Merge branch 'eSense_eIDAS_development' into moa-id-3.2_(OPB)

Conflicts:
	id/server/idserverlib/pom.xml
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
	id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfiguration.java
	id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java

10 files changed, 189 insertions, 0 deletions

diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
new file mode 100644
index 000000000..9fef4fa2e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+    <comment>SWModule encrypt with JKS.</comment>
+    <entry key="keystorePath">keys/eidasKeyStore.jks</entry>
+    <entry key="keyStorePassword">local-demo</entry>
+    <entry key="keyPassword">local-demo</entry>
+
+    <!-- Management of the encryption activation -->
+    <entry key="encryptionActivation">eIDAS/encryptionConf.xml</entry>
+
+
+    <entry key="responseToPointIssuer.BE">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE</entry>
+    <entry key="responseToPointSerialNumber.BE">54C8F779</entry>
+
+    <!--  If not present then no decryption will be applied on response -->
+    <entry key="responseDecryptionIssuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry>
+    <entry key="serialNumber">54C8F779</entry>
+
+    <entry key="keystoreType">JKS</entry>
+</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml
new file mode 100644
index 000000000..2327fb0d8
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SamlEngine_basics.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SAML constants for AuthnRequests and Responses.</comment>
+
+	<!--
+		Types of consent obtained from the user for this authentication and
+		data transfer.
+		Allow values: 'unspecified'.
+	-->
+	<entry key="consentAuthnRequest">unspecified</entry>
+	<!--
+	Allow values: 'obtained', 'prior', 'curent-implicit', 'curent-explicit', 'unspecified'.
+	-->
+	<entry key="consentAuthnResponse">obtained</entry>
+
+	<!--URI representing the classification of the identifier
+		Allow values: 'entity'.
+	-->
+	<entry key="formatEntity">entity</entry>
+	
+	<!--Only HTTP-POST binding is only supported for inter PEPS-->
+	<!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
+	<entry key="protocolBinding">HTTP-POST</entry>
+	
+	<entry key="eIDSectorShare">false</entry>
+	<entry key="eIDCrossSectorShare">false</entry>
+	<entry key="eIDCrossBorderShare">false</entry>
+	
+	<!-- Attributes with require option -->
+	<entry key="isRequired">true</entry>
+	
+	<!-- A friendly name for the attribute that can be displayed to a user -->
+	<entry key="friendlyName">false</entry>
+	
+	<!--PEPS in the Service Provider's country-->
+	<entry key="requester">http://S-PEPS.gov.xx</entry>
+
+	<!--PEPS in the citizen's origin country-->
+	<entry key="responder">http://C-PEPS.gov.xx</entry>
+
+	<!--Subject cannot be confirmed on or after this seconds time (positive number)-->
+	<entry key="timeNotOnOrAfter">300</entry>
+
+	<!--Validation IP of the response-->
+	<entry key="ipAddrValidation">false</entry>
+	
+	<!--One time use-->
+	<entry key="oneTimeUse">true</entry>
+
+	<!--Subject Attribute Definitions-->
+	<entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
+	<entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
+	<entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
+	<entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
+	<entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
+	<entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
+	<entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
+ 	<entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
+	<entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
+	<entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
+	<entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
+	<entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
+	<entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
+	<entry key="title">http://www.stork.gov.eu/1.0/title</entry>
+	<entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
+	<entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
+	<entry key="age">http://www.stork.gov.eu/1.0/age</entry>
+	<entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
+	<entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
+	<entry key="citizenQAALevel">http://www.stork.gov.eu/1.0/citizenQAALevel</entry>
+	<entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
+	<entry key="unknown">http://www.stork.gov.eu/1.0/unknown</entry>
+
+
+	<!--Subject Attribute Definitions eidas format, natural person -->
+	<entry key="eidas/attributes/CurrentFamilyName">http://eidas.europa.eu/attributes/naturalperson/CurrentFamilyName</entry>
+	<entry key="eidas/attributes/CurrentGivenName">http://eidas.europa.eu/attributes/naturalperson/CurrentGivenName</entry>
+	<entry key="eidas/attributes/DateOfBirth">http://eidas.europa.eu/attributes/naturalperson/DateOfBirth</entry>
+	<entry key="eidas/attributes/PersonIdentifier">http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier</entry>
+	<entry key="eidas/attributes/BirthName">http://eidas.europa.eu/attributes/naturalperson/BirthName</entry>
+	<entry key="eidas/attributes/PlaceOfBirth">http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth</entry>
+	<entry key="eidas/attributes/CurrentAddress">http://eidas.europa.eu/attributes/naturalperson/CurrentAddress</entry>
+	<entry key="eidas/attributes/Gender">http://eidas.europa.eu/attributes/naturalperson/Gender</entry>
+	<!--Subject Attribute Definitions eidas format, legal person -->
+	<entry key="eidas/attributes/LegalPersonIdentifier">http://eidas.europa.eu/attributes/legalperson/LegalPersonIdentifier</entry>
+	<entry key="eidas/attributes/LegalAddress">http://eidas.europa.eu/attributes/legalperson/LegalAddress</entry>
+	<entry key="eidas/attributes/LegalName">http://eidas.europa.eu/attributes/legalperson/LegalName</entry>
+	<entry key="eidas/attributes/VATRegistration">http://eidas.europa.eu/attributes/legalperson/VATRegistration</entry>
+	<entry key="eidas/attributes/TaxReference">http://eidas.europa.eu/attributes/legalperson/TaxReference</entry>
+	<entry key="eidas/attributes/D-2012-17-EUIdentifier">http://eidas.europa.eu/attributes/legalperson/D-2012-17-EUIdentifier</entry>
+	<entry key="eidas/attributes/LEI">http://eidas.europa.eu/attributes/legalperson/LEI</entry>
+	<entry key="eidas/attributes/EORI">http://eidas.europa.eu/attributes/legalperson/EORI</entry>
+	<entry key="eidas/attributes/SEED">http://eidas.europa.eu/attributes/legalperson/SEED</entry>
+	<entry key="eidas/attributes/SIC">http://eidas.europa.eu/attributes/legalperson/SIC</entry>
+
+</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
new file mode 100644
index 000000000..745580428
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+
+<properties>
+	<comment>SWModule sign with JKS.</comment>
+	<entry key="keystorePath">keys/eidasKeyStore_Service_CB.jks</entry>
+	<entry key="keyStorePassword">local-demo</entry>
+	<entry key="keyPassword">local-demo</entry>
+	<entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry>
+	<entry key="serialNumber">54C8F839</entry>
+	<entry key="keystoreType">JKS</entry>
+
+	<entry key="metadata.keystorePath">keys/eidasKeyStore_METADATA.jks</entry>
+	<entry key="metadata.keyStorePassword">local-demo</entry>
+	<entry key="metadata.keyPassword">local-demo</entry>
+	<entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry>
+	<entry key="metadata.serialNumber">561BC0C8</entry>
+	<entry key="metadata.keystoreType">JKS</entry>
+</properties>
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml
new file mode 100644
index 000000000..ff8307f10
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/encryptionConf.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
+<properties>
+	<entry key="EncryptTo.CA">false</entry>
+
+	<entry key="EncryptTo.CB">false</entry>
+
+	<entry key="EncryptTo.CC">false</entry>
+
+	<entry key="EncryptTo.CD">false</entry>
+
+	<entry key="EncryptTo.CF">false</entry>
+
+</properties>
\ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks
new file mode 100644
index 000000000..c8a28d0ae
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore.jks
diff --git a/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks
new file mode 100644
index 000000000..e52051dd8
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_METADATA.jks
diff --git a/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks
new file mode 100644
index 000000000..9275f9fdd
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/keys/eidasKeyStore_Service_CB.jks
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 49e69c561..09568ce68 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -48,6 +48,12 @@ stork.fakeIdL.keygroup=
 stork.documentservice.url=
 
 
+## eIDAS protocol configuration
+moa.id.protocols.eIDAS.samlengine.config.file=eIDAS/SamlEngine_basics.xml
+moa.id.protocols.eIDAS.samlengine.sign.config.file=eIDAS/SignModule.xml
+moa.id.protocols.eIDAS.samlengine.enc.config.file=eIDAS/EncryptModule.xml
+moa.id.protocols.eIDAS.metadata.validation.truststore=eIDAS_metadata
+
 ##Protocol configuration##
 #PVP2
 protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
index 9d130971d..ce5a21d57 100644
--- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -47,6 +47,10 @@
 					<cfg:Id>C-PEPS</cfg:Id>
 					<cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation>
 				</cfg:TrustProfile>
+        <cfg:TrustProfile>
+					<cfg:Id>eIDAS_metadata</cfg:Id>
+					<cfg:TrustAnchorsLocation>trustProfiles/eIDAS_metadata</cfg:TrustAnchorsLocation>
+				</cfg:TrustProfile>
 			</cfg:PathValidation>
 			<cfg:RevocationChecking>
 				<cfg:EnableChecking>true</cfg:EnableChecking>
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt
new file mode 100644
index 000000000..14e5e5cb5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/eIDAS_metadata/eIDAS_test_node.crt
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIFMTCCAxkCBFYbwMgwDQYJKoZIhvcNAQENBQAwXTELMAkGA1UEBhMCQkUxCzAJBgNVBAgMAkVV
+MREwDwYDVQQHDAhCcnVzc2VsczELMAkGA1UECgwCRUMxDjAMBgNVBAsMBURJR0lUMREwDwYDVQQD
+DAhtZXRhZGF0YTAeFw0xNTEwMTIxNDE2NDBaFw0xNjEwMTExNDE2NDBaMF0xCzAJBgNVBAYTAkJF
+MQswCQYDVQQIDAJFVTERMA8GA1UEBwwIQnJ1c3NlbHMxCzAJBgNVBAoMAkVDMQ4wDAYDVQQLDAVE
+SUdJVDERMA8GA1UEAwwIbWV0YWRhdGEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCN
+5mYsOKzSJ9ksT9dHtFOztF1M8GIMeBLm6chIvtKHwXVLzO53RKhcOwt0j847VL6m5PcAAp57SutC
+DeukA8p6UCUA905p+m7+dt7iEsUV3yje4M8dDFS/LwEF9GhFm3v471ZRYPDW769v14QkmnA9vxWB
+WAj4WcMRMats9choHJdnRa1xUnVjx8yMojoVaPwt1tkG/rRnPev2o0g+VI63XkYd1pLKAU5Pt+n7
+LevLPJsvgkKLQhEB7bvMG1tZ1P4fJ0n3FOHmfLHJ/yEWA+hHXorX5T3G8Fq6GsI5O/c1zkZ7QMSw
+WwzXDbq5qrfyzesdlTPfdsPnFIRddCgx8NuVwI+brlYDSdLGEm+byfM9W4WmfDN6SK1oGMSibuz7
+K49Xh0MFVKNyxT9hCz309UiV71RGnveZxdMGu4vdzP74Ll3G48IIgQ4ymFPMONYBesuorxDunSqs
+R2F1+Th7k7UXL1xblFRaEyqdHlvhVrJqDP6sM9k3lM75aN4L4QMOyKRAqar+Q7f7NoUcx8cvHfqD
+GLJUPcqn2msMa3mAXO5ihA2ERN41wmnmeJzsd/UiFkaqIvXUTZVwxUfQWn3D9uCg2lRAvOTHydkP
+Cfwj4BtL0P9L3eSZ9NM8IGlTmlyApp2bPlzO92BsE8RE7feOmSLZESDKosqkQzZo2CMr/7V9XQID
+AQABMA0GCSqGSIb3DQEBDQUAA4ICAQALfSi+sa90MbJkAeTIA/la1ibtRkPX6jIjHBvkeq8IYEZi
+XxjJvI4CuQY6WSPMoDY0w9iJvKIygCxRlVi77CtFzu/otOLrXb8ozInopykRMIH4TyVmKYf//CoE
+fkQ3vThaf1JLpKpLuhtqHwV03f7jwODaJBqvqdaBX3VHHMPDOeAWQTAd2abMoHgYRlUgB9TKcbJ1
+akWUyX7hnwZSCiKWbL4nrwsFJc0skFVkfjEQxlZUeRXj/bKgnb0BYUsPsFfxXKJIsIc8CmXGvxKz
+B5TSpYIR79WliT9Fo8T1dJ9a/wr+bOXeM/aSUxLechCl+uDuP8yI2iRz9LT++/16HOrRSUuefHpo
+7wJLJnALMABW21eMwS2XBInUBrBN9CVGAJUDF6GQWMbfxA8x0uh4oKoa/4stP5maaf/FBe52pNNv
+Tacb7P3xJc0mS7jatuAHH0UfXy3+3D3z+SJY4Vy2a1cj5U1nUuxxwIRwsoRtWph0BER4RlOz4lXS
+N8ZK9ahgmCsndm+eDvIJm706s7bd8m/X8Xc/lMK+eKhrK6uIIMmkwbdzbgsOS7Plj9IMGm0S4Kdb
+rnAKhkhAXUi4zbd55aTx1kDodpid/dYPiqxSauyYmCXKbyFCAfY76Zw9SuFBRJClx4h5Mxb/EEpq
+1WHM9IyZshufnuZ587WzqtGmJJubTA==
+-----END CERTIFICATE-----
\ No newline at end of file