01903/v1.3.2#" Target="#signature-1-1"><etsi:SignedProperties Id="etsi-signed-1-1"><etsi:SignedSignatureProperties><etsi:SigningTime>2021-04-07T11:58:02Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/><dsig:DigestValue>kaS3hQHHA3qUP+QoBMjfuN7W0pApn9XE1faiFOtvdT1IZggTBwH1uHL0pUgpmvqI +k4arAtIsU0GtqwikGNcBTg==</dsig:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=Vendo Zuse Root,OU=IT,O=Vendo,L=Wien,ST=Wien,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1615274015</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/xml</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature><AdditionalFormat Type="application/pdf"></AdditionalFormat></DeliveryNotification>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_4.hex b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_4.hex new file mode 100644 index 00000000..2e6ad8da --- /dev/null +++ b/eaaf_modules/eaaf_module_moa-sig/src/test/resources/pdf_cades_4.hexdiff --git a/eaaf_modules/eaaf_module_pvp2_core/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_pvp2_core/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..b1d216dc --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/checks/spotbugs-exclude.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <!-- allow logging of SAML2 message on trace level --> + <Class name="at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpPostDecoder"/> + <Method name="getBase64DecodedMessage" /> + <Bug pattern="CRLF_INJECTION_LOGS" /> + </Match> + <Match> + <!-- allow logging of SAML2 relaystate on debug level --> + <Class name="at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafHttpRedirectDeflateDecoder"/> + <Method name="doDecode" /> + <Bug pattern="CRLF_INJECTION_LOGS" /> + </Match> +</FindBugsFilter> diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 660fe3a8..44bca828 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <artifactId>eaaf_module_pvp2_core</artifactId> <name>eaaf_module_pvp2_core</name> @@ -20,7 +20,6 @@ <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf-core</artifactId> - <version>${egiz.eaaf.version}</version> </dependency> <dependency> <groupId>org.opensaml</groupId> @@ -33,18 +32,40 @@ <dependency> <groupId>org.opensaml</groupId> <artifactId>opensaml-xmlsec-api</artifactId> + <exclusions> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.opensaml</groupId> <artifactId>opensaml-xmlsec-impl</artifactId> + <exclusions> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>org.apache.santuario</groupId> <artifactId>xmlsec</artifactId> </dependency> <dependency> + <groupId>org.cryptacular</groupId> + <artifactId>cryptacular</artifactId> + <exclusions> + <exclusion> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + </exclusion> + </exclusions> + </dependency> + <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> + <artifactId>bcprov-jdk15to18</artifactId> </dependency> <dependency> @@ -61,11 +82,6 @@ <!-- Testing --> <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> @@ -86,14 +102,40 @@ <groupId>com.squareup.okhttp3</groupId> <artifactId>mockwebserver</artifactId> <scope>test</scope> + <exclusions> + <exclusion> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> - <groupId>xml-apis</groupId> - <artifactId>xml-apis</artifactId> - <version>1.4.01</version> - <scope>test</scope> - </dependency> + <groupId>xml-apis</groupId> + <artifactId>xml-apis</artifactId> + <version>1.4.01</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>at.asitplus.hsmfacade</groupId> + <artifactId>provider</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>io.grpc</groupId> + <artifactId>grpc-core</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.junit.vintage</groupId> + <artifactId>junit-vintage-engine</artifactId> + <version>${junit-jupiter-api.version}</version> + </dependency> + <dependency> + <groupId>org.junit.jupiter</groupId> + <artifactId>junit-jupiter-migrationsupport</artifactId> + <version>${junit-jupiter-api.version}</version> + </dependency> </dependencies> <build> @@ -101,49 +143,13 @@ <plugins> <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.7.0</version> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - <executions> - <execution> - <goals> - <goal>compile</goal> - <goal>testCompile</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <version>3.1.0</version> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - - <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + <version>${spotbugs-maven-plugin.version}</version> <configuration> - <threadCount>1</threadCount> + <failOnError>true</failOnError> + <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> </plugin> </plugins> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java index 184a3adb..ca3aa844 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/metadata/IPvp2MetadataProvider.java @@ -39,4 +39,11 @@ public interface IPvp2MetadataProvider extends RefreshableMetadataResolver { @Nullable EntityDescriptor getEntityDescriptor(@Nonnull String entityID) throws ResolverException; + + /** + * Destroy this Metadata resolver, if it supports destroying. + * + */ + void doDestroy(); + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java index 92e75e17..c05b96f3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/PvpAttributeBuilder.java @@ -21,10 +21,11 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; import java.util.ArrayList; import java.util.Collection; -import java.util.HashMap; import java.util.Iterator; import java.util.List; -import java.util.ServiceLoader; + +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; @@ -33,64 +34,17 @@ import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.exceptions.InvalidDateFormatAttributeException; import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException; +import at.gv.egiz.eaaf.core.impl.idp.builder.AttributeBuilderRegistration; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PvpMetadata; import at.gv.egiz.eaaf.modules.pvp2.exception.InvalidDateFormatException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import lombok.extern.slf4j.Slf4j; -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.metadata.RequestedAttribute; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - +@Slf4j public class PvpAttributeBuilder { - private static final Logger log = LoggerFactory.getLogger(PvpAttributeBuilder.class); - private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator(); - private static HashMap<String, IAttributeBuilder> builders; - - private static ServiceLoader<IAttributeBuilder> attributBuilderLoader = - ServiceLoader.load(IAttributeBuilder.class); - - private static void addBuilder(final IAttributeBuilder builder) { - builders.put(builder.getName(), builder); - } - - static { - builders = new HashMap<>(); - - log.info("Loading protocol attribut-builder modules:"); - if (attributBuilderLoader != null) { - final Iterator<IAttributeBuilder> moduleLoaderInterator = attributBuilderLoader.iterator(); - while (moduleLoaderInterator.hasNext()) { - try { - final IAttributeBuilder modul = moduleLoaderInterator.next(); - log.info("Loading attribut-builder Modul Information: " + modul.getName()); - addBuilder(modul); - - } catch (final Throwable e) { - log.error("Check configuration! " + "Some attribute-builder modul" - + " is not a valid IAttributeBuilder", e); - } - } - } - - log.info("Loading attribute-builder modules done"); - - } - - /** - * Get a specific attribute builder. - * - * @param name Attribute-builder friendly name - * - * @return Attribute-builder with this name or null if builder does not exists - */ - public static IAttributeBuilder getAttributeBuilder(final String name) { - return builders.get(name); - - } /** * Build an SAML2 attribute. @@ -102,8 +56,9 @@ public class PvpAttributeBuilder { public static Attribute buildAttribute(final String name, final String value) { log.warn("Attribute value: {} is NOT injected", value); - if (builders.containsKey(name)) { - return builders.get(name).buildEmpty(generator); + if (AttributeBuilderRegistration.containsBuilder(name)) { + return AttributeBuilderRegistration.getAttributeBuilder(name).buildEmpty(generator); + } return null; } @@ -120,9 +75,9 @@ public class PvpAttributeBuilder { */ public static Attribute buildAttribute(final String name, final ISpConfiguration oaParam, final IAuthData authData) throws Pvp2Exception, AttributeBuilderException { - if (builders.containsKey(name)) { + if (AttributeBuilderRegistration.containsBuilder(name)) { try { - return builders.get(name).build(oaParam, authData, generator); + return AttributeBuilderRegistration.getAttributeBuilder(name).build(oaParam, authData, generator); } catch (final AttributeBuilderException e) { if (e instanceof UnavailableAttributeException) { throw e; @@ -146,8 +101,8 @@ public class PvpAttributeBuilder { * @return SAML2 attribute */ public static Attribute buildEmptyAttribute(final String name) { - if (builders.containsKey(name)) { - return builders.get(name).buildEmpty(generator); + if (AttributeBuilderRegistration.containsBuilder(name)) { + return AttributeBuilderRegistration.getAttributeBuilder(name).buildEmpty(generator); } return null; } @@ -157,9 +112,9 @@ public class PvpAttributeBuilder { * * @return */ - public static List<Attribute> buildSupportedEmptyAttributes() { + public static List<Attribute> buildSupportedEmptyAttributes() { final List<Attribute> attributes = new ArrayList<>(); - final Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); + final Iterator<IAttributeBuilder> builderIt = AttributeBuilderRegistration.getAllRegistratedBuilder(); while (builderIt.hasNext()) { final IAttributeBuilder builder = builderIt.next(); if (builder.getClass().isAnnotationPresent(PvpMetadata.class)) { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java index 3a21b15d..32e82ce4 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/AbstractChainingMetadataProvider.java @@ -476,7 +476,12 @@ public abstract class AbstractChainingMetadataProvider implements IGarbageCollec final AbstractMetadataResolver httpprovider = (AbstractMetadataResolver) resolver; log.debug("Destroy metadata resolver with id: {}", httpprovider.getId()); httpprovider.destroy(); - + + } else if (resolver instanceof IPvp2MetadataProvider) { + final IPvp2MetadataProvider httpprovider = (IPvp2MetadataProvider) resolver; + log.debug("Destroy metadata resolver with id: {}", httpprovider.getId()); + httpprovider.doDestroy(); + } else { log.warn("Metadata resolver: {} can not be destroyed. Reason: unsupported type: {}", resolver.getId(), resolver.getClass().getName()); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java index 1b44afe4..f0291847 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverAdapter.java @@ -1,10 +1,12 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.metadata; + import java.time.Instant; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.saml.metadata.resolver.RefreshableMetadataResolver; import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; @@ -113,6 +115,17 @@ public class PvpMetadataResolverAdapter implements IPvp2MetadataProvider, IRefre } @Override + public void doDestroy() { + if (internalProvider instanceof AbstractMetadataResolver) { + ((AbstractMetadataResolver) internalProvider).destroy(); + + } else { + log.info("MetadataResolver: {} does not support destroying", + internalProvider.getClass().getName()); + + } + } + public Throwable getLastFailureCause() { return internalProvider.getLastFailureCause(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java new file mode 100644 index 00000000..66393bb4 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/SignatureTrustEngineDecorator.java @@ -0,0 +1,41 @@ +package at.gv.egiz.eaaf.modules.pvp2.impl.validation; + +import org.opensaml.security.SecurityException; +import org.opensaml.security.credential.Credential; +import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xmlsec.signature.Signature; +import org.opensaml.xmlsec.signature.support.SignatureTrustEngine; + +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import lombok.AllArgsConstructor; +import lombok.Getter; +import net.shibboleth.utilities.java.support.resolver.CriteriaSet; + +@AllArgsConstructor +public class SignatureTrustEngineDecorator implements SignatureTrustEngine { + + private SignatureTrustEngine trustEngine; + + @Getter + private IPvp2MetadataProvider metadataProvider; + + @Override + public boolean validate(Signature token, CriteriaSet trustBasisCriteria) throws SecurityException { + return trustEngine.validate(token, trustBasisCriteria); + + } + + @Override + public boolean validate(byte[] signature, byte[] content, String algorithmUri, + CriteriaSet trustBasisCriteria, Credential candidateCredential) throws SecurityException { + return trustEngine.validate(signature, content, algorithmUri, trustBasisCriteria, candidateCredential); + + } + + @Override + public KeyInfoCredentialResolver getKeyInfoResolver() { + return trustEngine.getKeyInfoResolver(); + + } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java index f0758706..fe941f74 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/TrustEngineFactory.java @@ -22,9 +22,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; - import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver; import org.opensaml.saml.security.impl.MetadataCredentialResolver; import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver; @@ -33,9 +30,10 @@ import org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider; -import org.opensaml.xmlsec.signature.support.SignatureTrustEngine; import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; @@ -50,7 +48,7 @@ public class TrustEngineFactory { * @throws Pvp2InternalErrorException In case of a TrustEngine initialization * error */ - public static SignatureTrustEngine getSignatureKnownKeysTrustEngine( + public static SignatureTrustEngineDecorator getSignatureKnownKeysTrustEngine( final IPvp2MetadataProvider mdResolver) throws Pvp2InternalErrorException { try { final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>(); @@ -70,10 +68,9 @@ public class TrustEngineFactory { resolver.setKeyInfoCredentialResolver(keyInfoCredentialResolver); resolver.initialize(); - final ExplicitKeySignatureTrustEngine engine = - new ExplicitKeySignatureTrustEngine(resolver, keyInfoCredentialResolver); - - return engine; + return new SignatureTrustEngineDecorator( + new ExplicitKeySignatureTrustEngine(resolver, keyInfoCredentialResolver), + mdResolver); } catch (final ComponentInitializationException e) { log.warn("Initialization of SignatureTrustEngine FAILED.", e); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java index 9758ff83..2257eba9 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/verification/SamlVerificationEngine.java @@ -32,6 +32,8 @@ import javax.xml.validation.Validator; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.opensaml.core.criterion.EntityIdCriterion; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml.common.xml.SAMLSchemaBuilder.SAML1Version; @@ -61,7 +63,6 @@ import org.opensaml.xmlsec.encryption.support.SimpleRetrievalMethodEncryptedKeyR import org.opensaml.xmlsec.keyinfo.impl.StaticKeyInfoCredentialResolver; import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.SignatureTrustEngine; -import org.springframework.beans.factory.annotation.Autowired; import org.w3c.dom.Element; import org.xml.sax.SAXException; @@ -75,10 +76,12 @@ import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.SignatureTrustEngineDecorator; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.net.URIException; import net.shibboleth.utilities.java.support.net.impl.BasicURLComparator; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; @Slf4j public class SamlVerificationEngine { @@ -98,13 +101,7 @@ public class SamlVerificationEngine { */ private static final int TIME_JITTER = 3; - - - - - @Autowired(required = true) - IPvp2MetadataProvider metadataProvider; - + /** * Verify signature of a signed SAML2 object. * @@ -141,27 +138,36 @@ public class SamlVerificationEngine { log.debug("PVP2X message validation FAILED. Relead metadata for entityID: {}", msg.getEntityID()); - if (metadataProvider == null || !(metadataProvider instanceof IRefreshableMetadataProvider) - || !((IRefreshableMetadataProvider) metadataProvider) - .refreshMetadataProvider(msg.getEntityID())) { - throw e; - - } else { - log.trace("PVP2X metadata reload finished. Check validate message again."); - - if (msg instanceof PvpSProfileRequest - && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) { - verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(), - sigTrustEngine); + if (sigTrustEngine instanceof SignatureTrustEngineDecorator) { + IPvp2MetadataProvider metadataProvider = + ((SignatureTrustEngineDecorator) sigTrustEngine).getMetadataProvider(); + if (metadataProvider == null || !(metadataProvider instanceof IRefreshableMetadataProvider) + || !((IRefreshableMetadataProvider) metadataProvider).refreshMetadataProvider(msg.getEntityID())) { + + throw e; } else { - verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine); + log.trace("PVP2X metadata reload finished. Check validate message again."); - } + if (msg instanceof PvpSProfileRequest + && ((PvpSProfileRequest) msg).getSamlRequest() instanceof RequestAbstractType) { + verifyRequest((RequestAbstractType) ((PvpSProfileRequest) msg).getSamlRequest(), + sigTrustEngine); - } - log.trace("Second PVP2X message validation finished"); + } else { + verifyIdpResponse(((PvpSProfileResponse) msg).getResponse(), sigTrustEngine); + + } + } + log.trace("Second PVP2X message validation finished"); + + } else { + log.debug("TrustEninge is not of type: {} Dynamic SAML2 metadata refresh not possibile.", + SignatureTrustEngineDecorator.class); + throw e; + + } } } @@ -246,6 +252,7 @@ public class SamlVerificationEngine { // validate each assertion final List<Assertion> validatedassertions = new ArrayList<>(); for (final Assertion saml2assertion : saml2assertions) { + traceLogFullAssertion(saml2assertion); if (internalAssertionValidation(saml2assertion, spEntityID, validateDateTime)) { log.debug("Add valid Assertion:" + saml2assertion.getID()); validatedassertions.add(saml2assertion); @@ -271,9 +278,19 @@ public class SamlVerificationEngine { throw new SamlAssertionValidationExeption(ERROR_16, new Object[] { e.getMessage() }, e); -// } catch (final ConfigurationException e) { -// throw new AssertionValidationExeption("pvp.12", -// new Object[]{loggerName, e.getMessage()}, e); + } + } + + private void traceLogFullAssertion(Assertion saml2assertion) { + if (log.isTraceEnabled()) { + try { + log.trace("Decrypted SAML2 Response:", SerializeSupport.nodeToString( + XMLObjectSupport.getMarshaller(saml2assertion).marshall(saml2assertion))); + + } catch (MarshallingException e) { + log.info("Can NOT trace decrypted SAML2 Assertion", e); + + } } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/messages/pvp_messages.properties b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/messages/pvp_messages.properties index 824f17d4..b76b2d52 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/messages/pvp_messages.properties +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/resources/messages/pvp_messages.properties @@ -17,6 +17,8 @@ internal.pvp.15=SAML2 assertion validator: {0} find NO valid assertion in SAML2 internal.pvp.16=Decryption of SAML2 assertion FAILED with reason: {0} internal.pvp.17=SAML2 assertion validator:{0} find invalid PVP Response from Issuer:{1}. StatusCodes:{2} Msg:{3} +pvp2.09=SAML2 request contains an unsupported operation. (OperationId: {0}) +pvp2.20=SAML2 Authn. request contains an unknown or empty EntityID. pvp2.21=Signature validation of SAML2 Authn. request failed. Reason: {0} pvp2.22=Validation of SAML2 Authn. request failed. Reason: {0} pvp2.24=General error during SAML2 Auth. request pre-processing. Reason: {0} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineEidasTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineEidasTest.java new file mode 100644 index 00000000..4577b94b --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineEidasTest.java @@ -0,0 +1,115 @@ +package at.gv.egiz.eaaf.modules.pvp2.test; + +import java.time.Instant; + +import org.apache.xml.security.algorithms.JCEMapper; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + +@Ignore +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", + "/spring/test_eaaf_core_spring_config.beans.xml", + "/spring/eaaf_utils.beans.xml" }) +@TestPropertySource(locations = { "/config/config_eidas.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class SamlVerificationEngineEidasTest { + + @Autowired + private PvpMetadataResolverFactory metadataResolverFactory; + + @Autowired + private SamlVerificationEngine verifyEngine; + @Autowired + private DummyCredentialProvider credentialProvider; + + @Autowired DummyMetadataProvider metadataProvider; + @Autowired IConfiguration authConfig; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Reset OpenSAML3.x JCEMapper to default. + * + */ + @AfterClass + public static void classCloser() { + JCEMapper.setProviderId(null); + + } + + @Test + public void verifyAssertionSucessNotEncrypted() throws SamlSigningException, Pvp2MetadataException, + CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption { + final String responsePath = "/data/response_eidas.xml"; + final String metadataPath = "classpath:/data/metadata_eidas.xml"; + final String spEntityId = "https://vidp.gv.at/EidasNode/ColleagueResponse"; + + final Pair<Response, IPvp2MetadataProvider> inputMsg = + initializeResponse(spEntityId, metadataPath, responsePath, + credentialProvider.getMetaDataSigningCredential()); + + verifyEngine.validateAssertion(inputMsg.getFirst(), credentialProvider.getMessageSigningCredential(), + spEntityId, "jUnit Test", false); + + + } + + protected Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath, + String authnReqPath, EaafX509Credential credential) + throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException { + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + metadataPath, null, "jUnit metadata resolver", null); + + final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath)); + response.setIssueInstant(Instant.now()); + final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue(spEntityId); + response.setIssuer(issuer); + + return Pair.newInstance( + Saml2Utils.signSamlObject(response, credential, true), + mdResolver); + } +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java index 8f6c35bd..e7c59459 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java @@ -511,7 +511,7 @@ public class PostBindingTest { Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); Assert.assertNotNull("PVP msg is null", httpResp.getContentLength()); - Assert.assertEquals("ContentType", "text/html", httpResp.getContentType()); + Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String http = httpResp.getContentAsString(); @@ -545,7 +545,7 @@ public class PostBindingTest { Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); Assert.assertNotNull("PVP msg is null", httpResp.getContentLength()); - Assert.assertEquals("ContentType", "text/html", httpResp.getContentType()); + Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String http = httpResp.getContentAsString(); @@ -581,7 +581,7 @@ public class PostBindingTest { Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); Assert.assertNotNull("PVP msg is null", httpResp.getContentLength()); - Assert.assertEquals("ContentType", "text/html", httpResp.getContentType()); + Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String http = httpResp.getContentAsString(); @@ -619,7 +619,7 @@ public class PostBindingTest { Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); Assert.assertNotNull("PVP msg is null", httpResp.getContentLength()); - Assert.assertEquals("ContentType", "text/html", httpResp.getContentType()); + Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String http = httpResp.getContentAsString(); @@ -657,7 +657,7 @@ public class PostBindingTest { Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); Assert.assertNotNull("PVP msg is null", httpResp.getContentLength()); - Assert.assertEquals("ContentType", "text/html", httpResp.getContentType()); + Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String http = httpResp.getContentAsString(); @@ -700,6 +700,11 @@ public class PostBindingTest { return null; } + + @Override + public boolean isWriteAsynch() { + return false; + } }; } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java index 2c152195..97a896f5 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/SoapBindingTest.java @@ -203,7 +203,7 @@ public class SoapBindingTest { Assert.assertEquals("http StatusCode", 200, httpResp.getStatus()); Assert.assertNotNull("PVP msg is null", httpResp.getContentLength()); - Assert.assertEquals("ContentType", "text/xml", httpResp.getContentType()); + Assert.assertEquals("ContentType", "text/xml;charset=UTF-8", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String http = httpResp.getContentAsString(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java index 07c5f8ff..91da692c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java @@ -75,5 +75,11 @@ public class DummyMetadataProvider extends AbstractChainingMetadataProvider { public void setMetadataFilters(List<MetadataFilter> filtersToUse) { metadataFilters.setFilters(filtersToUse); - } + } + + @Override + public void doDestroy() { + + } + } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java index 036d682b..8af53e23 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java @@ -242,7 +242,7 @@ public class MetadataResolverTest { Assert.fail("Untrusted signature not detected"); } catch (final Pvp2MetadataException e) { - Assert.assertEquals("Wrong errorCode", "internal.pvp.07", e.getErrorId()); + Assert.assertEquals("Wrong errorCode", "internal.pvp.09", e.getErrorId()); } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props index abc8f591..87317300 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props @@ -6,9 +6,9 @@ security.hsmfacade.password=supersecret123 security.hsmfacade.hsmname=software keystore.type=hsmfacade -keystore.name=authhandler -key.metadata.alias=authhandler-sign -key.sig.alias=authhandler-sign +keystore.name=eid-junit +key.metadata.alias=rsa-key-1 +key.sig.alias=ec-key-1 key.sig.pass=password key.enc.alias= key.enc.pass= diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_eidas.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_eidas.props new file mode 100644 index 00000000..f99f3de0 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_eidas.props @@ -0,0 +1,19 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 +security.hsmfacade.hsmname=software + +keystore.path=classpath:/data/junit_eidas.jks +keystore.pass=password +key.metadata.alias=metadata +key.metadata.pass=password +key.sig.alias=signing +key.sig.pass=password +key.enc.alias=signing +key.enc.pass=password + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt index 01be3821..204ddccf 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/hsm_facade_trust_root.crt @@ -1,10 +1,12 @@ -----BEGIN CERTIFICATE----- -MIIBdDCCARqgAwIBAgIEXkz1yjAKBggqhkjOPQQDAjARMQ8wDQYDVQQDDAZlY3Jv -b3QwHhcNMjAwMjE5MDg0NjAyWhcNMjEwMjE4MDg0NjAyWjARMQ8wDQYDVQQDDAZl -Y3Jvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS8yvpVIWbPj4E7Lr87hwQR -T9DZf9WY5LMV7gF6NKpnJ5JkEql/s7fqBVbrh8aSNo6gmfmSk4VYGhPJ+DCMzzQj -o2AwXjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFOXafzYpIOlu6BgNU+Ee -JWuJobgWMB0GA1UdDgQWBBTl2n82KSDpbugYDVPhHiVriaG4FjALBgNVHQ8EBAMC -AQYwCgYIKoZIzj0EAwIDSAAwRQIgRt/51PKL/bATuLCdib95Ika+h845Jo0G+Sbn -bzNwJAcCIQCVD1cxEBuUkKaiaLbTiNVsEjvQb6ti0TFbbQUH66jCGA== +MIIByzCCAXGgAwIBAgIEYC5cIjAKBggqhkjOPQQDAjA7MRMwEQYDVQQKDApBLVNJ +VCBQbHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwHhcN +MjEwMjE4MTIyMjU4WhcNMzEwMjE4MTIyMjU4WjA7MRMwEQYDVQQKDApBLVNJVCBQ +bHVzMRIwEAYDVQQLDAlIc21GYWNhZGUxEDAOBgNVBAMMB0VDIFJvb3QwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAARK1UAE+T3xYsoI0VkRcP20jPwTd2MePMkXRsSR +lpqPMQ6dPMlxPmAzWK33DWPFAFMY8+ecF0J8t2D+5RiJSSB+o2MwYTAPBgNVHRMB +Af8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT1v6FCAwJIM8kv +JD7gVjdGXqhcYjAdBgNVHQ4EFgQU9b+hQgMCSDPJLyQ+4FY3Rl6oXGIwCgYIKoZI +zj0EAwIDSAAwRQIhAI+5lHyNCQfyj8c0pdBDVWY3fkCOj9ZTJ/hqgW+6TIQBAiBS +jn7uIj7tGm+f0RgXMbhcgtQhYgVwf0x8OnRwmDOwaw== -----END CERTIFICATE----- diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_eidas.jks b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_eidas.jks Binary files differnew file mode 100644 index 00000000..20a52d16 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/junit_eidas.jks diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/metadata_eidas.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/metadata_eidas.xml new file mode 100644 index 00000000..0b9e0fb0 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/metadata_eidas.xml @@ -0,0 +1,153 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="classpath:/data/metadata_eidas.xml" validUntil="2055-06-25T17:56:00.822Z"> + <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <ds:SignatureMethod Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"/> + <ds:Reference URI=""> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <ds:DigestValue>mpRL1HhdQbVZvTErUOyLnEg8A9KwdXaRLIZRTIgC/vIbw5wktNzXzF140hYQGudHI8RovcQapGkA +6wjTAkrGvg==</ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue> +hYs/+wD1DLsPB4WxJStWgT/TWn4hTxfoamZbZe4XcavGWIgLNZoiitdeoYcDoSRbeeBAa5OoZuFf +ev7NmU8E8YjutpdR7i/tGpVAbGD3il5h08VrBMBWm9x1MN+P4fCsuVptrLFrVJcEVfrBVHEJZcOL +yKmc+l2eJh45t+7huH3gBukmbJciriJnsHOJc+xlu6cRBMrDHUIR65PlMdSdeG2Ff9orBA61iaZT +FYDOC19SA89/Mm7P9lylLYg0d+A4zZKGJw6dwPhjkc/NXm1GDZabj6hWLBAfQ7jRJKUVWMd1+QNd +Gnp/FcRdOipxNeiEIIVzEfOx2VwT8OgnNE6RkPVmWDOBdBtQ9udH3drHxAk/09rewEacD47tT37B +Ni9WAGNb2fxiS/wncUS6hKAFpUl86cbT2rXotH0UjEUd/q+fEwlkYzr2wWNVmyae9d40CHj0ps1y +vsAnIG2KudLUENazAwEZHjw9nheL3DyAeu3TWfpsTyyuA5YhWG/YyEeF +</ds:SignatureValue> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIEDjCCAnYCCQD6nxCDuFkkmDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJBVDENMAsGA1UE +CgwERUdJWjEYMBYGA1UECwwPZUlEQVMgVGVzdC1Ob2RlMREwDwYDVQQDDAhNZXRhZGF0YTAeFw0y +MDA0MTQxNTA2NDFaFw0yMzAxMDgxNTA2NDFaMEkxCzAJBgNVBAYTAkFUMQ0wCwYDVQQKDARFR0la +MRgwFgYDVQQLDA9lSURBUyBUZXN0LU5vZGUxETAPBgNVBAMMCE1ldGFkYXRhMIIBojANBgkqhkiG +9w0BAQEFAAOCAY8AMIIBigKCAYEAnUM3hvAfyL0w4U35Qq1iVvnGYcy8XsxWlNydaqFM5kb5AoSx +AjXMkQ0nUgCJSvDc7A8a8KVkS5Z32gFcF1ucZB7uYB2pkSm8WnHJcwtJrjO8y+D5D+ReVKsNZ5Kp +yvH8CAS4Q+QO14ZFXj5Ear6D06NYuAMKqasXPrPig1Tdbww0vKykhEScr3cld7TTjeZfBODiBuMO +w4FS4IYPcOSGYk8rWw9h02BKfEq05gsR/cT+J/yqYKt5ZTrIvBPKec2EaVyDgiJMzi8g+j2YbBGA +voKABPZoGM19PIeo3QswNjdsrTVlhDZg9uOfLDeX3DKaGhnFApm44BVngz+k40j+vuwzHePIKH3r +5hN+CqHW8yHCRZoih327CYT7s/r8JF6dt+Si+X2Cn/EoVZp+V4jh5L7fmvLaDGbYgOKneTfhjIwe +6KeVOPMHdRmrbgJtNVPSeXGmyDmZCUlDoRdCU+Je9BL46UHGXv0vi8oU/n7ObiyS5uMCjEjYX+dL +UC7AFMpBAgMBAAEwDQYJKoZIhvcNAQELBQADggGBABkgstVxLeeKAaW+vgvt1ak9LUNxkEgXHF+z +hMgH0797I2YztfzCnW51gadnUMjU/fM3OyhuirxErhijxwHMnzzDN4GcfDzSk6W4PXyTAhXKe1b1 +LOP97m7Fpke5lf6EMKiIFcH+cKmXXxNMRImjjoa4h8unkreVh6sMAvtX7L6higi8I2yIsGGp6Dn4 +bHwRngvRVDzDx22OTpTT0EvX/EFsQPzLtxrMCFuJE4IM65drNYJI8WhuGBaXfMhnHhUY6mr5U8Lj +/zjcEQMFwu6qFVGfqF2p1AaNgK3kBslTBezPHoOdi1dt/FP12lozapAIKIBDhp1aqEdZkGYaOaI4 +QHfiBJag/Doao/NHMTTaqMe26/7dlBh5cmd67+DQlnp87jDBIBpg1EJr/JVU9r1rtg2OJhhUmyv3 +HZONASwc8UjkkREqWBIXKZX6GnJBXthVg7Lhna35Nh++agEjMg/IuZNcUzK6ZjDCZdlDD0fenUty +xFug0kx+UUxgnO/qSooe+g==</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </ds:Signature> + <md:Extensions> + <mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> + <saml2:Attribute Name="http://eidas.europa.eu/entity-attributes/protocol-version" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">1.2</saml2:AttributeValue> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">1.1</saml2:AttributeValue> + </saml2:Attribute> + <saml2:Attribute Name="http://eidas.europa.eu/entity-attributes/application-identifier" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> + <saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">CEF:eIDAS-ref:2.5.0</saml2:AttributeValue> + </saml2:Attribute> + </mdattr:EntityAttributes> + <eidas:SPType xmlns:eidas="http://eidas.europa.eu/saml-extensions">public</eidas:SPType> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/> + <alg:DigestMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1"/> + <alg:SigningMethod xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1"/> + </md:Extensions> + <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:Extensions> + <eidas:NodeCountry xmlns:eidas="http://eidas.europa.eu/saml-extensions">AT</eidas:NodeCountry> + </md:Extensions> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIEDDCCAnQCCQCbVfZgUmuq4jANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJBVDENMAsGA1UE +CgwERUdJWjEYMBYGA1UECwwPZUlEQVMgVGVzdC1Ob2RlMRAwDgYDVQQDDAdzaWduaW5nMB4XDTIw +MDQxNDE1MDcyMFoXDTIzMDEwODE1MDcyMFowSDELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVox +GDAWBgNVBAsMD2VJREFTIFRlc3QtTm9kZTEQMA4GA1UEAwwHc2lnbmluZzCCAaIwDQYJKoZIhvcN +AQEBBQADggGPADCCAYoCggGBAJu0ab3tEsQ/9xQ4rwvO7PjnK+NOVUvPkReQMFOFg8uduSocBwZ2 +Kdr/WBRrC9kI8cCkWxJHcJi9o6QBKM8Jtc/cJbPmR7CZvm2rtVGiVNew83C3BAFWeUkXpdnXt1lP +lEklsMwq7eOD+OqWPmi6O0sL/QFMDBMo6J51YIXLtFz0ymiu4V4C75/2c5A/ztI7svDdzxIQEJLo +ATnikFV7WD9SZbgFXPi20v/9IicvtQVjLrfKWbctSXe9RV2CBFsuWevJUdxbf7DWETH+e9eukg+9 +6ZFkBIXDqr5xrXXYVD07Hx2DVqjq+aZM2ALnivNPAp7nLqN4GYP+VmqpDJ9A6S/C9K/6ROnVmK1x +YMtqmxv9WKTi0FkMsBEiH5TRuig3gl+MLKQeA44XjdXgNvPmd1WiSL3IgaQPTLXgLeVsflHAWpy/ +IrGjlzuYcpFhg40x0IMvvOv4Z8RGiXyuhFxa3P+T+0mRYBos/RA70UHjIzgoLhoAShBS/WKs3KqZ +2xi4HwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAImDWnTLdq/4VEeaEJKoVzXk7yk++Rxj2gERRI +vh/eHDskFPDZ5Q2Cby3IC4iLaJFpbXyjKskAvVgoasAbRACA5Zf1H6v31V1YLtTmIViPOY1u3130 +kkY86z9QlLx8u6o86GWL2rGb09ZMxqSMjEEGXYntPJ4rWtdUT32Ef1sUKqh0Dm+qPb/M3OnlV2aO +Ti/yJR7sCuIJ8rrTBO5lqOrdK+zzyhWuJx5/JLfTRp7wjGHR+KPS+3CsnPa6fkG9YUkjz0/E7f1G +emt6cq4ozbGw5j5H50YxVJ5KS76KckKNETGUF2/9XXXV0rrBY7HcnqRCqWuc+sZPqv6pQph21gEZ ++1s2FY735uGRrxDR+1tsWuJd5o5agfl8w544erWQ+aLlkouISzfWZdN8opTLNtt/u0qfUjkcXQFg +CyaVwyMJp9Iq/fqOZzVY3he9i6OVGt6owox+n2rymNQ/Zon6qtDCdvgfw30TIpL8AuZzjMyUL1oG +aAb6colSGusGLBkme5k=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:KeyDescriptor use="encryption"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIEDDCCAnQCCQCbVfZgUmuq4jANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJBVDENMAsGA1UE +CgwERUdJWjEYMBYGA1UECwwPZUlEQVMgVGVzdC1Ob2RlMRAwDgYDVQQDDAdzaWduaW5nMB4XDTIw +MDQxNDE1MDcyMFoXDTIzMDEwODE1MDcyMFowSDELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVox +GDAWBgNVBAsMD2VJREFTIFRlc3QtTm9kZTEQMA4GA1UEAwwHc2lnbmluZzCCAaIwDQYJKoZIhvcN +AQEBBQADggGPADCCAYoCggGBAJu0ab3tEsQ/9xQ4rwvO7PjnK+NOVUvPkReQMFOFg8uduSocBwZ2 +Kdr/WBRrC9kI8cCkWxJHcJi9o6QBKM8Jtc/cJbPmR7CZvm2rtVGiVNew83C3BAFWeUkXpdnXt1lP +lEklsMwq7eOD+OqWPmi6O0sL/QFMDBMo6J51YIXLtFz0ymiu4V4C75/2c5A/ztI7svDdzxIQEJLo +ATnikFV7WD9SZbgFXPi20v/9IicvtQVjLrfKWbctSXe9RV2CBFsuWevJUdxbf7DWETH+e9eukg+9 +6ZFkBIXDqr5xrXXYVD07Hx2DVqjq+aZM2ALnivNPAp7nLqN4GYP+VmqpDJ9A6S/C9K/6ROnVmK1x +YMtqmxv9WKTi0FkMsBEiH5TRuig3gl+MLKQeA44XjdXgNvPmd1WiSL3IgaQPTLXgLeVsflHAWpy/ +IrGjlzuYcpFhg40x0IMvvOv4Z8RGiXyuhFxa3P+T+0mRYBos/RA70UHjIzgoLhoAShBS/WKs3KqZ +2xi4HwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAImDWnTLdq/4VEeaEJKoVzXk7yk++Rxj2gERRI +vh/eHDskFPDZ5Q2Cby3IC4iLaJFpbXyjKskAvVgoasAbRACA5Zf1H6v31V1YLtTmIViPOY1u3130 +kkY86z9QlLx8u6o86GWL2rGb09ZMxqSMjEEGXYntPJ4rWtdUT32Ef1sUKqh0Dm+qPb/M3OnlV2aO +Ti/yJR7sCuIJ8rrTBO5lqOrdK+zzyhWuJx5/JLfTRp7wjGHR+KPS+3CsnPa6fkG9YUkjz0/E7f1G +emt6cq4ozbGw5j5H50YxVJ5KS76KckKNETGUF2/9XXXV0rrBY7HcnqRCqWuc+sZPqv6pQph21gEZ ++1s2FY735uGRrxDR+1tsWuJd5o5agfl8w544erWQ+aLlkouISzfWZdN8opTLNtt/u0qfUjkcXQFg +CyaVwyMJp9Iq/fqOZzVY3he9i6OVGt6owox+n2rymNQ/Zon6qtDCdvgfw30TIpL8AuZzjMyUL1oG +aAb6colSGusGLBkme5k=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes192-gcm"/> + </md:KeyDescriptor> + <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://vidp.gv.at/EidasNode/ColleagueResponse" index="0" isDefault="true"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://vidp.gv.at/EidasNode/ColleagueResponse" index="1"/> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="en">EGIZ</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="en">EGIZ eIDAS Connector</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="en">https://www.egiz.gv.at</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="support"> + <md:Company>EGIZ</md:Company> + <md:GivenName>Thomas</md:GivenName> + <md:SurName>Lenz</md:SurName> + <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> + <md:TelephoneNumber>+43 316 873 - 5525</md:TelephoneNumber> + </md:ContactPerson> + <md:ContactPerson contactType="technical"> + <md:Company>EGIZ</md:Company> + <md:GivenName>Thomas</md:GivenName> + <md:SurName>Lenz</md:SurName> + <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> + <md:TelephoneNumber>+43 316 873 - 5525</md:TelephoneNumber> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml index 7ccd5484..92357c0c 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml @@ -56,34 +56,20 @@ YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A==</ds:X509Certificate> </ds:X509Data> <ds:X509Data> - <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN -MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw -HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN -MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw -WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC -LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG -SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh -ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L + <ds:X509Certificate>>MIICDTCCAbOgAwIBAgIIVLxIFI8kRpkwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAe +Fw0yMDA2MTgwNzM2MTBaFw0yNTA2MTgwNzM2MTBaMDwxGzAZBgNVBAMMEmludC1yc2Eta2V5LTEt +MDAwMTERMA8GA1UECgwIc29mdHdhcmUxCjAIBgNVBAUTATEwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDrM1ocQqtch95Dm21JHi0V35nlWZibsjLqR+g8ERdD1qFgun/X0I/Rbft+KxB8 +QsDX7UmIjXGdavNcEjY/XcbiJxUcpv7vn/2+x3JxZO6Iye/ut001okICt3OGIqP93ZEnIaTTNhDs +K7OnvD/eUjlmuHiTaFq1dZLKYDQlz9jl/9F4axfrz1V7oo60iqFIW+7tlUeh8VGDUPjQpHghzjHX +TJv/OIAt752K31Tn8KR3kvkn6WTPo8eOWVaPQ480Dik0e2afTPPJNZJ7BW111IwqBAOKp586yVsQ +4XVEF8H64Cq+s+b4/HBboo9TDJKTJvo2yQmcTsahbH+Rlm20ifUTAgMBAAEwCgYIKoZIzj0EAwID +SAAwRQIhANKN/N2Atb5fbeHSB2Myv/JcNf9JonxFe92AOu4f62NNAiBjOEeg4OyJZKPiDl6aqYVt +z1Qroo6xzUC9UVA4qNe4LA== </ds:X509Certificate> </ds:X509Data> <ds:X509Data> - <ds:X509Certificate>MIIDFDCCArqgAwIBAgIIFy4Oe7D+zq8wCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwY -S2V5c3RvcmVCYWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxOTE0MDMxNVoXDTIwMDUx -OTEzMDMxNVowMjEdMBsGA1UEAwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNV -BAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtE1v -1J54suM3VR17mTO5OKrCBeDP6a2dQswhMmUNO6i1l4eXNbtBvMj7k0mnc4yLLZxQ -P0cosjT1kNkOvSNCQcSI+869EOdU4QDCreGLss9a84ZNf/X3ioq/2PYTLOJSMkDQ -qLMHUVawwPYw+ZyUHaY7G0AwX5Gj1gMadfWVMDPAo5OT9WntpqG1850yO0aUMBaF -GSE9RrWVmL1+d2qHqh/pAwq6DQEtbKCl18t1zQfLZvumnQfF930KB2IkLaq6wRTW -IRdwte20PfVmEloAOdegXqUX59rkq6+5CaXfIsN+4Vkb12n2ArZwI/EFjgRdtGYj -CmuySDorynSHrCO934/LHjZtdJPFbg5/4CTXpI1aInum4uqDuq6xoL+ns4hk8kkD -9H9Pj5MYyjUc51+450ylOwLmGkqNDJBh3ecnH76NIoKviR3KlBaj0bSlnoV5Kl8H -bfnXQD98BH+YLeULrD3XWVjirOWPdfdNKcInpuXrdTZ/GvyGL5T/63mtEWiWysfP -Gw4+9AlWNXpyLviaHfxTpC6T76qYHKHd4eltRLubrgL8gHZrJwHio98kKfVMS3Oy -qHAEWBSWv+LveARn0RF4jlcPIL3gclrU9jxF4k5Btvdax3+if1MWVAZ9ML5263ug -Qr11Pkbko09VqppyM484/o+mJihTWyucKdVONw8CAwEAATAKBggqhkjOPQQDAgNI -ADBFAiBJSZqfI1kmJGy8/tRut7h2YbZWNeUA+gmFX+wJxu9ePwIhALgjht8La4AZ -/r3t33clJW8tGRMiA8cBbxm3Ox0y7DyP</ds:X509Certificate> + <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIX/q/dgMGzCYwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVCYWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDYwMjA1MjkwMFoXDTIwMDkwMjA1MjkwMFowMjEdMBsGA1UEAwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv47+IfV67UBlAFYDtb94z8LfPjmpVaqKLK5nm/FUa3Q6XbtN/QCOM/qO008ylV/ZEa+D8Ys458bfsTZKUcRpFH+hjdnwn1sXQiCvwWZJD73fGH+2PszxSg01fQO0YAHoqd8PHtmtC5hq20i9qO+0Lh0/7ItaJe+MdPslr65ZaSwxYUMKgsAIxwaU14Agvr6QLppr1qjt246Zq/ZEuTNGH3BIui7wMPEm0QZEsUpG0l6UdErFy+Kjxzpjfe8q7v5X/OTYKuS5baB4NJPDBDIhBsgD0+aQfWMGfnH+WjfvZH01W8VyzRMTlCJOAyXBl7cDkMi10xMrsf6j8YAybziNKErDRtMABjlO3O3xUrm/f/Yi9362mQUbR/WWrYoS80jnAtW+VATUd4uasc0MRA2agp9Hc/1bektR50Pw8p3eZS4dKal0Dj5nLVIyW4ahY+WAnRQj1/MblmHLVkM4zZPznzdAn2Pi5bJ/IxhvCtzx4w+/Zifmb0DSWerCzAGsN9TgFAHi/HM0Nt5mCRrf0DI6YOYnXheB9HBVWE12b1kTIYkytcg07WZohRmHLFzBAtafxuZQ3/IV+SXIR9+mIvOSAgkheulrH32lNtfsC/ULWD++JtoJKpabnBjpRErnpX333GwnNyO/s7d4jprMqYWeCFox54NuZicqYKq7KVjlrQUCAwEAATAKBggqhkjOPQQDAgNHADBEAiBQ6esaYUCanPfaKbR+1mZhNQjTrNLi30aqthvWieLDvAIgX1FvQHTBK3GfXjU2QSS2uMG7mWLnQuXA69965bquriU=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> @@ -154,34 +140,20 @@ YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A==</ds:X509Certificate> </ds:X509Data> <ds:X509Data> - <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN -MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw -HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN -MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw -WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC -LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG -SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh -ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L + <ds:X509Certificate>>MIICDTCCAbOgAwIBAgIIVLxIFI8kRpkwCgYIKoZIzj0EAwIwEjEQMA4GA1UEAwwHRUMtUm9vdDAe +Fw0yMDA2MTgwNzM2MTBaFw0yNTA2MTgwNzM2MTBaMDwxGzAZBgNVBAMMEmludC1yc2Eta2V5LTEt +MDAwMTERMA8GA1UECgwIc29mdHdhcmUxCjAIBgNVBAUTATEwggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDrM1ocQqtch95Dm21JHi0V35nlWZibsjLqR+g8ERdD1qFgun/X0I/Rbft+KxB8 +QsDX7UmIjXGdavNcEjY/XcbiJxUcpv7vn/2+x3JxZO6Iye/ut001okICt3OGIqP93ZEnIaTTNhDs +K7OnvD/eUjlmuHiTaFq1dZLKYDQlz9jl/9F4axfrz1V7oo60iqFIW+7tlUeh8VGDUPjQpHghzjHX +TJv/OIAt752K31Tn8KR3kvkn6WTPo8eOWVaPQ480Dik0e2afTPPJNZJ7BW111IwqBAOKp586yVsQ +4XVEF8H64Cq+s+b4/HBboo9TDJKTJvo2yQmcTsahbH+Rlm20ifUTAgMBAAEwCgYIKoZIzj0EAwID +SAAwRQIhANKN/N2Atb5fbeHSB2Myv/JcNf9JonxFe92AOu4f62NNAiBjOEeg4OyJZKPiDl6aqYVt +z1Qroo6xzUC9UVA4qNe4LA== </ds:X509Certificate> </ds:X509Data> <ds:X509Data> - <ds:X509Certificate>MIIDFDCCArqgAwIBAgIIFy4Oe7D+zq8wCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwY -S2V5c3RvcmVCYWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxOTE0MDMxNVoXDTIwMDUx -OTEzMDMxNVowMjEdMBsGA1UEAwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNV -BAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtE1v -1J54suM3VR17mTO5OKrCBeDP6a2dQswhMmUNO6i1l4eXNbtBvMj7k0mnc4yLLZxQ -P0cosjT1kNkOvSNCQcSI+869EOdU4QDCreGLss9a84ZNf/X3ioq/2PYTLOJSMkDQ -qLMHUVawwPYw+ZyUHaY7G0AwX5Gj1gMadfWVMDPAo5OT9WntpqG1850yO0aUMBaF -GSE9RrWVmL1+d2qHqh/pAwq6DQEtbKCl18t1zQfLZvumnQfF930KB2IkLaq6wRTW -IRdwte20PfVmEloAOdegXqUX59rkq6+5CaXfIsN+4Vkb12n2ArZwI/EFjgRdtGYj -CmuySDorynSHrCO934/LHjZtdJPFbg5/4CTXpI1aInum4uqDuq6xoL+ns4hk8kkD -9H9Pj5MYyjUc51+450ylOwLmGkqNDJBh3ecnH76NIoKviR3KlBaj0bSlnoV5Kl8H -bfnXQD98BH+YLeULrD3XWVjirOWPdfdNKcInpuXrdTZ/GvyGL5T/63mtEWiWysfP -Gw4+9AlWNXpyLviaHfxTpC6T76qYHKHd4eltRLubrgL8gHZrJwHio98kKfVMS3Oy -qHAEWBSWv+LveARn0RF4jlcPIL3gclrU9jxF4k5Btvdax3+if1MWVAZ9ML5263ug -Qr11Pkbko09VqppyM484/o+mJihTWyucKdVONw8CAwEAATAKBggqhkjOPQQDAgNI -ADBFAiBJSZqfI1kmJGy8/tRut7h2YbZWNeUA+gmFX+wJxu9ePwIhALgjht8La4AZ -/r3t33clJW8tGRMiA8cBbxm3Ox0y7DyP</ds:X509Certificate> + <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIX/q/dgMGzCYwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVCYWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDYwMjA1MjkwMFoXDTIwMDkwMjA1MjkwMFowMjEdMBsGA1UEAwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv47+IfV67UBlAFYDtb94z8LfPjmpVaqKLK5nm/FUa3Q6XbtN/QCOM/qO008ylV/ZEa+D8Ys458bfsTZKUcRpFH+hjdnwn1sXQiCvwWZJD73fGH+2PszxSg01fQO0YAHoqd8PHtmtC5hq20i9qO+0Lh0/7ItaJe+MdPslr65ZaSwxYUMKgsAIxwaU14Agvr6QLppr1qjt246Zq/ZEuTNGH3BIui7wMPEm0QZEsUpG0l6UdErFy+Kjxzpjfe8q7v5X/OTYKuS5baB4NJPDBDIhBsgD0+aQfWMGfnH+WjfvZH01W8VyzRMTlCJOAyXBl7cDkMi10xMrsf6j8YAybziNKErDRtMABjlO3O3xUrm/f/Yi9362mQUbR/WWrYoS80jnAtW+VATUd4uasc0MRA2agp9Hc/1bektR50Pw8p3eZS4dKal0Dj5nLVIyW4ahY+WAnRQj1/MblmHLVkM4zZPznzdAn2Pi5bJ/IxhvCtzx4w+/Zifmb0DSWerCzAGsN9TgFAHi/HM0Nt5mCRrf0DI6YOYnXheB9HBVWE12b1kTIYkytcg07WZohRmHLFzBAtafxuZQ3/IV+SXIR9+mIvOSAgkheulrH32lNtfsC/ULWD++JtoJKpabnBjpRErnpX333GwnNyO/s7d4jprMqYWeCFox54NuZicqYKq7KVjlrQUCAwEAATAKBggqhkjOPQQDAgNHADBEAiBQ6esaYUCanPfaKbR+1mZhNQjTrNLi30aqthvWieLDvAIgX1FvQHTBK3GfXjU2QSS2uMG7mWLnQuXA69965bquriU=</ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/response_eidas.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/response_eidas.xml new file mode 100644 index 00000000..fba8c69a --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/response_eidas.xml @@ -0,0 +1,68 @@ +<?xml version="1.0" encoding="UTF-8"?> +<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" Destination="https://vidp.gv.at/EidasNode/ColleagueResponse" ID="_1da6cbd8-70c0-4b0b-8a76-b106d8ecc1e8" InResponseTo="_FmefJFPJ4pgx5898SIiXDlGfTzIZ4JR8WyZsO4vno4Dz5pVTDvr-ZNx6W6vx3XR" IssueInstant="2021-06-24T17:30:43.887Z" Version="2.0"> + <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://vidp.gv.at/eidas-middleware/Metadata</saml2:Issuer> + <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <ds:SignatureMethod Algorithm="http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1"/> + <ds:Reference URI="#_1da6cbd8-70c0-4b0b-8a76-b106d8ecc1e8"> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <ds:DigestValue>G6vY7YV/lyaHX+P5f6l/TnnTel6SoP+eqv0TR81daWs=</ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue>MODjxzyLAMne+TsCLKhX8qU9k814Imv5Vmsjo28WpKuEyIoobHaVD2WoEtoFq+li59e0lu+xtgSReKT7JD8wgbbey5Z9eBskAPTwKbClctxXG7Zuapc+tTmLL3W6or89/1L/0vrzqoQdopQ7xAswOd3J6ypKl7fNalYCzaulFAEQjhFh6z/xXF4NPK90sajlIQtS8bS1AkalYzNOhjPK7PeM65nHR1iH0Menxkk6QX+htbbhuJnc/+fL0tgo/Qv2IhIr0WFtx4grx2C2kVtVLtIWeRv90NnI8oeLFNOcnGR7yfP1/m6+C+7yAaLS8yZCMwCEAurj4NuhCghsxbsl0299Q3kDz/8GNg3Z+HYZtpQ5iN8RynZ2oDC4QfDAKPfo07okPhtO5P8syNmI+UYMLTPp4B5LKgvp2GcvvEtNb9XJ5UemEjDRaSxP6Ny9KnqYcd+fA4tgvAi4Ib9hFuf0oTMvXlUWaSBG+CxzBUxUY5Dpo6qx0B10EHkibW6JwoAiK1us5kUtsWbfVXnV1+Dq6MwRUx6P8nHWMWCN6qo316jGJRBs9VLNtPnJS9LxF41UBLoHCbqMLXh6sKrlMWAs+ZMPVtgZaXeKsJZFpUw68UZto9BIF96HZICdnOT/ixBBxORr6fP3ceIGn71qUzdttIpJ46dIAqxrCL8Pl6+YcbI=</ds:SignatureValue> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIE7TCCAtUCBGC0mmQwDQYJKoZIhvcNAQELBQAwOjELMAkGA1UEBhMCREUxDTALBgNVBAoMBEVHSVoxHDAaBgNVBAMME2VJREFTIERFLU1pZGRsZXdhcmUwIBcNMjEwNTMxMDgxMjIwWhgPMjI5NTAzMTUwODEyMjBaMDoxCzAJBgNVBAYTAkRFMQ0wCwYDVQQKDARFR0laMRwwGgYDVQQDDBNlSURBUyBERS1NaWRkbGV3YXJlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgG/ussCjHSQPLxv8ewExMQdv5s7P4wgPILiFyfRAFuu3kA9NXBXx895/pnxKOoFyNhN+D7mUkhLwNh/C77G/1pBZbAb7RUQYEC0WtrE1LV2j/bkmkdmN4LEkf8sQ2u7H3i5lXKNUmlolsoXd0zZv5dKrCsh2V6NT7AAJOVoySLNC/BIy08/OZxc6iF3KC24hrYjThD6sb1Lfw9Htds9ycLjFvV+3XI1rOOOyJweMmodkk4ReJT+rPHZq0gXUT4uwg4Cpf+2DJDyerozYa4cTBbIgXp9SffOfJI6ZuJ4BI29MymgsaNyc6EgEI2nRjGf0Bn5XKnBYLUYvHT2bCekYgHNJYYv8AODjk6hQ0Iw0A4/LlsibIXvkBNnlHw8TwZw+hNkM+L68G6ltTJ4+XPZ/2HMLVzSqSENdHVpOFTVl0NbpvuI/CQXHJQ685jUqWuZQnB1FJ8ZR7JXVhR1WKUCZcXqzgN98GqijVFF8DB7hL+98KmE87oEYGqAKDfffuHoIqb6dfNNEQDr1nOkfYgurCj38hs5GngI2g/dwpnSvDC1KKuD+mgeT6d2A6fWcaYwDWPTuCEbK1MUBAQRe4GFBugdG/zvf4ULeGyyhJvzeeqyRcbftFui7YW4eF4vCFS8Bd8YxbPt2RcJU8RMWhVgIqKcFCna/zpLXWHIHA4LpQUUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAMferzA+hzfgNrl+P9hZ8FiZehFs080b275cZq0c8C4NdtPh+VBtwVfKyfNQLavmxcMYQf2AScHdiLPAWEpinG3nVdR8HIk3dtSSLjXh0KAth0q8PsUtb7Am7oWBYXIzRGWbbCQIn1bod6vMiO4RjmrrV0jJ5+24MkNsmkc+Vf2LLpqkFtzgJpPdtodgMnTatWy7xYT4/hqHpNqhYVPKxKAVoSSOizNt2kEP3b1QfzjDLhqGuzOTaHxBsGnWwu4eTsw60BPRP1c3t7k0CLBn2H59Q+BbN1pUI2ux7/qiYNvCtQLLf0VB6tttxBzcHH80ah/51FXtBYGd8FWYDf7iTSQ2/NbQC18+3uAwaGlz35tmlxOxuNdXHkLf9qtrdPsXTKb2dLHt0EvhErOhiN+h5tcBcC7Il2BOy2UgaGguVt5NsqyFi6l55xYai2NbQJbPtPrTsmAy4TZHSma2IH+2keJvxwQWVde+EwDpIeBei/V+vJBUUTWT9zATwiFOGlqokvqMhFQSENOHkZ6UUA6nZ6oA0THhSU9HWSceSpeHE2firL0xpIAfl8pjfXzHiEd0pRey5Cukq6VSQioop6BWY0Vd8jYkdU+ld1FnDIyCr+xxwBVvmE3FC+EX3WlWCgVU3uq8DLijOcPJ5qoYOxFCxdS94fQpwCvhKeCE/qjnuQ+4=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </ds:Signature> + <saml2p:Status> + <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> + </saml2p:Status> + <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> + <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_2b818d0931341ae510aec15ee1425171" Type="http://www.w3.org/2001/04/xmlenc#Element"> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm"/> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <xenc:EncryptedKey Id="_9d084f6ad17c241c10c6323dfc992f5b"> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + </xenc:EncryptionMethod> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIEDDCCAnQCCQCbVfZgUmuq4jANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJBVDENMAsGA1UE +CgwERUdJWjEYMBYGA1UECwwPZUlEQVMgVGVzdC1Ob2RlMRAwDgYDVQQDDAdzaWduaW5nMB4XDTIw +MDQxNDE1MDcyMFoXDTIzMDEwODE1MDcyMFowSDELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVox +GDAWBgNVBAsMD2VJREFTIFRlc3QtTm9kZTEQMA4GA1UEAwwHc2lnbmluZzCCAaIwDQYJKoZIhvcN +AQEBBQADggGPADCCAYoCggGBAJu0ab3tEsQ/9xQ4rwvO7PjnK+NOVUvPkReQMFOFg8uduSocBwZ2 +Kdr/WBRrC9kI8cCkWxJHcJi9o6QBKM8Jtc/cJbPmR7CZvm2rtVGiVNew83C3BAFWeUkXpdnXt1lP +lEklsMwq7eOD+OqWPmi6O0sL/QFMDBMo6J51YIXLtFz0ymiu4V4C75/2c5A/ztI7svDdzxIQEJLo +ATnikFV7WD9SZbgFXPi20v/9IicvtQVjLrfKWbctSXe9RV2CBFsuWevJUdxbf7DWETH+e9eukg+9 +6ZFkBIXDqr5xrXXYVD07Hx2DVqjq+aZM2ALnivNPAp7nLqN4GYP+VmqpDJ9A6S/C9K/6ROnVmK1x +YMtqmxv9WKTi0FkMsBEiH5TRuig3gl+MLKQeA44XjdXgNvPmd1WiSL3IgaQPTLXgLeVsflHAWpy/ +IrGjlzuYcpFhg40x0IMvvOv4Z8RGiXyuhFxa3P+T+0mRYBos/RA70UHjIzgoLhoAShBS/WKs3KqZ +2xi4HwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBgQAImDWnTLdq/4VEeaEJKoVzXk7yk++Rxj2gERRI +vh/eHDskFPDZ5Q2Cby3IC4iLaJFpbXyjKskAvVgoasAbRACA5Zf1H6v31V1YLtTmIViPOY1u3130 +kkY86z9QlLx8u6o86GWL2rGb09ZMxqSMjEEGXYntPJ4rWtdUT32Ef1sUKqh0Dm+qPb/M3OnlV2aO +Ti/yJR7sCuIJ8rrTBO5lqOrdK+zzyhWuJx5/JLfTRp7wjGHR+KPS+3CsnPa6fkG9YUkjz0/E7f1G +emt6cq4ozbGw5j5H50YxVJ5KS76KckKNETGUF2/9XXXV0rrBY7HcnqRCqWuc+sZPqv6pQph21gEZ ++1s2FY735uGRrxDR+1tsWuJd5o5agfl8w544erWQ+aLlkouISzfWZdN8opTLNtt/u0qfUjkcXQFg +CyaVwyMJp9Iq/fqOZzVY3he9i6OVGt6owox+n2rymNQ/Zon6qtDCdvgfw30TIpL8AuZzjMyUL1oG +aAb6colSGusGLBkme5k=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + <xenc:CipherData> + <xenc:CipherValue>f5x87ezyK4WvJnx4N3eJF58Bepk+YYKClzMRZwodZGy74lxvjFUVPxZdrnbSN0maoZdfsiJyW2pr2EUX2bxmctqOf/g/1zGF0zzLj6k0o/62evC2vQObNi615OBkXSK+IOTE3De9gGl6UHpFdPASM5ZuwDj+vpdtA3zzagJVJHquzgm7x9XyURBgVBcJ40bE3v66rOpauyOLL6LDihU279F2Eb35W3nHoshQwhRbuIVWx7Pe0uvB/E3xBvi4l20GYZiO3sQ7ldcqWywNc2XVc+aBPB8wLFT/Bk5qtOaphf0VNJBArcQSFS5xFaC1BFvkUD3+7ywMmvV5ALYRqU/Steix4d/VO17ARC6UG158S3D/GeXy1PVhjESUaQpxM7z8Zo2yUr+Qak2zV1SG96XPRnSh3up8bBDurt1IpD3YcvJ8huI4ymLw7Cq7wanDQsL31jlq+pq9wt2EtAzwebXEjVvbgwSItE/wmqtyhsD7BF/IZHcifXYA5hYuVy6unFM2</xenc:CipherValue> + </xenc:CipherData> + </xenc:EncryptedKey> + </ds:KeyInfo> + <xenc:CipherData> + <xenc:CipherValue>obMc5/fte+6VsladUvA3LsGg+n2S3ydYdAoVrt2Xpmy5hs3hX39u8W36oIwTs0CjXta6Ulgjtaxfh8qlkJRhYIdhITCWtpvoIi4eHFghrz2mHXvqJ8iddkN2W31sxvqG4QcdnUJ0qT14g9C5znJwfn0ASUk7Dt4UnSIQZtZVNXEeZLpmKkv62RrvhK/RbQOuAPbE9AvaQNPgsFM4iduQhDxg0e9qxaCHRAD8jzJYqhEzbJq3NoliRjPbHZtOQyVF7BT0SIp7P/nakKG9NWIZgbWHo4+0tXVfMJZyIs6XVK0yY7bglZh9wfHWCOLBtA4R2/l69u9mHXeVy4l444QqLQ7bqHqKUiiR8q2+8VJLkwbTBiJaQRR8kGwYbq641H88nO6ALWRX/sk9SoTwo67k3p5QOgmc6DACexHcd0+PIBe+za3UvuftxuOhJVStDfl2GPfS9Ayyr6oGcw0xky/4W3KDheB7KbZAKcy9JRcvMOY2cakSdTW+l0AgmAj0ZqnYi9PpRUIuHBXxf9JFWYWx/Ej6I8V2hlZbG15h6ihDIHZyqgB14yDffuz0vznosJ8yTWmCtnoiPclKojusAWdwIquSCpgdxe7SxxGoQEidLSF9khig/b8f5rq3S72NjG2308FB8ryM6MlIGkFvMJ/VB3btlQEc7J69O2HeasVzAr+RBGYabKHMDROvck5MAOeJz+k2mUTFs1lznV0FiXMLGMigVWeQC8VgyQCUESXG7SslKj7zy4/dfFTOTLq1DfAd7H3HJdEAlq+3o1AG+HrLJPby2YnNqe5vGzG7Sd9snNic2YBCavpNXMy3fhNQv8IXuDGKGzXyuUlDpOXYSIRKmBw74Whlj8SaAwUCR3uZ/7DeqMvc8kOQeetch1rxZod8DZlOrCt92jdTAIGJJhMj1ZW1UQhOW8HqL6EHYKnf+ehsgax4D48pWF+w1lKS/05E3fYJGz0+UtpqR0ttHif+9b+bMAikZFZ5Y9z680PtFWe7NihsMHhiSglJlN3pHZQcqLyNCEepw3Acib5im+tLl5OebwcZ3aQVDeTfObSkNWW4rU0q8mhSg86mWAoUd+/gE3xP0RoMfjv7MHKvz0xjiSO8eFxO3KD6xJOPqvkbYxgoBxbvDR5nMNcINrU/agpneW3sMLib13e/TkIXy5ajKVHP1LFyfuZKBvmDtqKS2baNiCKDoIbTh3chuaFba1t08pZGATZrFE4shDzkQrZnvHSlcb2sLqCixVrbN/sNu8uQl/yHcqE7mur04vhBwTc39bYaI8sJ3elNhEmvIyHvOo7IBNlGvR45/e2AODOkur7oMJpuqjtqQBGVyTkBHGNMEVcByikHXL+xrYXZUIGOqhhjV0gbjqAydPpif0hPxdQbEq46GuM5UyJ2UjQ6BKJRH0nHdJ+J6AbdZZ2vKaHpt6c6B2tz5X4Gwr/DAiOcN+fzd7f/+tLIp/gmZtT8zm8ztVCGnipDzdozgPBDjD2D0XQeV5uAjwyYtb55vxc83wzuav5sCUJA2we+BWyRJ965ZJzTFbgE3P64wU5wPkVNVjU0dH/n1YSRXeDB/oXhaEAYShk9X/oQ7rAtQA5LMr8O+76w3OllAkywDQHb2eaKvhakpkiMBzybT9DLHu9RfAo2p4BpyiCxhH/t4560ErjSgxqCMG5BMZiymDA8qD4C0+TX1xjPCSclDrGlvZ0ovDX3mand8TKXZv0kgUSmvO3JvHy6h3dkV75uE7VZUqI1GnqHwrxqOsCmBCq2Vqf/B+IvAi+ysfIJ1qC/S+qx9Q0irIMtff4xFz33RWh8hMd883tdXQXg2M8XoDwbNJ3ndhkgKIyfWqD0AOkby6ecy8mCq6HpciTgAxNmML4NwNa2aF8AgOiKwBKCfLoanPr9GERUlVloBA0culvfobqNtsFCcVq6eL/LKeq3KaBBoE4T5AF06YQyBzmtug/unac/zS5RIibvFkt1CJ19fM10yLj1HBXZlgz5PTV7cCZaiaRUW2nPL/iSK5hoHvj9ej75JLOYnpjGcBe/jV160bQaFANa1KiLSOjpAh5QmKvnbo9eDYVdyIf4BtL2RXu0u9bsB9d6TczmNrGQEJ+Y+Y3d8aCEpbBSe8rdSHxqpWHnh2Mnp9fsA/ZNnTUYWIqHcjynOjAICvUFRr8bU8AxBVjLIpkqVYCV8RnY+NZAibiJBeD5ApvySoDTpjxLZbmUryxKZ/31sn087NwUhpBj2CmGiIjm2Qy0EZAJPiZKOxuy9F7oREe4NvLGTWdyG5yNSLUYhh6GOu4uQfuAbcuEjoZ103PN8rbFNg2wqKVmdytwr7BEjlmwCWwJoeL8fF3+lf5GeuHb8feGzFb0Zv/F1347Q4Q2VETwpoQzgUQqXqtVSzUTLfreu2nVvptpn26wfsNO37VcNa9gFau7LLHLfsJV77k2pDPJWhwGABAySr4fGWWVzUMYMZJ7fOQ6ghrr9oye1KVILHOdKOktwP56g9ze70Aw8mUYev0tfEWGNZZAgQSagyS3VaTVWOBKZjCLTfjBkLLPAQCpigHQqam8U8O2pY9WSgDZFGHjjyqXu3JprMu2nCvwsGGJbCDNzO4RGRvXuUoqc2uE9xWRS+nRqei71wuwj4822nd606MxixMMgLuRenB/s4bXo/thNr0KHEebtFEDZvJ+dvV7Bn7/GpnsSseKpxemuVDZvZw4oL7aWAnjkQ3ugazLaKvEwAnm+1a1Yv2J6R7OsijAgP7R3sgK4XkwFWQ04otcihJAiFJ9uoPFW38nVZgEAMygrpQOWRlmEh7iRxDw0t+TzlxDZc1qDQbQXpZiDFK+G0A+CJBL/MOg8qsGBecdSUf/cF4woJR21rjIQojug1tq/kthKNFGIY341Sz28Mg/ig3b5IroG5QCbglMMamNnQ6JhItCaj90hmfJIxvkVSj2d1ezWTDAcWxXcpfmpLqcbBdi2qoW5gLvYZ8QHpye8K+gq/qjyxonBKt5kUmxcxMJODKwNOrl/UAty04rsO9q9h3+bCL7bfjrutZ+PKuDBz5Xo7pi9NKTMS333NTTiM7iZ4jrpOfObjH+CbAKHxh9clYOXPrLA74bnQXyAcFiLFsvL/2ola2LaapjANsqqX24yzDCRHPAYYLG4UYOgYVD0GQFqk+xXh00CHtOMNwYMBxvJ9gRGGIHAxNplPSAdl6a6JE2hGMQK77WD0uRxXbyphNPvXvZXC1xxfNPY9589wWmQ5hVtv4NnQ4baKA+8/A1DfXMxWD1YCRGVaBLjpasdBLg5t4drh1PyqVJy77aKZ9lEfBAe1fzgn2yItRwAcjw3rlByvSrjtzCB9YcOcwgQF3bELe3YZ4E6fx/Fq+9LO+VDQu8HZ+fuxlHTGUTNGlz4R62Yfl92ZB+teN2GyLGhe74tm+/lbf5jzAv/hV6sMy8IgAxNGStpcc8T6MYnGBVoHEpFAs0ZQmyLUB3wRM+x52c0htmCD1C0vJBEbd738GIxkDk3e/RXTQ0A6K+6Bi2dlCu0Z3/k18on8xlwQjShOhxGyJ5NqyYice0dBOtsoqZnPlHo0mI+QYnp48diqoXDP6tGstxYbvQ+KkYlQtFNTHkCln1+omoyIEeez0oHUOOiO4r5tSHrW0TyE0X8y60gZCKJaHAIWZLyAh5BkUdTvNeqFgoxYeH6QThFqllC7c7KA6RXRkl2dFrbNN3vbA3kMQefdKGEa4VZSQCbKuuUY3k1epVn845fOEv9e1gGdZOCq0Z+2xMwdqfh4tu4tYpMrXfynqkBopfn+lZFRq1YCWUVYqNQ1QgaiSCC1C7GtVKi8Jop5M+x7F0TY/kN3i2160PAjO0ooeedFYVl87t2zz7FigsxI4ZQ1tqQ03ngTzFhNPolTnUf75O71EyXGGOLXoaY9uJPKXoN76oql0Ece2og2+qZY86O0xErsUHdSPURe8ixgeKg984vu1e2KXWBqu8MmdCM85qh70G7pivdUe/JCYKBh3+AFZx/EvatVdR+G++HyDeD9x5T59z+9DS5rm8TgHhL/8xH+k3+/SXz6K+KJ4G4Jlr8wMwEyBD7ypb8H5/oD2fXnWehuCoxUjwsSBB+RShsCUBO2hAIDOL9TbIuRXk3yPfRJ6sGUybPnLwiiwrCM3Cap3lWKfOdCFWwCk1JkY5JzzAxsiUD6DdEcaKriHHMT2PFYJK2fkFO1wbPlJbGdU0Vq4ZwELrs2xr9I/QalbEB2U0zOCpvG14x55MslbQvVY5aHK9IUwASfjQPJ6RTFRwQTbG4Rze+Nj77jB0ltUq34Wp9z925mBAYrxtcUL5ra8+s5CL5AApXrBHE66j/h2WuuAuFkI4bTJpO7K01w2II1NRNHUlkHjBxuh6vPPwSqdf4FNQY/Zi+EsR0jTQuDPG7e4vGUmZkjCx/OOMb6SBIiY4SnNVCKWT/OfpWdehjjnOsD+Wkg3lypmEenc0Ii8GzFT1g+q5LQRuJAJXFu89ia03UVL9SbFdVWJQ21ZOU+aV7+myYXLQ+vKIkerxTwKhGn2XcwPlEMjAs49wKH3iYZxMjdqwB5bVbSZpxJjVSZ7jXZg47Ze5h+G3uNXBZnw5laD0lNAqta9gRjRpFwlWZPTVOBy7Qfu26LYBLHX9U4BuycdhgYH6Z1kP7jHqtaVSpLz5zSdWaVulyWls/m8z6H0f/jit/Id40N7li1U8oQHfdwFkdWXS/gFO6DuCpv1iWeXWpoVglT3AWuhtEN8s80lEWcGUm/jjQ+MXeCaCO+6Tl+StUKT3lbz1xGPEOjIVSpobUjPpUUTPV6XNH07/cUTvT5B2U4G4Lt70fWxj5Yyk1EYMlMaM0zUnzPECnBx8ncTuQpggt6niDUpyAvB7Qp6+w6aiqASQJXjb5jm1YFhVb/8cTyX/hIi/Wqv/ID+nrkuC7Ho3a8z3blZsTub9oh1la09m8zDJaLJD2bwBdWXPiJn3QM8W8Dck+1inxBILUhPlKS+KGcxa41IREGSxT3JErsS1q3QxvkppszNuayelZgw0D6q43JKtRiH0sQZC/DJMfYscOajKVXWx2jp57fwc6v0dGXgnj4JD3kp6yGO5B7GUn/y5iHSX1cb0JcirqQS7FKmc3O/0Zt0NN29lDFtP8vJYbXmqHOpRKT52aC411Qkj1Qd4/09DhpO6RSeKZi+omGOg53CzPCylz6AbKGqRCHd3VxGNo8k5veSlVMgM+XpLmD56JHzL1skKsA5Hdec18HHWNh1HN9Ou6eamR8S7lhjd4YSLDNFQo7o2jWw5+n26fIfrgo4lurnR5MAjd5/sJcoEyyexBQ/D+5X1J8lnA7gPPbCRn4Zs7XjAZdExcYlC49Ht9iytT+ELEr7keMrV4TwQ3xFM5+R1QOICGbSdvRz/y4tB0NNqQUSPkCQbzz4j22gAc3e4rq4NHgOQIP3Rti7j/gGYRCUlLOAugo4tsoKy9Qp5GuwO+nGY0WrtRoSGQoDPRygCT1AR2x2DWDHPMnr7OQv/rdfk2HBuxiZl9MPvstFdwH6biXZ7eBj0eKhoVVAYD54Q0B9IEt9UkY+4xxrMoLC355mQ5GYCjBQd1iLOYeJktDr7UEZfaZkgl7hjBZcQQOnNr02ODIaWd3T45acak6NyBfSYV/AaZUavbXAjE3zkXgwPw4fGIK+urIwk</xenc:CipherValue> + </xenc:CipherData> + </xenc:EncryptedData> + </saml2:EncryptedAssertion> +</saml2p:Response> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml new file mode 100644 index 00000000..855f39bd --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/checks/spotbugs-exclude.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<FindBugsFilter> + <Match> + <!-- allow SHA-1, because transient SubjectNameIDs should have the same pattern as bPKs --> + <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.Pvp2AssertionBuilder"/> + <Method name="buildAssertion" /> + <Bug pattern="WEAK_MESSAGE_DIGEST_SHA1" /> + </Match> + <Match> + <!-- allow logging of SAML2 request parameters --> + <Class name="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AbstractPvp2XProtocol"/> + <Bug pattern="CRLF_INJECTION_LOGS" /> + </Match> +</FindBugsFilter> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml index 5c5bc687..53ffff26 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <artifactId>eaaf_module_pvp2_idp</artifactId> <name>eaaf_module_pvp2_idp</name> @@ -17,7 +17,6 @@ <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_module_pvp2_core</artifactId> - <version>${egiz.eaaf.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> @@ -32,11 +31,6 @@ <!-- Testing --> <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> @@ -64,31 +58,15 @@ <build> <finalName>eaaf_module_pvp2_idp</finalName> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.7.0</version> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - </plugin> - - <!-- enable co-existence of testng and junit --> + <plugins> <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> + <groupId>com.github.spotbugs</groupId> + <artifactId>spotbugs-maven-plugin</artifactId> + <version>${spotbugs-maven-plugin.version}</version> <configuration> - <threadCount>1</threadCount> + <failOnError>true</failOnError> + <excludeFilterFile>checks/spotbugs-exclude.xml</excludeFilterFile> </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> </plugin> </plugins> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java index 1e42ac9c..2e30dcd9 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AbstractPvp2XProtocol.java @@ -44,6 +44,7 @@ import org.opensaml.xmlsec.signature.SignableXMLObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.Assert; import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; @@ -78,6 +79,7 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import lombok.Setter; public abstract class AbstractPvp2XProtocol extends AbstractController implements IModulInfo { private static final Logger log = LoggerFactory.getLogger(AbstractPvp2XProtocol.class); @@ -88,12 +90,16 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement @Autowired(required = true) protected IPvp2BasicConfiguration pvpBasicConfiguration; @Autowired(required = true) - protected IPvp2MetadataProvider metadataProvider; - @Autowired(required = true) protected SamlVerificationEngine samlVerificationEngine; @Autowired(required = false) protected List<IAuthnRequestPostProcessor> authRequestPostProcessors; + /** + * SAML2 metadata provider that should be used in this component. + */ + @Setter + protected IPvp2MetadataProvider metadataProvider; + private IPvp2CredentialProvider pvpIdpCredentials; /** @@ -124,7 +130,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement final StatusCode statusCode = Saml2Utils.createSamlObject(StatusCode.class); final StatusMessage statusMessage = Saml2Utils.createSamlObject(StatusMessage.class); - String moaError = null; + String internalErrorCode = null; if (e instanceof NoPassivAuthenticationException) { statusCode.setValue(StatusCode.NO_PASSIVE); @@ -144,30 +150,37 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement final String statusMessageValue = ex.getStatusMessageValue(); if (statusMessageValue != null) { statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); + } - moaError = statusMessager.mapInternalErrorToExternalError(ex.getErrorId()); + + internalErrorCode = ex.getErrorId(); } else { statusCode.setValue(StatusCode.RESPONDER); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); - moaError = statusMessager.getResponseErrorCode(e); + internalErrorCode = statusMessager.getResponseErrorCode(e); + } - if (StringUtils.isNotEmpty(moaError)) { - final StatusCode moaStatusCode = Saml2Utils.createSamlObject(StatusCode.class); - moaStatusCode.setValue(moaError); - statusCode.setStatusCode(moaStatusCode); + //set external sub-statusCode if one was selected + if (StringUtils.isNotEmpty(internalErrorCode)) { + final StatusCode externalStatusCode = Saml2Utils.createSamlObject(StatusCode.class); + externalStatusCode.setValue( + statusMessager.mapInternalErrorToExternalError(internalErrorCode)); + statusCode.setStatusCode(externalStatusCode); + } - status.setStatusCode(statusCode); + //set status-message if availabe if (statusMessage.getMessage() != null) { status.setStatusMessage(statusMessage); - } - samlResponse.setStatus(status); - final String remoteSessionID = Saml2Utils.getSecureIdentifier(); - samlResponse.setID(remoteSessionID); - + + } + status.setStatusCode(statusCode); + samlResponse.setStatus(status); + samlResponse.setID(Saml2Utils.getSecureIdentifier()); samlResponse.setIssueInstant(Instant.now()); + final Issuer nissuer = Saml2Utils.createSamlObject(Issuer.class); nissuer.setValue(pvpBasicConfiguration.getIdpEntityId(pvpRequest.getAuthUrl())); nissuer.setFormat(NameIDType.ENTITY); @@ -176,13 +189,13 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement IEncoder encoder = null; if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { - encoder = applicationContext.getBean("PVPRedirectBinding", RedirectBinding.class); + encoder = applicationContext.getBean("PvpRedirectBinding", RedirectBinding.class); } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { - encoder = applicationContext.getBean("PVPPOSTBinding", PostBinding.class); + encoder = applicationContext.getBean("PvpPostBinding", PostBinding.class); } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { - encoder = applicationContext.getBean("PVPSOAPBinding", SoapBinding.class); + encoder = applicationContext.getBean("PvpSoapBinding", SoapBinding.class); } if (encoder == null) { @@ -263,7 +276,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement pendingReq.getUniqueTransactionIdentifier()); } - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()}); } catch (final Pvp2Exception e) { final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); @@ -337,7 +350,7 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement pendingReq.getUniqueTransactionIdentifier()); } - throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {e.getMessage()}); } catch (final Pvp2Exception e) { final String samlRequest = req.getParameter(HTTP_PARAM_SAMLREQ); @@ -555,11 +568,9 @@ public abstract class AbstractPvp2XProtocol extends AbstractController implement @PostConstruct private void verifyInitialization() { - if (pvpIdpCredentials == null) { - log.error("No SAML2 credentialProvider injected!"); - throw new RuntimeException("No SAML2 credentialProvider injected!"); + Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!"); + Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!"); - } } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java index 91e92d63..a3c6cb5d 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/idp/impl/AuthenticationAction.java @@ -36,6 +36,7 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.stereotype.Service; +import org.springframework.util.Assert; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IAction; @@ -57,14 +58,13 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import lombok.Setter; @Service("PVPAuthenticationRequestAction") public class AuthenticationAction implements IAction { private static final Logger log = LoggerFactory.getLogger(AuthenticationAction.class); @Autowired(required = true) - private IPvp2MetadataProvider metadataProvider; - @Autowired(required = true) ApplicationContext springContext; @Autowired(required = true) IConfiguration authConfig; @@ -75,6 +75,12 @@ public class AuthenticationAction implements IAction { @Autowired(required = true) IRevisionLogger revisionsLogger; + /** + * SAML2 metadata provider that should be used in this component. + */ + @Setter + protected IPvp2MetadataProvider metadataProvider; + private IPvp2CredentialProvider pvpIdpCredentials; /** @@ -169,11 +175,9 @@ public class AuthenticationAction implements IAction { @PostConstruct private void verifyInitialization() { - if (pvpIdpCredentials == null) { - log.error("No SAML2 credentialProvider injected!"); - throw new RuntimeException("No SAML2 credentialProvider injected!"); + Assert.notNull(metadataProvider, "No SAML2 MetadataProvider injected!"); + Assert.notNull(pvpIdpCredentials, "No SAML2 credentialProvider injected!"); - } } } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java index df5c15f8..cab14a5d 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthenticationActionTest.java @@ -157,10 +157,6 @@ public class AuthenticationActionTest { return null; } - @Override - public String getFormatedDateOfBirth() { - return DateFormatUtils.format(getDateOfBirth(), "yyyy-MM-dd"); - } @Override public String getFamilyName() { @@ -184,13 +180,7 @@ public class AuthenticationActionTest { public String getEidasQaaLevel() { return EaafConstants.EIDAS_LOA_LOW; } - - @Override - public Date getDateOfBirth() { - return new Date(); - - } - + @Override public String getCiticenCountryCode() { // TODO Auto-generated method stub @@ -221,6 +211,19 @@ public class AuthenticationActionTest { public Date getAuthenticationIssueInstant() { return new Date(); } + + @Override + public String getDateOfBirth() { + return RandomStringUtils.randomNumeric(4) + "-" + RandomStringUtils.randomNumeric(2) + "-" + + RandomStringUtils.randomNumeric(2); + + } + + @Override + public String getDateOfBirthFormated(String pattern) { + // TODO Auto-generated method stub + return null; + } }; } diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java index 799002ed..f2df5e8d 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java @@ -61,6 +61,51 @@ public class AuthnResponseBuilderTest { } @Test + public void plainAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException, + XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException { + final String issuerEntityID = RandomStringUtils.randomAlphabetic(15); + + final IPvp2MetadataProvider metadataProvider = + metadataResolverFactory.createMetadataProvider( + "classpath:/data/pvp_metadata_junit_keystore_without_enc.xml", null, "jUnit metadata resolver", null); + + final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); + authnReq.setID("_" + RandomStringUtils.randomAlphanumeric(10)); + + final Assertion assertion = (Assertion) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml")); + + //build response + final Instant now = Instant.now(); + final Response response = AuthResponseBuilder.buildResponse( + metadataProvider, issuerEntityID, authnReq, + now, assertion, authConfig); + + + //validate + Assert.assertNotNull("SAML2 response is null", response); + Assert.assertFalse("Assertion is empty", response.getAssertions().isEmpty()); + Assert.assertEquals("# assertions wrong", 1, response.getAssertions().size()); + + Assert.assertNotNull("Enc. assertion is null", response.getEncryptedAssertions()); + Assert.assertTrue("Enc. assertion is not empty", response.getEncryptedAssertions().isEmpty()); + + Assert.assertEquals("InResponseTo", authnReq.getID(), response.getInResponseTo()); + Assert.assertEquals("Issuer EntityId", issuerEntityID, response.getIssuer().getValue()); + Assert.assertNotNull("ResponseId is null", response.getID()); + Assert.assertFalse("ResponseId is emptry", response.getID().isEmpty()); + + final Element responseElement = XMLObjectSupport.getMarshaller(response).marshall(response); + final String xmlResp = DomUtils.serializeNode(responseElement); + Assert.assertNotNull("XML response is null", xmlResp); + Assert.assertFalse("XML response is empty", xmlResp.isEmpty()); + + } + + @Test public void encryptedAssertion() throws InvalidAssertionEncryptionException, Pvp2MetadataException, XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException { final String issuerEntityID = RandomStringUtils.randomAlphabetic(15); diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml new file mode 100644 index 00000000..fb6e1d94 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/data/pvp_metadata_junit_keystore_without_enc.xml @@ -0,0 +1,104 @@ +<?xml version="1.0" encoding="UTF-8"?> +<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="_2e23ca9b2ba4dc9eef15187830d07ff0" entityID="https://demo.egiz.gv.at/demoportal_demologin/" validUntil="2045-02-05T06:41:42.966Z"> + <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:SignedInfo> + <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> + <ds:Reference URI="#_2e23ca9b2ba4dc9eef15187830d07ff0"> + <ds:Transforms> + <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> + </ds:Transforms> + <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> + <ds:DigestValue>Jy/c0ZvVJSfWzSoAcxDx/o+T5W61vvNJNqTFz2o+ILc=</ds:DigestValue> + </ds:Reference> + </ds:SignedInfo> + <ds:SignatureValue>chMxIdwrPvr78j3oTtgS7udbydy9kye1bbeQ4jm2GeFKUfxvJqY+vt9MjVnWFeR4c16gd80BjZJ6xxD5i5Ifci3YtxeKSxq0ttH/xZYEhJZkD/0NrGUhSvNV9zuLAz3uGk/LJ+2JxRq7dbnW4n9MtGuYhea8OW9/Pr1xI1KyskQS76NZDsGjjfnFWbFXahLoQZULU4Ke3SfZVqLATTn0J34RZnjNH3QieY3LhRzOVu/I5yeZtnLgUS6dg0Gab9DA/pdNFaC632iaE5QCXJmhgpqkjbkayO9e8N93YGFjbszhU1Kws5OUGjXjfCZwezLeOUZoKEfo5c+4+zEaTrEQjg==</ds:SignatureValue> + <ds:KeyInfo> + <ds:X509Data> + <ds:X509Certificate>MIIDKzCCAhMCBFrxKO4wDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVH +SVoxGDAWBgNVBAsMD2RlbW8uZWdpei5ndi5hdDEiMCAGA1UEAwwZTU9BLUlEIElEUCAoVGVzdC1W +ZXJzaW9uKTAeFw0xODA1MDgwNDM0NTRaFw0yMTAxMzEwNDM0NTRaMFoxCzAJBgNVBAYTAkFUMQ0w +CwYDVQQKDARFR0laMRgwFgYDVQQLDA9kZW1vLmVnaXouZ3YuYXQxIjAgBgNVBAMMGU1PQS1JRCBJ +RFAgKFRlc3QtVmVyc2lvbikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFnqoaYoq +UptenemC6FiVDg5F2hEjpjix8+ow6/6QhUl2cPOS0uwZHaIvwT/RVbJ9CPdil6+11qaCPfZ+FoY+ +M+ke7TRd2RS1DqFbe1KC0imEnwemyLQrYe5Pm7DNcaY/kHTTq+k0eeGbYH0U/Iopyi0VuN5OWl4F +Vg45pf7knhXkaimItdjnCXnKcYM91mmltCf6TDgUrz7US7PmgvinnhfBgdITAT4GRr4ehliT+/jt +1OzHEyWRHanBGIpXNeZNqxgnpnGtaDh4JZuYR8qfH+GRK6dtW2ziej6rGIiUElGVCkXsohgxMNzq +nWeD9JT8+yyp1XZlyQf+IxhhESQLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIFejAFQepaEl/kC +VLvidMR+MXq5LCGHthUiI6eDTQZ+H7lZdHlj547XwEdX15b6Md3h7eSJ4hwlfV4go/0FaoLPzvVq +itwtYY5htywB3B6ZV34Eyi6C59Gl34XrV8CWxH4KKwLsVAjAy+/p/Xh0q2pzSBkeOChzBMBkjmyc +2Ue4MEKdL9guzp6+Yc/HL/phHAKYapkVyFwvsdqWOgyRzxAHINko8ExImMMB3xB5a52kfqLcui5O +fzEhjwLFJaGBMmFCmFGGOUwtIvl/6ZQ2LLzOE9+giVK9WsIgH11Pu+ejPFAbXf8cf4oWhbAfTkiy +4jpXrp77JXFRSDWddb0yePc=</ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </ds:Signature> + <md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + <md:KeyDescriptor use="signing"> + <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> + <ds:X509Data> + <ds:X509Certificate>MIIC+jCCAeKgAwIBAgIEXjF+fTANBgkqhkiG9w0BAQsFADA/MQswCQYDVQQGEwJB +VDENMAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxETAPBgNVBAMMCE1ldGFk +YXRhMB4XDTIwMDEyOTEyNDU0OVoXDTI2MDEyODEyNDU0OVowPzELMAkGA1UEBhMC +QVQxDTALBgNVBAcMBEVHSVoxDjAMBgNVBAoMBWpVbml0MREwDwYDVQQDDAhNZXRh +ZGF0YTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK230G3dxNbNlSYA +O5Kx/Js0aBAgxMt7q9m+dA35fK/dOvF/GjrqjWsMCnax+no9gLnq6x0gXiJclz6H +rp/YDOfLrJjMpNL/r0FWT947vbnEj7eT8TdY5d6Yi8AZulZmjiCI5nbZh2zwrP4+ +WqRroLoPhXQj8mDyp26M4xHBBUhLMRc2HV4S+XH4uNZ/vTmb8vBg31XGHCY33gl7 +/KA54JNGxJdN8Dxv6yHYsm91ZfVrX39W0iYLUNhUCkolwuQmjDVfrExM8BTLIONb +f+erJoCm3A9ghZyDYRQ/e69/UEUqDa6XOzykr88INkQscEiAXCDS+EBPMpKo+t3l +PIA9r7kCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh/2mg4S03bdZy1OVtEAudBT9 +YZb9OF34hxPtNbkB/V04wSIg1d4TBr5KDhV7CdiUOxPZzHpS8LUCgfGX306FB6NX +zh/b67uTOPaE72AB4VIT/Np0fsM7k5WhG9k9NoprIGiqCz2lXcfpZiT+LtSO1vWS +YI87wR9KOSWjcw/5i5qZIAJuwvLCQj5JtUsmrhHK75222J3TJf4dS/gfN4xfY2rW +9vcXtH6//8WdWp/zx9V7Z1ZsDb8TDKtBCEGuFDgVeU5ScKtVq8qRoUKD3Ve76cZi +purO3KrRrVAuZP2EfLkZdHEHqe8GPigNnZ5kTn8V2VJ3iRAQ73hpJRR98tFd0A==</ds:X509Certificate> + </ds:X509Data> + <ds:X509Data> + <ds:X509Certificate>MIIBbTCCARKgAwIBAgIEXjF+qTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +HhcNMjAwMTI5MTI0NjMzWhcNMjcwMTI4MTI0NjMzWjA+MQswCQYDVQQGEwJBVDEN +MAsGA1UEBwwERUdJWjEOMAwGA1UECgwFalVuaXQxEDAOBgNVBAMMB3NpZ25pbmcw +WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASRt7gZRrr4rSEE7Q922oKQJF+mlkwC +LZnv8ZzHtH54s4VdyQFIBjQF1PPf9PTn+5tid8QJehZPndcoeD7J8fPJMAoGCCqG +SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh +ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L + </ds:X509Certificate> + </ds:X509Data> + </ds:KeyInfo> + </md:KeyDescriptor> + <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/post" index="0" isDefault="true"/> + <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/redirect" index="1"/> + <md:AttributeConsumingService index="0" isDefault="true"> + <md:ServiceName xml:lang="en">Default Service</md:ServiceName> + <md:RequestedAttribute FriendlyName="BPK" Name="urn:oid:1.2.40.0.10.2.1.1.149" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="PRINCIPAL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="BIRTHDATE" Name="urn:oid:1.2.40.0.10.2.1.1.55" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="PVP-VERSION" Name="urn:oid:1.2.40.0.10.2.1.1.261.10" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="EID-ISSUING-NATION" Name="urn:oid:1.2.40.0.10.2.1.1.261.32" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.76" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-FULL-NAME" Name="urn:oid:1.2.40.0.10.2.1.1.261.84" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="MANDATE-TYPE" Name="urn:oid:1.2.40.0.10.2.1.1.261.68" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="MANDATOR-LEGAL-PERSON-SOURCE-PIN" Name="urn:oid:1.2.40.0.10.2.1.1.261.100" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="GIVEN-NAME" Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + <md:RequestedAttribute FriendlyName="MANDATE-TYPE-OID" Name="urn:oid:1.2.40.0.10.2.1.1.261.106" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="EID-IDENTITY-LINK" Name="urn:oid:1.2.40.0.10.2.1.1.261.38" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="false"/> + <md:RequestedAttribute FriendlyName="EID-CITIZEN-QAA-EIDAS-LEVEL" Name="urn:oid:1.2.40.0.10.2.1.1.261.108" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true"/> + </md:AttributeConsumingService> + </md:SPSSODescriptor> + <md:Organization> + <md:OrganizationName xml:lang="de">EGIZ</md:OrganizationName> + <md:OrganizationDisplayName xml:lang="de">E-Government Innovationszentrum</md:OrganizationDisplayName> + <md:OrganizationURL xml:lang="de">http://www.egiz.gv.at</md:OrganizationURL> + </md:Organization> + <md:ContactPerson contactType="technical"> + <md:Company>E-Government Innovationszentrum</md:Company> + <md:GivenName>Lenz</md:GivenName> + <md:SurName>Thomas</md:SurName> + <md:EmailAddress>thomas.lenz@egiz.gv.at</md:EmailAddress> + <md:TelephoneNumber>+43 316 873 5525</md:TelephoneNumber> + </md:ContactPerson> +</md:EntityDescriptor> diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml index 2bddd629..760f290e 100644 --- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml +++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/resources/spring/test_eaaf_pvp.beans.xml @@ -38,6 +38,7 @@ <bean id="PVPAuthenticationRequestAction" class="at.gv.egiz.eaaf.modules.pvp2.idp.impl.AuthenticationAction"> <property name="pvpIdpCredentials" ref="dummyCredentialProvider" /> + <property name="metadataProvider" ref="dummyChainingMetadataResolver" /> </bean> <bean id="pvpMetadataService" diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index d1ac206f..01c7fba0 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -5,7 +5,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <artifactId>eaaf_module_pvp2_sp</artifactId> <name>eaaf_module_pvp2_sp</name> @@ -17,7 +17,6 @@ <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_module_pvp2_core</artifactId> - <version>${egiz.eaaf.version}</version> <exclusions> <exclusion> <groupId>org.slf4j</groupId> @@ -38,11 +37,6 @@ <!-- Only for testing --> <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <scope>test</scope> @@ -58,34 +52,6 @@ <build> <finalName>eaaf_module_pvp2_sp</finalName> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-compiler-plugin</artifactId> - <version>3.7.0</version> - <configuration> - <source>1.8</source> - <target>1.8</target> - </configuration> - </plugin> - - <!-- enable co-existence of testng and junit --> - <plugin> - <artifactId>maven-surefire-plugin</artifactId> - <version>${surefire.version}</version> - <configuration> - <threadCount>1</threadCount> - </configuration> - <dependencies> - <dependency> - <groupId>org.apache.maven.surefire</groupId> - <artifactId>surefire-junit47</artifactId> - <version>${surefire.version}</version> - </dependency> - </dependencies> - </plugin> - - </plugins> </build> </project> diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java index eb808f04..c48a0fd4 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java @@ -62,7 +62,6 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; import net.shibboleth.utilities.java.support.security.impl.SecureRandomIdentifierGenerationStrategy; - /** * PVP2 S-Profil Authentication-Request builder-implementation. * @@ -75,6 +74,8 @@ public class PvpAuthnRequestBuilder { @Autowired(required = true) ApplicationContext springContext; + + /** * Build a PVP2.x specific authentication request * @@ -89,6 +90,25 @@ public class PvpAuthnRequestBuilder { public void buildAuthnRequest(final IRequest pendingReq, final IPvpAuthnRequestBuilderConfiguruation config, final HttpServletResponse httpResp) throws NoSuchAlgorithmException, MessageEncodingException, Pvp2Exception, SecurityException { + buildAuthnRequest(pendingReq, config, pendingReq.getPendingRequestId(), httpResp); + + } + + /** + * Build a PVP2.x specific authentication request + * + * @param pendingReq Currently processed pendingRequest + * @param config AuthnRequest builder configuration, never null + * @param relayState RelayState that should used for communication + * @param httpResp http response object + * @throws NoSuchAlgorithmException In case of error + * @throws SecurityException In case of error + * @throws Pvp2Exception In case of error + * @throws MessageEncodingException In case of error + */ + public void buildAuthnRequest(final IRequest pendingReq, + final IPvpAuthnRequestBuilderConfiguruation config, String relayState, final HttpServletResponse httpResp) + throws NoSuchAlgorithmException, MessageEncodingException, Pvp2Exception, SecurityException { // get IDP Entity element from config final EntityDescriptor idpEntity = config.getIdpEntityDescriptor(); @@ -259,7 +279,7 @@ public class PvpAuthnRequestBuilder { // encode message binding.encodeRequest(null, httpResp, authReq, endpoint.getLocation(), - pendingReq.getPendingRequestId(), config.getAuthnRequestSigningCredential(), pendingReq); + relayState, config.getAuthnRequestSigningCredential(), pendingReq); } } diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java index 21541700..d59012a5 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/utils/AssertionAttributeExtractor.java @@ -53,7 +53,6 @@ public class AssertionAttributeExtractor { private final Map<String, List<String>> attributs = new HashMap<>(); // private PersonalAttributeList storkAttributes = new PersonalAttributeList(); - @Deprecated private final List<String> minimalMdsAttributeNamesList = Arrays.asList(PvpConstants.PRINCIPAL_NAME_NAME, PvpConstants.GIVEN_NAME_NAME, PvpConstants.BIRTHDATE_NAME, PvpConstants.BPK_NAME); diff --git a/eaaf_modules/pom.xml b/eaaf_modules/pom.xml index df31140b..8bc6ef23 100644 --- a/eaaf_modules/pom.xml +++ b/eaaf_modules/pom.xml @@ -4,7 +4,7 @@ <parent> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> </parent> <groupId>at.gv.egiz.eaaf</groupId> diff --git a/lombok.config b/lombok.config new file mode 100644 index 00000000..7a21e880 --- /dev/null +++ b/lombok.config @@ -0,0 +1 @@ +lombok.addLombokGeneratedAnnotation = true @@ -6,7 +6,7 @@ <modelVersion>4.0.0</modelVersion> <groupId>at.gv.egiz</groupId> <artifactId>eaaf</artifactId> - <version>1.1.3-SNAPSHOT</version> + <version>1.2.1-SNAPSHOT</version> <packaging>pom</packaging> <name>EGIZ EAAF components</name> @@ -23,71 +23,93 @@ <at.gv.egiz.components.eventlog-api.version>0.4</at.gv.egiz.components.eventlog-api.version> <at.gv.egiz.components.egiz-spring-api>0.3.1</at.gv.egiz.components.egiz-spring-api> - <MOA.spss.server.moa-sig-lib.version>3.1.2</MOA.spss.server.moa-sig-lib.version> - <MOA.spss.tsl_lib.version>2.0.2</MOA.spss.tsl_lib.version> + <MOA.spss.server.moa-sig-lib.version>3.1.5-SNAPSHOT</MOA.spss.server.moa-sig-lib.version> + <MOA.spss.tsl_lib.version>2.0.4.1</MOA.spss.tsl_lib.version> <!-- IAIK libs --> - <iaik.prod.iaik_cms.version>5.1</iaik.prod.iaik_cms.version> - <iaik.prod.iaik_cpades.version>2.5.1_moa</iaik.prod.iaik_cpades.version> + <iaik.prod.iaik_cms.version>5.1.1</iaik.prod.iaik_cms.version> + <iaik.prod.iaik_cpades.version>2.4_moa</iaik.prod.iaik_cpades.version> <iaik.prod.iaik_cpxlevel.version>0.9_moa</iaik.prod.iaik_cpxlevel.version> - <iaik.prod.iaik_eccelerate.version>5.01</iaik.prod.iaik_eccelerate.version> - <iaik.prod.iaik_eccelerate_addon.version>5.01</iaik.prod.iaik_eccelerate_addon.version> - <iaik.prod.iaik_eccelerate_cms.version>5.01</iaik.prod.iaik_eccelerate_cms.version> - <iaik.prod.iaik_jce_full.version>5.52_moa</iaik.prod.iaik_jce_full.version> + <iaik.prod.iaik_eccelerate.version>6.02</iaik.prod.iaik_eccelerate.version> + <iaik.prod.iaik_eccelerate_addon.version>6.02</iaik.prod.iaik_eccelerate_addon.version> + <iaik.prod.iaik_eccelerate_cms.version>6.02</iaik.prod.iaik_eccelerate_cms.version> + <iaik.prod.iaik_jce_full.version>5.62_moa</iaik.prod.iaik_jce_full.version> <iaik.prod.iaik_jsse.version>4.4</iaik.prod.iaik_jsse.version> - <iaik.prod.iaik_moa.version>2.06</iaik.prod.iaik_moa.version> - <iaik.prod.iaik_pki_module.version>2.01_moa</iaik.prod.iaik_pki_module.version> + <iaik.prod.iaik_moa.version>2.07</iaik.prod.iaik_moa.version> + <iaik.prod.iaik_pki_module.version>2.02_moa</iaik.prod.iaik_pki_module.version> <iaik.prod.iaik_sva.version>1.0.3_moa</iaik.prod.iaik_sva.version> <iaik.prod.iaik_tsp.version>2.32_eval</iaik.prod.iaik_tsp.version> <iaik.prod.iaik_util.version>0.23</iaik.prod.iaik_util.version> <iaik.prod.iaik_xades.version>2.13_moa</iaik.prod.iaik_xades.version> - <iaik.prod.iaik_xsect.version>2.13_moa</iaik.prod.iaik_xsect.version> + <iaik.prod.iaik_xsect.version>2.14_moa</iaik.prod.iaik_xsect.version> - <hsm-facade-provider.version>0.4.0-SNAPSHOT</hsm-facade-provider.version> - <io.grpc-core.version>1.25.0</io.grpc-core.version> + <hsm-facade-provider.version>0.8.0</hsm-facade-provider.version> + <io.grpc-core.version>1.41.0</io.grpc-core.version> <!-- Other third-party libs --> - <org.springframework.version>5.1.5.RELEASE</org.springframework.version> - <org.opensaml.version>4.0.0</org.opensaml.version> - <org.apache.santuario.xmlsec.version>2.1.4</org.apache.santuario.xmlsec.version> - <org.bouncycastle.bcprov-jdk15on.version>1.64</org.bouncycastle.bcprov-jdk15on.version> - - <org.slf4j.version>1.7.25</org.slf4j.version> - <commons-codec.version>1.11</commons-codec.version> - <org.apache.commons-lang3.version>3.8.1</org.apache.commons-lang3.version> - <org.apache.commons-text.version>1.6</org.apache.commons-text.version> - <org.apache.commons-collections4>4.2</org.apache.commons-collections4> - <commons-fileupload.version>1.3.3</commons-fileupload.version> + <spring-boot-starter-web.version>2.6.2</spring-boot-starter-web.version> + <org.springframework.version>5.3.14</org.springframework.version> + <org.opensaml.version>4.0.1</org.opensaml.version> + <org.apache.santuario.xmlsec.version>2.3.0</org.apache.santuario.xmlsec.version> + <org.cryptacular.version>1.2.4</org.cryptacular.version> + <org.bouncycastle.bcprov-jdk15to18.version>1.70</org.bouncycastle.bcprov-jdk15to18.version> + <org.bouncycastle.bctls-jdk15to18.version>1.70</org.bouncycastle.bctls-jdk15to18.version> + + <org.slf4j.version>1.7.32</org.slf4j.version> + <log4j.version>2.17.1</log4j.version> + <ch.qos.logback-access.version>1.2.10</ch.qos.logback-access.version> + + <commons-codec.version>1.15</commons-codec.version> + <org.apache.commons-lang3.version>3.12.0</org.apache.commons-lang3.version> + <org.apache.commons-text.version>1.9</org.apache.commons-text.version> + <org.apache.commons-collections>3.2.2</org.apache.commons-collections> + <org.apache.commons-collections4>4.4</org.apache.commons-collections4> + <commons-io.version>2.11.0</commons-io.version> + <commons-fileupload.version>1.4</commons-fileupload.version> + <javax.servlet-api>3.0.1</javax.servlet-api> + <org.apache.velocity.version>1.7</org.apache.velocity.version> <javax.annotation-api>1.3.2</javax.annotation-api> - <joda-time.version>2.10.1</joda-time.version> + <joda-time.version>2.10.13</joda-time.version> <jsr305.version>3.0.2</jsr305.version> - <com.google.guava.version>28.1-jre</com.google.guava.version> + <com.google.guava.version>31.0.1-jre</com.google.guava.version> + <org.owasp.encoder.version>1.2.3</org.owasp.encoder.version> - <httpclient.version>4.5.7</httpclient.version> - <httpcore.version>4.4.11</httpcore.version> + <httpclient.version>4.5.13</httpclient.version> + <httpcore.version>4.4.15</httpcore.version> - <com.fasterxml.jackson.core.version>2.9.8</com.fasterxml.jackson.core.version> - <org.bitbucket.b_c.jose4j.version>0.6.5</org.bitbucket.b_c.jose4j.version> + <com.fasterxml.jackson.core.version>2.13.1</com.fasterxml.jackson.core.version> + <org.bitbucket.b_c.jose4j.version>0.7.9</org.bitbucket.b_c.jose4j.version> <jaxen.jaxen.version>1.1.6</jaxen.jaxen.version> - <xerces.version>2.11.0</xerces.version> + <xerces.version>2.12.1</xerces.version> <xalan.version>2.7.1</xalan.version> <!-- jUnit testing --> - <surefire.version>2.22.1</surefire.version> - <junit.version>4.12</junit.version> - <com.squareup.okhttp3.version>4.4.1</com.squareup.okhttp3.version> + <surefire.version>2.22.2</surefire.version> + <junit-jupiter-api.version>5.8.2</junit-jupiter-api.version> + <com.squareup.okhttp3.version>4.9.3</com.squareup.okhttp3.version> + <org.powermock.version>2.0.9</org.powermock.version> <!-- Code helper plug-ins --> - <org.projectlombok.lombok.version>1.18.10</org.projectlombok.lombok.version> + <org.projectlombok.lombok.version>1.18.16</org.projectlombok.lombok.version> <!-- Code quality checks --> - <jacoco-maven-plugin.version>0.8.5</jacoco-maven-plugin.version> - <maven-checkstyle-plugin.version>3.1.0</maven-checkstyle-plugin.version> - <maven-pmd-plugin.version>3.12.0</maven-pmd-plugin.version> - <spotbugs-maven-plugin.version>3.1.12.2</spotbugs-maven-plugin.version> + <jacoco-maven-plugin.version>0.8.6</jacoco-maven-plugin.version> + <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version> + <maven-pmd-plugin.version>3.14.0</maven-pmd-plugin.version> + <spotbugs-maven-plugin.version>4.2.0</spotbugs-maven-plugin.version> + <findsecbugs-plugin.version>1.11.0</findsecbugs-plugin.version> + <dependency-check-maven.version>6.0.3</dependency-check-maven.version> + + <!-- Compile and deploy plugins --> + <versions-maven-plugin.version>2.8.1</versions-maven-plugin.version> + <maven-compiler-plugin.version>3.8.1</maven-compiler-plugin.version> + <maven-jar-plugin.version>3.2.0</maven-jar-plugin.version> + <maven-source-plugin.version>3.2.1</maven-source-plugin.version> + <maven-deploy-plugin.version>2.8.2</maven-deploy-plugin.version> + <wagon-ssh.version>3.4.3</wagon-ssh.version> <license.outputDirectory>${project.build.directory}/thirdparty_licenses</license.outputDirectory> <pmw_rules_location>https://apps.egiz.gv.at/checkstyle/egiz_pmd_checks.xml</pmw_rules_location> @@ -96,18 +118,16 @@ <repositories> <repository> - <id>asit-snapshot</id> - <url>https://dev.a-sit.at/repositories/snapshot</url> - <releases> - <enabled>false</enabled> - </releases> - <snapshots> - <enabled>true</enabled> - </snapshots> + <id>gitlab</id> + <url>https://gitlab.iaik.tugraz.at/api/v4/groups/119/-/packages/maven</url> + </repository> + <repository> + <id>gitlab-localbuild</id> + <url>https://gitlab.iaik.tugraz.at/api/v4/groups/119/-/packages/maven</url> </repository> <repository> - <id>asit-release</id> - <url>https://dev.a-sit.at/repositories/release</url> + <id>egiz-commons</id> + <url>https://apps.egiz.gv.at/maven/</url> <releases> <enabled>true</enabled> </releases> @@ -116,16 +136,20 @@ </snapshots> </repository> <repository> - <id>egiz-commons</id> - <url>https://apps.egiz.gv.at/maven/</url> + <id>egiz-commons-snapshot</id> + <url>https://apps.egiz.gv.at/maven-snapshot/</url> <releases> - <enabled>true</enabled> + <enabled>false</enabled> </releases> + <snapshots> + <enabled>true</enabled> + </snapshots> </repository> + <repository> <id>shibboleth.internet2.edu</id> <name>Internet2</name> - <url>https://apps.egiz.gv.at/shibboleth_nexus/</url> + <url>https://build.shibboleth.net/nexus/content/groups/public/</url> </repository> </repositories> @@ -140,6 +164,19 @@ </activation> </profile> <profile> + <id>gitlabDeploy</id> + <distributionManagement> + <repository> + <id>gitlab</id> + <url>https://gitlab.iaik.tugraz.at/api/v4/projects/507/packages/maven</url> + </repository> + <snapshotRepository> + <id>gitlab</id> + <url>https://gitlab.iaik.tugraz.at/api/v4/projects/507/packages/maven</url> + </snapshotRepository> + </distributionManagement> + </profile> + <profile> <id>jenkinsDeploy</id> <distributionManagement> <repository> @@ -156,7 +193,7 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-deploy-plugin</artifactId> - <version>2.8.2</version> + <version>${maven-deploy-plugin.version}</version> <configuration> <deployAtEnd>true</deployAtEnd> </configuration> @@ -173,6 +210,25 @@ </plugins> </build> </profile> + <profile> + <id>owasp-dependency-check</id> + <build> + <plugins> + <plugin> + <groupId>org.owasp</groupId> + <artifactId>dependency-check-maven</artifactId> + <version>${dependency-check-maven.version}</version> + <executions> + <execution> + <goals> + <goal>check</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + </profile> </profiles> <modules> @@ -180,6 +236,8 @@ <module>eaaf_core_utils</module> <module>eaaf_core</module> <module>eaaf_modules</module> + <module>build_reporting</module> + <module>eaaf-springboot-utils</module> </modules> <dependencyManagement> @@ -193,8 +251,45 @@ <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_utils</artifactId> <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-core</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_auth_sl20</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_moa-sig</artifactId> + <version>${egiz.eaaf.version}</version> </dependency> <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_core</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_idp</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf_module_pvp2_sp</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + <dependency> + <groupId>at.gv.egiz.eaaf</groupId> + <artifactId>eaaf-springboot-utils</artifactId> + <version>${egiz.eaaf.version}</version> + </dependency> + + + <dependency> <groupId>at.gv.egiz.components</groupId> <artifactId>eventlog-api</artifactId> <version>${at.gv.egiz.components.eventlog-api.version}</version> @@ -207,7 +302,7 @@ <dependency> - <groupId>MOA.spss.server</groupId> + <groupId>moaSig</groupId> <artifactId>moa-sig-lib</artifactId> <version>${MOA.spss.server.moa-sig-lib.version}</version> <exclusions> @@ -222,13 +317,13 @@ </exclusions> </dependency> <dependency> - <groupId>MOA.spss</groupId> + <groupId>moaSig</groupId> <artifactId>common</artifactId> <version>${MOA.spss.server.moa-sig-lib.version}</version> </dependency> <dependency> - <groupId>MOA.spss</groupId> - <artifactId>tsl_lib</artifactId> + <groupId>at.gv.egovernment.moa.sig</groupId> + <artifactId>tsl-lib</artifactId> <version>${MOA.spss.tsl_lib.version}</version> </dependency> @@ -333,11 +428,36 @@ <version>${javax.annotation-api}</version> </dependency> <dependency> + <groupId>commons-collections</groupId> + <artifactId>commons-collections</artifactId> + <version>${org.apache.commons-collections}</version> + </dependency> + <dependency> <groupId>org.apache.commons</groupId> <artifactId>commons-collections4</artifactId> <version>${org.apache.commons-collections4}</version> </dependency> <dependency> + <groupId>commons-io</groupId> + <artifactId>commons-io</artifactId> + <version>${commons-io.version}</version> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-web</artifactId> + <version>${spring-boot-starter-web.version}</version> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-configuration-processor</artifactId> + <version>${spring-boot-starter-web.version}</version> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-actuator</artifactId> + <version>${spring-boot-starter-web.version}</version> + </dependency> + <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${org.springframework.version}</version> @@ -353,6 +473,16 @@ <version>${org.slf4j.version}</version> </dependency> <dependency> + <groupId>org.apache.logging.log4j</groupId> + <artifactId>log4j-to-slf4j</artifactId> + <version>${log4j.version}</version> + </dependency> + <dependency> + <groupId>ch.qos.logback</groupId> + <artifactId>logback-access</artifactId> + <version>${ch.qos.logback-access.version}</version> + </dependency> + <dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>${commons-codec.version}</version> @@ -398,9 +528,21 @@ <version>${org.apache.santuario.xmlsec.version}</version> </dependency> <dependency> + <!-- Set newer version, because 1.1.3 from openSAML dependency has + an CVE-2020-7226 --> + <groupId>org.cryptacular</groupId> + <artifactId>cryptacular</artifactId> + <version>${org.cryptacular.version}</version> + </dependency> + <dependency> <groupId>org.bouncycastle</groupId> - <artifactId>bcprov-jdk15on</artifactId> - <version>${org.bouncycastle.bcprov-jdk15on.version}</version> + <artifactId>bcprov-jdk15to18</artifactId> + <version>${org.bouncycastle.bcprov-jdk15to18.version}</version> + </dependency> + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bctls-jdk15to18</artifactId> + <version>${org.bouncycastle.bctls-jdk15to18.version}</version> </dependency> <dependency> @@ -442,6 +584,12 @@ </dependency> <dependency> + <groupId>org.owasp.encoder</groupId> + <artifactId>encoder</artifactId> + <version>${org.owasp.encoder.version}</version> + </dependency> + + <dependency> <groupId>joda-time</groupId> <artifactId>joda-time</artifactId> <version>${joda-time.version}</version> @@ -466,12 +614,6 @@ <!-- Testing --> <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <version>${junit.version}</version> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${org.springframework.version}</version> @@ -488,7 +630,7 @@ <artifactId>okhttp-tls</artifactId> <version>${com.squareup.okhttp3.version}</version> <scope>test</scope> - </dependency> + </dependency> <dependency> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_core_utils</artifactId> @@ -510,10 +652,34 @@ <scope>test</scope> <type>test-jar</type> </dependency> + <dependency> + <groupId>org.powermock</groupId> + <artifactId>powermock-module-junit4</artifactId> + <version>${org.powermock.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.powermock</groupId> + <artifactId>powermock-api-mockito2</artifactId> + <version>${org.powermock.version}</version> + <scope>test</scope> + </dependency> </dependencies> </dependencyManagement> <dependencies> <dependency> + <groupId>org.junit.vintage</groupId> + <artifactId>junit-vintage-engine</artifactId> + <version>${junit-jupiter-api.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.junit.jupiter</groupId> + <artifactId>junit-jupiter-migrationsupport</artifactId> + <version>${junit-jupiter-api.version}</version> + <scope>test</scope> + </dependency> + <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>${org.projectlombok.lombok.version}</version> @@ -526,15 +692,59 @@ <extension> <groupId>org.apache.maven.wagon</groupId> <artifactId>wagon-ssh</artifactId> - <version>3.3.3</version> + <version>${wagon-ssh.version}</version> </extension> </extensions> - + <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>versions-maven-plugin</artifactId> - <version>2.7</version> + <version>${versions-maven-plugin.version}</version> + </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>${maven-compiler-plugin.version}</version> + <configuration> + <source>1.8</source> + <target>1.8</target> + </configuration> + <executions> + <execution> + <goals> + <goal>compile</goal> + <goal>testCompile</goal> + </goals> + </execution> + </executions> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-jar-plugin</artifactId> + <version>${maven-jar-plugin.version}</version> + <executions> + <execution> + <goals> + <goal>test-jar</goal> + </goals> + </execution> + </executions> + </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-source-plugin</artifactId> + <version>${maven-source-plugin.version}</version> + <executions> + <execution> + <id>attach-sources</id> + <goals> + <goal>jar-no-fork</goal> + </goals> + </execution> + </executions> </plugin> <plugin> @@ -542,6 +752,8 @@ <version>${surefire.version}</version> <configuration> <threadCount>1</threadCount> + <!-- Sets the VM argument line used when unit tests are run. --> + <argLine>${surefireArgLine}</argLine> </configuration> <dependencies> <dependency> @@ -594,6 +806,9 @@ <goals> <goal>prepare-agent</goal> </goals> + <configuration> + <propertyName>surefireArgLine</propertyName> + </configuration> </execution> <execution> <id>post-unit-report</id> @@ -604,7 +819,7 @@ <configuration> <outputDirectory>target/jacoco-report</outputDirectory> </configuration> - </execution> + </execution> <execution> <id>post-unit-check</id> <phase>test</phase> @@ -631,7 +846,7 @@ </rule> </rules> </configuration> - </execution> + </execution> </executions> </plugin> @@ -677,6 +892,13 @@ </executions> <configuration> <failOnError>true</failOnError> + <plugins> + <plugin> + <groupId>com.h3xstream.findsecbugs</groupId> + <artifactId>findsecbugs-plugin</artifactId> + <version>${findsecbugs-plugin.version}</version> + </plugin> + </plugins> </configuration> </plugin> @@ -685,18 +907,20 @@ </build> <reporting> - <plugins> + <plugins> <plugin> <groupId>org.jacoco</groupId> - <artifactId>jacoco-maven-plugin</artifactId> - <reportSets> - <reportSet> - <reports> - <report>report</report> - </reports> - </reportSet> - </reportSets> + <artifactId>jacoco-maven-plugin</artifactId> + <configuration> + <title>Maven Multimodule Coverage Demo: Coverage of Unit Tests</title> + <outputDirectory>${project.reporting.outputDirectory}/jacoco-aggregate-ut</outputDirectory> + <dataFileExcludes> + <!-- exclude coverage data of integration tests --> + <dataFileExclude>**/target/jacoco-it.exec</dataFileExclude> + </dataFileExcludes> + </configuration> </plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-pmd-plugin</artifactId> @@ -705,4 +929,4 @@ </plugins> </reporting> -</project>
\ No newline at end of file +</project> |