diff options
Diffstat (limited to 'id.server/data')
186 files changed, 9816 insertions, 0 deletions
diff --git a/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat b/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat new file mode 100644 index 000000000..3e90dc52e --- /dev/null +++ b/id.server/data/abnahme-test/conf/CopyConfigAbnahme.bat @@ -0,0 +1,40 @@ +
+echo --------------------
+Echo Richte moa-sp ein
+echo --------------------
+md C:\programme\apacheGroup\abnahme\conf\moa
+md C:\programme\apacheGroup\abnahme\conf\moa\keys
+md C:\programme\apacheGroup\abnahme\conf\moa\profiles
+md C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles
+md C:\programme\apacheGroup\abnahme\conf\moa-id
+md C:\programme\apacheGroup\abnahme\conf\moa-id\Transforms
+
+
+copy moa\server.xml C:\programme\apacheGroup\abnahme\conf\server.xml
+copy server.keystore C:\programme\apacheGroup\abnahme\server.keystore
+
+copy log4j.properties C:\programme\apacheGroup\abnahme\conf\moa\log4j.properties
+copy moa\ConfigurationTest.xml C:\programme\apacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+xcopy moa\common\*.* C:\programme\apacheGroup\abnahme\common\*.* /s/e
+del C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1 /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2 /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\profiles\*.* /S/Q
+del C:\programme\apacheGroup\abnahme\conf\moa\keys\*.* /S/Q
+copy moa\keys\*.* C:\programme\apacheGroup\abnahme\conf\moa\keys\*.*
+copy moa\profiles\*.* C:\programme\apacheGroup\abnahme\conf\moa\profiles\*.*
+xcopy moa\TrustProfile1\*.* C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1\*.* /s/e
+xcopy moa\TrustProfile2\*.* C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2\*.* /s/e
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile1\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\TrustProfile2\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\conf\moa\trustprofiles\Cvs /S/Q
+rd C:\programme\apacheGroup\abnahme\common\moa\endorsed\Cvs /S/Q
+echo --------------------
+Echo Rrichte moa-auth ein
+echo --------------------
+copy moa-id\ConfigurationTest.xml C:\programme\apacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml
+
+copy transforms\TransformsInfosHTML.xml C:\programme\apacheGroup\abnahme\conf\moa-id\Transforms\TransformsInfosHTML.xml
+echo --------------------
+Echo Kopiere Start-Skript
+echo --------------------
+copy moa\runAbnahme.bat C:\programme\apacheGroup\abnahme\runAbnahme.bat
diff --git a/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml b/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml new file mode 100644 index 000000000..61455f903 --- /dev/null +++ b/id.server/data/abnahme-test/conf/OAConfBasicAuth.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)--> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <BasicAuth> + <UserID>MOAGivenName</UserID> + <Password>MOAFamilyName</Password> + </BasicAuth> +</Configuration> diff --git a/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml b/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml new file mode 100644 index 000000000..c92e055e9 --- /dev/null +++ b/id.server/data/abnahme-test/conf/OAConfHeaderAuth.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)--> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <HeaderAuth> + <Header Name="Param1" Value="MOAPublicAuthority"/> + <Header Name="Param2" Value="MOABKZ"/> + <Header Name="Param3" Value="MOAQualifiedCertificate"/> + <Header Name="Param4" Value="MOAZMRZahl"/> + <Header Name="Param5" Value="MOAIPAddress"/> + </HeaderAuth> +</Configuration> diff --git a/id.server/data/abnahme-test/conf/OAConfParamAuth.xml b/id.server/data/abnahme-test/conf/OAConfParamAuth.xml new file mode 100644 index 000000000..a70f6a6c0 --- /dev/null +++ b/id.server/data/abnahme-test/conf/OAConfParamAuth.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)--> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <ParamAuth> + <Parameter Name="Param1" Value="MOADateOfBirth"/> + <Parameter Name="Param2" Value="MOAVPK"/> + </ParamAuth> +</Configuration> diff --git a/id.server/data/abnahme-test/conf/deploy_AUTH.bat b/id.server/data/abnahme-test/conf/deploy_AUTH.bat new file mode 100644 index 000000000..adb168f09 --- /dev/null +++ b/id.server/data/abnahme-test/conf/deploy_AUTH.bat @@ -0,0 +1,12 @@ +
+cd ..\..\..\..\build\scripts\
+Echo Entferne temporäre Projekt-Dateien und erstelle moa-id-auth.war
+call build id.server clean >null
+call build id.server dist-auth >null
+Echo Lösche altes .war-File vom Server und kopiere neu erzeugte Web-App
+del C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth.war /Q/F/S
+rd C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth /S/Q
+copy ..\..\id.server\tmp\dist\auth\moa-id-auth.war C:\programme\ApacheGroup\abnahme\webapps\moa-id-auth.war
+cd ..\..\id.server\data\abnahme-test\conf
+C:
+cd C:\programme\ApacheGroup\abnahme
diff --git a/id.server/data/abnahme-test/conf/log4j.properties b/id.server/data/abnahme-test/conf/log4j.properties new file mode 100644 index 000000000..86aa9c994 --- /dev/null +++ b/id.server/data/abnahme-test/conf/log4j.properties @@ -0,0 +1,41 @@ +# +# Sample log4j configuration for the MOA-SPSS web service +# + +# commons-logging setup +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory + +# Define log4j root loggers for the 'moa.spss.server' and 'iaik.server' +# logging hierarchies. +# All logging output is written to the 'stdout' and 'R' appenders. +# Add JDBC if you also want to write it to the database +log4j.rootLogger=info, stdout, R +log4j.logger.moa.spss.server=info +log4j.logger.iaik.server=info +log4j.moa=debug + +# Configure the 'stdout appender' to write logging output to the console +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + +# Configure the rolling file appender 'R' to write logging output +# to the file 'moa-spss.log'. The file is rolled over every 1000KB, +# and a maximum history of 4 log files is being kept. +log4j.appender.R=org.apache.log4j.RollingFileAppender +log4j.appender.R.File=moa-spss.log +log4j.appender.R.MaxFileSize=1000KB +log4j.appender.R.MaxBackupIndex=4 +log4j.appender.R.layout=org.apache.log4j.PatternLayout +log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + +# Configure the jdbc appender 'JDBC' to write logging output +# to the given PostgreSQL database +# a suitable table called 'spss_log' must have been created in the +# database using the command: +# create table spss_log (log_time timestamp, log_level varchar(5), log_msg varchar(256)) +log4j.appender.JDBC=org.apache.log4j.jdbc.JDBCAppender +log4j.appender.JDBC.driver=org.postgresql.Driver +log4j.appender.JDBC.URL=jdbc:postgresql://10.16.46.108/moa?user=moa&password=moatest +log4j.appender.JDBC.layout=org.apache.log4j.PatternLayout +log4j.appender.JDBC.sql=INSERT INTO spss_log (log_time, log_level, log_msg) VALUES ('%d{ yyyy-MM-dd HH:mm:ss.SSS}', '%5p', '%m')
\ No newline at end of file diff --git a/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml b/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml new file mode 100644 index 000000000..f2e23f2e2 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa-id/ConfigurationTest.xml @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/Transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/certs/server-certs</AcceptedServerCertificates> + <!--<ClientKeyStore password="Keystore Pass">file:/c:/</ClientKeyStore> --> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://moatestlinux:18080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:/c:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/OAConf.xml" sessionTimeOut="600"> + <ConnectionParameter URL="https://moatestlinux:18443/oa/"> + <AcceptedServerCertificates>file:/C:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates> +<!-- <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://10.16.126.28:9443/moa-id-proxy/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:/c:/Programme/ApacheGroup/abnahme/conf/moa-id/oa/OAConf.xml" sessionTimeOut="20"> + <ConnectionParameter URL="https://moatestlinux:18443/oa/"> + <AcceptedServerCertificates>file:/home/moa/id/abnahme/conf/moa-id/oa/server-certs/tomcat</AcceptedServerCertificates> + <!-- <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="/home/moa/id/abnahme/conf/moa-id/certs/cert-store-root"/> + <GenericConfiguration name="TLSTrustedCACertificates" value="file:/home/moa/id/abnahme/conf/moa-id/certs/ca-certs"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml new file mode 100644 index 000000000..82c45565d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/ConfigurationTest.xml @@ -0,0 +1,136 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> + <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/> + <GenericConfiguration name="IAIKIXSILinit.properties" value="aValidFileName"/> + <GenericConfiguration name="autoAddCertificates" value="true"/> + <GenericConfiguration name="useAuthorityInfoAccess" value="true"/> + <GenericConfiguration name="maxRevocationAge" value="0"/> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="aValidPathName"/> + <GenericConfiguration name="archiveRevocationInfo" value="false"/> + <GenericConfiguration name="DataBaseArchiveParameter.JDBCUrl" value="jdbc:postgresql://10.16.46.108/moa?user=moa&password=moatest"/> + <GenericConfiguration name="test.ReferenceBase" value="test"/> + <!-- + <HardwareCryptoModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/> + <HardwareKeyModule name="validPathToPKCS11Lib" slotID="validSlotID" userPIN="validPIN"/> + + <HardwareKeyModule id="HSM" name="cryptoki.dll" slotID="0" userPIN="0000"/>--> + <SoftwareKeyModule id="SWKeyModule1" filename="keys/test-ee2003_normal(buergerkarte).p12" password="buergerkarte"/> + <SoftwareKeyModule id="SWKeyModule2" filename="keys/normal-eeExpired.p12" password=""/> + <SoftwareKeyModule id="SWKeyModule3" filename="keys/ecc(ego).p12" password="ego"/> + <SoftwareKeyModule id="SWKeyModule4" filename="keys/DSA.512.p12" password="topSecret"/> + <KeyGroup id="HSMRSAKEY"> + <Key> + <KeyModuleID>HSM</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>C=AT,OU=MOA,O=BRZ,CN=HSMRSAKEY</dsig:X509IssuerName> + <dsig:X509SerialNumber>1</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="PKCS12RSAKey1"> + <!--PKCS12RSAKey1 maps to test-ee2003_normal(buergerkarte).p12--> + <Key> + <KeyModuleID>SWKeyModule1</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="PKCS12RSAKeyExpired"> + <!--PKCS12RSAKey1 maps to sicher-demo(buergerkarte).p12--> + <Key> + <KeyModuleID>SWKeyModule2</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>10</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="PKCS12ECDSAKey1"> + <!--PKCS12ECDSAKey1 maps to ecc(ego).p12--> + <Key> + <KeyModuleID>SWKeyModule3</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>68172</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="DSAinPKCS12"> + <!--DSAinPKCS12 maps to DSA.512.p12--> + <Key> + <KeyModuleID>SWKeyModule4</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>761791</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroup id="allKeys"> + <Key> + <KeyModuleID>SWKeyModule1</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + <Key> + <KeyModuleID>SWKeyModule2</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + <Key> + <KeyModuleID>SWKeyModule3</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK ECDSA Test,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>68172</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + <Key> + <KeyModuleID>SWKeyModule4</KeyModuleID> + <KeyCertIssuerSerial> + <dsig:X509IssuerName>CN=IAIK DSA Test CA,OU=JavaSecurity,O=IAIK,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>761791</dsig:X509SerialNumber> + </KeyCertIssuerSerial> + </Key> + </KeyGroup> + <KeyGroupMapping> + <KeyGroup id="PKCS12RSAKey1"/> + <KeyGroup id="PKCS12RSAKeyExpired"/> + <KeyGroup id="PKCS12ECDSAKey1"/> + <KeyGroup id="DSAinPKCS12"/> + <KeyGroup id="HSMRSAKEY"/> + </KeyGroupMapping> + <KeyGroupMapping> + <X509IssuerSerial> + <dsig:X509IssuerName>CN=TestUser,OU=MOA,O=BRZ,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>12345678</dsig:X509SerialNumber> + </X509IssuerSerial> + <KeyGroup id="allKeys"/> + </KeyGroupMapping> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <CRLArchive duration="365"/> + <CRLDistributionPoint> + <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN> + <DistributionPoint uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/> + </CRLDistributionPoint> + <CRLDistributionPoint> + <CAIssuerDN>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</CAIssuerDN> + <DistributionPoint reasonCodes="keyCompromise affiliationChanged" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/> + <DistributionPoint reasonCodes="certificateHold" uri="http://www.iaik.at/testCA/iaik_test_sig.crl"/> + </CRLDistributionPoint> + <VerifyTransformsInfoProfile id="TransformsInfoProfile1MOAID" filename="profiles/TransformsInfoProfile1MOAID.xml"/> + <VerifyTransformsInfoProfile id="TransformsInfoProfile2MOAID" filename="profiles/TransformsInfoProfile2MOAID.xml"/> + <VerifyTransformsInfoProfile id="TransformsInfoProfile3MOAID" filename="profiles/TransformsInfoProfile3MOAID.xml"/> + <TrustProfile id="TrustProfile1" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile1"/> + <TrustProfile id="TrustProfile2" uri="C:/Programme/ApacheGroup/abnahme/conf/moa/trustprofiles/TrustProfile2"/> +</MOAConfiguration> diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer Binary files differnew file mode 100644 index 000000000..18e6bc109 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Buergerkarte01Root.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer Binary files differnew file mode 100644 index 000000000..1cdc15c6e --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/IAIK_TestRoot.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer Binary files differnew file mode 100644 index 000000000..b5b39633d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/Max_Mustermann.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer Binary files differnew file mode 100644 index 000000000..81f6fa658 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA1.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer Binary files differnew file mode 100644 index 000000000..99936caa8 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/TestPersonMOA4.cer diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der Binary files differnew file mode 100644 index 000000000..3a3aa543d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile1/test-ee2003_normal_inkl_verwaltungs_oid.der diff --git a/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer Binary files differnew file mode 100644 index 000000000..b5b39633d --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/TrustProfile2/Max_Mustermann.cer diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar Binary files differnew file mode 100644 index 000000000..f25d73cd7 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xercesImpl.jar diff --git a/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar Binary files differnew file mode 100644 index 000000000..c1fa1d645 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/common/endorsed/xmlParserAPIs.jar diff --git a/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 Binary files differnew file mode 100644 index 000000000..8f7a201ac --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/DSA.512.p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 Binary files differnew file mode 100644 index 000000000..f84e793c5 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/ecc(ego).p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 Binary files differnew file mode 100644 index 000000000..ff65f9fde --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/normal-eeExpired.p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 Binary files differnew file mode 100644 index 000000000..efaeb9b98 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/sicher-demo(buergerkarte).p12 diff --git a/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 Binary files differnew file mode 100644 index 000000000..efaeb9b98 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/keys/test-ee2003_normal(buergerkarte).p12 diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml new file mode 100644 index 000000000..c4f5a52af --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile1MOAID.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml new file mode 100644 index 000000000..dc4a97716 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile2MOAID.xml @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml new file mode 100644 index 000000000..17c4d8d54 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/profiles/TransformsInfoProfile3MOAID.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id.server/data/abnahme-test/conf/moa/runAbnahme.bat b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat new file mode 100644 index 000000000..8f635081c --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/runAbnahme.bat @@ -0,0 +1,12 @@ +C:
+cd\programme
+cd apacheGroup
+cd abnahme
+rem set moa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml
+set moa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+rem set CATALINA_OPTS=-Dmoa.id.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa-id\ConfigurationTest.xml -Dlog4j.configuration=file:/C:\Programme\ApacheGroup\abnahme\conf\log4j.properties -Dmoa.spss.server.configuration=C:\Programme\ApacheGroup\abnahme\conf\moa\ConfigurationTest.xml
+set MOA_ROOT=C:\Programme\ApacheGroup\abnahme\
+set CATALINA_OPTS=-Dmoa.spss.server.configuration=%MOA_ROOT%conf\moa\ConfigurationTest.xml -Dlog4j.configuration=file:/%MOA_ROOT%conf\moa\log4j.properties -Dmoa.id.configuration=%MOA_ROOT%conf\moa-id\ConfigurationTest.xml
+set CATALINA_HOME=C:\Programme\ApacheGroup\abnahme
+
+call bin\catalina run
\ No newline at end of file diff --git a/id.server/data/abnahme-test/conf/moa/server.xml b/id.server/data/abnahme-test/conf/moa/server.xml new file mode 100644 index 000000000..75afa9955 --- /dev/null +++ b/id.server/data/abnahme-test/conf/moa/server.xml @@ -0,0 +1,423 @@ +<!-- Example Server Configuration File --> +<!-- Note that component elements are nested corresponding to their + parent-child relationships with each other --> + +<!-- A "Server" is a singleton element that represents the entire JVM, + which may contain one or more "Service" instances. The Server + listens for a shutdown command on the indicated port. + + Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> + +<Server port="8005" shutdown="SHUTDOWN" debug="0"> + + + <!-- Comment these entries out to disable JMX MBeans support --> + <!-- You may also configure custom components (e.g. Valves/Realms) by + including your own mbean-descriptor file(s), and setting the + "descriptors" attribute to point to a ';' seperated list of paths + (in the ClassLoader sense) of files to add to the default list. + e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml" + --> + <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" + debug="0"/> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" + debug="0"/> + + <!-- Global JNDI resources --> + <GlobalNamingResources> + + <!-- Test entry for demonstration purposes --> + <Environment name="simpleValue" type="java.lang.Integer" value="30"/> + + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users --> + <Resource name="UserDatabase" auth="Container" + type="org.apache.catalina.UserDatabase" + description="User database that can be updated and saved"> + </Resource> + <ResourceParams name="UserDatabase"> + <parameter> + <name>factory</name> + <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value> + </parameter> + <parameter> + <name>pathname</name> + <value>conf/tomcat-users.xml</value> + </parameter> + </ResourceParams> + + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" (and therefore the web applications visible + within that Container). Normally, that Container is an "Engine", + but this is not required. + + Note: A "Service" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> + + <!-- Define the Tomcat Stand-Alone Service --> + <Service name="Tomcat-Standalone"> + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Each Connector passes requests on to the + associated "Container" (normally an Engine) for processing. + + By default, a non-SSL HTTP/1.1 Connector is established on port 8080. + You can also enable an SSL HTTP/1.1 Connector on port 8443 by + following the instructions below and uncommenting the second Connector + entry. SSL support requires the following steps (see the SSL Config + HOWTO in the Tomcat 4.0 documentation bundle for more detailed + instructions): + * Download and install JSSE 1.0.2 or later, and put the JAR files + into "$JAVA_HOME/jre/lib/ext". + * Execute: + %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) + $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) + with a password value of "changeit" for both the certificate and + the keystore itself. + + By default, DNS lookups are enabled when a web application calls + request.getRemoteHost(). This can have an adverse impact on + performance, so you can disable it by setting the + "enableLookups" attribute to "false". When DNS lookups are disabled, + request.getRemoteHost() will return the String version of the + IP address of the remote client. + --> + + <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8080" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="100" debug="0" connectionTimeout="20000" + useURIValidationHack="false" disableUploadTimeout="true" /> + <!-- Note : To disable connection timeouts, set connectionTimeout value + to -1 --> + + <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> + + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8443" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="100" debug="0" scheme="https" secure="true" useURIValidationHack="false" disableUploadTimeout="false"> + <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" clientAuth="false" protocol="TLS" keystoreFile="server.keystore" keystorePass="changeit"/> + </Connector> + + + <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8009" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="10" debug="0" connectionTimeout="0" + useURIValidationHack="false" + protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <!-- + <Connector className="org.apache.ajp.tomcat4.Ajp13Connector" + port="8009" minProcessors="5" maxProcessors="75" + acceptCount="10" debug="0"/> + --> + + <!-- Define a Proxied HTTP/1.1 Connector on port 8082 --> + <!-- See proxy documentation for more information about using this. --> + <!-- + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8082" minProcessors="5" maxProcessors="75" + enableLookups="true" + acceptCount="100" debug="0" connectionTimeout="20000" + proxyPort="80" useURIValidationHack="false" + disableUploadTimeout="true" /> + --> + + <!-- Define a non-SSL legacy HTTP/1.1 Test Connector on port 8083 --> + <!-- + <Connector className="org.apache.catalina.connector.http.HttpConnector" + port="8083" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="10" debug="0" /> + --> + + <!-- Define a non-SSL HTTP/1.0 Test Connector on port 8084 --> + <!-- + <Connector className="org.apache.catalina.connector.http10.HttpConnector" + port="8084" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="10" debug="0" /> + --> + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). --> + + <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie : + <Engine name="Standalone" defaultHost="localhost" debug="0" jmvRoute="jvm1"> + --> + + <!-- Define the top level container in our container hierarchy --> + <Engine name="Standalone" defaultHost="localhost" debug="0"> + + <!-- The request dumper valve dumps useful debugging information about + the request headers and cookies that were received, and the response + headers and cookies that were sent, for all requests received by + this instance of Tomcat. If you care only about requests to a + particular virtual host, or a particular application, nest this + element inside the corresponding <Host> or <Context> entry instead. + + For a similar mechanism that is portable to all Servlet 2.3 + containers, check out the "RequestDumperFilter" Filter in the + example application (the source for this filter may be found in + "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). + + Request dumping is disabled by default. Uncomment the following + element to enable it. --> + <!-- + <Valve className="org.apache.catalina.valves.RequestDumperValve"/> + --> + + <!-- Global logger unless overridden at lower levels --> + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="catalina_log." suffix=".txt" + timestamp="true"/> + + <!-- Because this Realm is here, an instance will be shared globally --> + + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" + debug="0" resourceName="UserDatabase"/> + + <!-- Comment out the old realm but leave here for now in case we + need to go back quickly --> + <!-- + <Realm className="org.apache.catalina.realm.MemoryRealm" /> + --> + + <!-- Replace the above Realm with one of the following to get a Realm + stored in a database and accessed via JDBC --> + + <!-- + <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" + driverName="org.gjt.mm.mysql.Driver" + connectionURL="jdbc:mysql://localhost/authority" + connectionName="test" connectionPassword="test" + userTable="users" userNameCol="user_name" userCredCol="user_pass" + userRoleTable="user_roles" roleNameCol="role_name" /> + --> + + <!-- + <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" + driverName="oracle.jdbc.driver.OracleDriver" + connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL" + connectionName="scott" connectionPassword="tiger" + userTable="users" userNameCol="user_name" userCredCol="user_pass" + userRoleTable="user_roles" roleNameCol="role_name" /> + --> + + <!-- + <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" + driverName="sun.jdbc.odbc.JdbcOdbcDriver" + connectionURL="jdbc:odbc:CATALINA" + userTable="users" userNameCol="user_name" userCredCol="user_pass" + userRoleTable="user_roles" roleNameCol="role_name" /> + --> + + <!-- Define the default virtual host --> + <Host name="localhost" debug="0" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- Normally, users must authenticate themselves to each web app + individually. Uncomment the following entry if you would like + a user to be authenticated the first time they encounter a + resource protected by a security constraint, and then have that + user identity maintained across *all* web applications contained + in this virtual host. --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" + debug="0"/> + --> + + <!-- Access log processes all requests for this virtual host. By + default, log files are created in the "logs" directory relative to + $CATALINA_HOME. If you wish, you can specify a different + directory with the "directory" attribute. Specify either a relative + (to $CATALINA_HOME) or absolute path to the desired directory. + --> + <!-- + <Valve className="org.apache.catalina.valves.AccessLogValve" + directory="logs" prefix="localhost_access_log." suffix=".txt" + pattern="common" resolveHosts="false"/> + --> + + <!-- Logger shared by all Contexts related to this virtual host. By + default (when using FileLogger), log files are created in the "logs" + directory relative to $CATALINA_HOME. If you wish, you can specify + a different directory with the "directory" attribute. Specify either a + relative (to $CATALINA_HOME) or absolute path to the desired + directory.--> + <Logger className="org.apache.catalina.logger.FileLogger" + directory="logs" prefix="localhost_log." suffix=".txt" + timestamp="true"/> + + <!-- Define properties for each web application. This is only needed + if you want to set non-default properties, or have web application + document roots in places other than the virtual host's appBase + directory. --> + + <!-- Tomcat Root Context --> + <!-- + <Context path="" docBase="ROOT" debug="0"/> + --> + + <!-- Tomcat Examples Context --> + <Context path="/examples" docBase="examples" debug="0" + reloadable="true" crossContext="true"> + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="localhost_examples_log." suffix=".txt" + timestamp="true"/> + <Ejb name="ejb/EmplRecord" type="Entity" + home="com.wombat.empl.EmployeeRecordHome" + remote="com.wombat.empl.EmployeeRecord"/> + + <!-- If you wanted the examples app to be able to edit the + user database, you would uncomment the following entry. + Of course, you would want to enable security on the + application as well, so this is not done by default! + The database object could be accessed like this: + + Context initCtx = new InitialContext(); + Context envCtx = (Context) initCtx.lookup("java:comp/env"); + UserDatabase database = + (UserDatabase) envCtx.lookup("userDatabase"); + --> +<!-- + <ResourceLink name="userDatabase" global="UserDatabase" + type="org.apache.catalina.UserDatabase"/> +--> + + + <!-- PersistentManager: Uncomment the section below to test Persistent + Sessions. + + saveOnRestart: If true, all active sessions will be saved + to the Store when Catalina is shutdown, regardless of + other settings. All Sessions found in the Store will be + loaded on startup. Sessions past their expiration are + ignored in both cases. + maxActiveSessions: If 0 or greater, having too many active + sessions will result in some being swapped out. minIdleSwap + limits this. -1 or 0 means unlimited sessions are allowed. + If it is not possible to swap sessions new sessions will + be rejected. + This avoids thrashing when the site is highly active. + minIdleSwap: Sessions must be idle for at least this long + (in seconds) before they will be swapped out due to + activity. + 0 means sessions will almost always be swapped out after + use - this will be noticeably slow for your users. + maxIdleSwap: Sessions will be swapped out if idle for this + long (in seconds). If minIdleSwap is higher, then it will + override this. This isn't exact: it is checked periodically. + -1 means sessions won't be swapped out for this reason, + although they may be swapped out for maxActiveSessions. + If set to >= 0, guarantees that all sessions found in the + Store will be loaded on startup. + maxIdleBackup: Sessions will be backed up (saved to the Store, + but left in active memory) if idle for this long (in seconds), + and all sessions found in the Store will be loaded on startup. + If set to -1 sessions will not be backed up, 0 means they + should be backed up shortly after being used. + + To clear sessions from the Store, set maxActiveSessions, maxIdleSwap, + and minIdleBackup all to -1, saveOnRestart to false, then restart + Catalina. + --> + <!-- + <Manager className="org.apache.catalina.session.PersistentManager" + debug="0" + saveOnRestart="true" + maxActiveSessions="-1" + minIdleSwap="-1" + maxIdleSwap="-1" + maxIdleBackup="-1"> + <Store className="org.apache.catalina.session.FileStore"/> + </Manager> + --> + <Environment name="maxExemptions" type="java.lang.Integer" + value="15"/> + <Parameter name="context.param.name" value="context.param.value" + override="false"/> + <Resource name="jdbc/EmployeeAppDb" auth="SERVLET" + type="javax.sql.DataSource"/> + <ResourceParams name="jdbc/EmployeeAppDb"> + <parameter><name>username</name><value>sa</value></parameter> + <parameter><name>password</name><value></value></parameter> + <parameter><name>driverClassName</name> + <value>org.hsql.jdbcDriver</value></parameter> + <parameter><name>url</name> + <value>jdbc:HypersonicSQL:database</value></parameter> + </ResourceParams> + <Resource name="mail/Session" auth="Container" + type="javax.mail.Session"/> + <ResourceParams name="mail/Session"> + <parameter> + <name>mail.smtp.host</name> + <value>localhost</value> + </parameter> + </ResourceParams> + <ResourceLink name="linkToGlobalResource" + global="simpleValue" + type="java.lang.Integer"/> + </Context> + + </Host> + + </Engine> + + </Service> + + <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 + as its servlet container. Please read the README.txt file coming with + the WebApp Module distribution on how to build it. + (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) + + To configure the Apache side, you must ensure that you have the + "ServerName" and "Port" directives defined in "httpd.conf". Then, + lines like these to the bottom of your "httpd.conf" file: + + LoadModule webapp_module libexec/mod_webapp.so + WebAppConnection warpConnection warp localhost:8008 + WebAppDeploy examples warpConnection /examples/ + + The next time you restart Apache (after restarting Tomcat, if needed) + the connection will be established, and all applications you make + visible via "WebAppDeploy" directives can be accessed through Apache. + --> + + <!-- Define an Apache-Connector Service --> +<!-- + <Service name="Tomcat-Apache"> + + <Connector className="org.apache.catalina.connector.warp.WarpConnector" + port="8008" minProcessors="5" maxProcessors="75" + enableLookups="true" appBase="webapps" + acceptCount="10" debug="0"/> + + <Engine className="org.apache.catalina.connector.warp.WarpEngine" + name="Apache" debug="0"> + + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="apache_log." suffix=".txt" + timestamp="true"/> + + <Realm className="org.apache.catalina.realm.MemoryRealm" /> + + </Engine> + + </Service> +--> + +</Server> diff --git a/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml new file mode 100644 index 000000000..e003297f4 --- /dev/null +++ b/id.server/data/abnahme-test/conf/transforms/TransformsInfosHTML.xml @@ -0,0 +1,63 @@ +<sl10:TransformsInfo> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> + <table border="1"> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + <tr> + <td> + <b>Zeit:</b> + </td> + <td> + <xsl:value-of select="//@IssueInstant"/> + </td> + </tr> + <tr> + <td> + <b>Applikation:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Geschäftsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Anmeldeserver:</b> + </td> + <td> + <xsl:value-of select="//saml:NameIdentifier"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>text/html</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> diff --git a/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties b/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties new file mode 100644 index 000000000..35a41cfdd --- /dev/null +++ b/id.server/data/abnahme-test/ixsil/init/properties/algorithms.properties @@ -0,0 +1,94 @@ +# IXSIL algorithm properties +# +# This file contains the properties which IXSIL uses to maintain the available algorithms. + + + +#---------------------------------------------------------------------------------------------------------- +# Canonicalization algorithms +# +# The following properties (starting with "Canonicalization.") are associations between canonicalization +# algorithm URIs and their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the canonicalization algorithm +# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm +# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI, +# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML +Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments +Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML +Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments + +#---------------------------------------------------------------------------------------------------------- +# Signature algorithms +# +# The following properties (starting with "Signature.") are associations between signature algorithm URIs and +# their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the signature algorithm +# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm +# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI, +# prepended by the signature algorithm property identifier ("Signature."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA +Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA +Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC + + + +#---------------------------------------------------------------------------------------------------------- +# Digest algorithms +# +# The following properties (starting with "Digest.") are associations between digest algorithm URIs and +# their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the digest algorithm +# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm +# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI, +# prepended by the digest algorithm property identifier ("Digest."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1 + + + +#---------------------------------------------------------------------------------------------------------- +# Transform algorithms +# +# The following properties (starting with "Transform.") are associations between digest algorithm URIs and +# their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the transform algorithm +# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm +# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI, +# prepended by the transform algorithm property identifier ("Transform."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML +Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments +Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML +Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments +Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode +Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath +Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature +Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT +Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2 diff --git a/id.server/data/abnahme-test/ixsil/init/properties/init.properties b/id.server/data/abnahme-test/ixsil/init/properties/init.properties new file mode 100644 index 000000000..a309959cc --- /dev/null +++ b/id.server/data/abnahme-test/ixsil/init/properties/init.properties @@ -0,0 +1,214 @@ +# IXSIL init properties +# +# This file contains the basic initialization properties for IXSIL. + +#---------------------------------------------------------------------------------------------------------- +# Properties for localizing exeption messages + +# This property specifies the ISO language code, which is used to select the appropriate exception message +# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information. + +IXSILException.ISOLanguageCode = "en" + + + +# This property specifies the ISO country code, which is used to select the appropriate exception message +# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information. + +IXSILException.ISOCountryCode = "US" + + +#---------------------------------------------------------------------------------------------------------- +# Other property files + +# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e. +# this file). The URI MUST be absolute. +# +# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using +# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the +# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below). +# +# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an +# authority component. This means that the part following the scheme identifier starts with "/" +# (single slash character), and not with "//" (two slash characters). +# +# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties" +# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties" +# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties" + +location.initProperties = file:data/abnahme/test/ixsil/init/properties/init.properties + + + +# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can +# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's +# URI as the base. +# +# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an +# authority component. This means that the part following the scheme identifier starts with "/" +# (single slash character), and not with "//" (two slash characters). +# +# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties" +# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties" +# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties" +# Example 4 (relative URI): "../otherpath/algorithms.properties" +# Example 5 (relative URI): "algorithms.properties" + +location.algorithmsProperties = file:data/abnahme/test/ixsil/init/properties/algorithms.properties + + + +# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can +# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's +# URI as the base. +# +# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an +# authority component. This means that the part following the scheme identifier starts with "/" +# (single slash character), and not with "//" (two slash characters). +# +# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties" +# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties" +# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties" +# Example 4 (relative URI): "../otherpath/keyManager.properties" +# Example 5 (relative URI): "keyManager.properties" + +location.keyManagerProperties = file:data/abnahme/test/ixsil/init/properties/keyManager.properties + + + +#---------------------------------------------------------------------------------------------------------- +# AlgorithmFactory properties + + + +This property specifies the extension class for the abstract class +iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method +iaik.ixsil.algorithms.AlgorithmFactory.createFactory(). +Please specifiy the fully qualified java class name for the class to be instantiated. + +AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl + + + +#---------------------------------------------------------------------------------------------------------- +# VerifierKeyManager properties + +# This property specifies the implementation class for the interface +# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the +# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo +# element which contains hints that can be used to deduce the verification key. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl + + + +#---------------------------------------------------------------------------------------------------------- +# XML namespace prefix properties + +# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace. +# +# PLEASE NOTE: The prefix must not be empty. + +namespacePrefix.XMLSignature = dsig: + + + +# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace. +# +# PLEASE NOTE: The prefix must not be empty. + +namespacePrefix.XMLSchemaInstance = xsi: + + +#---------------------------------------------------------------------------------------------------------- +# DOMUtils properties + + + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies +# on. If you would like to employ a parser different from Apache Xerces, you must implement the +# DOMUtilsInterface and specify your implementation class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception +# or not. + +DOMUtils.ErrorHandler.reportWarnings = true + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception +# or not. + +DOMUtils.ErrorHandler.reportErrors = true + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser +# exception or not. + +DOMUtils.ErrorHandler.reportFatalErrors = true + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies an URI for the location of the XML schema for an XML signature, which is used as the +# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement. +# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for +# this init property file as the base. + +DOMUtils.SignatureSchema = ../schemas/Signature.xsd + + + +#---------------------------------------------------------------------------------------------------------- +# XPathUtils properties + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies +# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the +# XPathUtilsInterface and specify your implementation class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl + + + +#---------------------------------------------------------------------------------------------------------- +# CanonicalXMLSerializer properties + + + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according +# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an +# implemenation different from the standard implementation shipped with IXSIL, you must implement the +# CanonicalXMLSerialierInterface and specify your implementation class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl + + + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML +# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120). +# If you would like to employ an implemenation different from the standard implementation shipped with +# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation +# class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl diff --git a/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties b/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties new file mode 100644 index 000000000..24ece437a --- /dev/null +++ b/id.server/data/abnahme-test/ixsil/init/properties/keyManager.properties @@ -0,0 +1,74 @@ +# IXSIL algorithm properties +# +# This file contains the properties which IXSIL uses in context of key management. + + + +#---------------------------------------------------------------------------------------------------------- +# +# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement, +# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that +# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage +# subelements of that type. +# +# These properties are only of interest, if you are using the standard key manager shipped with IXISL +# (which is class iaik.ixsil.keyInfo.KeyManagerImpl). +# +# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements, +# the property name is the fully qualified XML name for the "KeyValue" element, namely +# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class +# name of the key provider implementation class, for instance the standard implementation which ships with +# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue". +# +# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the +# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the +# element (e.g. "KeyValue"). Both components are seperated by a colon. +# +# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue +http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data +http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod + + + +#---------------------------------------------------------------------------------------------------------- +# +# The following properties specify the order in which the different types of "KeyInfo" subelements are used +# by the key manager to deduce the verification key. +# +# These properties are only of interest, if you are using the standard key manager shipped with IXISL +# (which is class iaik.ixsil.keyInfo.KeyManagerImpl). +# +# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo" +# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an +# example configuration: +# +# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue +# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data +# +# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the +# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second +# chance. Of course you can specify more than only two different subelement types. +# +# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the +# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the +# element (e.g. "KeyValue"). Both components are seperated by a colon. + +Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue +Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data +Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod + + + +#---------------------------------------------------------------------------------------------------------- +# +# The following property is used by standard implementation of the "X509Data" key provider, which ships +# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface +# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust +# manager for this key provider. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl + diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd b/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd new file mode 100644 index 000000000..ed7719dfb --- /dev/null +++ b/id.server/data/abnahme-test/ixsil/init/schemas/Signature.xsd @@ -0,0 +1,328 @@ +<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ SYSTEM "XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2003/04/08 07:20:16 $ by $Author: knirsch $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+ -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="string">
+ <whiteSpace value="preserve"/>
+ <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/>
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="ds:CryptoBinary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="ds:CryptoBinary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="ds:CryptoBinary"/>
+ <element name="X509CRL" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="ds:CryptoBinary"/>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd new file mode 100644 index 000000000..c55a9a819 --- /dev/null +++ b/id.server/data/abnahme-test/ixsil/init/schemas/XMLSchema.dtd @@ -0,0 +1,402 @@ +<!-- DTD for XML Schemas: Part 1: Structures
+ Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN"
+ Official Location: http://www.w3.org/2001/XMLSchema.dtd -->
+<!-- $Id: XMLSchema.dtd,v 1.1 2003/04/08 07:20:16 knirsch Exp $ -->
+<!-- Note this DTD is NOT normative, or even definitive. --> <!--d-->
+<!-- prose copy in the structures REC is the definitive version --> <!--d-->
+<!-- (which shouldn't differ from this one except for this --> <!--d-->
+<!-- comment and entity expansions, but just in case) --> <!--d-->
+<!-- With the exception of cases with multiple namespace
+ prefixes for the XML Schema namespace, any XML document which is
+ not valid per this DTD given redefinitions in its internal subset of the
+ 'p' and 's' parameter entities below appropriate to its namespace
+ declaration of the XML Schema namespace is almost certainly not
+ a valid schema. -->
+
+<!-- The simpleType element and its constituent parts
+ are defined in XML Schema: Part 2: Datatypes -->
+<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' >
+
+<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a
+ schema document to establish a different
+ namespace prefix -->
+<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must
+ also define %s as the suffix for the appropriate
+ namespace declaration (e.g. :foo) -->
+<!ENTITY % nds 'xmlns%s;'>
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % schema "%p;schema">
+<!ENTITY % complexType "%p;complexType">
+<!ENTITY % complexContent "%p;complexContent">
+<!ENTITY % simpleContent "%p;simpleContent">
+<!ENTITY % extension "%p;extension">
+<!ENTITY % element "%p;element">
+<!ENTITY % unique "%p;unique">
+<!ENTITY % key "%p;key">
+<!ENTITY % keyref "%p;keyref">
+<!ENTITY % selector "%p;selector">
+<!ENTITY % field "%p;field">
+<!ENTITY % group "%p;group">
+<!ENTITY % all "%p;all">
+<!ENTITY % choice "%p;choice">
+<!ENTITY % sequence "%p;sequence">
+<!ENTITY % any "%p;any">
+<!ENTITY % anyAttribute "%p;anyAttribute">
+<!ENTITY % attribute "%p;attribute">
+<!ENTITY % attributeGroup "%p;attributeGroup">
+<!ENTITY % include "%p;include">
+<!ENTITY % import "%p;import">
+<!ENTITY % redefine "%p;redefine">
+<!ENTITY % notation "%p;notation">
+
+<!-- annotation elements -->
+<!ENTITY % annotation "%p;annotation">
+<!ENTITY % appinfo "%p;appinfo">
+<!ENTITY % documentation "%p;documentation">
+
+<!-- Customisation entities for the ATTLIST of each element type.
+ Define one of these if your schema takes advantage of the
+ anyAttribute='##other' in the schema for schemas -->
+
+<!ENTITY % schemaAttrs ''>
+<!ENTITY % complexTypeAttrs ''>
+<!ENTITY % complexContentAttrs ''>
+<!ENTITY % simpleContentAttrs ''>
+<!ENTITY % extensionAttrs ''>
+<!ENTITY % elementAttrs ''>
+<!ENTITY % groupAttrs ''>
+<!ENTITY % allAttrs ''>
+<!ENTITY % choiceAttrs ''>
+<!ENTITY % sequenceAttrs ''>
+<!ENTITY % anyAttrs ''>
+<!ENTITY % anyAttributeAttrs ''>
+<!ENTITY % attributeAttrs ''>
+<!ENTITY % attributeGroupAttrs ''>
+<!ENTITY % uniqueAttrs ''>
+<!ENTITY % keyAttrs ''>
+<!ENTITY % keyrefAttrs ''>
+<!ENTITY % selectorAttrs ''>
+<!ENTITY % fieldAttrs ''>
+<!ENTITY % includeAttrs ''>
+<!ENTITY % importAttrs ''>
+<!ENTITY % redefineAttrs ''>
+<!ENTITY % notationAttrs ''>
+<!ENTITY % annotationAttrs ''>
+<!ENTITY % appinfoAttrs ''>
+<!ENTITY % documentationAttrs ''>
+
+<!ENTITY % complexDerivationSet "CDATA">
+ <!-- #all or space-separated list drawn from derivationChoice -->
+<!ENTITY % blockSet "CDATA">
+ <!-- #all or space-separated list drawn from
+ derivationChoice + 'substitution' -->
+
+<!ENTITY % mgs '%all; | %choice; | %sequence;'>
+<!ENTITY % cs '%choice; | %sequence;'>
+<!ENTITY % formValues '(qualified|unqualified)'>
+
+
+<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'>
+
+<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'>
+
+<!-- This is used in part2 -->
+<!ENTITY % restriction1 '((%mgs; | %group;)?)'>
+
+%xs-datatypes;
+
+<!-- the duplication below is to produce an unambiguous content model
+ which allows annotation everywhere -->
+<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*,
+ ((%simpleType; | %complexType;
+ | %element; | %attribute;
+ | %attributeGroup; | %group;
+ | %notation; ),
+ (%annotation;)*)* )>
+<!ATTLIST %schema;
+ targetNamespace %URIref; #IMPLIED
+ version CDATA #IMPLIED
+ %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema'
+ xmlns CDATA #IMPLIED
+ finalDefault %complexDerivationSet; ''
+ blockDefault %blockSet; ''
+ id ID #IMPLIED
+ elementFormDefault %formValues; 'unqualified'
+ attributeFormDefault %formValues; 'unqualified'
+ xml:lang CDATA #IMPLIED
+ %schemaAttrs;>
+<!-- Note the xmlns declaration is NOT in the Schema for Schemas,
+ because at the Infoset level where schemas operate,
+ xmlns(:prefix) is NOT an attribute! -->
+<!-- The declaration of xmlns is a convenience for schema authors -->
+
+<!-- The id attribute here and below is for use in external references
+ from non-schemas using simple fragment identifiers.
+ It is NOT used for schema-to-schema reference, internal or
+ external. -->
+
+<!-- a type is a named content type specification which allows attribute
+ declarations-->
+<!-- -->
+
+<!ELEMENT %complexType; ((%annotation;)?,
+ (%simpleContent;|%complexContent;|
+ %particleAndAttrs;))>
+
+<!ATTLIST %complexType;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %complexDerivationSet; #IMPLIED
+ mixed (true|false) 'false'
+ %complexTypeAttrs;>
+
+<!-- particleAndAttrs is shorthand for a root type -->
+<!-- mixed is disallowed if simpleContent, overriden if complexContent
+ has one too. -->
+
+<!-- If anyAttribute appears in one or more referenced attributeGroups
+ and/or explicitly, the intersection of the permissions is used -->
+
+<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %complexContent;
+ mixed (true|false) #IMPLIED
+ id ID #IMPLIED
+ %complexContentAttrs;>
+
+<!-- restriction should use the branch defined above, not the simple
+ one from part2; extension should use the full model -->
+
+<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))>
+<!ATTLIST %simpleContent;
+ id ID #IMPLIED
+ %simpleContentAttrs;>
+
+<!-- restriction should use the simple branch from part2, not the
+ one defined above; extension should have no particle -->
+
+<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))>
+<!ATTLIST %extension;
+ base %QName; #REQUIRED
+ id ID #IMPLIED
+ %extensionAttrs;>
+
+<!-- an element is declared by either:
+ a name and a type (either nested or referenced via the type attribute)
+ or a ref to an existing element declaration -->
+
+<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?,
+ (%unique; | %key; | %keyref;)*)>
+<!-- simpleType or complexType only if no type|ref attribute -->
+<!-- ref not allowed at top level -->
+<!ATTLIST %element;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ nillable %boolean; #IMPLIED
+ substitutionGroup %QName; #IMPLIED
+ abstract %boolean; #IMPLIED
+ final %complexDerivationSet; #IMPLIED
+ block %blockSet; #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %elementAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- In the absence of type AND ref, type defaults to type of
+ substitutionGroup, if any, else the ur-type, i.e. unconstrained -->
+<!-- default and fixed are mutually exclusive -->
+
+<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)>
+<!ATTLIST %group;
+ name %NCName; #IMPLIED
+ ref %QName; #IMPLIED
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %groupAttrs;>
+
+<!ELEMENT %all; ((%annotation;)?, (%element;)*)>
+<!ATTLIST %all;
+ minOccurs (1) #IMPLIED
+ maxOccurs (1) #IMPLIED
+ id ID #IMPLIED
+ %allAttrs;>
+
+<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %choice;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %choiceAttrs;>
+
+<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)>
+<!ATTLIST %sequence;
+ minOccurs %nonNegativeInteger; #IMPLIED
+ maxOccurs CDATA #IMPLIED
+ id ID #IMPLIED
+ %sequenceAttrs;>
+
+<!-- an anonymous grouping in a model, or
+ a top-level named group definition, or a reference to same -->
+
+<!-- Note that if order is 'all', group is not allowed inside.
+ If order is 'all' THIS group must be alone (or referenced alone) at
+ the top level of a content model -->
+<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside -->
+<!-- Should allow minOccurs=0 inside order='all' . . . -->
+
+<!ELEMENT %any; (%annotation;)?>
+<!ATTLIST %any;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ minOccurs %nonNegativeInteger; '1'
+ maxOccurs CDATA '1'
+ id ID #IMPLIED
+ %anyAttrs;>
+
+<!-- namespace is interpreted as follows:
+ ##any - - any non-conflicting WFXML at all
+
+ ##other - - any non-conflicting WFXML from namespace other
+ than targetNamespace
+
+ ##local - - any unqualified non-conflicting WFXML/attribute
+ one or - - any non-conflicting WFXML from
+ more URI the listed namespaces
+ references
+
+ ##targetNamespace ##local may appear in the above list,
+ with the obvious meaning -->
+
+<!ELEMENT %anyAttribute; (%annotation;)?>
+<!ATTLIST %anyAttribute;
+ namespace CDATA '##any'
+ processContents (skip|lax|strict) 'strict'
+ id ID #IMPLIED
+ %anyAttributeAttrs;>
+<!-- namespace is interpreted as for 'any' above -->
+
+<!-- simpleType only if no type|ref attribute -->
+<!-- ref not allowed at top level, name iff at top level -->
+<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)>
+<!ATTLIST %attribute;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ type %QName; #IMPLIED
+ use (prohibited|optional|required) #IMPLIED
+ default CDATA #IMPLIED
+ fixed CDATA #IMPLIED
+ form %formValues; #IMPLIED
+ %attributeAttrs;>
+<!-- type and ref are mutually exclusive.
+ name and ref are mutually exclusive, one is required -->
+<!-- default for use is optional when nested, none otherwise -->
+<!-- default and fixed are mutually exclusive -->
+<!-- type attr and simpleType content are mutually exclusive -->
+
+<!-- an attributeGroup is a named collection of attribute decls, or a
+ reference thereto -->
+<!ELEMENT %attributeGroup; ((%annotation;)?,
+ (%attribute; | %attributeGroup;)*,
+ (%anyAttribute;)?) >
+<!ATTLIST %attributeGroup;
+ name %NCName; #IMPLIED
+ id ID #IMPLIED
+ ref %QName; #IMPLIED
+ %attributeGroupAttrs;>
+
+<!-- ref iff no content, no name. ref iff not top level -->
+
+<!-- better reference mechanisms -->
+<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %unique;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %uniqueAttrs;>
+
+<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %key;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ %keyAttrs;>
+
+<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)>
+<!ATTLIST %keyref;
+ name %NCName; #REQUIRED
+ refer %QName; #REQUIRED
+ id ID #IMPLIED
+ %keyrefAttrs;>
+
+<!ELEMENT %selector; ((%annotation;)?)>
+<!ATTLIST %selector;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %selectorAttrs;>
+<!ELEMENT %field; ((%annotation;)?)>
+<!ATTLIST %field;
+ xpath %XPathExpr; #REQUIRED
+ id ID #IMPLIED
+ %fieldAttrs;>
+
+<!-- Schema combination mechanisms -->
+<!ELEMENT %include; (%annotation;)?>
+<!ATTLIST %include;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %includeAttrs;>
+
+<!ELEMENT %import; (%annotation;)?>
+<!ATTLIST %import;
+ namespace %URIref; #IMPLIED
+ schemaLocation %URIref; #IMPLIED
+ id ID #IMPLIED
+ %importAttrs;>
+
+<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; |
+ %attributeGroup; | %group;)*>
+<!ATTLIST %redefine;
+ schemaLocation %URIref; #REQUIRED
+ id ID #IMPLIED
+ %redefineAttrs;>
+
+<!ELEMENT %notation; (%annotation;)?>
+<!ATTLIST %notation;
+ name %NCName; #REQUIRED
+ id ID #IMPLIED
+ public CDATA #REQUIRED
+ system %URIref; #IMPLIED
+ %notationAttrs;>
+
+<!-- Annotation is either application information or documentation -->
+<!-- By having these here they are available for datatypes as well
+ as all the structures elements -->
+
+<!ELEMENT %annotation; (%appinfo; | %documentation;)*>
+<!ATTLIST %annotation; %annotationAttrs;>
+
+<!-- User must define annotation elements in internal subset for this
+ to work -->
+<!ELEMENT %appinfo; ANY> <!-- too restrictive -->
+<!ATTLIST %appinfo;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ %appinfoAttrs;>
+<!ELEMENT %documentation; ANY> <!-- too restrictive -->
+<!ATTLIST %documentation;
+ source %URIref; #IMPLIED
+ id ID #IMPLIED
+ xml:lang CDATA #IMPLIED
+ %documentationAttrs;>
+
+<!NOTATION XMLSchemaStructures PUBLIC
+ 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' >
+<!NOTATION XML PUBLIC
+ 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' >
diff --git a/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd b/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd new file mode 100644 index 000000000..59bf31d52 --- /dev/null +++ b/id.server/data/abnahme-test/ixsil/init/schemas/datatypes.dtd @@ -0,0 +1,203 @@ +<!--
+ DTD for XML Schemas: Part 2: Datatypes
+ $Id: datatypes.dtd,v 1.1 2003/04/08 07:20:16 knirsch Exp $
+ Note this DTD is NOT normative, or even definitive. - - the
+ prose copy in the datatypes REC is the definitive version
+ (which shouldn't differ from this one except for this comment
+ and entity expansions, but just in case)
+ -->
+
+<!--
+ This DTD cannot be used on its own, it is intended
+ only for incorporation in XMLSchema.dtd, q.v.
+ -->
+
+<!-- Define all the element names, with optional prefix -->
+<!ENTITY % simpleType "%p;simpleType">
+<!ENTITY % restriction "%p;restriction">
+<!ENTITY % list "%p;list">
+<!ENTITY % union "%p;union">
+<!ENTITY % maxExclusive "%p;maxExclusive">
+<!ENTITY % minExclusive "%p;minExclusive">
+<!ENTITY % maxInclusive "%p;maxInclusive">
+<!ENTITY % minInclusive "%p;minInclusive">
+<!ENTITY % totalDigits "%p;totalDigits">
+<!ENTITY % fractionDigits "%p;fractionDigits">
+<!ENTITY % length "%p;length">
+<!ENTITY % minLength "%p;minLength">
+<!ENTITY % maxLength "%p;maxLength">
+<!ENTITY % enumeration "%p;enumeration">
+<!ENTITY % whiteSpace "%p;whiteSpace">
+<!ENTITY % pattern "%p;pattern">
+
+<!--
+ Customisation entities for the ATTLIST of each element
+ type. Define one of these if your schema takes advantage
+ of the anyAttribute='##other' in the schema for schemas
+ -->
+
+<!ENTITY % simpleTypeAttrs "">
+<!ENTITY % restrictionAttrs "">
+<!ENTITY % listAttrs "">
+<!ENTITY % unionAttrs "">
+<!ENTITY % maxExclusiveAttrs "">
+<!ENTITY % minExclusiveAttrs "">
+<!ENTITY % maxInclusiveAttrs "">
+<!ENTITY % minInclusiveAttrs "">
+<!ENTITY % totalDigitsAttrs "">
+<!ENTITY % fractionDigitsAttrs "">
+<!ENTITY % lengthAttrs "">
+<!ENTITY % minLengthAttrs "">
+<!ENTITY % maxLengthAttrs "">
+<!ENTITY % enumerationAttrs "">
+<!ENTITY % whiteSpaceAttrs "">
+<!ENTITY % patternAttrs "">
+
+<!-- Define some entities for informative use as attribute
+ types -->
+<!ENTITY % URIref "CDATA">
+<!ENTITY % XPathExpr "CDATA">
+<!ENTITY % QName "NMTOKEN">
+<!ENTITY % QNames "NMTOKENS">
+<!ENTITY % NCName "NMTOKEN">
+<!ENTITY % nonNegativeInteger "NMTOKEN">
+<!ENTITY % boolean "(true|false)">
+<!ENTITY % simpleDerivationSet "CDATA">
+<!--
+ #all or space-separated list drawn from derivationChoice
+ -->
+
+<!--
+ Note that the use of 'facet' below is less restrictive
+ than is really intended: There should in fact be no
+ more than one of each of minInclusive, minExclusive,
+ maxInclusive, maxExclusive, totalDigits, fractionDigits,
+ length, maxLength, minLength within datatype,
+ and the min- and max- variants of Inclusive and Exclusive
+ are mutually exclusive. On the other hand, pattern and
+ enumeration may repeat.
+ -->
+<!ENTITY % minBound "(%minInclusive; | %minExclusive;)">
+<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)">
+<!ENTITY % bounds "%minBound; | %maxBound;">
+<!ENTITY % numeric "%totalDigits; | %fractionDigits;">
+<!ENTITY % ordered "%bounds; | %numeric;">
+<!ENTITY % unordered
+ "%pattern; | %enumeration; | %whiteSpace; | %length; |
+ %maxLength; | %minLength;">
+<!ENTITY % facet "%ordered; | %unordered;">
+<!ENTITY % facetAttr
+ "value CDATA #REQUIRED
+ id ID #IMPLIED">
+<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED">
+<!ENTITY % facetModel "(%annotation;)?">
+<!ELEMENT %simpleType;
+ ((%annotation;)?, (%restriction; | %list; | %union;))>
+<!ATTLIST %simpleType;
+ name %NCName; #IMPLIED
+ final %simpleDerivationSet; #IMPLIED
+ id ID #IMPLIED
+ %simpleTypeAttrs;>
+<!-- name is required at top level -->
+<!ELEMENT %restriction; ((%annotation;)?,
+ (%restriction1; |
+ ((%simpleType;)?,(%facet;)*)),
+ (%attrDecls;))>
+<!ATTLIST %restriction;
+ base %QName; #IMPLIED
+ id ID #IMPLIED
+ %restrictionAttrs;>
+<!--
+ base and simpleType child are mutually exclusive,
+ one is required.
+
+ restriction is shared between simpleType and
+ simpleContent and complexContent (in XMLSchema.xsd).
+ restriction1 is for the latter cases, when this
+ is restricting a complex type, as is attrDecls.
+ -->
+<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)>
+<!ATTLIST %list;
+ itemType %QName; #IMPLIED
+ id ID #IMPLIED
+ %listAttrs;>
+<!--
+ itemType and simpleType child are mutually exclusive,
+ one is required
+ -->
+<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)>
+<!ATTLIST %union;
+ id ID #IMPLIED
+ memberTypes %QNames; #IMPLIED
+ %unionAttrs;>
+<!--
+ At least one item in memberTypes or one simpleType
+ child is required
+ -->
+
+<!ELEMENT %maxExclusive; %facetModel;>
+<!ATTLIST %maxExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxExclusiveAttrs;>
+<!ELEMENT %minExclusive; %facetModel;>
+<!ATTLIST %minExclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minExclusiveAttrs;>
+
+<!ELEMENT %maxInclusive; %facetModel;>
+<!ATTLIST %maxInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %maxInclusiveAttrs;>
+<!ELEMENT %minInclusive; %facetModel;>
+<!ATTLIST %minInclusive;
+ %facetAttr;
+ %fixedAttr;
+ %minInclusiveAttrs;>
+
+<!ELEMENT %totalDigits; %facetModel;>
+<!ATTLIST %totalDigits;
+ %facetAttr;
+ %fixedAttr;
+ %totalDigitsAttrs;>
+<!ELEMENT %fractionDigits; %facetModel;>
+<!ATTLIST %fractionDigits;
+ %facetAttr;
+ %fixedAttr;
+ %fractionDigitsAttrs;>
+
+<!ELEMENT %length; %facetModel;>
+<!ATTLIST %length;
+ %facetAttr;
+ %fixedAttr;
+ %lengthAttrs;>
+<!ELEMENT %minLength; %facetModel;>
+<!ATTLIST %minLength;
+ %facetAttr;
+ %fixedAttr;
+ %minLengthAttrs;>
+<!ELEMENT %maxLength; %facetModel;>
+<!ATTLIST %maxLength;
+ %facetAttr;
+ %fixedAttr;
+ %maxLengthAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %enumeration; %facetModel;>
+<!ATTLIST %enumeration;
+ %facetAttr;
+ %enumerationAttrs;>
+
+<!ELEMENT %whiteSpace; %facetModel;>
+<!ATTLIST %whiteSpace;
+ %facetAttr;
+ %fixedAttr;
+ %whiteSpaceAttrs;>
+
+<!-- This one can be repeated -->
+<!ELEMENT %pattern; %facetModel;>
+<!ATTLIST %pattern;
+ %facetAttr;
+ %patternAttrs;>
diff --git a/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html new file mode 100644 index 000000000..5f3812dbe --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A100/A101/htmlForm.html @@ -0,0 +1,177 @@ +<html> +<head> +<title>MOA ID Auth Sample Login - customized</title> +</head> +<body> +<h1>MOA ID Auth Sample Login - customized</h1> +<form name="CustomizedForm" + action="http://localhost:3495/http-security-layer-request" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<?xml version="1.0" encoding="UTF-8" ?><sl10:InfoboxReadRequest xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity="true"/></sl10:InfoboxReadRequest>"/> + <input type="hidden" + name="DataURL" + value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/> + <input type="submit" value="Bürgerkarte lesen"/> +</form> +<form name="CustomizedInfoForm" + action="http://localhost:3495/http-security-layer-request" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<?xml version="1.0" encoding="UTF-8"?> +<sl11:VerifyXMLSignatureRequest xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <sl11:SignatureInfo> + <sl11:SignatureEnvironment> + <sl10:XMLContent xml:space="preserve"><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI="#signed-data"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('signed-data')/node()</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>C0hW5jQojphweuFzPb+CNkHwhe4=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Bdsc7wAfyMyZ21ChcF+tRh3D7sU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh +qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p +tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="signed-data"><html> +<head> +<title>Überprüfung des Namen des Anmelde-Servers</title> +</head> +<body> +<h2>Prüfung der Identität des MOA-ID Servers</h2> + +Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden, +wird empfohlen den Namen des Anmelde-Servers zu überprüfen. +Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates. +Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt +wurde, dem Sie vertrauen. +<p> +Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können. +Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind. +</p> +<h3>Microsoft Internet Explorer 6.0</h3> + +<ol> +<li>Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.</li> +<li>Selektieren Sie im nun geöffnetem Fenster "Zertifikat" den Karteireiter "Zertifizierungspfad".</li> +<li>Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.</li> +<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter "Details", Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li> +<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck (Karteireiter "Details", unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +<ul> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li> +</ul></li> +<li>Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit +einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche "Zertifikat installieren ..." +(Karteireiter "Allgemein") aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate +vom Internet Explorer als vertrauenswürdig erkannt.</li> +</ol> +<h3>Netscape Navigator 7.0</h3> +<ol> +<li>Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers</li> +<li>Aktivieren Sie die Schaltfläche "Anzeigen"</li> +<li>Selektieren Sie im nun geöffnetem Fenster "Zertifikatsanzeige" den Karteireiter "Detail".</li> +<li>Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.</li> +<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li> +<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +<ul> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li> +</ul></li> +<li>Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren, +indem Sie die "*.cer" Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle +ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.</li> +</ol> + +<h2>Zertifikate und ihr Fingerabdruck</h2> + +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>111 (0x6f)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6</td> +</tr> +</table> + +<p/> +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>531 (0x213)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33</td> +</tr> +</table> + +<p/> +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>536 (0x0218)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f</td> +</tr> +</table> + +</body> +</html></dsig:Object><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-06T07:09:50Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature></sl10:XMLContent> + </sl11:SignatureEnvironment> + <sl11:SignatureLocation>//dsig:Signature</sl11:SignatureLocation> + </sl11:SignatureInfo> +</sl11:VerifyXMLSignatureRequest> +"/> + <input type="hidden" + name="DataURL" + value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/> + Hier finden Sie weitere Informationen zur Überprüfung der Zertifikate. + <input type="submit" value="Weitere Info"/> +</form></body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html new file mode 100644 index 000000000..7ba249f98 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A100/A102/htmlForm.html @@ -0,0 +1,177 @@ +<meta http-equiv="content-type" content="text/html; charset=UTF-8"> +<html> +<head> +<title>Auslesen der Personenbindung</title> +</head> +<body> +<form name="GetIdentityLinkForm" + action="http://localhost:3495/http-security-layer-request" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<?xml version="1.0" encoding="UTF-8" ?><sl10:InfoboxReadRequest xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity="true"/></sl10:InfoboxReadRequest>"/> + <input type="hidden" + name="DataURL" + value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/> + <input type="submit" value="Auslesen der Personenbindung"/> +</form> +<form name="CertificateInfoForm" + action="http://localhost:3495/http-security-layer-request" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<?xml version="1.0" encoding="UTF-8"?> +<sl11:VerifyXMLSignatureRequest xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <sl11:SignatureInfo> + <sl11:SignatureEnvironment> + <sl10:XMLContent xml:space="preserve"><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI="#signed-data"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('signed-data')/node()</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>C0hW5jQojphweuFzPb+CNkHwhe4=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Bdsc7wAfyMyZ21ChcF+tRh3D7sU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh +qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p +tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="signed-data"><html> +<head> +<title>Überprüfung des Namen des Anmelde-Servers</title> +</head> +<body> +<h2>Prüfung der Identität des MOA-ID Servers</h2> + +Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden, +wird empfohlen den Namen des Anmelde-Servers zu überprüfen. +Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates. +Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt +wurde, dem Sie vertrauen. +<p> +Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können. +Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind. +</p> +<h3>Microsoft Internet Explorer 6.0</h3> + +<ol> +<li>Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.</li> +<li>Selektieren Sie im nun geöffnetem Fenster "Zertifikat" den Karteireiter "Zertifizierungspfad".</li> +<li>Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.</li> +<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter "Details", Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li> +<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck (Karteireiter "Details", unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +<ul> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li> +</ul></li> +<li>Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit +einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche "Zertifikat installieren ..." +(Karteireiter "Allgemein") aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate +vom Internet Explorer als vertrauenswürdig erkannt.</li> +</ol> +<h3>Netscape Navigator 7.0</h3> +<ol> +<li>Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers</li> +<li>Aktivieren Sie die Schaltfläche "Anzeigen"</li> +<li>Selektieren Sie im nun geöffnetem Fenster "Zertifikatsanzeige" den Karteireiter "Detail".</li> +<li>Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.</li> +<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li> +<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +<ul> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li> +</ul></li> +<li>Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren, +indem Sie die "*.cer" Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle +ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.</li> +</ol> + +<h2>Zertifikate und ihr Fingerabdruck</h2> + +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>111 (0x6f)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6</td> +</tr> +</table> + +<p/> +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>531 (0x213)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33</td> +</tr> +</table> + +<p/> +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>536 (0x0218)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f</td> +</tr> +</table> + +</body> +</html></dsig:Object><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-06T07:09:50Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature></sl10:XMLContent> + </sl11:SignatureEnvironment> + <sl11:SignatureLocation>//dsig:Signature</sl11:SignatureLocation> + </sl11:SignatureInfo> +</sl11:VerifyXMLSignatureRequest> +"/> + <input type="hidden" + name="DataURL" + value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/> + <input type="submit" value="Information zu Wurzelzertifikaten"/> +</form> +</body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html b/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html new file mode 100644 index 000000000..5f3812dbe --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A100/A103/htmlForm.html @@ -0,0 +1,177 @@ +<html> +<head> +<title>MOA ID Auth Sample Login - customized</title> +</head> +<body> +<h1>MOA ID Auth Sample Login - customized</h1> +<form name="CustomizedForm" + action="http://localhost:3495/http-security-layer-request" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<?xml version="1.0" encoding="UTF-8" ?><sl10:InfoboxReadRequest xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity="true"/></sl10:InfoboxReadRequest>"/> + <input type="hidden" + name="DataURL" + value="https://localhost:8443/authVerifyIdentityLink?MOASessionID=DELETED"/> + <input type="submit" value="Bürgerkarte lesen"/> +</form> +<form name="CustomizedInfoForm" + action="http://localhost:3495/http-security-layer-request" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<?xml version="1.0" encoding="UTF-8"?> +<sl11:VerifyXMLSignatureRequest xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <sl11:SignatureInfo> + <sl11:SignatureEnvironment> + <sl10:XMLContent xml:space="preserve"><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI="#signed-data"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('signed-data')/node()</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>C0hW5jQojphweuFzPb+CNkHwhe4=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Bdsc7wAfyMyZ21ChcF+tRh3D7sU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh +qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p +tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="signed-data"><html> +<head> +<title>Überprüfung des Namen des Anmelde-Servers</title> +</head> +<body> +<h2>Prüfung der Identität des MOA-ID Servers</h2> + +Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden, +wird empfohlen den Namen des Anmelde-Servers zu überprüfen. +Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates. +Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt +wurde, dem Sie vertrauen. +<p> +Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können. +Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind. +</p> +<h3>Microsoft Internet Explorer 6.0</h3> + +<ol> +<li>Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.</li> +<li>Selektieren Sie im nun geöffnetem Fenster "Zertifikat" den Karteireiter "Zertifizierungspfad".</li> +<li>Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.</li> +<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter "Details", Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li> +<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck (Karteireiter "Details", unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +<ul> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li> +</ul></li> +<li>Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit +einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche "Zertifikat installieren ..." +(Karteireiter "Allgemein") aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate +vom Internet Explorer als vertrauenswürdig erkannt.</li> +</ol> +<h3>Netscape Navigator 7.0</h3> +<ol> +<li>Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers</li> +<li>Aktivieren Sie die Schaltfläche "Anzeigen"</li> +<li>Selektieren Sie im nun geöffnetem Fenster "Zertifikatsanzeige" den Karteireiter "Detail".</li> +<li>Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.</li> +<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag "Aussteller") +ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li> +<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den +Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist +eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet. +Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat +in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt. +<ul> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert +in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert +in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li> +<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den +Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li> +</ul></li> +<li>Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren, +indem Sie die "*.cer" Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle +ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.</li> +</ol> + +<h2>Zertifikate und ihr Fingerabdruck</h2> + +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>111 (0x6f)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6</td> +</tr> +</table> + +<p/> +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>531 (0x213)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33</td> +</tr> +</table> + +<p/> +<table> +<tr> +<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td> +</tr> +<tr> +<td>Seriennummer</td><td>536 (0x0218)</td> +</tr> +<tr> +<td>Fingerabdruck</td><td>SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f</td> +</tr> +</table> + +</body> +</html></dsig:Object><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-06T07:09:50Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature></sl10:XMLContent> + </sl11:SignatureEnvironment> + <sl11:SignatureLocation>//dsig:Signature</sl11:SignatureLocation> + </sl11:SignatureInfo> +</sl11:VerifyXMLSignatureRequest> +"/> + <input type="hidden" + name="DataURL" + value="https://localhost:8443/authStartAuthentication?MOASessionID=DELETED"/> + Hier finden Sie weitere Informationen zur Überprüfung der Zertifikate. + <input type="submit" value="Weitere Info"/> +</form></body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html b/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html new file mode 100644 index 000000000..2ecfe9cfd --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A100/AuthTemplate.html @@ -0,0 +1,30 @@ +<html> +<head> +<title>MOA ID Auth Sample Login - customized</title> +</head> +<body> +<h1>MOA ID Auth Sample Login - customized</h1> +<form name="CustomizedForm" + action="<BKU>" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<XMLRequest>"/> + <input type="hidden" + name="DataURL" + value="<DataURL>"/> + <input type="submit" value="Bürgerkarte lesen"/> +</form> +<form name="CustomizedInfoForm" + action="<BKU>" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<CertInfoXMLRequest>"/> + <input type="hidden" + name="DataURL" + value="<CertInfoDataURL>"/> + Hier finden Sie weitere Informationen zur Überprüfung der Zertifikate. + <input type="submit" value="Weitere Info"/> +</form></body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml b/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml new file mode 100644 index 000000000..3877f0950 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A201/CreateXMLSignatureRequest.xml @@ -0,0 +1,88 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'> + <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier> + <sl11:DataObjectInfo Structure='detached'> + <sl10:DataObject Reference=''/> +<sl10:TransformsInfo> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> + <table border="1"> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + <tr> + <td> + <b>Zeit:</b> + </td> + <td> + <xsl:value-of select="//@IssueInstant"/> + </td> + </tr> + <tr> + <td> + <b>Applikation:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Geschäftsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Anmeldeserver:</b> + </td> + <td> + <xsl:value-of select="//saml:NameIdentifier"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>text/html</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> + </sl11:DataObjectInfo> + <sl11:SignatureInfo> + <sl11:SignatureEnvironment> + <sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-04-29T09:40:46+02:00'> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion></sl10:XMLContent> + </sl11:SignatureEnvironment> + <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation> + </sl11:SignatureInfo> +</sl11:CreateXMLSignatureRequest>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml new file mode 100644 index 000000000..f6b2aa57d --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A254/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>000000000000</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml new file mode 100644 index 000000000..b38e902f2 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A255/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="A" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>000000000000</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml new file mode 100644 index 000000000..ab5315d20 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A256/InfoboxReadResponse.xml @@ -0,0 +1,108 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>000000000000</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>000000000000</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml new file mode 100644 index 000000000..a980fabd3 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A257/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>000000000000</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="NOCitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="NOCitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml new file mode 100644 index 000000000..78f5ddd5c --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A258/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://WRONG.NAMESPACE"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://WRONG.NAMESPACE"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml new file mode 100644 index 000000000..764b08361 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A259/InfoboxReadResponse.xml @@ -0,0 +1,87 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml new file mode 100644 index 000000000..22ea67174 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A260/InfoboxReadResponse.xml @@ -0,0 +1,41 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +</saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml new file mode 100644 index 000000000..e3ca1bf66 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A261/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann2</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml b/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml new file mode 100644 index 000000000..44b4f519b --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A262/Configuration.xml @@ -0,0 +1,103 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile2</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile2</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <!--<X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>--> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="http://localhost:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://testP101:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://testP102:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA302:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA303:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA304:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA305:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA306:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA307:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA308:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/> + <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml new file mode 100644 index 000000000..e894f560e --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A262/InfoboxReadResponse.xml @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-13T08:18:09.803" IssueInstant="2003-02-13T08:18:09.803" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns="" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>987654321098</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Monika</pr:GivenName> + <pr:FamilyName primary="undefined">Bürger</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1945-08-02</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>5lEaWEjW+4/6Zcp4TCAx4KDwrhqNCnwSOlyWBgAvHZs57Sg2h3lATP2SJjujzMityxI/r5XFSjNl +D7BDml4hqy7P2Ro0z/EDKWCo+VMjZS2DKMUWoB4u+QOgovHXMcB/ko6N0MSwQxDxus7LrJ2aYT2G +naS1u6/zULjkn3rhOjM=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>ZObnb8BKSWDhmGsQhNGWSAboNH+nJPM109g8QlTi3KrLmtbVuuQWByZmRbgT4HfRFsnD8RvG2Lw3 +cC0G8UH/BeSo5LeJSZc5TUTbWm62kjywzGp4TTX0/K1bHp2cZ/lOIpfAI1tsGerWIoX7FRd79lc+ +8Osp1AsguEm/qQH6FTs=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>N37kVznK95fiKaf1sWVHeFkbzwY=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Rk9zppvNedEsGSx9CibYS4eu0jw=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Hte006lAMycSR138EA/LGP/NBuaab4PzleCjl4ZvDTGKBPEzFKtVqrY+evG9aKWi +B/yw1L5DnIn9UOKqLouwZGBzK33nyAZdr+GWYtWKogbgEeNTLxT2LNoQHthfsTLr +g2Me//mQEqYdtMcTfmhls/qizjhgZXm16yaCWv2bIoc=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>0DHkFVM0QWLSexFR2MX0VavHHK8=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml new file mode 100644 index 000000000..9ad95af1f --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A200/A263/InfoboxReadResponse.xml @@ -0,0 +1,98 @@ +<?xml version="1.0" encoding="UTF-8"?><sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent> +<saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns="" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHN +WW5RPGxVlPDz5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfv +HEcxHQOA6sa42C+dFKsKIvmP3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml new file mode 100644 index 000000000..03b1fbd3f --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A301/AuthenticationData.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml new file mode 100644 index 000000000..39d9a864b --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A301/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml new file mode 100644 index 000000000..db46fb127 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A302/AuthenticationData.xml @@ -0,0 +1,121 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml new file mode 100644 index 000000000..804a27e92 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A302/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml new file mode 100644 index 000000000..12cfbb668 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A303/AuthenticationData.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml new file mode 100644 index 000000000..2067a40c7 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A303/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml new file mode 100644 index 000000000..7e05dbfe1 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A304/AuthenticationData.xml @@ -0,0 +1,133 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml new file mode 100644 index 000000000..bc1bc17ce --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A304/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml new file mode 100644 index 000000000..124f7e5d0 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A305/AuthenticationData.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml new file mode 100644 index 000000000..7a2ed2017 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A305/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml new file mode 100644 index 000000000..9b39890d1 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A306/AuthenticationData.xml @@ -0,0 +1,124 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml new file mode 100644 index 000000000..3750de781 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A306/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml new file mode 100644 index 000000000..499a3908e --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A307/AuthenticationData.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml new file mode 100644 index 000000000..7400f791a --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A307/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml new file mode 100644 index 000000000..32b3d31f9 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A308/AuthenticationData.xml @@ -0,0 +1,136 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml new file mode 100644 index 000000000..b6b42f267 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A308/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml new file mode 100644 index 000000000..b3e27002e --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A309/AuthenticationData.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>false</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml new file mode 100644 index 000000000..9e523773a --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A309/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName> + <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..184615e91 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A309/CreateXMLSignatureResponse.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>DlzOL10xqFzEPMGWmenuvyqB3+c=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Mx68y1JK5jtEyp10w/9p5FYq0Ro5JsjOHQREag5DAfMW5Mf+6qapTjvO+eDZXYub +Vjzph+QgxIhwfFQtrrM9M9ftuHWtD+HeVaexWNkApOBzijdTjZAS4lph4WM5wJ3M +/vUhCJzQzC1scg7xRdNGd+aszMtksWKJpPw4oI0PayE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID1zCCA0SgAwIBAgIGAPMkfTU7MAkGBSsOAwIdBQAwgawxCzAJBgNVBAYTAkFU +MSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UE +CxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh +bmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAsTDElBSUsgVGVzdCBDQTEVMBMGA1UE +AxMMSUFJSyBUZXN0IENBMB4XDTAzMDIwMzE2MjA1NVoXDTAzMTIzMDIyNTkzMFow +gZgxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD +SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp +b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGDAWBgNVBAMUD0lzb2xk +ZSBC/HJnZXJpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA53m0qng6O9zV +IAuJ22Ps91X+pddhMiA9P0QusMexQ+QEkfe43nEFIToUZ3uuoAQFd+n4MXM6D68t +ZctGU5O4W5Aq/bEjI4efIHS0EThzgNAymqmT9Z9IIEhqm/1jhQ4SXTW33y3Xn3lx +26DiTeApftuQB388YlV+Rs+rTyF9iRUCAwEAAaOCARwwggEYMAwGA1UdEwEB/wQC +MAAwDgYDVR0PAQH/BAQDAgbAMBEGCWCGSAGG+EIBAQQEAwIFIDBnBgNVHSAEYDBe +MFwGDCsGAQQBlRIBAnsBATBMMEoGCCsGAQUFBwICMD4aPFRoaXMgY2VydGlmaWNh +dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBwdXJwb3NlczA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vd3d3LmlhaWsuYXQvdGVzdENBL2lhaWtf +dGVzdF9zaWcuY3JsMB0GA1UdDgQWBBQoOuoIxS8M1o/DTZkJUs0lnN5A7TAfBgNV +HSMEGDAWgBRMILBWAgz3iAqWiKUUtFHMOrXyvzAJBgUrDgMCHQUAA4GBACY81o8m +zb8YCuTMgeplySm5nAkxjsv1T5n/Hzz1cLfSDJZ0HyNTVx/GDszY+Dx28MdW+6DL +o9nWPSE/4P+k9HXJe/wEyAv44OrjvpzGGKjqoc3X8v4rzMo6MBRNluu0m3y1pktT +V/q4aiWD/nbGXdrn/AoKAvOSAQ3Qe6X+dT/1</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:37</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>dL59VDpBsujcngd207z0ohPl1/U=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1044289238331</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> + </saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml new file mode 100644 index 000000000..b3e27002e --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A310/AuthenticationData.xml @@ -0,0 +1,25 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>false</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml new file mode 100644 index 000000000..9e523773a --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A310/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName> + <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..e004eb74c --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A310/CreateXMLSignatureResponse.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Q2VhPYhMbwz4beILYjMDmBsurLQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lr5L9hxi1rvdm5vT9WpG8yYKv1TIjPrONJUv6O4lTUyC4E8L4nwx8mMFPd8Q7jNb +WmMmaDCl0uZYOATdu/x2t5wYOYreBUpka3J3wPTIJhMJQwaMMu3rHM3Ewn+1Wlsw +6VED3ZWKAmI+12Mto5RLbD5BU6757Tx42YuCkw9glZM=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIID5zCCA1SgAwIBAgIGAPR8iAdPMAkGBSsOAwIdBQAwgawxCzAJBgNVBAYTAkFU +MSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVDSE5PTE9HWTFHMEUGA1UE +CxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBh +bmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAsTDElBSUsgVGVzdCBDQTEVMBMGA1UE +AxMMSUFJSyBUZXN0IENBMB4XDTAzMDQxMTExNDIwNVoXDTAzMTIzMDIyNTkzMFow +gZgxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD +SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp +b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxGDAWBgNVBAMUD0lzb2xk +ZSBC/HJnZXJpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA0bdQqA5YFf32 +OjaZo01tpAsP/Kgor6sWGLQj2uBrQDOAOymVkIPtv4C9XQ1tH8EUexgbYI1QpE9V +ODvoo49Bi6u9hYnlDFj+8EgQoDCmqFSy/jzwLVnRL7jwN96uAyU5WymEdPWgHRpT +6oDxYs36MJ7+iWQISA6nl3/QTI4wnJcCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC +MAAwDgYDVR0PAQH/BAQDAgbAMBEGCWCGSAGG+EIBAQQEAwIFIDBnBgNVHSAEYDBe +MFwGDCsGAQQBlRIBAnsBATBMMEoGCCsGAQUFBwICMD4aPFRoaXMgY2VydGlmaWNh +dGUgb25seSBtYXkgYmUgdXNlZCBmb3IgZGVtb25zdHJhdGlvbiBwdXJwb3NlczA8 +BgNVHR8ENTAzMDGgL6AthitodHRwOi8vd3d3LmlhaWsuYXQvdGVzdENBL2lhaWtf +dGVzdF9zaWcuY3JsMB0GA1UdDgQWBBTehKfLADylQ4B6DyYKvUG1+pHZzzAOBgcq +KAAKAQEBBAMBAf8wHwYDVR0jBBgwFoAUTCCwVgIM94gKloilFLRRzDq18r8wCQYF +Kw4DAh0FAAOBgQBw2mE3PxdtcSDwCTglkNt7ww4IGmWnUCYUiV8x/lcwWdXhcnRM +lsjmOYi0vFiV8ne6x8fI6WMQLmHQMTfra+tEBrsHOlhISz5F5VGVfj/w6DcTC2HH +wGaIkTqAu6GZ+bu8OpXYSIZEy4ZSMTWWnomses0LyrXqmWNWh1InVjAPiw==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:39</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>YrSnK0/o4nCtqxK1IpJF2Qy4ZQc=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1050061309775</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> + </saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml new file mode 100644 index 000000000..8a66f40cf --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A311/AuthenticationData.xml @@ -0,0 +1,28 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>false</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isPublicAuthority' AttributeNamespace='urn:oid:1.2.40.0.10.1.1.1'> + <saml:AttributeValue>Musterbehörde</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml new file mode 100644 index 000000000..9e523773a --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A311/Configuration.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=Isolde B\C3\BCrgerin,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</X509SubjectName> + <X509SubjectName>CN=Max Mustermann,O=Musterorganisation,STREET=Mustergasse 1,L=Wien,ST=Wien,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="authenticationSessionTimeOut" value="600"/> + <GenericConfiguration name="authenticationDataTimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..f7346ad2b --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A311/CreateXMLSignatureResponse.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-23T09:52:28+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://moatestlinux:18443/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>ue7o7gdb1tN1eNQ/PTK2zBa4tzc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-signed-1-1')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nSqJkplafvE6SpfL0JP5Tbanh3Y=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>V5m5I1QA+NXzhU64G/I1vT8LAoWqaoHm2Ck807U8SVG668NmjH4wrfTln+Shx0HD ++q4c2NAb6ZFzTUQ190RlRgvEM0cvtCSpn7/AcJaBd5WuUYPRLPEmP8ca4xhLGi1t +XZQCTpTLLnRI+5Yf5HJqc1lfs5Pkv9hQZ9W55eJgmiA=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDwTCCAy6gAwIBAgIVAOn21xTCfievvs3qbq8HRBHjXjNPMAkGBSsOAwIdBQAw +gZUxCzAJBgNVBAYTAkFUMSYwJAYDVQQKEx1HUkFaIFVOSVZFUlNJVFkgT0YgVEVD +SE5PTE9HWTFHMEUGA1UECxM+SW5zaXR1dGUgZm9yIEFwcGxpZWQgSW5mb3JtYXRp +b24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNhdGlvbnMxFTATBgNVBAMTDElBSUsg +VGVzdCBDQTAeFw0wMjExMTUwOTQwNTBaFw0wMzEyMzEyMjU5MzBaMHkxCzAJBgNV +BAYTAkFUMQ0wCwYDVQQIEwRXaWVuMQ0wCwYDVQQHEwRXaWVuMRYwFAYDVQQJEw1N +dXN0ZXJnYXNzZSAxMRswGQYDVQQKExJNdXN0ZXJvcmdhbmlzYXRpb24xFzAVBgNV +BAMTDk1heCBNdXN0ZXJtYW5uMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDw +Dxgoc53OFRWuZcGRkuZYYHxTeM7tLoH+9eFpqtokWHruFNn49JNWNdU2PMPeXezO +6eYwz/214/EB/SvCx5ZRlLC7GikqUX0UyK/r36zq9Q5nOMFfSoG48hEIjzAUWnc4 +FIePYW7hdb0/nW+1CKVdpmsGHChJoN7SCiVvY0eyAQIDAQABo4IBLjCCASowDAYD +VR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCB4AwZwYDVR0gBGAwXjBcBgwrBgEEAZUS +AQIDAQEwTDBKBggrBgEFBQcCAjA+GjxUaGlzIGNlcnRpZmljYXRlIG1heSBiZSB1 +c2VkIGZvciBkZW1vbnN0cmF0aW9uIHB1cnBvc2VzIG9ubHkwLwYDVR0RBCgwJoEk +bWF4Lm11c3Rlcm1hbm5AbXVzdGVyb3JnYW5pc2F0aW9uLmF0MB0GA1UdDgQWBBTp +9tcUwn4nr77N6m6vB0MgXEvH5TAbBgcqKAAKAQEBBBAMDk11c3RlcmJlaMO2cmRl +MBMGA1UdJQQMMAoGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFOtWHOnph3q+vzHzdX8q +/qzlQNOOMAkGBSsOAwIdBQADgYEALbC1Ibymb3DWwB+pEezrt87+r3xi+JGFxkt0 +tw0tOoe+ejSY8AhSuY3LseLdPNDnTtlg/GlkzijCFxBHPgUKhGokA91qIoV++fZt +3/pxjSVxl+elGDCx9WcrXB5L7m5mxSMgYGOZH2UUlFZQvtKXxU4KrXCXkQVTsg9g +RWizwj4=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="etsi-signed-1-1"><etsi:QualifyingProperties Target="#signature-1-1" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-25T10:36:40</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>pMBCPXFi69dO65GgzApHN4TxtvM=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=IAIK Test CA,OU=Insitute for Applied Information Processing and Communications,O=GRAZ UNIVERSITY OF TECHNOLOGY,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>1335699569126441074835341742398412708010421793615</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-1-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> + </saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..b9e0e0f9c --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A355/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="A" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..4ef49034c --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A356/CreateXMLSignatureResponse.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Subject> + <saml:NameIdentifier>http://localhost2:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..4fe3c4b2b --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A357/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="gb" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..4736c5dc3 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A358/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://wrong.namespace.com"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://wrong.namespace.com"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..7664fbe33 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A359/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>noTarget</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..a7ef7a637 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A360/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="noOA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..4736c5dc3 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A361/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://wrong.namespace.com"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://wrong.namespace.com"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..6e8393033 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A362/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>WRONG</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..96032998a --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A363/CreateXMLSignatureResponse.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement></saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..ba2749cda --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A364/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8081/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml new file mode 100644 index 000000000..9a358e434 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A366/Configuration.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile2</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>--> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="http://localhost:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/> + <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml new file mode 100644 index 000000000..5aade8185 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A367/Configuration.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>--> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/> + <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..ec8cefe99 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A300/A367/CreateXMLSignatureResponse.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-05-20T10:30:56+02:00" Issuer="Monika Bürger" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>http://localhost:8080/moa-id-proxy/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> + <table border="1"> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + <tr> + <td> + <b>Zeit:</b> + </td> + <td> + <xsl:value-of select="//@IssueInstant"/> + </td> + </tr> + <tr> + <td> + <b>Applikation:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Geschäftsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Anmeldeserver:</b> + </td> + <td> + <xsl:value-of select="//saml:NameIdentifier"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Vmmkctd+R7lkSKftZO1UnenfWi0=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>vfTksPSWSacTaSWnvybsm8iV80o=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>wIqspNC5KqReKNMNO7PIemxSKwGId1HIp5r6FFtuj099C304xR5fZoCoC2Zyk6di +bnoh+rRk9oZFeGoWvhb/JADGgtia7VUO4qc3suCNVpikRgiG5K8LXMGS3w+1wUFb +JIkDKLuDxmXApG+BEEQXmE07zfwAzRbVBmunpWnG/us=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTkwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzI0MTlaFw0wNjAyMTAxMzI0MjBaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTEgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BMTEVMBMGA1UEBRMMMjI1NjUyMzkyMTA0 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDmURpYSNb7j/plynhMIDHgoPCu +Go0KfBI6XJYGAC8dmzntKDaHeUBM/ZImO6PMyK3LEj+vlcVKM2UPsEOaXiGrLs/Z +GjTP8QMpYKj5UyNlLYMoxRagHi75A6Ci8dcxwH+Sjo3QxLBDEPG6zsusnZphPYad +pLW7r/NQuOSfeuE6MwIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECEp3ZWggbV5MMA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uMkBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAIuyADBvzJmE7yCCAilQrFl4U+HjMNF5NwbbUqjtVxCj7JliOFJBd +en46ekG8w57tLHOhg/5N9xdmObX2jgzGZy7uJC7eDnszWjvvfsFev87MwZFy3Pm/ +wdu1+7/+RLDcrOViDn1x2n/JDvkqZJ5WFor2R76wnBIESNeHOqDW9nXHP5F5ERLI +Ug3tVhIHCkxkBvHJkQOwMD+BhKGh/1jSBRloyrVD/5QUcbQE5wmOjv1I6LLOZRbq +eXk8cQhwGH+K6p0BdwQc6rg3CXFqTTzP4GuUhnxfJsYtKw7qAfVSf3VRqbeVHX4M +xDtbjTi15+0lWfB15L4jukJl10D9cFMsWA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-20T08:31:06Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>A6PySg7S5iw8pJEX0i5lwp43lZY=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6457</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml b/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml new file mode 100644 index 000000000..32b3d31f9 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A400/A401/AuthenticationData.xml @@ -0,0 +1,136 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' xmlns:pr='http://reference.e-government.gv.at/namespace/persondata/20020228#' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' MajorVersion='1' MinorVersion='0' Issuer='https://localhost:8443/auth' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier='http://reference.e-government.gv.at/names/vpk/20020221#'>kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' Issuer='Hermann Muster' > + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/auth</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName='PersonData' AttributeNamespace='http://reference.e-government.gv.at/namespace/persondata/20020228#'> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='isQualifiedCertificate' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml b/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml new file mode 100644 index 000000000..8dd0f10d6 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A600/A601/GetAuthenticationDataWebServiceResponse.xml @@ -0,0 +1,136 @@ +<?xml version="1.0" encoding="UTF-8"?> +<samlp:Response InResponseTo="" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"> <samlp:Status> <samlp:StatusCode Value="samlp:Success"> </samlp:StatusCode> <samlp:StatusMessage>Anfrage erfolgreich beantwortet</samlp:StatusMessage> </samlp:Status> <saml:Assertion Issuer="https://localhost:8443/moa-id-auth/" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">kp6hOq6LRAkLtrqm6EvDm6bMwJw=</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData><saml:Assertion Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion><saml:Assertion Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"> + <saml:AttributeValue><pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person></saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>true</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion></samlp:Response>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html b/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html new file mode 100644 index 000000000..2ecfe9cfd --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/A701/AuthTemplate.html @@ -0,0 +1,30 @@ +<html> +<head> +<title>MOA ID Auth Sample Login - customized</title> +</head> +<body> +<h1>MOA ID Auth Sample Login - customized</h1> +<form name="CustomizedForm" + action="<BKU>" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<XMLRequest>"/> + <input type="hidden" + name="DataURL" + value="<DataURL>"/> + <input type="submit" value="Bürgerkarte lesen"/> +</form> +<form name="CustomizedInfoForm" + action="<BKU>" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<CertInfoXMLRequest>"/> + <input type="hidden" + name="DataURL" + value="<CertInfoDataURL>"/> + Hier finden Sie weitere Informationen zur Überprüfung der Zertifikate. + <input type="submit" value="Weitere Info"/> +</form></body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html b/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html new file mode 100644 index 000000000..92b3f04cd --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/A701/BKUSelectionTemplate.html @@ -0,0 +1,14 @@ +<html> +<head> +<title>BKU Auswahl - customized</title> +</head> +<body> +<h1><font color="green">BKU Auswahl - customized</font></h1> +<p> +<form method="post" action="<StartAuth>"> +<BKUSelect> +<input type="submit" value="Auswählen"/> +</form> +</p> +</body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html new file mode 100644 index 000000000..a473a689b --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/A701/SelectBKUForm.html @@ -0,0 +1,20 @@ +<html> +<head> +<title>BKU Auswahl - customized</title> +</head> +<body> +<h1><font color="green">BKU Auswahl - customized</font></h1> +<p> +<form method="post" action="https://localhost:8443/authStartAuthentication?MOASessionID=6621777788841637660"> +<select name="bkuURI"> + <option value="http://localhost:3495/http-security-layer-request" selected>Lokale Bürgerkarte</option> + <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option> + <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option> + <option value="https://10.16.126.28:3496/http-security-layer-request">Bürgerkarte Arbeitsplatz Paul Ivancsics</option> +</select> + +<input type="submit" value="Auswählen"/> +</form> +</p> +</body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html new file mode 100644 index 000000000..a213d9de0 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/A702/SelectBKUForm.html @@ -0,0 +1,20 @@ +<meta http-equiv="content-type" content="text/html; charset=UTF-8"> +<html> +<head> +<title>Auswahl der Bürgerkartenumgebung</title> +</head> +<body> +<form name="BKUSelectionForm" + action="https://localhost:8443/authStartAuthentication?MOASessionID=7936129366756090040" + method="post"> +<select name="bkuURI"> + <option value="http://localhost:3495/http-security-layer-request" selected>Lokale Bürgerkarte</option> + <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option> + <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option> + <option value="https://10.16.126.28:3496/http-security-layer-request">Bürgerkarte Arbeitsplatz Paul Ivancsics</option> +</select> + + <input type="submit" value="Bürgerkartenumgebung auswählen"/> +</form> +</body> +</html>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml b/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml new file mode 100644 index 000000000..f38dc9ee0 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/A703/Configuration.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLComplete"> + <ConnectionParameter URL="https://auswahl.buergerkarte.at/auswahl"/> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>--> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html b/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html new file mode 100644 index 000000000..21e48a844 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/A703/SelectBKUForm.html @@ -0,0 +1 @@ +https://auswahl.buergerkarte.at/auswahl?returnURI=https://localhost:8443/authStartAuthentication?MOASessionID=-1393563939984986204
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/A700/Configuration.xml b/id.server/data/abnahme-test/xmldata/A700/Configuration.xml new file mode 100644 index 000000000..44cc09196 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/Configuration.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="file:data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp"/> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>--> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp b/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp new file mode 100644 index 000000000..028dbd348 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/A700/getBKUSelectTag.jsp @@ -0,0 +1,6 @@ +<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale Bürgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">Bürgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
diff --git a/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml new file mode 100644 index 000000000..e125e2c38 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/C000/C001/Configuration.xml @@ -0,0 +1,61 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <BKUSelection> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + </ConnectionParameter> + </BKUSelection> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <AcceptedServerCertificates>http://AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <TrustedCACertificates>http://localhost:8080/truestedCACerts</TrustedCACertificates> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="data/test/certs/cert-store-root"/> + <GenericConfiguration name="TLSTrustedCACertificates" value="file:c:/java/id.server/data/test/certs/ca-certs"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml new file mode 100644 index 000000000..7a75d85f8 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/C000/C002/Configuration.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <OnlineApplication publicURLPrefix="http://localhost:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + </OnlineApplication> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml b/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml new file mode 100644 index 000000000..db84e7b12 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/C000/C003/Configuration.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://localhost:9080/moa-id-auth/services/GetAuthenticationData"/> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="http://localhost:9080/"> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml b/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml new file mode 100644 index 000000000..e3a364514 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/C000/C051/ConfigurationC051.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <OnlineApplication2 publicURLPrefix="http://localhost:9080/"> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication2> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/Configuration.xml b/id.server/data/abnahme-test/xmldata/Configuration.xml new file mode 100644 index 000000000..e3f1bd8b4 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/Configuration.xml @@ -0,0 +1,105 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <!--<AcceptedServerCertificates>file:data/abnahme-test/certs/server-certs</AcceptedServerCertificates>--> + <!--<ClientKeyStore password="Keystore Pass">file:data/abnahme-test/certs/server-certs/server.keystore</ClientKeyStore>--> + </ConnectionParameter> + + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>--> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="http://localhost:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://testP101:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://testP102:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA302:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA303:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA304:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA305:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA306:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA307:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA308:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..5a4759b7a --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml new file mode 100644 index 000000000..a35b7f209 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/L000/Configuration.xml b/id.server/data/abnahme-test/xmldata/L000/Configuration.xml new file mode 100644 index 000000000..e3f1bd8b4 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/L000/Configuration.xml @@ -0,0 +1,105 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:data/abnahme-test/conf/transforms/TransformsInfosHTML.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/"> + <!--<AcceptedServerCertificates>file:data/abnahme-test/certs/server-certs</AcceptedServerCertificates>--> + <!--<ClientKeyStore password="Keystore Pass">file:data/abnahme-test/certs/server-certs/server.keystore</ClientKeyStore>--> + </ConnectionParameter> + + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile3MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</X509SubjectName> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + <!--<X509SubjectName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</X509SubjectName>--> + <X509SubjectName>serialNumber=790187461633,givenName=Testperson MOA4,SN=BRZ,CN=Testperson MOA4 BRZ,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="http://localhost:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="10"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://localhost:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://testP101:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfBasicAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="https://testP102:9443/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/abnahme-test/conf/OAConfParamAuth.xml" sessionTimeOut="20"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA302:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA303:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA304:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA305:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA306:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="false" provideIdentityLink="true"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA307:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="false"/> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://localhostA308:9080/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + </OnlineApplication> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <TrustedCACertificates>file:data/abnahme-test/certs/ca-certs</TrustedCACertificates> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="C:/programme/apacheGroup/abnahme/aValidPathName"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml b/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..0ef26ce2f --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/L000/CreateXMLSignatureResponse.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-05-07T17:25:10+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>https://localhost:8443/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>http://10.16.126.28:9080/moa-id-proxy/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> + <table border="1"> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + <tr> + <td> + <b>Zeit:</b> + </td> + <td> + <xsl:value-of select="//@IssueInstant"/> + </td> + </tr> + <tr> + <td> + <b>Applikation:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Geschäftsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Anmeldeserver:</b> + </td> + <td> + <xsl:value-of select="//saml:NameIdentifier"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>bvM1wMyWDhJeTm6wYNIBeqEMGhc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>SODqS1d8cJD301+Eq0jrCkRjSkI=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>GIWA7SDyFiDbbDxOxipEjm9lNJunrfHsLaSEaDUgzpghZ0ESdP8wkS9fBGXdErm8 +FiitoTNUquYLefUjl6i5lIpPp+FraX/6t2Oxda4N8KMamoBpffcxoiU069JOVAEL +ohZawwD4ezgeBJSTgwX7dmPCXjpNa1M8l1wm8FhCgqo=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-07T15:25:17Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml b/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml new file mode 100644 index 000000000..a35b7f209 --- /dev/null +++ b/id.server/data/abnahme-test/xmldata/L000/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file diff --git a/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer b/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id.server/data/certs/TrustProfile1/A-Trust-Qual-01.cer diff --git a/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer b/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id.server/data/certs/TrustProfile1/A-Trust-nQual-01.cer diff --git a/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer b/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer Binary files differnew file mode 100644 index 000000000..18e6bc109 --- /dev/null +++ b/id.server/data/certs/TrustProfile1/Buergerkarte01Root.cer diff --git a/id.server/data/certs/TrustProfile1/C.CA.DS.cer b/id.server/data/certs/TrustProfile1/C.CA.DS.cer Binary files differnew file mode 100644 index 000000000..fc5bd433b --- /dev/null +++ b/id.server/data/certs/TrustProfile1/C.CA.DS.cer diff --git a/id.server/data/certs/TrustProfile1/IAIKRoot.cer b/id.server/data/certs/TrustProfile1/IAIKRoot.cer Binary files differnew file mode 100644 index 000000000..c0c60558a --- /dev/null +++ b/id.server/data/certs/TrustProfile1/IAIKRoot.cer diff --git a/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer b/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer Binary files differnew file mode 100644 index 000000000..21dc972b9 --- /dev/null +++ b/id.server/data/certs/TrustProfile1/IAIKRootMusterbehoerde.cer diff --git a/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer b/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer Binary files differnew file mode 100644 index 000000000..99936caa8 --- /dev/null +++ b/id.server/data/certs/TrustProfile1/TestPersonMOA4.cer diff --git a/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer b/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer Binary files differnew file mode 100644 index 000000000..fc5bd433b --- /dev/null +++ b/id.server/data/certs/TrustProfile1/a-sign-TEST-Premium-Enc-01.cer diff --git a/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer b/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer Binary files differnew file mode 100644 index 000000000..84518a6a8 --- /dev/null +++ b/id.server/data/certs/TrustProfile1/a-sign-TEST-nQual-01.cer diff --git a/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer b/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer Binary files differnew file mode 100644 index 000000000..dac166e9a --- /dev/null +++ b/id.server/data/certs/TrustProfile1/ecdsaroot_der.cer diff --git a/id.server/data/certs/TrustProfile1/hsm.cer b/id.server/data/certs/TrustProfile1/hsm.cer new file mode 100644 index 000000000..278cb8fab --- /dev/null +++ b/id.server/data/certs/TrustProfile1/hsm.cer @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE-----
+MIIB6TCCAVICAQEwDQYJKoZIhvcNAQEFBQAwPTESMBAGA1UEAxMJSFNNUlNBS0VZ
+MQwwCgYDVQQKEwNCUloxDDAKBgNVBAsTA01PQTELMAkGA1UEBhMCQVQwHhcNMDMw
+NDAzMTEwNjQ5WhcNMDQwNDAzMTEwNjQ5WjA9MRIwEAYDVQQDEwlIU01SU0FLRVkx
+DDAKBgNVBAoTA0JSWjEMMAoGA1UECxMDTU9BMQswCQYDVQQGEwJBVDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA2nygG6QL8ksWZFNAUWcLcAkRR7WHck3PFu4z
+ce2D/jeWk2pf3dC+49ZRkmJbKYclySx90BZFG6iSUkhI41eXbrRzIScFz15P9K4F
+rSg8redcdysWY/WJ2ybW05PuK8jNooyc4yAGoSfiNv7GlDfAqsZpSXB2YFvd6erF
+In5e7WECAwDL2zANBgkqhkiG9w0BAQUFAAOBgQCUhQ1YQg14ZtUGj1Zn1J5O3XXu
+RZmckYjRbqMxpY3iim+yH9+eSrDcfESUeoYQHzOB+qfOx+kU33qkWBzvP1079EbC
+v5eVi4mhJ6F/8xItuvroUtuQokiiEY8g8CSM1C124MLcJr0y90Nmb2q2cHhlBkw8
+s5uQpf4EtuqJAwMrcQ==
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/TrustProfile1/moahsmcert.cer b/id.server/data/certs/TrustProfile1/moahsmcert.cer new file mode 100644 index 000000000..160390f35 --- /dev/null +++ b/id.server/data/certs/TrustProfile1/moahsmcert.cer @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE-----
+MIIB7zCCAVgCAQEwDQYJKoZIhvcNAQEFBQAwQDEVMBMGA1UEAxMMTU9BSFNNUlNB
+S0VZMQwwCgYDVQQKEwNCUloxDDAKBgNVBAsTA01PQTELMAkGA1UEBhMCQVQwHhcN
+MDMwNDA3MTQwNzM3WhcNMDQwNDA3MTQwNzM3WjBAMRUwEwYDVQQDEwxNT0FIU01S
+U0FLRVkxDDAKBgNVBAoTA0JSWjEMMAoGA1UECxMDTU9BMQswCQYDVQQGEwJBVDCB
+nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuQJeLj5quuES22ZlXY2W5C/JF/7a
+WZM/EBj2hZff3i66IQYe3272E9p1utzIGvY3AfAlW0sKiOhZUpOnvFlAn+Bl86J2
+kE/mQMgVHd4fxb3onCNA+x/x5BdYVdx35il6iQy9xE0kpc01CMrUMMy0+GMcz4OR
+ziJf0WHsi9JL1nECAwCYrzANBgkqhkiG9w0BAQUFAAOBgQCDpmYSMnkjfJ4JXwwc
+Y6eqqiDBexZeVwNLjjJxwf5md4ZRiewwfY3aydcA8ffjcUh4/5XXdn5y2S2n8JEg
+N2EuHHC+k/CE2JJJylkikltE+nawdfa6MukhQ0sPKjyJ+Nr2nXOwX6O2bveaTw9J
+E2+9uU+Tuf4VG9HEHEL+IaU2tA==
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer b/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer Binary files differnew file mode 100644 index 000000000..bcbddd2f3 --- /dev/null +++ b/id.server/data/certs/ca-certs/GTE CyberTrust Root.cer diff --git a/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer b/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer Binary files differnew file mode 100644 index 000000000..781d1e4f2 --- /dev/null +++ b/id.server/data/certs/ca-certs/TrustMark-WebServer-01.cer diff --git a/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer b/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer Binary files differnew file mode 100644 index 000000000..b76137b1c --- /dev/null +++ b/id.server/data/certs/ca-certs/VeriSignRSA Secure Server CA.cer diff --git a/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer b/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer Binary files differnew file mode 100644 index 000000000..6f97837a2 --- /dev/null +++ b/id.server/data/certs/ca-certs/a-sign-corporate-light-01.cer diff --git a/id.server/data/certs/ca-certs/intermediate.cer b/id.server/data/certs/ca-certs/intermediate.cer Binary files differnew file mode 100644 index 000000000..c945fa97d --- /dev/null +++ b/id.server/data/certs/ca-certs/intermediate.cer diff --git a/id.server/data/certs/ca-certs/root.cer b/id.server/data/certs/ca-certs/root.cer Binary files differnew file mode 100644 index 000000000..dd22e761e --- /dev/null +++ b/id.server/data/certs/ca-certs/root.cer diff --git a/id.server/data/certs/client-certs/key.pem b/id.server/data/certs/client-certs/key.pem new file mode 100644 index 000000000..a326186c7 --- /dev/null +++ b/id.server/data/certs/client-certs/key.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,FE45B3E14DF98B85
+
+e4AS6U/QUW4/ZDMFdlDAVAsd5lKT7e83SWZXZePOjFXZDO+vXmiHp15uw/xrUiqA
+R5jTMHOmxccdpnoSeEXFRApgpfMgixL8IUzec8xaScOOy1+pbSadWWq5bsnnF4fF
+bztJiF5+2RXbNYe5DO32EuGpTOPZVIdWZkvgn5krPDs0EOJrGHC9SIAn+RNS7WDr
+AgKytCjX/aRQ9lUuoT8eX4e2tzslQ/x8K+0zt0vQZWDSPLZTqJNioILWwUpVapqH
+aC/8foQeWqHc1Dj9CoMZrUsS1Jwi/Hkc70cb1+3uH/DAaDng2gN4Qa2tpbvZhWHV
+rIZYpxN0CBxe/pmSwUZeZQPVcgHniJYRondVIOCCGst2l9XunOTxGoNGE8B7A/im
+FB/kondCVL7X+5gEjuAqjFTUrdQHbjCdDSwXLMAKDJEeY3NZhxsJlbXy2pcviUWz
+k0CfGpT9yANDtNT37OfJM6OZSKjUmgeqNENyL2G3X5gjpLCRTUt4BUh5IpeW3uLu
+f/wDAETyfDvHfyf2PAPSVcecDW+py7mFP87FKDrTb8e9fNleL3mNpdLaHFm7mHMf
+imhEehxiGMRj7TVBvS+WuJp0bFYiyEh6f2cnhwP/iAFkJEx7VDslYhtt9LkDGm3t
+1utow3jc/4t6IDV/rmyfYCoy9wbUymw3trGijjMT9H3L9bBekWXfiNTwOjfBa0G5
+meUUJ+BPnm1b5Y6I0nI5T1a7uJ0WeRL08NbJ26TDALBcV6l1IovgTKCtOofOcMBo
+JexXOTvllSEsNQrEzFUkzobLg48FyV/mwrjuIXuxUFwvcqKaU6Pa4Q==
+-----END RSA PRIVATE KEY-----
diff --git a/id.server/data/certs/client-certs/key2.pem b/id.server/data/certs/client-certs/key2.pem new file mode 100644 index 000000000..86c1d1d96 --- /dev/null +++ b/id.server/data/certs/client-certs/key2.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,BE4627B155C4DAA7
+
+Ja5FdI9jxs0+96ELq/INvD4LrSg4ELUr9Z12zBEc4mIGZRnmPgxpgKJUaWQy+atI
+X/o+KS0HYSOHfnWiWQD4GFcjGDhs8vxTsPa6I+vtrnEvFByfOq/R8h7wdHAid14J
+2E8MBVim/TxAi/2JG7yVguKkaUR/jP8uvoiTtMQvKe/NHzQywOmiACvpkX5a9G0t
+kMZKZ23q2FuEYuNn7/9E09CWc4YDc7AwhUcuUAwZXGQTmLPWriSTUKgR88G7u2LQ
+/dO0dqpJEtZIz0h7f+s46I6B7jyXNkShx8scS6YOOrdaq2xB6wC0cOAaNMc/kl7f
+9msanW4fJbE/B0rrL6ChI8Mqlr+TJ8oFrBHt1z5wexPa9OGqBOUJmoywXEhp8WUY
+oth8HZf/thJE3DppxgRHfDKgUiv8hCSRvaSFZ33Dx7qISPVBzbmk2CF69Ok05Sc3
+sHahRIA8X01mS8fFGL6fJPLT+xW4ARiP1NnVDMBUbFDg/g9GEMvAnxh9lWLysUv5
+6LMR01H6CVhOsbKfpUqIfqT6U9HmjF1vQGD1jp9KGi12Cu6Yf6Z6OcMBmR93rao3
+50GtG0HLbhuUPIrFMYe3Dl0TfPxLj/ieNvGFgueWE7Y92mw/XGn3wLoSVKAIRrYd
+ZXh09mA3yARqY15UJWmR77WOrh4j1KybADF6F445+H64UtD1QQBHH4/K+ZJ1CUiE
+V9d1F9DAnOeU3yYvRprZU/6nbqzR7dfivgln8PE8Ht2EZf9Rk/n2/ztgKBik37MF
+WPthd+8Y+XKcjg2tZOENAxw7ikzjPIdHxFzxAnr9y5d4F6P5CSIjxw==
+-----END RSA PRIVATE KEY-----
diff --git a/id.server/data/certs/client-certs/req.cer b/id.server/data/certs/client-certs/req.cer Binary files differnew file mode 100644 index 000000000..9f3f8116f --- /dev/null +++ b/id.server/data/certs/client-certs/req.cer diff --git a/id.server/data/certs/client-certs/req.pem b/id.server/data/certs/client-certs/req.pem new file mode 100644 index 000000000..db4a69057 --- /dev/null +++ b/id.server/data/certs/client-certs/req.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE-----
+MIIC5jCCAk+gAwIBAgIBADANBgkqhkiG9w0BAQQFADBcMQswCQYDVQQGEwJBVDET
+MBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9B
+MRswGQYDVQQDExJBYm5haG1ldGVzdCBNT0EtSUQwHhcNMDMwNTA2MTU1NjMxWhcN
+MDMwNjA1MTU1NjMxWjBcMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1TdGF0
+ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9BMRswGQYDVQQDExJBYm5haG1l
+dGVzdCBNT0EtSUQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOJqhoQjXmkj
+E7eX0mhX4p3vz/vlpSDcmFmOw7PJOKYF38eJpPR0IqZqrDeDUJyuPQzSluRy1A6d
+kQBt93FVIND9LBd9yr6nh1bGIMppoJ/qKPHNk3bzEaW1ITgRx8ITc1jVOO2BIvVd
+4KTnLcszRvgr/KpYqpjqHRn+Eh3JwVTBAgMBAAGjgbcwgbQwHQYDVR0OBBYEFI6P
+2FnJlpDgTb/HFhIV3yczz7Q+MIGEBgNVHSMEfTB7gBSOj9hZyZaQ4E2/xxYSFd8n
+M8+0PqFgpF4wXDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxDTAL
+BgNVBAoTBEJSWkcxDDAKBgNVBAsTA01PQTEbMBkGA1UEAxMSQWJuYWhtZXRlc3Qg
+TU9BLUlEggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAECbLNoxp
+6B81lDvab7KVB2HcR+o7DFoejy5HjI+iQL/RoxA5L5t7giROCGXCzjb+0+pxt8fR
+4yR66YmoxUC9kjfCxr70Wob+DrBy73yCnwpw2yndcRoYe3HmyoX0HvYPjnUm0IWt
+BGAALnQn/En/ZDW0YEM5DtOsZPoZd8r49UE=
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/client-certs/req2.pem b/id.server/data/certs/client-certs/req2.pem new file mode 100644 index 000000000..972c4a344 --- /dev/null +++ b/id.server/data/certs/client-certs/req2.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE-----
+MIIC7DCCAlWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBeMQswCQYDVQQGEwJBVDET
+MBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEChMEQlJaRzEMMAoGA1UECxMDTU9B
+MR0wGwYDVQQDExRBYm5haG1ldGVzdCBNT0EtSUQgMjAeFw0wMzA1MDYxNzU2MDRa
+Fw0wMzA2MDUxNzU2MDRaMF4xCzAJBgNVBAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0
+YXRlMQ0wCwYDVQQKEwRCUlpHMQwwCgYDVQQLEwNNT0ExHTAbBgNVBAMTFEFibmFo
+bWV0ZXN0IE1PQS1JRCAyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+T1D5
+sxLxeVxkJ04nRj0iP7OnuAsQBvankGkPrWRo/Z8OusG2tKp0CEgIK+nqbRzElmnL
+20ij7QKHNgUYAb/2tkMP1K2m6dr/fjBnJGle9lUCbIuzXndBgYy5+nBXVXERPo7k
+rUcbnh3hXpa2dpySqV2qgIcNWQ1zsjsYTMKOKwIDAQABo4G5MIG2MB0GA1UdDgQW
+BBS2az6C8gFXa9JjsC+7YVOz+kbQHTCBhgYDVR0jBH8wfYAUtms+gvIBV2vSY7Av
+u2FTs/pG0B2hYqRgMF4xCzAJBgNVBAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRl
+MQ0wCwYDVQQKEwRCUlpHMQwwCgYDVQQLEwNNT0ExHTAbBgNVBAMTFEFibmFobWV0
+ZXN0IE1PQS1JRCAyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA
+EEeNYSW9gJrxX04z6G48A+DODPzEtZeyVUE/n/OOox9pHZ0ftOj7M4XdLj6QIrES
++cSo9UWFOkPrYj3TVuJ58LLvB3VqevNu8dq1Q0u7umiCofpuqX9rQ/hcfkVWrg3/
+EZdkckT+PRAZR88omVi5q0uU/CkG8o9+KUeqezmWMg8=
+-----END CERTIFICATE-----
diff --git a/id.server/data/certs/keystores/client.keystore b/id.server/data/certs/keystores/client.keystore Binary files differnew file mode 100644 index 000000000..2304628f4 --- /dev/null +++ b/id.server/data/certs/keystores/client.keystore diff --git a/id.server/data/certs/keystores/client.p12 b/id.server/data/certs/keystores/client.p12 Binary files differnew file mode 100644 index 000000000..de82e3d5e --- /dev/null +++ b/id.server/data/certs/keystores/client.p12 diff --git a/id.server/data/certs/keystores/client2.p12 b/id.server/data/certs/keystores/client2.p12 Binary files differnew file mode 100644 index 000000000..5147f7f9c --- /dev/null +++ b/id.server/data/certs/keystores/client2.p12 diff --git a/id.server/data/certs/keystores/server.keystore b/id.server/data/certs/keystores/server.keystore Binary files differnew file mode 100644 index 000000000..5ed848e3f --- /dev/null +++ b/id.server/data/certs/keystores/server.keystore diff --git a/id.server/data/certs/keystores/testlinux.keystore b/id.server/data/certs/keystores/testlinux.keystore Binary files differnew file mode 100644 index 000000000..99e78638f --- /dev/null +++ b/id.server/data/certs/keystores/testlinux.keystore diff --git a/id.server/data/certs/keystores/testlinux_plus_client.keystore b/id.server/data/certs/keystores/testlinux_plus_client.keystore Binary files differnew file mode 100644 index 000000000..cc08a127b --- /dev/null +++ b/id.server/data/certs/keystores/testlinux_plus_client.keystore diff --git a/id.server/data/certs/keystores/testlinux_rev.keystore b/id.server/data/certs/keystores/testlinux_rev.keystore Binary files differnew file mode 100644 index 000000000..d7964e93d --- /dev/null +++ b/id.server/data/certs/keystores/testlinux_rev.keystore diff --git a/id.server/data/certs/server-certs/a-trust.cer b/id.server/data/certs/server-certs/a-trust.cer Binary files differnew file mode 100644 index 000000000..f87f82561 --- /dev/null +++ b/id.server/data/certs/server-certs/a-trust.cer diff --git a/id.server/data/certs/server-certs/baltimore.cer b/id.server/data/certs/server-certs/baltimore.cer Binary files differnew file mode 100644 index 000000000..514c65c51 --- /dev/null +++ b/id.server/data/certs/server-certs/baltimore.cer diff --git a/id.server/data/certs/server-certs/cio.cer b/id.server/data/certs/server-certs/cio.cer Binary files differnew file mode 100644 index 000000000..560425e95 --- /dev/null +++ b/id.server/data/certs/server-certs/cio.cer diff --git a/id.server/data/certs/server-certs/testlinux.crt b/id.server/data/certs/server-certs/testlinux.crt Binary files differnew file mode 100644 index 000000000..db9201838 --- /dev/null +++ b/id.server/data/certs/server-certs/testlinux.crt diff --git a/id.server/data/certs/server-certs/testlinux_rev.crt b/id.server/data/certs/server-certs/testlinux_rev.crt Binary files differnew file mode 100644 index 000000000..ac735db10 --- /dev/null +++ b/id.server/data/certs/server-certs/testlinux_rev.crt diff --git a/id.server/data/certs/server-certs/testwin.cer b/id.server/data/certs/server-certs/testwin.cer Binary files differnew file mode 100644 index 000000000..ff2f369a8 --- /dev/null +++ b/id.server/data/certs/server-certs/testwin.cer diff --git a/id.server/data/certs/server-certs/testwin_rev.cer b/id.server/data/certs/server-certs/testwin_rev.cer Binary files differnew file mode 100644 index 000000000..b899000f2 --- /dev/null +++ b/id.server/data/certs/server-certs/testwin_rev.cer diff --git a/id.server/data/certs/server-certs/tomcat-server.crt b/id.server/data/certs/server-certs/tomcat-server.crt Binary files differnew file mode 100644 index 000000000..f7cca3e9e --- /dev/null +++ b/id.server/data/certs/server-certs/tomcat-server.crt diff --git a/id.server/data/certs/server-certs/verisign.cer b/id.server/data/certs/server-certs/verisign.cer Binary files differnew file mode 100644 index 000000000..85f09ee4e --- /dev/null +++ b/id.server/data/certs/server-certs/verisign.cer diff --git a/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml new file mode 100644 index 000000000..ec6203326 --- /dev/null +++ b/id.server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -0,0 +1,81 @@ +<?xml version="1.0" encoding="UTF-8"?> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <!-- für MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLComplete"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/auswahl"> + <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-- Transformationen für die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <TransformsInfo filename="file:conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP über Web Service angesprochen wird --> + <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> + <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + <!-- TrustProfile für den IdentityLink der Bürgerkarte; + muss in MOA-SP konfiguriert sein --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <!-- TrustProfile für die Signatur des AUTH-Blocks der Bürgerkarte; + muss in MOA-SP konfiguriert sein --> + <TrustProfileID>MOAIDBuergerkarteRoot</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige der Anmeldedaten im Secure Viewer; + muss in MOA-SP konfiguriert sein --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <!-- Gültige Signatoren des IdentityLink, der von der Bürgerkarte gelesen wird --> + <IdentityLinkSigners> + <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <!-- für MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="https://localhost:8443/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <!-- Eintrag für jede Online-Applikation --> + <OnlineApplication publicURLPrefix="http://localhost:8080/moa-id-proxy/"> + <!-- für MOA-ID-AUTH --> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <!-- für MOA-ID-PROXY --> + <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="file:conf/moa-id/oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://localhost:8080/oa/"> + <!-- <AcceptedServerCertificates>file:conf/moa-id/certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file:/file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <!-- ChainingModes für die Zertifikatspfadüberprüfung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <!-- für MOA-ID-AUTH: Rootzertifikate des Servers MOA-SP, falls über HTTPS angesprochen --> + <!-- für MOA-ID-PROXY: Rootzertifikate des Servers MOA-ID-AUTH, falls über HTTPS angesprochen, + und aller Online-Applikationen, die über HTTPS angesprochen werden --> + <TrustedCACertificates>file:conf/moa-id/certs/ca-certs</TrustedCACertificates> + <!-- Cache-Verzeichnis für-Zertifikate --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="conf/moa-id/certs/certstore"/> + <!-- Time-Out für die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out für die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> +</MOA-IDConfiguration> diff --git a/id.server/data/deploy/conf/moa-id/log4j.properties b/id.server/data/deploy/conf/moa-id/log4j.properties new file mode 100644 index 000000000..eada826da --- /dev/null +++ b/id.server/data/deploy/conf/moa-id/log4j.properties @@ -0,0 +1,22 @@ +# commons-logging setup +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory + +# define log4j root loggers +log4j.rootLogger=info, stdout, R +log4j.logger.moa.spss.server=info +log4j.logger.iaik.server=info +log4j.logger.moa.id.auth=info +log4j.logger.moa.id.proxy=info + +# configure the stdout appender +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + +# configure the rolling file appender (R) +log4j.appender.R=org.apache.log4j.RollingFileAppender +log4j.appender.R.File=logs/moa-id.log +log4j.appender.R.MaxFileSize=10000KB +log4j.appender.R.MaxBackupIndex=1 +log4j.appender.R.layout=org.apache.log4j.PatternLayout +log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n diff --git a/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml new file mode 100644 index 000000000..13d99f1c1 --- /dev/null +++ b/id.server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)--> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateless</LoginType> + <BasicAuth> + <UserID>MOAFamilyName</UserID> + <Password>MOAGivenName</Password> + </BasicAuth> +</Configuration> diff --git a/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml new file mode 100644 index 000000000..541089ccb --- /dev/null +++ b/id.server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml @@ -0,0 +1,63 @@ +<sl10:TransformsInfo> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> + <table border="1"> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + <tr> + <td> + <b>Zeit:</b> + </td> + <td> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + </td> + </tr> + <tr> + <td> + <b>Applikation:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Geschäftsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Anmeldeserver:</b> + </td> + <td> + <xsl:value-of select="//saml:NameIdentifier"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>text/html</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> diff --git a/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml new file mode 100644 index 000000000..900f41252 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<MOAConfiguration xmlns="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:moa-spss="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <!-- Standardnamen für Kanonisierungs- und Digest-Algorithmus --> + <CanonicalizationAlgorithm name="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> + <DigestMethodAlgorithm name="http://www.w3.org/2000/09/xmldsig#sha1"/> + <!-- Cache-Verzeichnis für Zertifikate; + muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certstore"/> + <!-- VerifyTransformsInfoProfile mit den Transformationen für die Anzeige des AUTH-Block im Secure Viewer --> + <VerifyTransformsInfoProfile id="MOAIDTransformAuthBlock" filename="profiles/MOAIDTransformAuthBlock.xml"/> + <!-- TrustProfile für den IdentityLink der Bürgerkarte; + muss die Root- und Intermediate-CA-Zertifikate der Bürgerkarte beinhalten --> + <TrustProfile id="MOAIDBuergerkarteRoot" uri="trustprofiles/MOAIDBuergerkarteRoot"/> +</MOAConfiguration> diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 diff --git a/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 diff --git a/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 diff --git a/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml new file mode 100644 index 000000000..1d1a610b7 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-Qual-01-SN0291.cer diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0213.cer diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN0218.cer diff --git a/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id.server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot/A-Trust-nQual-01-SN6f.cer diff --git a/id.server/data/deploy/tomcat/moa-id-env.bat b/id.server/data/deploy/tomcat/moa-id-env.bat new file mode 100644 index 000000000..319d18f88 --- /dev/null +++ b/id.server/data/deploy/tomcat/moa-id-env.bat @@ -0,0 +1 @@ +set CATALINA_OPTS=-Dmoa.id.configuration=%CATALINA_HOME%\conf\moa-id\SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=%CATALINA_HOME%\conf\moa-spss\SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:%CATALINA_HOME%\conf\moa-id\log4j.properties
diff --git a/id.server/data/deploy/tomcat/moa-id-env.sh b/id.server/data/deploy/tomcat/moa-id-env.sh new file mode 100644 index 000000000..9acfe56c0 --- /dev/null +++ b/id.server/data/deploy/tomcat/moa-id-env.sh @@ -0,0 +1 @@ +export CATALINA_OPTS="-Dmoa.id.configuration=$CATALINA_HOME/conf/moa-id/SampleMOAIDConfiguration.xml -Dmoa.spss.server.configuration=$CATALINA_HOME/conf/moa-spss/SampleMOASPSSConfiguration.xml -Dlog4j.configuration=file:$CATALINA_HOME/conf/moa-id/log4j.properties"
diff --git a/id.server/data/deploy/tomcat/server.mod_jk.xml b/id.server/data/deploy/tomcat/server.mod_jk.xml new file mode 100644 index 000000000..61100b260 --- /dev/null +++ b/id.server/data/deploy/tomcat/server.mod_jk.xml @@ -0,0 +1,201 @@ +<!-- Alternate Example-less Configuration File --> +<!-- Note that component elements are nested corresponding to their + parent-child relationships with each other --> + +<!-- A "Server" is a singleton element that represents the entire JVM, + which may contain one or more "Service" instances. The Server + listens for a shutdown command on the indicated port. + + Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> + +<Server port="8005" shutdown="SHUTDOWN" debug="0"> + + + <!-- Uncomment this entry to enable JMX MBeans support --> +<!-- + <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" + debug="0" port="-1" login="admin" password="admin"/> +--> + + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" (and therefore the web applications visible + within that Container). Normally, that Container is an "Engine", + but this is not required. + + Note: A "Service" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> + + <!-- Define the Tomcat Stand-Alone Service --> + <Service name="Tomcat-Standalone"> + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Each Connector passes requests on to the + associated "Container" (normally an Engine) for processing. + + By default, a non-SSL HTTP/1.1 Connector is established on port 8080. + You can also enable an SSL HTTP/1.1 Connector on port 8443 by + following the instructions below and uncommenting the second Connector + entry. SSL support requires the following steps (see the SSL Config + HOWTO in the Tomcat 4.0 documentation bundle for more detailed + instructions): + * Download and install JSSE 1.0.2 or later, and put the JAR files + into "$JAVA_HOME/jre/lib/ext". + * Execute: + %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) + $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) + with a password value of "changeit" for both the certificate and + the keystore itself. + + By default, DNS lookups are enabled when a web application calls + request.getRemoteHost(). This can have an adverse impact on + performance, so you can disable it by setting the + "enableLookups" attribute to "false". When DNS lookups are disabled, + request.getRemoteHost() will return the String version of the + IP address of the remote client. + --> + + <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8009" minProcessors="5" maxProcessors="75" + enableLookups="true" redirectPort="8443" + acceptCount="10" debug="0" connectionTimeout="0" + useURIValidationHack="false" + protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). --> + + <!-- Define the top level container in our container hierarchy --> + <Engine name="Standalone" defaultHost="localhost" debug="0"> + + <!-- The request dumper valve dumps useful debugging information about + the request headers and cookies that were received, and the response + headers and cookies that were sent, for all requests received by + this instance of Tomcat. If you care only about requests to a + particular virtual host, or a particular application, nest this + element inside the corresponding <Host> or <Context> entry instead. + + For a similar mechanism that is portable to all Servlet 2.3 + containers, check out the "RequestDumperFilter" Filter in the + example application (the source for this filter may be found in + "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). + + Request dumping is disabled by default. Uncomment the following + element to enable it. --> + <!-- + <Valve className="org.apache.catalina.valves.RequestDumperValve"/> + --> + + <!-- Global logger unless overridden at lower levels --> + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="catalina_log." suffix=".txt" + timestamp="true"/> + + <!-- Because this Realm is here, an instance will be shared globally --> + + <Realm className="org.apache.catalina.realm.MemoryRealm" /> + + <!-- Replace the above Realm with one of the following to get a Realm + stored in a database and accessed via JDBC --> + + <!-- Define the default virtual host --> + <Host name="localhost" debug="0" appBase="webapps" + unpackWARs="true" autoDeploy="true"> + + <!-- Normally, users must authenticate themselves to each web app + individually. Uncomment the following entry if you would like + a user to be authenticated the first time they encounter a + resource protected by a security constraint, and then have that + user identity maintained across *all* web applications contained + in this virtual host. --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" + debug="0"/> + --> + + <!-- Access log processes all requests for this virtual host. By + default, log files are created in the "logs" directory relative to + $CATALINA_HOME. If you wish, you can specify a different + directory with the "directory" attribute. Specify either a relative + (to $CATALINA_HOME) or absolute path to the desired directory. + --> + <Valve className="org.apache.catalina.valves.AccessLogValve" + directory="logs" prefix="localhost_access_log." suffix=".txt" + pattern="common"/> + + <!-- Logger shared by all Contexts related to this virtual host. By + default (when using FileLogger), log files are created in the "logs" + directory relative to $CATALINA_HOME. If you wish, you can specify + a different directory with the "directory" attribute. Specify either a + relative (to $CATALINA_HOME) or absolute path to the desired + directory.--> + <Logger className="org.apache.catalina.logger.FileLogger" + directory="logs" prefix="localhost_log." suffix=".txt" + timestamp="true"/> + + <!-- Define properties for each web application. This is only needed + if you want to set non-default properties, or have web application + document roots in places other than the virtual host's appBase + directory. --> + + <!-- Tomcat Root Context --> + <!-- + <Context path="" docBase="ROOT" debug="0"/> + --> + + </Host> + + </Engine> + + </Service> + + <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 + as its servlet container. Please read the README.txt file coming with + the WebApp Module distribution on how to build it. + (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) + + To configure the Apache side, you must ensure that you have the + "ServerName" and "Port" directives defined in "httpd.conf". Then, + lines like these to the bottom of your "httpd.conf" file: + + LoadModule webapp_module libexec/mod_webapp.so + WebAppConnection warpConnection warp localhost:8008 + WebAppDeploy examples warpConnection /examples/ + + The next time you restart Apache (after restarting Tomcat, if needed) + the connection will be established, and all applications you make + visible via "WebAppDeploy" directives can be accessed through Apache. + --> + + <!-- Define an Apache-Connector Service --> + <Service name="Tomcat-Apache"> + + <Connector className="org.apache.catalina.connector.warp.WarpConnector" + port="8008" minProcessors="5" maxProcessors="75" + enableLookups="true" + acceptCount="10" debug="0"/> + + <!-- Replace "localhost" with what your Apache "ServerName" is set to --> + <Engine className="org.apache.catalina.connector.warp.WarpEngine" + name="Apache" debug="0" appBase="webapps"> + + <!-- Global logger unless overridden at lower levels --> + <Logger className="org.apache.catalina.logger.FileLogger" + prefix="apache_log." suffix=".txt" + timestamp="true"/> + + <!-- Because this Realm is here, an instance will be shared globally --> + <Realm className="org.apache.catalina.realm.MemoryRealm" /> + + </Engine> + + </Service> + +</Server> + diff --git a/id.server/data/deploy/tomcat/server.xml b/id.server/data/deploy/tomcat/server.xml new file mode 100644 index 000000000..c99136fa2 --- /dev/null +++ b/id.server/data/deploy/tomcat/server.xml @@ -0,0 +1,157 @@ +<!-- Alternate Example-less Configuration File --> +<!-- Note that component elements are nested corresponding to their + parent-child relationships with each other --> +<!-- A "Server" is a singleton element that represents the entire JVM, + which may contain one or more "Service" instances. The Server + listens for a shutdown command on the indicated port. + + Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> +<Server port="8005" shutdown="SHUTDOWN" debug="0"> + <!-- Uncomment this entry to enable JMX MBeans support --> + <!-- + <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" + debug="0" port="-1" login="admin" password="admin"/> +--> + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" (and therefore the web applications visible + within that Container). Normally, that Container is an "Engine", + but this is not required. + + Note: A "Service" is not itself a "Container", so you may not + define subcomponents such as "Valves" or "Loggers" at this level. + --> + <!-- Define the Tomcat Stand-Alone Service --> + <Service name="Tomcat-Standalone"> + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Each Connector passes requests on to the + associated "Container" (normally an Engine) for processing. + + By default, a non-SSL HTTP/1.1 Connector is established on port 8080. + You can also enable an SSL HTTP/1.1 Connector on port 8443 by + following the instructions below and uncommenting the second Connector + entry. SSL support requires the following steps (see the SSL Config + HOWTO in the Tomcat 4.0 documentation bundle for more detailed + instructions): + * Download and install JSSE 1.0.2 or later, and put the JAR files + into "$JAVA_HOME/jre/lib/ext". + * Execute: + %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) + $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) + with a password value of "changeit" for both the certificate and + the keystore itself. + + By default, DNS lookups are enabled when a web application calls + request.getRemoteHost(). This can have an adverse impact on + performance, so you can disable it by setting the + "enableLookups" attribute to "false". When DNS lookups are disabled, + request.getRemoteHost() will return the String version of the + IP address of the remote client. + --> + <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" port="8080" minProcessors="5" maxProcessors="75" enableLookups="true" redirectPort="8443" acceptCount="100" debug="0" connectionTimeout="20000" useURIValidationHack="false" disableUploadTimeout="true"/> + <!-- Note : To disable connection timeouts, set connectionTimeout value + to -1 --> + <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> + <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" + port="8443" minProcessors="5" maxProcessors="75" + enableLookups="uri" + acceptCount="100" debug="0" scheme="https" secure="true" + useURIValidationHack="false" disableUploadTimeout="true"> + <Factory className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" + clientAuth="false" protocol="TLS"/> + </Connector> + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). --> + <!-- Define the top level container in our container hierarchy --> + <Engine name="Standalone" defaultHost="localhost" debug="0"> + <!-- The request dumper valve dumps useful debugging information about + the request headers and cookies that were received, and the response + headers and cookies that were sent, for all requests received by + this instance of Tomcat. If you care only about requests to a + particular virtual host, or a particular application, nest this + element inside the corresponding <Host> or <Context> entry instead. + + For a similar mechanism that is portable to all Servlet 2.3 + containers, check out the "RequestDumperFilter" Filter in the + example application (the source for this filter may be found in + "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). + + Request dumping is disabled by default. Uncomment the following + element to enable it. --> + <!-- + <Valve className="org.apache.catalina.valves.RequestDumperValve"/> + --> + <!-- Global logger unless overridden at lower levels --> + <Logger className="org.apache.catalina.logger.FileLogger" prefix="catalina_log." suffix=".txt" timestamp="true"/> + <!-- Because this Realm is here, an instance will be shared globally --> + <Realm className="org.apache.catalina.realm.MemoryRealm"/> + <!-- Define the default virtual host --> + <Host name="localhost" debug="0" appBase="webapps" unpackWARs="true" autoDeploy="true"> + <!-- Normally, users must authenticate themselves to each web app + individually. Uncomment the following entry if you would like + a user to be authenticated the first time they encounter a + resource protected by a security constraint, and then have that + user identity maintained across *all* web applications contained + in this virtual host. --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" + debug="0"/> + --> + <!-- Access log processes all requests for this virtual host. By + default, log files are created in the "logs" directory relative to + $CATALINA_HOME. If you wish, you can specify a different + directory with the "directory" attribute. Specify either a relative + (to $CATALINA_HOME) or absolute path to the desired directory. + --> + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="common"/> + <!-- Logger shared by all Contexts related to this virtual host. By + default (when using FileLogger), log files are created in the "logs" + directory relative to $CATALINA_HOME. If you wish, you can specify + a different directory with the "directory" attribute. Specify either a + relative (to $CATALINA_HOME) or absolute path to the desired + directory.--> + <Logger className="org.apache.catalina.logger.FileLogger" directory="logs" prefix="localhost_log." suffix=".txt" timestamp="true"/> + <!-- Define properties for each web application. This is only needed + if you want to set non-default properties, or have web application + document roots in places other than the virtual host's appBase + directory. --> + <!-- Tomcat Root Context --> + <!-- + <Context path="" docBase="../moa-id-proxy.war" debug="0"/> + --> + </Host> + </Engine> + </Service> + <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 + as its servlet container. Please read the README.txt file coming with + the WebApp Module distribution on how to build it. + (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) + + To configure the Apache side, you must ensure that you have the + "ServerName" and "Port" directives defined in "httpd.conf". Then, + lines like these to the bottom of your "httpd.conf" file: + + LoadModule webapp_module libexec/mod_webapp.so + WebAppConnection warpConnection warp localhost:8008 + WebAppDeploy examples warpConnection /examples/ + + The next time you restart Apache (after restarting Tomcat, if needed) + the connection will be established, and all applications you make + visible via "WebAppDeploy" directives can be accessed through Apache. + --> + <!-- Define an Apache-Connector Service --> + <Service name="Tomcat-Apache"> + <Connector className="org.apache.catalina.connector.warp.WarpConnector" port="8008" minProcessors="5" maxProcessors="75" enableLookups="true" acceptCount="10" debug="0"/> + <!-- Replace "localhost" with what your Apache "ServerName" is set to --> + <Engine className="org.apache.catalina.connector.warp.WarpEngine" name="Apache" debug="0" appBase="webapps"> + <!-- Global logger unless overridden at lower levels --> + <Logger className="org.apache.catalina.logger.FileLogger" prefix="apache_log." suffix=".txt" timestamp="true"/> + <!-- Because this Realm is here, an instance will be shared globally --> + <Realm className="org.apache.catalina.realm.MemoryRealm"/> + </Engine> + </Service> +</Server> diff --git a/id.server/data/deploy/tomcat/uriworkermap.properties b/id.server/data/deploy/tomcat/uriworkermap.properties new file mode 100644 index 000000000..daf0dca1a --- /dev/null +++ b/id.server/data/deploy/tomcat/uriworkermap.properties @@ -0,0 +1,7 @@ +# a sample mod_jk uriworkermap.properties file for mapping +# MOA-ID-AUTH and MOA-ID-PROXY web service requests to workers +# +# omit the mappings you don't need + +/moa-id-auth/*=moaworker +/moa-id-proxy/*=moaworker
\ No newline at end of file diff --git a/id.server/data/deploy/tomcat/workers.properties b/id.server/data/deploy/tomcat/workers.properties new file mode 100644 index 000000000..9350ddc77 --- /dev/null +++ b/id.server/data/deploy/tomcat/workers.properties @@ -0,0 +1,6 @@ +# a sample workers.properties file defining a single mod_jk worker + +worker.list=moaworker +worker.moaworker.type=ajp13 +worker.moaworker.host=localhost +worker.moaworker.port=8009 diff --git a/id.server/data/test/conf/ConfigurationTest.xml b/id.server/data/test/conf/ConfigurationTest.xml new file mode 100644 index 000000000..5c18e35cc --- /dev/null +++ b/id.server/data/test/conf/ConfigurationTest.xml @@ -0,0 +1,103 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <AuthComponent> + <SecurityLayer> + <TransformsInfo filename="file:data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml"/> + </SecurityLayer> + <MOA-SP> + <ConnectionParameter URL="https://10.16.46.108:8443/moa-spss/services"> + <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates> + <!-- <ClientKeyStore password="Keystore Pass">URLtoClientKeystoreAUTH</ClientKeyStore> --> + </ConnectionParameter> + <VerifyIdentityLink> + <TrustProfileID>TrustProfile1</TrustProfileID> + </VerifyIdentityLink> + <VerifyAuthBlock> + <TrustProfileID>TrustProfile1</TrustProfileID> + <VerifyTransformsInfoProfileID>TransformsInfoProfile1MOAID</VerifyTransformsInfoProfileID> + </VerifyAuthBlock> + </MOA-SP> + <IdentityLinkSigners> + <X509SubjectName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</X509SubjectName> + </IdentityLinkSigners> + </AuthComponent> + <ProxyComponent> + <AuthComponent> + <ConnectionParameter URL="AuthComponentURL"> + <AcceptedServerCertificates>http://www.altova.com</AcceptedServerCertificates> + <ClientKeyStore password="String">http://www.altova.com</ClientKeyStore> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + <OnlineApplication publicURLPrefix="http://localhost:9080/"> + <AuthComponent provideZMRZahl="false" provideAUTHBlock="false" provideIdentityLink="false"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfParamAuth.xml" sessionTimeOut="10" loginParameterResolverImpl="StringloginParameterResolverImpl1" connectionBuilderImpl="StringconnectionBuilderImpl1"> + <ConnectionParameter URL="ProxyComponentURL"> + <AcceptedServerCertificates>url:AcceptedServerCertificates</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss">URL:toClientKeystoreOA</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://verisign.moa.gv.at/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3"> + <ConnectionParameter URL="https://www.verisign.com/"> + <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://a-trust.moa.gv.at/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3"> + <ConnectionParameter URL="https://www.a-trust.at/"> + <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://baltimore.moa.gv.at/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3"> + <ConnectionParameter URL="https://www.baltimore.com/"> + <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="http://cio.moa.gv.at/"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3"> + <ConnectionParameter URL="https://www.cio.gv.at/"> + <AcceptedServerCertificates>file:data/test/certs/server-certs</AcceptedServerCertificates> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="StringOALoginURL2"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfHeaderAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl2" connectionBuilderImpl="StringconnectionBuilderImpl2"> + <ConnectionParameter URL="ProxyComponentURL2"> + <AcceptedServerCertificates>url:AcceptedServerCertificates2</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss2">URL:toClientKeystoreOA2</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <OnlineApplication publicURLPrefix="StringOALoginURL3"> + <AuthComponent provideZMRZahl="true" provideAUTHBlock="true" provideIdentityLink="true"/> + <ProxyComponent configFileURL="file:data/test/conf/OAConfBasicAuth.xml" sessionTimeOut="20" loginParameterResolverImpl="StringloginParameterResolverImpl3" connectionBuilderImpl="StringconnectionBuilderImpl3"> + <ConnectionParameter URL="ProxyComponentURL3"> + <AcceptedServerCertificates>url:AcceptedServerCertificates3</AcceptedServerCertificates> + <ClientKeyStore password="ClientKeystoreOAPAss3">URL:toClientKeystoreOA3</ClientKeyStore> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + <ChainingModes systemDefaultMode="chaining"> + <TrustAnchor mode="chaining"> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </TrustAnchor> + </ChainingModes> + <TrustedCACertificates>file:c:/java/id.server/data/test/certs/ca-certs</TrustedCACertificates> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="c:/java/id.server/data/test/certs/cert-store-root"/> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + <GenericConfiguration name="ProxyComponent.DisableHostnameVerification" value="true"/> +</MOA-IDConfiguration> diff --git a/id.server/data/test/conf/OAConfBasicAuth.xml b/id.server/data/test/conf/OAConfBasicAuth.xml new file mode 100644 index 000000000..61455f903 --- /dev/null +++ b/id.server/data/test/conf/OAConfBasicAuth.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)--> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <BasicAuth> + <UserID>MOAGivenName</UserID> + <Password>MOAFamilyName</Password> + </BasicAuth> +</Configuration> diff --git a/id.server/data/test/conf/OAConfHeaderAuth.xml b/id.server/data/test/conf/OAConfHeaderAuth.xml new file mode 100644 index 000000000..c92e055e9 --- /dev/null +++ b/id.server/data/test/conf/OAConfHeaderAuth.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)--> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <HeaderAuth> + <Header Name="Param1" Value="MOAPublicAuthority"/> + <Header Name="Param2" Value="MOABKZ"/> + <Header Name="Param3" Value="MOAQualifiedCertificate"/> + <Header Name="Param4" Value="MOAZMRZahl"/> + <Header Name="Param5" Value="MOAIPAddress"/> + </HeaderAuth> +</Configuration> diff --git a/id.server/data/test/conf/OAConfParamAuth.xml b/id.server/data/test/conf/OAConfParamAuth.xml new file mode 100644 index 000000000..a70f6a6c0 --- /dev/null +++ b/id.server/data/test/conf/OAConfParamAuth.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 U (http://www.xmlspy.com) by Jack (-none-) --> +<!--Sample XML file generated by XMLSPY v5 U (http://www.xmlspy.com)--> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateful</LoginType> + <ParamAuth> + <Parameter Name="Param1" Value="MOADateOfBirth"/> + <Parameter Name="Param2" Value="MOAVPK"/> + </ParamAuth> +</Configuration> diff --git a/id.server/data/test/conf/log4j.properties b/id.server/data/test/conf/log4j.properties new file mode 100644 index 000000000..9a808f925 --- /dev/null +++ b/id.server/data/test/conf/log4j.properties @@ -0,0 +1,10 @@ +# commons-logging setup +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory + +# define log4j root loggers +log4j.rootLogger=debug, stdout + +# configure the stdout appender +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n diff --git a/id.server/data/test/conf/transforms/TransformsInfosHTML.xml b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml new file mode 100644 index 000000000..e003297f4 --- /dev/null +++ b/id.server/data/test/conf/transforms/TransformsInfosHTML.xml @@ -0,0 +1,63 @@ +<sl10:TransformsInfo> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> + <table border="1"> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + <tr> + <td> + <b>Zeit:</b> + </td> + <td> + <xsl:value-of select="//@IssueInstant"/> + </td> + </tr> + <tr> + <td> + <b>Applikation:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Geschäftsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td> + <b>Anmeldeserver:</b> + </td> + <td> + <xsl:value-of select="//saml:NameIdentifier"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>text/html</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> diff --git a/id.server/data/test/ixsil/init/properties/algorithms.properties b/id.server/data/test/ixsil/init/properties/algorithms.properties new file mode 100644 index 000000000..35a41cfdd --- /dev/null +++ b/id.server/data/test/ixsil/init/properties/algorithms.properties @@ -0,0 +1,94 @@ +# IXSIL algorithm properties +# +# This file contains the properties which IXSIL uses to maintain the available algorithms. + + + +#---------------------------------------------------------------------------------------------------------- +# Canonicalization algorithms +# +# The following properties (starting with "Canonicalization.") are associations between canonicalization +# algorithm URIs and their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the canonicalization algorithm +# with the identifying URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", the name of the algorithm +# property is "Canonicalization.http://www.w3.org/TR/2001/REC-xml-c14n-20010315", i.e. the identifying URI, +# prepended by the canonicalization algorithm property identifier ("Canonicalization."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard impl. shipped with IXSIL, "iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXML +Canonicalization.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplCanonicalXMLWithComments +Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXML +Canonicalization.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.CanonicalizationAlgorithmImplExclusiveCanonicalXMLWithComments + +#---------------------------------------------------------------------------------------------------------- +# Signature algorithms +# +# The following properties (starting with "Signature.") are associations between signature algorithm URIs and +# their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the signature algorithm +# with the identifying URI "http://www.w3.org/2000/09/xmldsig#rsa-sha1", the name of the algorithm +# property is "Signature.http://www.w3.org/2000/09/xmldsig#rsa-sha1", i.e. the identifying URI, +# prepended by the signature algorithm property identifier ("Signature."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.SignatureAlgorithmImplRSA". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Signature.http\://www.w3.org/2000/09/xmldsig#rsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplRSA +Signature.http\://www.w3.org/2000/09/xmldsig#dsa-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplDSA +Signature.http\://www.w3.org/2000/09/xmldsig#hmac-sha1 = iaik.ixsil.algorithms.SignatureAlgorithmImplHMAC + + + +#---------------------------------------------------------------------------------------------------------- +# Digest algorithms +# +# The following properties (starting with "Digest.") are associations between digest algorithm URIs and +# their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the digest algorithm +# with the identifying URI "http://www.w3.org/2000/09/xmldsig#sha1", the name of the algorithm +# property is "Digest.http://www.w3.org/2000/09/xmldsig#sha1", i.e. the identifying URI, +# prepended by the digest algorithm property identifier ("Digest."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.DigestAlgorithmImplSHA1". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Digest.http\://www.w3.org/2000/09/xmldsig#sha1 = iaik.ixsil.algorithms.DigestAlgorithmImplSHA1 + + + +#---------------------------------------------------------------------------------------------------------- +# Transform algorithms +# +# The following properties (starting with "Transform.") are associations between digest algorithm URIs and +# their corresponding implementation classes. +# +# For instance, if you would like to specify the implementation class for the transform algorithm +# with the identifying URI "http://www.w3.org/2000/09/xmldsig#base64", the name of the algorithm +# property is "Transform.http://www.w3.org/2000/09/xmldsig#base64", i.e. the identifying URI, +# prepended by the transform algorithm property identifier ("Transform."). The value of the +# property is the fully qualified class name of the implementation for this algorithm, for instance the +# standard implementation shipped with IXSIL, "iaik.ixsil.algorithms.TransformImplBase64Decode". +# +# PLEASE NOTE: The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315 = iaik.ixsil.algorithms.TransformImplCanonicalXML +Transform.http\://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments = iaik.ixsil.algorithms.TransformImplCanonicalXMLWithComments +Transform.http\://www.w3.org/2001/10/xml-exc-c14n# = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML +Transform.http\://www.w3.org/2001/10/xml-exc-c14n#WithComments = iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXMLWithComments +Transform.http\://www.w3.org/2000/09/xmldsig#base64 = iaik.ixsil.algorithms.TransformImplBase64Decode +Transform.http\://www.w3.org/TR/1999/REC-xpath-19991116 = iaik.ixsil.algorithms.TransformImplXPath +Transform.http\://www.w3.org/2000/09/xmldsig#enveloped-signature = iaik.ixsil.algorithms.TransformImplEnvelopedSignature +Transform.http\://www.w3.org/TR/1999/REC-xslt-19991116 = iaik.ixsil.algorithms.TransformImplXSLT +Transform.http\://www.w3.org/2002/06/xmldsig-filter2 = iaik.ixsil.algorithms.TransformImplXPath2 diff --git a/id.server/data/test/ixsil/init/properties/init.properties b/id.server/data/test/ixsil/init/properties/init.properties new file mode 100644 index 000000000..a679a2635 --- /dev/null +++ b/id.server/data/test/ixsil/init/properties/init.properties @@ -0,0 +1,214 @@ +# IXSIL init properties +# +# This file contains the basic initialization properties for IXSIL. + +#---------------------------------------------------------------------------------------------------------- +# Properties for localizing exeption messages + +# This property specifies the ISO language code, which is used to select the appropriate exception message +# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information. + +IXSILException.ISOLanguageCode = "en" + + + +# This property specifies the ISO country code, which is used to select the appropriate exception message +# file. Please see the documentation for Java class "java.util.RessourceBundle" for further information. + +IXSILException.ISOCountryCode = "US" + + +#---------------------------------------------------------------------------------------------------------- +# Other property files + +# This property contains a URI specifying the (virtual) location of the IXSIL init properties file (i. e. +# this file). The URI MUST be absolute. +# +# The use of this property is optional. It is only needed by IXSIL, if the library will be initialized using +# the method IXSILInit.init(Properties, Properties, Properties). In this case it is used by IXSIL as the +# base URI for absolutizing other property URIs, such as "DOMUtils.SignatureSchema" (see below). +# +# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an +# authority component. This means that the part following the scheme identifier starts with "/" +# (single slash character), and not with "//" (two slash characters). +# +# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/init.properties" +# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/init.properties" +# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/init.properties" + +location.initProperties = file:data/test/ixsil/init/properties/init.properties + + + +# This property contains a URI specifying the location of the IXSIL algorithm properties file. The URI can +# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's +# URI as the base. +# +# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an +# authority component. This means that the part following the scheme identifier starts with "/" +# (single slash character), and not with "//" (two slash characters). +# +# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/algorithms.properties" +# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/algorithms.properties" +# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/algorithms.properties" +# Example 4 (relative URI): "../otherpath/algorithms.properties" +# Example 5 (relative URI): "algorithms.properties" + +location.algorithmsProperties = file:data/test/ixsil/init/properties/algorithms.properties + + + +# This property contains a URI specifying the location of the IXSIL keyManager properties file. The URI can +# be absolute or relative. If a relative URI is used, it will be absolutized using this init property file's +# URI as the base. +# +# PLEASE NOTE: Contrary to URIs under e.g. http or ftp scheme, URIs under file and jar scheme do not have an +# authority component. This means that the part following the scheme identifier starts with "/" +# (single slash character), and not with "//" (two slash characters). +# +# Example 1 (absolute URI under file scheme): "file:/c:/path1/path2/keyManager.properties" +# Example 2 (absolute URI under jar scheme): "jar:/file:/c:/path1/path2/archive.jar!/keyManager.properties" +# Example 3 (absolute URI under http scheme): "http://somewhere.org/path1/path2/keyManager.properties" +# Example 4 (relative URI): "../otherpath/keyManager.properties" +# Example 5 (relative URI): "keyManager.properties" + +location.keyManagerProperties = file:data/test/ixsil/init/properties/keyManager.properties + + + +#---------------------------------------------------------------------------------------------------------- +# AlgorithmFactory properties + + + +This property specifies the extension class for the abstract class +iaik.ixsil.algorithms.AlgorithmFactory, which is instantiated at invokation of method +iaik.ixsil.algorithms.AlgorithmFactory.createFactory(). +Please specifiy the fully qualified java class name for the class to be instantiated. + +AlgorithmFactory.ImplementingClass = iaik.ixsil.algorithms.AlgorithmFactoryDefaultImpl + + + +#---------------------------------------------------------------------------------------------------------- +# VerifierKeyManager properties + +# This property specifies the implementation class for the interface +# iaik.ixsil.keyinfo.VerifierKeyManager, which is instantiated by IXSIL in the verification use case, if the +# signature algorithm does not know about the verification key, and if the XML signature bears a KeyInfo +# element which contains hints that can be used to deduce the verification key. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +VerifierKeyManager.ImplementingClass = iaik.ixsil.keyinfo.KeyManagerImpl + + + +#---------------------------------------------------------------------------------------------------------- +# XML namespace prefix properties + +# This property specifies the namespace prefix used for XML elements from the XML-Signature namespace. +# +# PLEASE NOTE: The prefix must not be empty. + +namespacePrefix.XMLSignature = dsig: + + + +# This property specifies the namespace prefix used for XML elements from the XML Schema instance namespace. +# +# PLEASE NOTE: The prefix must not be empty. + +namespacePrefix.XMLSchemaInstance = xsi: + + +#---------------------------------------------------------------------------------------------------------- +# DOMUtils properties + + + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.DOMUtilsInterface, which contains a couple of DOM utility methods, which IXSIL relies +# on. If you would like to employ a parser different from Apache Xerces, you must implement the +# DOMUtilsInterface and specify your implementation class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +DOMUtils.ImplementingClass = iaik.ixsil.util.DOMUtilsImpl + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies, wheter WARNINGS generated by the Apache Xerces parser should lead to a parser exception +# or not. + +DOMUtils.ErrorHandler.reportWarnings = true + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies, wheter ERRORS generated by the Apache Xerces parser should lead to a parser exception +# or not. + +DOMUtils.ErrorHandler.reportErrors = true + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies, wheter FATAL ERRORS generated by the Apache Xerces parser should lead to a parser +# exception or not. + +DOMUtils.ErrorHandler.reportFatalErrors = true + + + +# This property is used by the standard implementation class for the interface +# iaik.ixsil.util.DOMUtilsInterface, namely iaik.ixsil.util.DOMUtilsImpl, which ships with IXSIL. +# It specifies an URI for the location of the XML schema for an XML signature, which is used as the +# reference grammar in method iaik.ixsil.util.DOMUtilsImpl.schemaValidateSignatureElement. +# The URI can be absolute or relative. If the URI is relative, it will be absolutized using the URI for +# this init property file as the base. + +DOMUtils.SignatureSchema = ../schemas/Signature.xsd + + + +#---------------------------------------------------------------------------------------------------------- +# XPathUtils properties + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.XPathUtilsInterface, which contains a couple of XPath utility methods, which IXSIL relies +# on. If you would like to employ a XPath engine different from Apache Xalan, you must implement the +# XPathUtilsInterface and specify your implementation class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +XPathUtils.ImplementingClass = iaik.ixsil.util.XPathUtilsImpl + + + +#---------------------------------------------------------------------------------------------------------- +# CanonicalXMLSerializer properties + + + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.CanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML according +# to "Canonical XML" (see http://www.w3.org/TR/2001/REC-xml-c14n-20010315). If you would like to employ an +# implemenation different from the standard implementation shipped with IXSIL, you must implement the +# CanonicalXMLSerialierInterface and specify your implementation class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +CanonicalXMLSerializer.CanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl + + + +# This property specifies the implementation class IXSIL should use for the interface +# iaik.ixsil.util.ExclusiveCanonicalXMLSerialierInterface. IXSIL relies on this interface to serialize XML +# according to "Exclusive XML Canonicalization" (see http://www.w3.org/TR/2001/WD-xml-exc-c14n-20011120). +# If you would like to employ an implemenation different from the standard implementation shipped with +# IXSIL, you must implement the ExclusiveCanonicalXMLSerialierInterface and specify your implementation +# class using this property. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +CanonicalXMLSerializer.ExclusiveCanonicalXMLImplementingClass = iaik.ixsil.util.CanonicalXMLSerializerImpl diff --git a/id.server/data/test/ixsil/init/properties/keyManager.properties b/id.server/data/test/ixsil/init/properties/keyManager.properties new file mode 100644 index 000000000..24ece437a --- /dev/null +++ b/id.server/data/test/ixsil/init/properties/keyManager.properties @@ -0,0 +1,74 @@ +# IXSIL algorithm properties +# +# This file contains the properties which IXSIL uses in context of key management. + + + +#---------------------------------------------------------------------------------------------------------- +# +# The following properties are associations between the fully qualified XMLname of a "KeyInfo" subelement, +# as used in an XML signature to specify hints how the verifier can obtain the verification key, and that +# implementation class of the interface iaik.ixsil.keyinfo.KeyProviderInterface, which will manage +# subelements of that type. +# +# These properties are only of interest, if you are using the standard key manager shipped with IXISL +# (which is class iaik.ixsil.keyInfo.KeyManagerImpl). +# +# For instance, if you would like to specify the key provider implementation for "KeyValue" subelements, +# the property name is the fully qualified XML name for the "KeyValue" element, namely +# "http://www.w3.org/2000/09/xmldsig#:KeyValue". The value of the property is the fully qualified class +# name of the key provider implementation class, for instance the standard implementation which ships with +# IXSIL: "iaik.ixsil.keyinfo.KeyProviderImplKeyValue". +# +# PLEASE NOTE (I): A fully qualified name for an XML element consists of an URI indicating the namespace the +# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the +# element (e.g. "KeyValue"). Both components are seperated by a colon. +# +# PLEASE NOTE (II): The colon character (":") must be escaped by a leading backslash, if it appears in the +# property name. + +http\://www.w3.org/2000/09/xmldsig#\:KeyValue = iaik.ixsil.keyinfo.KeyProviderImplKeyValue +http\://www.w3.org/2000/09/xmldsig#\:X509Data = iaik.ixsil.keyinfo.x509.KeyProviderImplX509Data +http\://www.w3.org/2000/09/xmldsig#\:RetrievalMethod = iaik.ixsil.keyinfo.retrieval.KeyProviderImplRetrievalMethod + + + +#---------------------------------------------------------------------------------------------------------- +# +# The following properties specify the order in which the different types of "KeyInfo" subelements are used +# by the key manager to deduce the verification key. +# +# These properties are only of interest, if you are using the standard key manager shipped with IXISL +# (which is class iaik.ixsil.keyInfo.KeyManagerImpl). +# +# The properties are associations between a two digit number and the fully qualified XML name of a "KeyInfo" +# subelement. The lower the number, the more important is the associated "KeyInfo" sublement. Consider an +# example configuration: +# +# Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue +# Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data +# +# In this configuration, the key manager first tries to use "KeyValue" subelements to deduce the +# verification key. Only if this does not succeed, the key manager uses "X509Data" subelements as a second +# chance. Of course you can specify more than only two different subelement types. +# +# PLEASE NOTE: A fully qualified name for an XML element consists of an URI indicating the namespace the +# element belongs to (e.g. "http://www.w3.org/2000/09/xmldsig#") and the local name of the +# element (e.g. "KeyValue"). Both components are seperated by a colon. + +Subelement.01 = http://www.w3.org/2000/09/xmldsig#:KeyValue +Subelement.02 = http://www.w3.org/2000/09/xmldsig#:X509Data +Subelement.03 = http://www.w3.org/2000/09/xmldsig#:RetrievalMethod + + + +#---------------------------------------------------------------------------------------------------------- +# +# The following property is used by standard implementation of the "X509Data" key provider, which ships +# with IXSIL, namely "KeyProviderImplX509Data". It specifies the implementation class for the interface +# iaik.ixsil.keyinfo.x509.X509TrustManagerInterface, which is to be instantiated as the backbone trust +# manager for this key provider. +# Please specifiy the fully qualified java class name for the class to be instantiated. + +KeyProviderImplX509Data.X509TrustManagerDefaultImplementingClass = iaik.ixsil.keyinfo.x509.X509TrustManagerDummyImpl + diff --git a/id.server/data/test/ixsil/init/schemas/Signature.xsd b/id.server/data/test/ixsil/init/schemas/Signature.xsd new file mode 100644 index 000000000..7867883f9 --- /dev/null +++ b/id.server/data/test/ixsil/init/schemas/Signature.xsd @@ -0,0 +1,328 @@ +<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ SYSTEM "XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.3 $ on $Date: 2001/08/28 16:14:01 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<!-- modified to ensure that whiteSpace is preserved
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+ -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="string">
+ <whiteSpace value="preserve"/>
+ <pattern value="[A-Za-z0-9\+/=\n\r\t ]*"/>
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="ds:CryptoBinary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="ds:CryptoBinary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element name="Transforms" type="ds:TransformsType" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="ds:CryptoBinary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="ds:CryptoBinary"/>
+ <element name="X509CRL" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="ds:CryptoBinary"/>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="ds:CryptoBinary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd new file mode 100644 index 000000000..678cfc8dd --- /dev/null +++ b/id.server/data/test/ixsil/init/schemas/XMLSchema.dtd @@ -0,0 +1,402 @@ +<!-- DTD for XML Schemas: Part 1: Structures + Public Identifier: "-//W3C//DTD XMLSCHEMA 200102//EN" + Official Location: http://www.w3.org/2001/XMLSchema.dtd --> +<!-- $Id: XMLSchema.dtd,v 1.31 2001/10/24 15:50:16 ht Exp $ --> +<!-- Note this DTD is NOT normative, or even definitive. --> <!--d--> +<!-- prose copy in the structures REC is the definitive version --> <!--d--> +<!-- (which shouldn't differ from this one except for this --> <!--d--> +<!-- comment and entity expansions, but just in case) --> <!--d--> +<!-- With the exception of cases with multiple namespace + prefixes for the XML Schema namespace, any XML document which is + not valid per this DTD given redefinitions in its internal subset of the + 'p' and 's' parameter entities below appropriate to its namespace + declaration of the XML Schema namespace is almost certainly not + a valid schema. --> + +<!-- The simpleType element and its constituent parts + are defined in XML Schema: Part 2: Datatypes --> +<!ENTITY % xs-datatypes PUBLIC 'datatypes' 'datatypes.dtd' > + +<!ENTITY % p 'xs:'> <!-- can be overriden in the internal subset of a + schema document to establish a different + namespace prefix --> +<!ENTITY % s ':xs'> <!-- if %p is defined (e.g. as foo:) then you must + also define %s as the suffix for the appropriate + namespace declaration (e.g. :foo) --> +<!ENTITY % nds 'xmlns%s;'> + +<!-- Define all the element names, with optional prefix --> +<!ENTITY % schema "%p;schema"> +<!ENTITY % complexType "%p;complexType"> +<!ENTITY % complexContent "%p;complexContent"> +<!ENTITY % simpleContent "%p;simpleContent"> +<!ENTITY % extension "%p;extension"> +<!ENTITY % element "%p;element"> +<!ENTITY % unique "%p;unique"> +<!ENTITY % key "%p;key"> +<!ENTITY % keyref "%p;keyref"> +<!ENTITY % selector "%p;selector"> +<!ENTITY % field "%p;field"> +<!ENTITY % group "%p;group"> +<!ENTITY % all "%p;all"> +<!ENTITY % choice "%p;choice"> +<!ENTITY % sequence "%p;sequence"> +<!ENTITY % any "%p;any"> +<!ENTITY % anyAttribute "%p;anyAttribute"> +<!ENTITY % attribute "%p;attribute"> +<!ENTITY % attributeGroup "%p;attributeGroup"> +<!ENTITY % include "%p;include"> +<!ENTITY % import "%p;import"> +<!ENTITY % redefine "%p;redefine"> +<!ENTITY % notation "%p;notation"> + +<!-- annotation elements --> +<!ENTITY % annotation "%p;annotation"> +<!ENTITY % appinfo "%p;appinfo"> +<!ENTITY % documentation "%p;documentation"> + +<!-- Customisation entities for the ATTLIST of each element type. + Define one of these if your schema takes advantage of the + anyAttribute='##other' in the schema for schemas --> + +<!ENTITY % schemaAttrs ''> +<!ENTITY % complexTypeAttrs ''> +<!ENTITY % complexContentAttrs ''> +<!ENTITY % simpleContentAttrs ''> +<!ENTITY % extensionAttrs ''> +<!ENTITY % elementAttrs ''> +<!ENTITY % groupAttrs ''> +<!ENTITY % allAttrs ''> +<!ENTITY % choiceAttrs ''> +<!ENTITY % sequenceAttrs ''> +<!ENTITY % anyAttrs ''> +<!ENTITY % anyAttributeAttrs ''> +<!ENTITY % attributeAttrs ''> +<!ENTITY % attributeGroupAttrs ''> +<!ENTITY % uniqueAttrs ''> +<!ENTITY % keyAttrs ''> +<!ENTITY % keyrefAttrs ''> +<!ENTITY % selectorAttrs ''> +<!ENTITY % fieldAttrs ''> +<!ENTITY % includeAttrs ''> +<!ENTITY % importAttrs ''> +<!ENTITY % redefineAttrs ''> +<!ENTITY % notationAttrs ''> +<!ENTITY % annotationAttrs ''> +<!ENTITY % appinfoAttrs ''> +<!ENTITY % documentationAttrs ''> + +<!ENTITY % complexDerivationSet "CDATA"> + <!-- #all or space-separated list drawn from derivationChoice --> +<!ENTITY % blockSet "CDATA"> + <!-- #all or space-separated list drawn from + derivationChoice + 'substitution' --> + +<!ENTITY % mgs '%all; | %choice; | %sequence;'> +<!ENTITY % cs '%choice; | %sequence;'> +<!ENTITY % formValues '(qualified|unqualified)'> + + +<!ENTITY % attrDecls '((%attribute;| %attributeGroup;)*,(%anyAttribute;)?)'> + +<!ENTITY % particleAndAttrs '((%mgs; | %group;)?, %attrDecls;)'> + +<!-- This is used in part2 --> +<!ENTITY % restriction1 '((%mgs; | %group;)?)'> + +%xs-datatypes; + +<!-- the duplication below is to produce an unambiguous content model + which allows annotation everywhere --> +<!ELEMENT %schema; ((%include; | %import; | %redefine; | %annotation;)*, + ((%simpleType; | %complexType; + | %element; | %attribute; + | %attributeGroup; | %group; + | %notation; ), + (%annotation;)*)* )> +<!ATTLIST %schema; + targetNamespace %URIref; #IMPLIED + version CDATA #IMPLIED + %nds; %URIref; #FIXED 'http://www.w3.org/2001/XMLSchema' + xmlns CDATA #IMPLIED + finalDefault %complexDerivationSet; '' + blockDefault %blockSet; '' + id ID #IMPLIED + elementFormDefault %formValues; 'unqualified' + attributeFormDefault %formValues; 'unqualified' + xml:lang CDATA #IMPLIED + %schemaAttrs;> +<!-- Note the xmlns declaration is NOT in the Schema for Schemas, + because at the Infoset level where schemas operate, + xmlns(:prefix) is NOT an attribute! --> +<!-- The declaration of xmlns is a convenience for schema authors --> + +<!-- The id attribute here and below is for use in external references + from non-schemas using simple fragment identifiers. + It is NOT used for schema-to-schema reference, internal or + external. --> + +<!-- a type is a named content type specification which allows attribute + declarations--> +<!-- --> + +<!ELEMENT %complexType; ((%annotation;)?, + (%simpleContent;|%complexContent;| + %particleAndAttrs;))> + +<!ATTLIST %complexType; + name %NCName; #IMPLIED + id ID #IMPLIED + abstract %boolean; #IMPLIED + final %complexDerivationSet; #IMPLIED + block %complexDerivationSet; #IMPLIED + mixed (true|false) 'false' + %complexTypeAttrs;> + +<!-- particleAndAttrs is shorthand for a root type --> +<!-- mixed is disallowed if simpleContent, overriden if complexContent + has one too. --> + +<!-- If anyAttribute appears in one or more referenced attributeGroups + and/or explicitly, the intersection of the permissions is used --> + +<!ELEMENT %complexContent; ((%annotation;)?, (%restriction;|%extension;))> +<!ATTLIST %complexContent; + mixed (true|false) #IMPLIED + id ID #IMPLIED + %complexContentAttrs;> + +<!-- restriction should use the branch defined above, not the simple + one from part2; extension should use the full model --> + +<!ELEMENT %simpleContent; ((%annotation;)?, (%restriction;|%extension;))> +<!ATTLIST %simpleContent; + id ID #IMPLIED + %simpleContentAttrs;> + +<!-- restriction should use the simple branch from part2, not the + one defined above; extension should have no particle --> + +<!ELEMENT %extension; ((%annotation;)?, (%particleAndAttrs;))> +<!ATTLIST %extension; + base %QName; #REQUIRED + id ID #IMPLIED + %extensionAttrs;> + +<!-- an element is declared by either: + a name and a type (either nested or referenced via the type attribute) + or a ref to an existing element declaration --> + +<!ELEMENT %element; ((%annotation;)?, (%complexType;| %simpleType;)?, + (%unique; | %key; | %keyref;)*)> +<!-- simpleType or complexType only if no type|ref attribute --> +<!-- ref not allowed at top level --> +<!ATTLIST %element; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + type %QName; #IMPLIED + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + nillable %boolean; #IMPLIED + substitutionGroup %QName; #IMPLIED + abstract %boolean; #IMPLIED + final %complexDerivationSet; #IMPLIED + block %blockSet; #IMPLIED + default CDATA #IMPLIED + fixed CDATA #IMPLIED + form %formValues; #IMPLIED + %elementAttrs;> +<!-- type and ref are mutually exclusive. + name and ref are mutually exclusive, one is required --> +<!-- In the absence of type AND ref, type defaults to type of + substitutionGroup, if any, else the ur-type, i.e. unconstrained --> +<!-- default and fixed are mutually exclusive --> + +<!ELEMENT %group; ((%annotation;)?,(%mgs;)?)> +<!ATTLIST %group; + name %NCName; #IMPLIED + ref %QName; #IMPLIED + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %groupAttrs;> + +<!ELEMENT %all; ((%annotation;)?, (%element;)*)> +<!ATTLIST %all; + minOccurs (1) #IMPLIED + maxOccurs (1) #IMPLIED + id ID #IMPLIED + %allAttrs;> + +<!ELEMENT %choice; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)> +<!ATTLIST %choice; + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %choiceAttrs;> + +<!ELEMENT %sequence; ((%annotation;)?, (%element;| %group;| %cs; | %any;)*)> +<!ATTLIST %sequence; + minOccurs %nonNegativeInteger; #IMPLIED + maxOccurs CDATA #IMPLIED + id ID #IMPLIED + %sequenceAttrs;> + +<!-- an anonymous grouping in a model, or + a top-level named group definition, or a reference to same --> + +<!-- Note that if order is 'all', group is not allowed inside. + If order is 'all' THIS group must be alone (or referenced alone) at + the top level of a content model --> +<!-- If order is 'all', minOccurs==maxOccurs==1 on element/any inside --> +<!-- Should allow minOccurs=0 inside order='all' . . . --> + +<!ELEMENT %any; (%annotation;)?> +<!ATTLIST %any; + namespace CDATA '##any' + processContents (skip|lax|strict) 'strict' + minOccurs %nonNegativeInteger; '1' + maxOccurs CDATA '1' + id ID #IMPLIED + %anyAttrs;> + +<!-- namespace is interpreted as follows: + ##any - - any non-conflicting WFXML at all + + ##other - - any non-conflicting WFXML from namespace other + than targetNamespace + + ##local - - any unqualified non-conflicting WFXML/attribute + one or - - any non-conflicting WFXML from + more URI the listed namespaces + references + + ##targetNamespace ##local may appear in the above list, + with the obvious meaning --> + +<!ELEMENT %anyAttribute; (%annotation;)?> +<!ATTLIST %anyAttribute; + namespace CDATA '##any' + processContents (skip|lax|strict) 'strict' + id ID #IMPLIED + %anyAttributeAttrs;> +<!-- namespace is interpreted as for 'any' above --> + +<!-- simpleType only if no type|ref attribute --> +<!-- ref not allowed at top level, name iff at top level --> +<!ELEMENT %attribute; ((%annotation;)?, (%simpleType;)?)> +<!ATTLIST %attribute; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + type %QName; #IMPLIED + use (prohibited|optional|required) #IMPLIED + default CDATA #IMPLIED + fixed CDATA #IMPLIED + form %formValues; #IMPLIED + %attributeAttrs;> +<!-- type and ref are mutually exclusive. + name and ref are mutually exclusive, one is required --> +<!-- default for use is optional when nested, none otherwise --> +<!-- default and fixed are mutually exclusive --> +<!-- type attr and simpleType content are mutually exclusive --> + +<!-- an attributeGroup is a named collection of attribute decls, or a + reference thereto --> +<!ELEMENT %attributeGroup; ((%annotation;)?, + (%attribute; | %attributeGroup;)*, + (%anyAttribute;)?) > +<!ATTLIST %attributeGroup; + name %NCName; #IMPLIED + id ID #IMPLIED + ref %QName; #IMPLIED + %attributeGroupAttrs;> + +<!-- ref iff no content, no name. ref iff not top level --> + +<!-- better reference mechanisms --> +<!ELEMENT %unique; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %unique; + name %NCName; #REQUIRED + id ID #IMPLIED + %uniqueAttrs;> + +<!ELEMENT %key; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %key; + name %NCName; #REQUIRED + id ID #IMPLIED + %keyAttrs;> + +<!ELEMENT %keyref; ((%annotation;)?, %selector;, (%field;)+)> +<!ATTLIST %keyref; + name %NCName; #REQUIRED + refer %QName; #REQUIRED + id ID #IMPLIED + %keyrefAttrs;> + +<!ELEMENT %selector; ((%annotation;)?)> +<!ATTLIST %selector; + xpath %XPathExpr; #REQUIRED + id ID #IMPLIED + %selectorAttrs;> +<!ELEMENT %field; ((%annotation;)?)> +<!ATTLIST %field; + xpath %XPathExpr; #REQUIRED + id ID #IMPLIED + %fieldAttrs;> + +<!-- Schema combination mechanisms --> +<!ELEMENT %include; (%annotation;)?> +<!ATTLIST %include; + schemaLocation %URIref; #REQUIRED + id ID #IMPLIED + %includeAttrs;> + +<!ELEMENT %import; (%annotation;)?> +<!ATTLIST %import; + namespace %URIref; #IMPLIED + schemaLocation %URIref; #IMPLIED + id ID #IMPLIED + %importAttrs;> + +<!ELEMENT %redefine; (%annotation; | %simpleType; | %complexType; | + %attributeGroup; | %group;)*> +<!ATTLIST %redefine; + schemaLocation %URIref; #REQUIRED + id ID #IMPLIED + %redefineAttrs;> + +<!ELEMENT %notation; (%annotation;)?> +<!ATTLIST %notation; + name %NCName; #REQUIRED + id ID #IMPLIED + public CDATA #REQUIRED + system %URIref; #IMPLIED + %notationAttrs;> + +<!-- Annotation is either application information or documentation --> +<!-- By having these here they are available for datatypes as well + as all the structures elements --> + +<!ELEMENT %annotation; (%appinfo; | %documentation;)*> +<!ATTLIST %annotation; %annotationAttrs;> + +<!-- User must define annotation elements in internal subset for this + to work --> +<!ELEMENT %appinfo; ANY> <!-- too restrictive --> +<!ATTLIST %appinfo; + source %URIref; #IMPLIED + id ID #IMPLIED + %appinfoAttrs;> +<!ELEMENT %documentation; ANY> <!-- too restrictive --> +<!ATTLIST %documentation; + source %URIref; #IMPLIED + id ID #IMPLIED + xml:lang CDATA #IMPLIED + %documentationAttrs;> + +<!NOTATION XMLSchemaStructures PUBLIC + 'structures' 'http://www.w3.org/2001/XMLSchema.xsd' > +<!NOTATION XML PUBLIC + 'REC-xml-1998-0210' 'http://www.w3.org/TR/1998/REC-xml-19980210' > diff --git a/id.server/data/test/ixsil/init/schemas/datatypes.dtd b/id.server/data/test/ixsil/init/schemas/datatypes.dtd new file mode 100644 index 000000000..8e48553be --- /dev/null +++ b/id.server/data/test/ixsil/init/schemas/datatypes.dtd @@ -0,0 +1,203 @@ +<!-- + DTD for XML Schemas: Part 2: Datatypes + $Id: datatypes.dtd,v 1.23 2001/03/16 17:36:30 ht Exp $ + Note this DTD is NOT normative, or even definitive. - - the + prose copy in the datatypes REC is the definitive version + (which shouldn't differ from this one except for this comment + and entity expansions, but just in case) + --> + +<!-- + This DTD cannot be used on its own, it is intended + only for incorporation in XMLSchema.dtd, q.v. + --> + +<!-- Define all the element names, with optional prefix --> +<!ENTITY % simpleType "%p;simpleType"> +<!ENTITY % restriction "%p;restriction"> +<!ENTITY % list "%p;list"> +<!ENTITY % union "%p;union"> +<!ENTITY % maxExclusive "%p;maxExclusive"> +<!ENTITY % minExclusive "%p;minExclusive"> +<!ENTITY % maxInclusive "%p;maxInclusive"> +<!ENTITY % minInclusive "%p;minInclusive"> +<!ENTITY % totalDigits "%p;totalDigits"> +<!ENTITY % fractionDigits "%p;fractionDigits"> +<!ENTITY % length "%p;length"> +<!ENTITY % minLength "%p;minLength"> +<!ENTITY % maxLength "%p;maxLength"> +<!ENTITY % enumeration "%p;enumeration"> +<!ENTITY % whiteSpace "%p;whiteSpace"> +<!ENTITY % pattern "%p;pattern"> + +<!-- + Customisation entities for the ATTLIST of each element + type. Define one of these if your schema takes advantage + of the anyAttribute='##other' in the schema for schemas + --> + +<!ENTITY % simpleTypeAttrs ""> +<!ENTITY % restrictionAttrs ""> +<!ENTITY % listAttrs ""> +<!ENTITY % unionAttrs ""> +<!ENTITY % maxExclusiveAttrs ""> +<!ENTITY % minExclusiveAttrs ""> +<!ENTITY % maxInclusiveAttrs ""> +<!ENTITY % minInclusiveAttrs ""> +<!ENTITY % totalDigitsAttrs ""> +<!ENTITY % fractionDigitsAttrs ""> +<!ENTITY % lengthAttrs ""> +<!ENTITY % minLengthAttrs ""> +<!ENTITY % maxLengthAttrs ""> +<!ENTITY % enumerationAttrs ""> +<!ENTITY % whiteSpaceAttrs ""> +<!ENTITY % patternAttrs ""> + +<!-- Define some entities for informative use as attribute + types --> +<!ENTITY % URIref "CDATA"> +<!ENTITY % XPathExpr "CDATA"> +<!ENTITY % QName "NMTOKEN"> +<!ENTITY % QNames "NMTOKENS"> +<!ENTITY % NCName "NMTOKEN"> +<!ENTITY % nonNegativeInteger "NMTOKEN"> +<!ENTITY % boolean "(true|false)"> +<!ENTITY % simpleDerivationSet "CDATA"> +<!-- + #all or space-separated list drawn from derivationChoice + --> + +<!-- + Note that the use of 'facet' below is less restrictive + than is really intended: There should in fact be no + more than one of each of minInclusive, minExclusive, + maxInclusive, maxExclusive, totalDigits, fractionDigits, + length, maxLength, minLength within datatype, + and the min- and max- variants of Inclusive and Exclusive + are mutually exclusive. On the other hand, pattern and + enumeration may repeat. + --> +<!ENTITY % minBound "(%minInclusive; | %minExclusive;)"> +<!ENTITY % maxBound "(%maxInclusive; | %maxExclusive;)"> +<!ENTITY % bounds "%minBound; | %maxBound;"> +<!ENTITY % numeric "%totalDigits; | %fractionDigits;"> +<!ENTITY % ordered "%bounds; | %numeric;"> +<!ENTITY % unordered + "%pattern; | %enumeration; | %whiteSpace; | %length; | + %maxLength; | %minLength;"> +<!ENTITY % facet "%ordered; | %unordered;"> +<!ENTITY % facetAttr + "value CDATA #REQUIRED + id ID #IMPLIED"> +<!ENTITY % fixedAttr "fixed %boolean; #IMPLIED"> +<!ENTITY % facetModel "(%annotation;)?"> +<!ELEMENT %simpleType; + ((%annotation;)?, (%restriction; | %list; | %union;))> +<!ATTLIST %simpleType; + name %NCName; #IMPLIED + final %simpleDerivationSet; #IMPLIED + id ID #IMPLIED + %simpleTypeAttrs;> +<!-- name is required at top level --> +<!ELEMENT %restriction; ((%annotation;)?, + (%restriction1; | + ((%simpleType;)?,(%facet;)*)), + (%attrDecls;))> +<!ATTLIST %restriction; + base %QName; #IMPLIED + id ID #IMPLIED + %restrictionAttrs;> +<!-- + base and simpleType child are mutually exclusive, + one is required. + + restriction is shared between simpleType and + simpleContent and complexContent (in XMLSchema.xsd). + restriction1 is for the latter cases, when this + is restricting a complex type, as is attrDecls. + --> +<!ELEMENT %list; ((%annotation;)?,(%simpleType;)?)> +<!ATTLIST %list; + itemType %QName; #IMPLIED + id ID #IMPLIED + %listAttrs;> +<!-- + itemType and simpleType child are mutually exclusive, + one is required + --> +<!ELEMENT %union; ((%annotation;)?,(%simpleType;)*)> +<!ATTLIST %union; + id ID #IMPLIED + memberTypes %QNames; #IMPLIED + %unionAttrs;> +<!-- + At least one item in memberTypes or one simpleType + child is required + --> + +<!ELEMENT %maxExclusive; %facetModel;> +<!ATTLIST %maxExclusive; + %facetAttr; + %fixedAttr; + %maxExclusiveAttrs;> +<!ELEMENT %minExclusive; %facetModel;> +<!ATTLIST %minExclusive; + %facetAttr; + %fixedAttr; + %minExclusiveAttrs;> + +<!ELEMENT %maxInclusive; %facetModel;> +<!ATTLIST %maxInclusive; + %facetAttr; + %fixedAttr; + %maxInclusiveAttrs;> +<!ELEMENT %minInclusive; %facetModel;> +<!ATTLIST %minInclusive; + %facetAttr; + %fixedAttr; + %minInclusiveAttrs;> + +<!ELEMENT %totalDigits; %facetModel;> +<!ATTLIST %totalDigits; + %facetAttr; + %fixedAttr; + %totalDigitsAttrs;> +<!ELEMENT %fractionDigits; %facetModel;> +<!ATTLIST %fractionDigits; + %facetAttr; + %fixedAttr; + %fractionDigitsAttrs;> + +<!ELEMENT %length; %facetModel;> +<!ATTLIST %length; + %facetAttr; + %fixedAttr; + %lengthAttrs;> +<!ELEMENT %minLength; %facetModel;> +<!ATTLIST %minLength; + %facetAttr; + %fixedAttr; + %minLengthAttrs;> +<!ELEMENT %maxLength; %facetModel;> +<!ATTLIST %maxLength; + %facetAttr; + %fixedAttr; + %maxLengthAttrs;> + +<!-- This one can be repeated --> +<!ELEMENT %enumeration; %facetModel;> +<!ATTLIST %enumeration; + %facetAttr; + %enumerationAttrs;> + +<!ELEMENT %whiteSpace; %facetModel;> +<!ATTLIST %whiteSpace; + %facetAttr; + %fixedAttr; + %whiteSpaceAttrs;> + +<!-- This one can be repeated --> +<!ELEMENT %pattern; %facetModel;> +<!ATTLIST %pattern; + %facetAttr; + %patternAttrs;> diff --git a/id.server/data/test/xmldata/ErrorResponse.xml b/id.server/data/test/xmldata/ErrorResponse.xml new file mode 100644 index 000000000..db70c2560 --- /dev/null +++ b/id.server/data/test/xmldata/ErrorResponse.xml @@ -0,0 +1,4 @@ +<?xml version='1.0' encoding='UTF-8'?><sl10:ErrorResponse xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'> + <sl10:ErrorCode>29002</sl10:ErrorCode> + <sl10:Info>Ein unerwarteter Fehler ist aufgetreten. Die Verarbeitung wurde abgebrochen. Fehler:null</sl10:Info> +</sl10:ErrorResponse>
\ No newline at end of file diff --git a/id.server/data/test/xmldata/GetIdentityLinkForm.html b/id.server/data/test/xmldata/GetIdentityLinkForm.html new file mode 100644 index 000000000..b7828e598 --- /dev/null +++ b/id.server/data/test/xmldata/GetIdentityLinkForm.html @@ -0,0 +1,20 @@ +<html> +<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> +<head> +<title>Auslesen der Personenbindung</title> + +</head> +<body> +<form name="GetIdentityLinkForm" + action="http://localhost:3495/http-security-layer-request" + method="post"> + <input type="hidden" + name="XMLRequest" + value="<?xml version='1.0' encoding='ISO-8859-1' ?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>"/> + <input type="hidden" + name="DataURL" + value="https://localhost:8443/moa-id-auth/VerifyIdentityLink?MOASessionID=3579795857269397498"/> + <input type="submit" value="Auslesen der Personenbindung"/> +</form> +</body> +</html>
\ No newline at end of file diff --git a/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml new file mode 100644 index 000000000..2cfa65c96 --- /dev/null +++ b/id.server/data/test/xmldata/standard/AuthenticationDataAssertion.xml @@ -0,0 +1,127 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!-- edited with XMLSPY v5 rel. 3 U (http://www.xmlspy.com) by Paul Ivancsics (My Own) --> +<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="-4633313027464114584" Issuer="http://localhost:8080/moa-id-auth/" IssueInstant="2003-04-02T14:55:42+02:00"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier NameQualifier="http://reference.e-government.gv.at/names/vpk/20020221#">MTk2OC0xMC0yMmdi</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" MajorVersion="1" MinorVersion="0" AssertionID="any" Issuer="Hermann Muster" IssueInstant="2003-04-02T14:55:27+02:00"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> + </saml:Assertion> + <saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> + <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> + <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue> + </dsig:Reference> + <dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> + <dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath> + </dsig:Transform> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue> + <dsig:KeyInfo> + <dsig:X509Data> + <dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate> + <dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate> + <dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate> + </dsig:X509Data> + </dsig:KeyInfo> + <dsig:Object> + <dsig:Manifest> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue> + </dsig:Reference> + </dsig:Manifest> + </dsig:Object> + </dsig:Signature> + </saml:Assertion> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="PersonData" AttributeNamespace="http://reference.e-government.gv.at/namespace/persondata/20020228#"> + <saml:AttributeValue> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="isQualifiedCertificate" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>false</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion> diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml new file mode 100644 index 000000000..4a5f02dcd --- /dev/null +++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureRequest.xml @@ -0,0 +1,52 @@ +<?xml version='1.0' encoding='ISO-8859-1' ?> +<sl11:CreateXMLSignatureRequest xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#' xmlns:sl11='http://www.buergerkarte.at/namespaces/securitylayer/20020831#'> + <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier> + <sl11:DataObjectInfo Structure='detached'> + <sl10:DataObject Reference=''/> +<sl10:TransformsInfo> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> +<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" +xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" > +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br /><br /> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer" /></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant" /></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue" /></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue" /></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier" /></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet> + </dsig:Transform> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>text/html</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> </sl11:DataObjectInfo> + <sl11:SignatureInfo> + <sl11:SignatureEnvironment> + <sl10:XMLContent><saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='Hermann Muster' IssueInstant='2003-02-26T09:25:50+01:00'> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'> + <saml:AttributeValue>http://localhost:9080/login.html</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> +</saml:Assertion></sl10:XMLContent> + </sl11:SignatureEnvironment> + <sl11:SignatureLocation Index='2'>/saml:Assertion</sl11:SignatureLocation> + </sl11:SignatureInfo> +</sl11:CreateXMLSignatureRequest>
\ No newline at end of file diff --git a/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml new file mode 100644 index 000000000..5a4759b7a --- /dev/null +++ b/id.server/data/test/xmldata/standard/CreateXMLSignatureResponse.xml @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<sl11:CreateXMLSignatureResponse xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"><saml:Assertion AssertionID="any" IssueInstant="2003-04-02T14:55:27+02:00" Issuer="Hermann Muster" MajorVersion="1" MinorVersion="0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:AttributeStatement> + <saml:Subject> + <saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier> + </saml:Subject> + <saml:Attribute AttributeName="Geschäftsbereich" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>gb</saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="OA" AttributeNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <saml:AttributeValue>https://localhost:9443/</saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement><dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> +<xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> +<html> +<body> +Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben: +<br/> +<table border="1"> +<tr><td><b>Name:</b></td><td><xsl:value-of select="//@Issuer"/></td></tr> +<tr><td><b>Zeit:</b></td><td><xsl:value-of select="//@IssueInstant"/></td></tr> +<tr><td><b>Applikation:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr> +<tr><td><b>Geschäftsbereich:</b></td><td><xsl:value-of select="//saml:Attribute[@AttributeName='Geschäftsbereich']/saml:AttributeValue"/></td></tr> +<tr><td><b>Anmeldeserver:</b></td><td><xsl:value-of select="//saml:NameIdentifier"/></td></tr> +</table> +</body> +</html> +</xsl:template> +</xsl:stylesheet></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>us9gT0wkEOgg2KCLGT5Z4i0tW30=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id('refetsi')/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>c/r6XEssLoHZerXUdQQUKvZ/aVY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fCl9QrTFBxygAnRFEJZU/mHuKNgQip50IrjBJKI79+L2XBR1W0M41akciraauQ0n +FkIJPL4wnoupoXeWrpt7ycp9xMHVdZUNYXiPStHhi0ElhFppPjaN6Mn+1W25ofy0 +YRapLXeDdGIxe5wSgTTBhAWbJAgusQ8bQY9vZnyW8TU=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU +MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt +IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU +LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu +Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT +AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox +GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4 +edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/ +t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/ +Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw +JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB +BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv +b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et +c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq +KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv +Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg +ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw +ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl +bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u +bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE +GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B +AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2 +Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL +PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf ++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW +KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1 +Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-04-02T12:55:33Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> +</saml:Assertion></sl11:CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml new file mode 100644 index 000000000..9b8fa743f --- /dev/null +++ b/id.server/data/test/xmldata/standard/VerifyXMLSignaterResponse.xml @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xml="http://www.w3.org/XML/1998/namespace"><SignerInfo><dsig:X509Data><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=MOA Test CA - Signaturdienste,OU=IKT-Stabsstelle des Bundes,O=Bundesministerium für öffentliche Leistung und Sport,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>0</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=Zentrales Melderegister,O=Bundesministerium f\C3\BCr Inneres,C=AT</dsig:X509SubjectName><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate><PublicAuthority><Code>BMOLS-IKT</Code></PublicAuthority></dsig:X509Data></SignerInfo><HashInputData><Base64Content>PFZlcmlmeVhNTFNpZ25hdHVyZVJlcXVlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVu Y2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4 bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4g IDxWZXJpZnlTaWduYXR1cmVJbmZvPiAgICA8VmVyaWZ5U2lnbmF0dXJlRW52aXJv bm1lbnQ+ICAgICAgPFhNTENvbnRlbnQgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHNh bWw6QXNzZXJ0aW9uIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJu bWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5z OnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHht bG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFu Y2UiIEFzc2VydGlvbklEPSJ6bXIuYm1pLmd2LmF0LUFzc2VydGlvbklELTIwMDMt MDItMTJUMjA6Mjg6MzQuNDc0IiBJc3N1ZUluc3RhbnQ9IjIwMDMtMDItMTJUMjA6 Mjg6MzQuNDc0IiBJc3N1ZXI9Imh0dHA6Ly96bXIuYm1pLmd2LmF0L3ptcmEvbmFt ZXMjSXNzdWVyIiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI+CiAg PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgogICAgPHNhbWw6U3ViamVjdD4KICAg ICAgPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KICAgICAgICA8c2FtbDpDb25m aXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNl bmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KICAgICAgICA8 c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KICAgICAgICAgIDxwcjpQZXJz b24geHNpOnR5cGU9InByOlBoeXNpY2FsUGVyc29uVHlwZSI+CiAgICAgICAgICAg IAogICAgICAgICAgICA8cHI6TmFtZT4KICAgICAgICAgICAgICA8cHI6R2l2ZW5O YW1lPkhlcm1hbm48L3ByOkdpdmVuTmFtZT4KICAgICAgICAgICAgICA8cHI6RmFt aWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3RlcjwvcHI6RmFtaWx5TmFt ZT4KICAgICAgICAgICAgPC9wcjpOYW1lPgogICAgICAgICAgICA8cHI6RGF0ZU9m QmlydGg+MTk2OC0xMC0yMjwvcHI6RGF0ZU9mQmlydGg+CiAgICAgICAgICA8L3By OlBlcnNvbj4KICAgICAgICA8L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+ CiAgICAgIDwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uPgogICAgPC9zYW1sOlN1 YmplY3Q+CiAgICA8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXpl blB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJodHRwOi8vd3d3LmJ1ZXJn ZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMi PgogICAgICA8c2FtbDpBdHRyaWJ1dGVWYWx1ZT4KICAgICAgICA8ZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgICAgIDxkc2lnOk1vZHVsdXM+MHYxRnRmN1dYZ29leHgw Sm8vR3JsRXhIT0huUUlFUTVGRlNqcHRMUmQ1Qk4xbVpZUmcyUzlLZk9NYkhTQ3Np UG04QXdqQUV3RTVFTSBBNlAxOFovWXlUSXVQN2ZOR3pja2JCNVBZSWdOTUhMOC9U WUpoSEE4Q2phbXNCckVmWURYaXZFOGlBdkFMZzVJOVJNTFpBRG16TDdhIGYyZGFZ WXVPOGR5Y1F3M3hnNlU9PC9kc2lnOk1vZHVsdXM+CiAgICAgICAgICA8ZHNpZzpF eHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PgogICAgICAgIDwvZHNpZzpSU0FL ZXlWYWx1ZT4KICAgICAgPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgPC9zYW1s OkF0dHJpYnV0ZT4KICAgIDxzYW1sOkF0dHJpYnV0ZSBBdHRyaWJ1dGVOYW1lPSJD aXRpemVuUHVibGljS2V5IiBBdHRyaWJ1dGVOYW1lc3BhY2U9Imh0dHA6Ly93d3cu YnVlcmdlcmthcnRlLmF0L25hbWVzcGFjZXMvcGVyc29uZW5iaW5kdW5nLzIwMDIw NTA2IyI+CiAgICAgIDxzYW1sOkF0dHJpYnV0ZVZhbHVlPgogICAgICAgIDxkc2ln OlJTQUtleVZhbHVlPgogICAgICAgICAgPGRzaWc6TW9kdWx1cz5pMnFhNTZYNGZw WWVYcUZMWEFjUWxqR1UzK0RXblZnTnJBeEk5Z24yYk1lRld0TFhFMlNGYTZxdmw5 RXltVWwwbm9CbEZuMHE5RFdwIEFzeWVMblJoekNBWEplU3hpd3NVRWxvT3ZjUUNW MERmVzJVVnEwWTliVmxKOEtpZkoyQVMrNUJ4WjIxbWtjL1ZZeDVRejZFWWpQcm4g cElwZEF3UjlzdzV4bkl2VHlTYz08L2RzaWc6TW9kdWx1cz4KICAgICAgICAgIDxk c2lnOkV4cG9uZW50PkFRQUI8L2RzaWc6RXhwb25lbnQ+CiAgICAgICAgPC9kc2ln OlJTQUtleVZhbHVlPgogICAgICA8L3NhbWw6QXR0cmlidXRlVmFsdWU+CiAgICA8 L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+Cjwvc2Ft bDpBc3NlcnRpb24+PC9YTUxDb250ZW50PiAgICA8L1ZlcmlmeVNpZ25hdHVyZUVu dmlyb25tZW50PiAgICA8VmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+Ly9kc2lnOlNp Z25hdHVyZTwvVmVyaWZ5U2lnbmF0dXJlTG9jYXRpb24+ICA8L1ZlcmlmeVNpZ25h dHVyZUluZm8+ICA8UmV0dXJuSGFzaElucHV0RGF0YT48L1JldHVybkhhc2hJbnB1 dERhdGE+ICA8VHJ1c3RQcm9maWxlSUQ+VHJ1c3RQcm9maWxlMTwvVHJ1c3RQcm9m aWxlSUQ+PC9WZXJpZnlYTUxTaWduYXR1cmVSZXF1ZXN0Pg==</Base64Content></HashInputData><HashInputData><Base64Content>PGRzaWc6TWFuaWZlc3QgeG1sbnM9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5t ZW50Lmd2LmF0L25hbWVzcGFjZS9tb2EvMjAwMjA4MjIjIiB4bWxuczpkc2lnPSJo dHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiB4bWxuczpwcj0iaHR0 cDovL3JlZmVyZW5jZS5lLWdvdmVybm1lbnQuZ3YuYXQvbmFtZXNwYWNlL3BlcnNv bmRhdGEvMjAwMjAyMjgjIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6 U0FNTDoxLjA6YXNzZXJ0aW9uIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3Jn LzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4bWw6c3BhY2U9InByZXNlcnZlIj48 ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJh bnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxk c2lnI2VudmVsb3BlZC1zaWduYXR1cmUiPjwvZHNpZzpUcmFuc2Zvcm0+PC9kc2ln OlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDov L3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHNpZzpEaWdlc3RN ZXRob2Q+PGRzaWc6RGlnZXN0VmFsdWU+QnF6ZkNCN2ROZzRHM3U0WWF4cEQxdEFM ZEtJPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpN YW5pZmVzdD4=</Base64Content></HashInputData><SignatureCheck><Code>1</Code></SignatureCheck><XMLDSIGManifestCheck><Code>1</Code><Info><ReferringSigReference>1</ReferringSigReference></Info></XMLDSIGManifestCheck><CertificateCheck><Code>1</Code></CertificateCheck></VerifyXMLSignatureResponse>
\ No newline at end of file diff --git a/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml new file mode 100644 index 000000000..a35b7f209 --- /dev/null +++ b/id.server/data/test/xmldata/testperson1/InfoboxReadResponse.xml @@ -0,0 +1,97 @@ +<sl10:InfoboxReadResponse xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#"><sl10:BinaryFileData><sl10:XMLContent><saml:Assertion AssertionID="zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474" IssueInstant="2003-02-12T20:28:34.474" Issuer="http://zmr.bmi.gv.at/zmra/names#Issuer" MajorVersion="1" MinorVersion="0" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person xsi:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>123456789012</pr:Value> + <pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>Hermann</pr:GivenName> + <pr:FamilyName primary="undefined">Muster</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1968-10-22</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM +A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a +f2daYYuO8dycQw3xg6U=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="http://www.buergerkarte.at/namespaces/personenbindung/20020506#"> + <saml:AttributeValue> + <dsig:RSAKeyValue xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp +AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn +pIpdAwR9sw5xnIvTySc=</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute></saml:AttributeStatement> +<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz +5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP +3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w +MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU +ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 ++UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 +lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY +hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E +BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB +ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy +IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII +NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ +etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 +fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN +aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 +Btxup/kgjGMnnS7C</dsig:X509Certificate><dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w +MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu +aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG +A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU +ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB +iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia +2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S +BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu +MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB +AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC +MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl +aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB +BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ +BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl +ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv +7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate><dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG +A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n +IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx +JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx +MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK +FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh +bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg +UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk +QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW +nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e +vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB +/wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB +MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg +VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj +v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp +lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv +RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr +BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 +kFfp23o/juVtJNw=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature></saml:Assertion></sl10:XMLContent></sl10:BinaryFileData></sl10:InfoboxReadResponse>
\ No newline at end of file |