MOA-ID version 1.1 (initial)

git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d

2 files changed, 159 insertions, 0 deletions

diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml
new file mode 100644
index 000000000..5aade8185
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+	<AuthComponent>
+		<SecurityLayer>
+			<TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/>
+		</SecurityLayer>
+		<MOA-SP>
+			<ConnectionParameter URL="http://localhost:8080/moa-spss/services/">
+				<AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates>
+				<ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore>
+			</ConnectionParameter>
+			<VerifyIdentityLink>
+				<TrustProfileID>TrustProfile1</TrustProfileID>
+			</VerifyIdentityLink>
+			<VerifyAuthBlock>
+				<TrustProfileID>TrustProfile1</TrustProfileID>
+				<VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID>
+				<VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID>
+			</VerifyAuthBlock>
+		</MOA-SP>
+		<IdentityLinkSigners>
+			<X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName>
+			<X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName>
+			<!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>-->
+			<X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName>
+		</IdentityLinkSigners>
+	</AuthComponent>
+	<ProxyComponent>
+		<AuthComponent>
+			<ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData">
+		<!--	<AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates>
+				<ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> -->
+			</ConnectionParameter> 
+		</AuthComponent>
+	</ProxyComponent>
+	<OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/">
+		<AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/>
+		<ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10">
+			<ConnectionParameter URL="ProxyComponentURL">
+				<AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates>
+				<ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<OnlineApplication publicURLPrefix="https://localhost:9443/">
+		<AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/>
+		<ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20">
+			<ConnectionParameter URL="ProxyComponentURL2">
+				<AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates>
+				<ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore>
+			</ConnectionParameter>
+		</ProxyComponent>
+	</OnlineApplication>
+	<ChainingModes systemDefaultMode="pkix">
+		<TrustAnchor mode="chaining">
+			<dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+			<dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+		</TrustAnchor>
+	</ChainingModes>
+	<GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/>
+	<GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/>
+	<GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+	<GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+</MOA-IDConfiguration>
diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml
new file mode 100644
index 000000000..ec8cefe99
--- /dev/null
+++ b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml
@@ -0,0 +1,94 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-05-20T10:30:56+02:00" Issuer="Monika Bürger" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
+	<saml:AttributeStatement>
+		<saml:Subject>
+			<saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier>
+		</saml:Subject>
+		<saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+			<saml:AttributeValue>gb</saml:AttributeValue>
+		</saml:Attribute>
+		<saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#">
+			<saml:AttributeValue>http://localhost:8080/moa-id-proxy/</saml:AttributeValue>
+		</saml:Attribute>
+	</saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+				<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+					<html>
+						<body>
+Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:
+<br/>
+							<table border="1">
+								<tr>
+									<td>
+										<b>Name:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//@Issuer"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Zeit:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//@IssueInstant"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Applikation:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:Attribute[@AttributeName=&apos;OA&apos;]/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Geschäftsbereich:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:Attribute[@AttributeName=&apos;Geschäftsbereich&apos;]/saml:AttributeValue"/>
+									</td>
+								</tr>
+								<tr>
+									<td>
+										<b>Anmeldeserver:</b>
+									</td>
+									<td>
+										<xsl:value-of select="//saml:NameIdentifier"/>
+									</td>
+								</tr>
+							</table>
+						</body>
+					</html>
+				</xsl:template>
+			</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Vmmkctd+R7lkSKftZO1UnenfWi0=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>vfTksPSWSacTaSWnvybsm8iV80o=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>wIqspNC5KqReKNMNO7PIemxSKwGId1HIp5r6FFtuj099C304xR5fZoCoC2Zyk6di
+bnoh+rRk9oZFeGoWvhb/JADGgtia7VUO4qc3suCNVpikRgiG5K8LXMGS3w+1wUFb
+JIkDKLuDxmXApG+BEEQXmE07zfwAzRbVBmunpWnG/us=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTkwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzI0MTlaFw0wNjAyMTAxMzI0MjBaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTEgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BMTEVMBMGA1UEBRMMMjI1NjUyMzkyMTA0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmURpYSNb7j/plynhMIDHgoPCu
+Go0KfBI6XJYGAC8dmzntKDaHeUBM/ZImO6PMyK3LEj+vlcVKM2UPsEOaXiGrLs/Z
+GjTP8QMpYKj5UyNlLYMoxRagHi75A6Ci8dcxwH+Sjo3QxLBDEPG6zsusnZphPYad
+pLW7r/NQuOSfeuE6MwIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECEp3ZWggbV5MMA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uMkBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAIuyADBvzJmE7yCCAilQrFl4U+HjMNF5NwbbUqjtVxCj7JliOFJBd
+en46ekG8w57tLHOhg/5N9xdmObX2jgzGZy7uJC7eDnszWjvvfsFev87MwZFy3Pm/
+wdu1+7/+RLDcrOViDn1x2n/JDvkqZJ5WFor2R76wnBIESNeHOqDW9nXHP5F5ERLI
+Ug3tVhIHCkxkBvHJkQOwMD+BhKGh/1jSBRloyrVD/5QUcbQE5wmOjv1I6LLOZRbq
+eXk8cQhwGH+K6p0BdwQc6rg3CXFqTTzP4GuUhnxfJsYtKw7qAfVSf3VRqbeVHX4M
+xDtbjTi15+0lWfB15L4jukJl10D9cFMsWA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-20T08:31:06Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>A6PySg7S5iw8pJEX0i5lwp43lZY=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6457</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature>
+</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file